Академический Документы
Профессиональный Документы
Культура Документы
Standards
Certification
Education and Training
Publishing
Conferences and Exhibits
2011, ISA
EN00W6 (1.4)
Seminar Logistics
Seminar materials
Downloadable presentation
Question and Answer session (audio and email)
Survey
Earn 1 Professional Development Hour (PDH)
Seminar length
60 minute presentation
Three 10-minute question and answer sessions
Audio Instructions
As a participant, you are in a listen-only mode.
You may ask questions via the internet, using your
keyboard, at any time during the presentation. However, the
presenter may decide to wait to answer your question until
the next Q&A Session.
If you have audio difficulties, press *0.
2011, ISA
EN00W6 (1.4)
Introduction of Presenter
2011, ISA
EN00W6 (1.4)
Final Control
Element
Signal Based on
Error or Deviation
and Effects of
Control Modes
2011, ISA
EN00W6 (1.4)
Process
Controlled
Variable
Sensor
Set Point
Transmitted
Signal
Controller
Transmitter
Outputs
Outputs
PT
1B
PT
1A
S
FT
1
T-1
LV
1
SDV
1
2011, ISA
EN00W6 (1.4)
Operations &
Maintenance
15%
Installation &
Commissioning
6%
Design &
Implementation
15%
2011, ISA
EN00W6 (1.4)
What is at Risk?
SISs are used to protect:
Personnel
Safety Layers
Community Emergency Response
Plant Emergency Response
Physical Protection (Dikes)
Physical Protection (Relief Devices)
Safety Instrumented System
Alarms, Operator Intervention
Basic Process Control
Process
Defense in depth, or, dont put all your eggs in one basket.
2011, ISA
EN00W6 (1.4)
Risk Reduction
Residual
Risk Level
Tolerable
Risk Level
Other
Risk inherent
in the process
Mech.
SIS
Alarms
BPCS
Process
Risk
Doing more in one box doesnt make it perform better
Scope of Standards
Covers specification, design, installation,
operation and maintenance
Specifies requirements, but not who is
responsible for implementing them
Applies to a wide variety of industries
within the process sector:
Chemicals, oil refining, oil and gas production,
pulp and paper, non-nuclear power generation
Certain industries may have additional
requirements
(ISA84, Section 1)
2011, ISA
EN00W6 (1.4)
Assessments / audits
To make a judgment on the functional safety
achieved by the system
At least one assessment carried out prior to
hazards being present
(ISA84, Section 5)
2011, ISA
EN00W6 (1.4)
2011, ISA
EN00W6 (1.4)
10
Installation,
Commissioning
& Validation
(14 & 15)
Allocation of
Safety Layers
(9)
Other Means of
Risk Reduction
(9)
Operations &
Maintenance
(16)
Develop Safety
Reqs Spec
(10 & 12)
Steps
performed
throughout
Management,
Assessment,
Auditing
(5)
Verification
(7)
Modification
(17)
Design &
Engineering
(11 & 12)
Decommission
(18)
(ISA84, Section 6)
Risk Analysis
Risk is a function of frequency
(probability, likelihood) and
severity (consequences)
How often, and how bad
2011, ISA
EN00W6 (1.4)
11
Overall Risk
High risk:
Unacceptable design
Change required
Medium
Risk
High
Risk
Medium risk:
Questionable design
Change desirable
Low risk:
Acceptable design
No change required
Low
Risk
(ISA84, Section 9)
2011, ISA
EN00W6 (1.4)
12
Safety
Integrity
Level
Probability of Failure
on Demand (PFD)
Safety
Availability
(1-PFD)
> 99 to 99.9
.01 to < .1
> 10 to 100
> 90 to 99
Control (N/A)
Failure Modes
With a safety system, the concern shouldnt so much be with
how the system operates, but rather how the system fails.
Safety systems can fail in two ways:
Safe failures
Dangerous failures
Initiating
Overt
Spurious
Costly downtime
Inhibiting
Covert
Potentially dangerous
Must find by testing
DxU=
2011, ISA
EN00W6 (1.4)
13
(contd)
ISA84 Section 10
2011, ISA
EN00W6 (1.4)
14
Shutdown Systems
Also called:
Interlocks, protective systems, safety systems, safety interlock systems
(SIS), emergency shutdown systems (ESD)
Human life
Equipment damage
Environmental damage
Product quality
Equipment protection
Insurability
Down time
Realization
Access
Diagnosis
Spares
Replace
Repair time
2011, ISA
EN00W6 (1.4)
15
Check
Integrated SD System
Segregated SD System
2011, ISA
EN00W6 (1.4)
16
SIS Definitions
All stuff fails.
