Post on 26-Nov-2014
Functional Safety Engineering
FUNCTIONAL SAFETY COURSE
SAFETY INSTRUMENTED SYSTEMS
FOR
ENGINEERS
USING
IEC 61511 AND IEC 61508
Function Safety Engineering
Objective of this Workshop
To provide a basic knowledge of the fundamental principles of functional safety and good practice in the specification, design and management of safety instrumented systems in the process industry
To encourage a multi-disciplined approach to the management of functional safety
Function Safety Engineering
Content of the Workshop
Overview of key topics of interest covering the design and implementation of safety instrumented systems based on the functional safety lifecycle.
The workshop uses the functional safety lifecycle as a framework for applying the standards IEC 61508 and IEC 61511
Function Safety Engineering
Contents
Functional Safety Lifecycle Hazard and Risk Analysis Risk Reduction and Safety Allocation Safety Integrity Level Determination Methods Achieving Safety and Availability Targets Hardware Safety Integrity Level Verification Methods Software Diagnostics and Proof Testing
Function Safety Engineering
Dike Passive protection layer
Emergency response layerPlant andEmergency Response
ProcessValue Normal behaviour
BasicProcessControlSystem
Process control layer
Safety Through Layers of Protection
OperatorIntervention
Process control layer
Process alarm
ProcessShutdown
Trip level alarm
SafetyInstrumentedSystem
Safety layerEmergencyShut Down
Relief valve,Rupture disk Active protection layer
Prevent
Mitigate
x x
Slide acknowledgement: Emerson
Function Safety Engineering
What is Functional Safety?
A safety system is functionally safe if: Random, common cause and systematic failures do not
lead to malfunctioning of the safety system and do not result in:
Injury or death of humans Spills to the environment Loss of equipment or production
Function Safety Engineering
Functional Safety Standards
For safety instrumented systems there are two important standards when it comes to functional safety:
IEC 61508: Functional safety of electrical/electronic / programmable electronic safety-related systems
IEC 61511 / ANSI/ISA 84.00.01 Modified: Functional Safety: safety instrumented systems for the process industry sector
Function Safety Engineering
Introducing Standard IEC61508
International Electro-technical CommissionTitle:Functional safety of electrical/electronic/programmable electronic safety-related systems –
Part 0: Introduction to functional safetyPart 1: General requirementsPart 2: Requirements for electrical / electronic /programmable electronic systemsPart 3: Software requirementsPart 4: Definitions and abbreviationsPart 5: Examples of methods for the determination of safety integrity levelsPart 6: Guidelines on the application of parts 2, 3Part 7: Overview of techniques and measures
Function Safety Engineering
Umbrella Standard
IEC 61508
EN 50402PressureSensors
EN 50128Railway
IEC 61511ProcessIndustry
ANSI/ISA 84.00.01ProcessIndustry
IEC 61513NuclearIndustry
IEC 62061Machinery
Function Safety Engineering
Application Area of IEC 61508
The IEC 61508 applies: To any electrical/ electronic / programmable electronic
(E/E/PE) safety related systems Especially where no functional safety standard exists Anywhere in the world where it is accepted
Function Safety Engineering
Application Area of IEC 61508
Typical applications are: Programmable electronic system (PES) Safety instrumented systems (SIS) Emergency shutdown systems (ESD) High integrity pressure protection systems (HIPPS) Burner management systems (BMS) Fire and gas system (F&G) High speed over protection system Emergency brake of a train
Function Safety Engineering
IEC61511Functional Safety- Safety Instrumented Systems for the Process Industry Sector
Part 1: Framework, definitions, system hardware and software requirements
Part 2: Guidelines in the application of part 1
Part 3: Guidance for the determination of safety integrity levels
IEC: International Electro technical Commission, PO Box 131, CH –1211, Geneva, SwitzerlandWebstore at www.iec.ch.
