2 Functional Safety V00 - Endress+Hauser · PDF fileHow to determine a Safety integrity Level...

02/11/2015

Products Solutions Services

Functional Safety

How to determine a Safety integrity Level (SIL 1,2 or 3)

Slide 1 Philipp Conen

02/11/2015

Agenda of the next 45 min

Functional Safety Facts


SIL 1,2 or 3

Let´s apply IEC61511SIS , whats next ??

How do I meet the SIL level ?

02/11/2015

What is functional safety?

• A safety instrumented system is 100%functionally safe if all random,common cause and systematic failuresdo not lead to malfunctioning of thesafety system and do not result in• Injury or death of humans• Spills to the environment• Loss of equipment or production

• 100% functional safety does not exist,but risk reduction SIL 1, 2, 3 or 4 does.



02/11/2015

From Risk to Safety


Risk

Riskreduction

Safety

R = P × S

Risk reduction to a tolerable level.

Reduction of P

P = Probability of occurrence for a hazardous event, S = Extent of damage


02/11/2015

Is there absolute safety?


Risk

with

out

prot

ectiv

e m

easu

res

Risk

Tolerable risk

Risk

redu

ctio

n

Residual risk

• Structural measures

• Distribution of hazard

• Evacuation plans

• Mechanic, pneumatic

• Safety-related systems

• …

• Structural measures

• Distribution of hazard

• Evacuation plans

• Mechanic, pneumatic

• Safety-related systems

• …

Initial risk


02/11/2015

Products Solutions Services

Containment, Dike/Vessel Passive protection layer

Emergency response layerPlant andEmergency Response

OperatorIntervention

Process control layerProcessShutdown

Trip level alarm

Relief valve,Rupture disk Active protection layer

Prevent

Mitigate

Safety Instrumented Systems

ProcessValue Normal behavior

BasicProcessControlSystem

Process control layer

Process alarm

SafetyInstrumentedSystem

Safety layerEmergencyShut Down


02/11/2015

How to determine the required SIL? Risk Graph


4

4*

* single system not sufficient

SIL 3

Risk Graph example

Hazard


02/11/2015

Lets engineer our own Application



Start:Store 30000l of Toluol as basic for the important intermediate product Toluol-2,4-diisocyanat (TDI) for “Poly Urethane” production.

Easy inflame able

Harmful to health

Toluol tank burned in Germany, 2014

Target:Prevent vessel from bursting and avoid loss of liquid into the environment

02/11/2015

Safety function(s)(e.g. MIN, MAX, pressure range)

SIL capability(e.g. SIL 3)

Safety function(s)


Safety function(s)


SIF, safety function, SIL capability, SIL


Sensor Logic unit Actuator

Safety function (e.g. max. pressure monitoring), SIL (e.g. SIL 2)

Safety Instrumented Function (SIF)

Subsystem Subsystem Subsystem


02/11/2015

Single Channel System

Sensor Logic Actor System

SIL 2 3 2 ≤2

PFDav 0,3x10-2 0,05x10-2 0,4x10-2 0,705 x 10-2

Example: single channel overfill prevention

SIL 2PFDav= 0,35x10-2

SIL 3PFDav=0,05x10-2 SIL 2

PFDav=0,4x10-2

ActuatorLogicSensor

System= SIL 2

Simply reliable: Process safety from Endress+ Hauser

PFDS+PFDL+PFDA < 10-SILsystem

SILS , SILL , SILA ≥ SILsystemDesign rules

Slide 10 Ngo

02/11/2015

Architecture of Multi-Channel Systems


Safety

Availability1oo1 2oo2 3oo3

1oo2

1oo3

2oo3

4oo4

1oo4

Fundamental Safety Parameters• PFDav• HFT• SFFfor the complete system must be evaluated (e.g. Markov Model)

Which multi-channel system is safer than

2oo3?

Slide 11 Ngo

02/11/2015

Approximation formula (Source: VDI/VDE 2180, Sheet 4)


DU = „dangerous undetected“, = Common cause Factor, T1 = Time interval for proof testing [h] (1 Jahr = 8.760 h)

Options of Circuit Approximation formula for PFDav

1oo1

1oo2

1oo3

1oo4

2oo2

2oo3

2oo4

23

12

121

TTPFD DUDUoo

21

11TPFD DU

oo

122 TPFD DUoo

2

12132

TTPFD DUDUoo

24

13

131

TTPFD DUDUoo

2

13142

TTPFD DUDUoo

25

14

141

TTPFD DUDUoo

This is simplified. Use MARKOV method to calculate

the PFD more accurate.

Slide 12 Ngo

02/11/2015

Subsystem ActuatorSubsystem Logic UnitSubsystem Sensor

Sensor 1 Interface 1



2oo3

ControlModule 1

ControlModule 2

1oo2

Actu. 1Interface 4

Actu. 2Interface 5

2oo2

lDU = 500 FIT (per line)b=10%, T1=1 year, SFF=

lDU = 50 FIT (per Module) b=2%, T1=1 year, SFF=

lDU = 1200 FIT (per line) b=10%, T1=1 year, SFF=

Formula for für 2oo3 Formula for für 1oo2 Formula for für 2oo2

PFDav (S) = 2,4 × 10-4 PFDav (LE) = 4,4 × 10-6 PFDav (A) = 1,1 × 10-2

Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) = 1,3 × 10-2 SIL 1

Target: SIL 2

Target not achieved! What to do?FIT = Failures In Time, 1 FIT = 10-9 1/h

Complex calculation example(1)


Slide 13 Ngo

02/11/2015

Action 1: Reduce Proof-Test Intervall from 1 year to ½ year Additional Cost!





2oo3

ControlModule 1

ControlModule 2

1oo2

Actu. 1Interface 4

Actu. 2Interface 5

2oo2

lDU = 500 FIT (per line)b=10%, T1=½ year, SFF=

lDU = 50 FIT (per Module) b=2%, T1=½ year, SFF=

lDU = 1200 FIT (per line) b=10%, T1=½ year, SFF=

Formula for 2oo3 Formula for 1oo2 Formula for 2oo2





Slide 14 Ngo

02/11/2015

Action 2: more redundancy (here: Actuator) additional costs!





2oo3

ControlModule 1

ControlModule 2

1oo2 2oo2



lDU = 1200 FIT (per line) b=10%, T1=1 year, SFF=

Formula for 2oo3 Formula for für 1oo2 Formula for 1oo2/2oo2

PFDav (S) = 2,4 × 10-4 PFDav (LE) = 4,4 × 10-6 PFDav (A) ≈ 1,2 × 10-3

SIL 2

Actu. 3Interface 6

Actu. 4Interface 71oo2

Actu. 1Interface 4

Actu. 2Interface 51oo2

Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) ≈ 1,5 × 10-3



Slide 15 Ngo

02/11/2015





2oo3

ControlModule 1

ControlModule 2

1oo2

Actu. 1Interface 4

Actu. 2Interface 5

2oo2




Formula for 2oo3 Formula for 1oo2 Formula for 2oo2



Action: Correct selection of components from the beginning (here: Actuator)



Slide 16 Ngo

2 Functional Safety V00 - Endress+Hauser · PDF fileHow to determine a Safety integrity Level...

Documents

Transcript of 2 Functional Safety V00 - Endress+Hauser · PDF fileHow to determine a Safety integrity Level...