Some stuff fails and you know it right away like a blowout like a
blown fuse.
Some stuff fails while in service, like a car battery. You learn
about it when you ask for it to be used once again.
In the SIS world, we characterize the statistics of the first type
of failure with LAMBDAs for the safe failure rate.
The second type of failure is covert and dangerous, since you
have no warning that it has occurred. Here we use LAMBDAd
for the dangerous failure rate.
SIS Definitions
2011, ISA
EN00W6 (1.4)
17
Time
Life
2011, ISA
EN00W6 (1.4)
18
Components
Modules
Complete System
2011, ISA
EN00W6 (1.4)
19
(contd)
2011, ISA
EN00W6 (1.4)
20
2011, ISA
EN00W6 (1.4)
21
C
C
A
EE
BB
GG
D
Reliability
We are after a consistent way to model our systems so that we
measure how good is the design. In addition we wish to tie a
feedback loop around the actual performance to determine if
we have achieved what we set out to accomplish.
2011, ISA
EN00W6 (1.4)
Reliability/Availability
Mean time to failure MTTF
Mean time to repair MTTR
Mean time between failures MTBF
Failure modes
22
Hardware Availability
Availability = Uptime / Total Time
= Uptime / (Uptime + Downtime)
= MTTF / (MTTF + MDT)
where: MTTF = 1/
Many vendors substitute MTTR for MDT.
This is only valid for safe failures!
ASafe = MTTFs / (MTTFs + MTTR)
Notes:
This formula is only valid for simplex (non-redundant)
systems
Failure rates must be split between the two failure modes,
safe and dangerous.
Down time
Realization
Access
Diagnosis
Spares
Replace
Repair time
2011, ISA
EN00W6 (1.4)
23
Check
C
A
B
D
2011, ISA
EN00W6 (1.4)
24
Fault Trees
Reliability block diagrams
Fault tree
elements
AND
Parallel
OR
Series
Power
failure
2011, ISA
EN00W6 (1.4)
Fire water
deluge fails
Main
power supply
Standby
generator
Fire
detector
Fire
panel
Fire
pump
PSU
Standby
Detect
Panel
Pump
25
Probabilities
Safe
Dangerous
0.01
0.02
Dangerous
(1oo1)
0.01
0.02
1oo2
0.02
0.0004
0.0001
0.04
2oo2
B
2011, ISA
EN00W6 (1.4)
26
Majority Vote
Safe
Dangerous
(1oo1)
0.01
0.02
(1oo2)
0.02
0.0004
(2oo2)
0.0001
0.04
2oo3
Vote
0.0003
0.0012
1oo1
1 / s
1oo2
1 / (2 s)
2oo2
2oo3
du
1 / (2( s) * MTTR)
( s2)
* (TI/2)
(( du)2 * (TI)2) / 3)
1 / (6
PFD
* MTTR)
du
* TI
( du)2 * (TI)2
2011, ISA
EN00W6 (1.4)
27
Summary: Reliability
Reliability/Availability
Mean time to failure MTTF
Mean time to repair MTTR
Mean time between failures MTBF
Failure modes
2011, ISA
EN00W6 (1.4)
28
These are the independent major pieces. Each has its own
LAMBDAd.
InputLAMBDAd
2011, ISA
EN00W6 (1.4)
LogicLAMBDAd
OutputLAMBDAd
29
2011, ISA
EN00W6 (1.4)
30
2011, ISA
EN00W6 (1.4)
31
2011, ISA
EN00W6 (1.4)
32
1 out of 1
1 out of 2
2 out of 2
2 out of 3
2011, ISA
EN00W6 (1.4)
33
2011, ISA
EN00W6 (1.4)
34
2011, ISA
EN00W6 (1.4)
35
ISA Certifications
Certified Automation Professionals (CAP )
www.isa.org/CAP
2011, ISA
EN00W6 (1.4)
36
2011, ISA
EN00W6 (1.4)
37