Function Safety Engineering
Application Area of IEC 61511
IEC 61511 applies: To safety instrumented system
Instruments (E/E/PE or not) Logic solver (E/E/PE or not) Actuators (E/E/PE or not)
Function Safety Engineering
IEC 61508 vs. IEC 61511
Manufacturers and suppliers of devices
IEC 61508
Safety InstrumentedSystems designers,
Integrators and usersIEC 61511
Process SectorSafety Instrumented System Standards
Function Safety Engineering
Safety Integrity Level
What is this SIL? First of all it is a qualitative measure of safety Second, it is a quantitative reliability metric There are 4 SIL levels, 1-4
What is not SIL?
Only a probability calculation …
Function Safety Engineering
SIS
OperatingEquipment
ControlSystem
Safety Instrumented Systems act independently of the process or its control system to try to prevent a hazardous event.
Function Safety EngineeringThe SIS achieves risk reduction by reducing the frequency
(likelihood) of the hazardous event
SIS
OperatingEquipment
ControlSystem
Function Safety EngineeringThe amount of risk reduction allocated to the SIS determines its
“target Safety Integrity Level” i.e. SIL
SIS
OperatingEquipment
ControlSystem
Function Safety EngineeringSafety Integrity Level
Three important SIL properties Applies to the complete safety function/loop Higher SIL means stricter requirements There are technical and non-technical requirements
SIL PFD Safety Availability Risk Reduction
4 0.0001 - 0.00001 0.9999 – 0.99999 10000 - 100000
3 0.001 – 0.0001 0.999 – 0.9999 1000 - 10000
2 0.01 – 0.001 0.99 – 0.999 100 – 1000
1 0.1 – 0.01 0.9 – 0.99 10 - 100
Function Safety Engineering
Scope of the plant, identify the hazard and evaluate the risks
Define the risk reduction requirements. Allocate to protection layers. Define SIFs and SILs
Detailed engineering activitiesto design and build the SIS
Operating and maintenance regimeManage the modifications
Summary of IEC61511 Safety Lifecycle Phases
Verification
De-commissioning
Installation, commissioning and validation stages 5
6
4
2and 3
1
8
8
7
Function Safety Engineering
(Hardware and Software)
Logic solver
Sensor Logic Solver Actuator
Scope of a Safety Instrumented System
Function Safety EngineeringSIL Classification by Risk Parameters Chart
a
1
2
3
4
b
-
a
1
2
3
4
-
-
a
1
2
3
W3 W2 W1
CA
CB
CC
CD
FA
FB
FA
FB
FA
FB
PA
PB
PB
PB
PA
PA
PA
PB
- = No safety requirementsa = No special safety requirementsb = A single E/E/PES is not sufficient1,2,3,4 = Safety integrity level
F – Frequency & Exposure timeFA:FB:
Seldom to relatively frequentFrequent to continuous
Risk Parameters:
C – Extent of Damage
CA:CB:
CC:CD:
Slight injurySevere irreversible injury to one or more persons or death of a personDeath of several personsCatastrophic consequences multiple deaths
P – Hazard Avoidance / MitigationPossible under certain conditionsHardly possible
PA:PB:
W – Occurrence ProbabilityVery lowLowRelatively high
W1:W2:W3:
Startingpoint
Function Safety EngineeringSIL Classification by Risk Parameters Chart: Example
a
1
2
3
4
b
-
a
1
2
3
4
-
-
a
1
2
3
W3 W2 W1
CA
CB
CC
CD
FA
FB
FA
FB
FA
FB
PA
PB
PB
PB
PA
PA
PA
PB
- = No safety requirementsa = No special safety requirementsb = A single E/E/PES is not sufficient1,2,3,4 = Safety integrity level
F – Frequency & Exposure timeFA:FB:
Seldom to relatively frequentFrequent to continuous
Risk Parameters:C – Extent of Damage
CA:CB:
CC:CD:
Slight injurySevere irreversible injury to one or more persons or death of a personDeath of several personsCatastrophic consequences multiple deaths
P – Hazard Avoidance / MitigationPossible under certain conditionsHardly possible
PA:PB:
W – Occurrence ProbabilityVery lowLowRelatively high
W1:W2:W3:
Startingpoint
W2
CB
FB
C – Extent of Damage
PA