IEC 61511 introduction
-
date post
12-Sep-2014 -
Category
Technology
-
view
2.498 -
download
35
description
Transcript of IEC 61511 introduction
Copyright exida Asia Pacific © 2013
Singapore +65 6222 5160 Shanghai +86 21 5171 7250Hong Kong +852 2633 7727Germany +49 89 4900 0547USA +1 215 453 1720Switzerland +41 22 364 14 34
Canada +1 403 475 1943United Kingdom +44 2476 456 195Netherlands +31 318 414 505Australia / NZL +64 3 472 7707Mexico +52 55 5611 9858South Africa +27 31 267 1564
Exida Contacts
Functional Safety - IEC 61511 IntroductionNew Plymouth, 11 April 2013
Koen Leekens+65 977 9547
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Today’s Objective
Introduce the Concept and Basic Principles of IEC 61511
Copyright exida Asia Pacific © 2013 [email protected]
Safety is Only as Strong as its Weakest Link
exida
Copyright exida Asia Pacific © 2013 [email protected]
exida History
Founded in 1999 by experts from Manufacturers, End Users, Engineering Companies and TÜV Product Services
“Independent provider of Tools, Services and Training supporting Customers with Compliance and Certification to any
Standards for Functional Safety, Cyber Security and Alarm Management”
Rainer FallerFormer Head of TÜV Product ServicesChairman German IEC 61508Global Intervener ISO 26262 / IEC 61508Author of several Safety BooksAuthor of IEC 61508 parts
Dr. William GobleFormer Director Moore IndustriesDeveloped FMEDA Technique (PhD) Author of several Safety BooksAuthor of several Reliability Books
Copyright exida Asia Pacific © 2013 [email protected]
What we do
EXPERTISE SCOPE
Tools
Training
Consultancy
Certification
INDUSTRIES
Process
Energy
Machine
Automotive
End Users
Manufacturer
Engineering
Integrators
CUSTOMERS
Functional Safety
Alarm Management
Cyber Security
Reliability
Copyright exida Asia Pacific © 2013 [email protected]
exida Tools – Process Industry
Copyright exida Asia Pacific © 2013 [email protected]
exida Services and Training – Process Industry
Functional Safety Management Set-upFunctional Safety AssessmentPHASIL Determination SRS DevelopmentSIL VerificationAlarm Philosophy – RationalizationCyber Security AssessmentsTraining Programs
Copyright exida Asia Pacific © 2013 [email protected]
Global Functional Safety Certification Consultant 3rd Party Accredited Certification Body Developer FMEDA TechniqueMechanical Failure DatabaseElectrical & Electronic Failure DatabaseInstrument & Equipment Failure DatabaseDevelopment Field Failure Database MethodologyGlobal Active Participation in IEC – ISO WorkgroupsFunctional Safety Engineering Tools
exida Industry Contributions
Copyright exida Asia Pacific © 2013 [email protected]
exida Library
exida publishes analysistechniques for functional safetyexida authors ISA best- sellers for automationsafety and reliabilityexida authorsindustry data handbook onequipment failuredata
www.exida.com
Copyright exida Asia Pacific © 2013 [email protected]
exida Customers (extract from 2000+)
Copyright exida Asia Pacific © 2013 [email protected]
What do accidents teach us?
Buncefield 2005
Bhopal 1984 Flixborough 1974
Seveso 1976
Copyright exida Asia Pacific © 2013 [email protected]
Primary Cause of Failures?
Specification
Changes after Com-mission
Operation and Maintenance
Design and Imple-mentation
Installation and Commission
Copyright exida Asia Pacific © 2013 [email protected]
Primary Cause of Failures?
Specification
Changes after Com-mission
Operation and Main-tenance
Design and Implemen-tation
Installation and Commission
Source Health, Safety & Environmental Agency
The majority of accidents are:… Preventable if a systematic
Risk-Based Approach is adopted…
More than 80% of Failures Before Startup
Copyright exida Asia Pacific © 2013 [email protected]
Device Manufacturers - Sector Specific Not Available
Which Standard?
IEC 61513Nuclear
IEC 61511Process Industry
IEC 61508Functional Safety for E/E/PES Safety Related Systems
ISO 26262Road Vehicles
End Users - Systems Integrators
IEC 62061Machinery
Copyright exida Asia Pacific © 2013 [email protected]
Relationship IEC 61508 – IEC 61511
Manufacturers and Suppliers of Devices
IEC 61508
Safety Instrumented System designers, Integrators and users
IEC 61511
Process Sector Safety Instrumented System Standards
Copyright exida Asia Pacific © 2013 [email protected]
RANDOMFailures
IEC 61511 – Protection Against:
SYSTEMATIC Failures
Random Failures? Systematic Failures?
Copyright exida Asia Pacific © 2013 [email protected]
Random Failures: “Usually a permanent failure due to a system component loss of functionality – hardware related
What are…?
Copyright exida Asia Pacific © 2013 [email protected]
Systematic Failures: “Usually due to a design fault, wrong specification,not fit for purpose , error in software program, ...
What are…?
Copyright exida Asia Pacific © 2013 [email protected]
Question?
Is Redundancy sufficient protection against SYSTEMATIC FAILURES?
Copyright exida Asia Pacific © 2013 [email protected]
RANDOMFailures
IEC 61508 – Protect Against:
SYSTEMATIC Failures
HOW? HOW?
Copyright exida Asia Pacific © 2013 [email protected]
RANDOMFailures
IEC 61508 – Protect Against:
SYSTEMATIC Failures
Probabilistic Performance Based
DesignHOW?
Copyright exida Asia Pacific © 2013 [email protected]
PROBABILISTIC BASED DESIGN
Copyright exida Asia Pacific © 2013 [email protected]
RANDOMFailures
IEC 61508 – Protect Against:
SYSTEMATIC Failures
Probabilistic Performance Based
DesignHOW?
Copyright exida Asia Pacific © 2013 [email protected]
RANDOMFailures
IEC 61508 – Protect Against:
SYSTEMATIC Failures
Probabilistic Performance Based
Design
Detailed Engineering Process
Copyright exida Asia Pacific © 2013 [email protected]
Key Aspects of IEC 61508/61511
Safety Integrity Levels (SIL)– Reliable Hardware with predictable failure rates to
protect against Random Failures (Physical)
Safety Lifecycle – Safety Management with controlled and systematic
processes to protect against Systematic Failures (Design)
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Management and Planning Analysis Phase
Realization Phase
Operate and Maintain
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Management and Planning
Copyright exida Asia Pacific © 2013 [email protected]
SRS Always Required?
Do I Need A SIS in
My Plant?
Copyright exida Asia Pacific © 2013 [email protected]
IEC 61511/61508 are Risk Based
“Is it worth going for the Cheese?”
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Risk: Consequence x Likelihood.
Accounts for both the consequense and the likelihood portion of the risk
Copyright exida Asia Pacific © 2013 [email protected]
Analyze Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Analyze Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Define Tolerable Risk
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Tolerable Risk: The level of risk that society will accept
– Who is being exposed to risk? Individuals Society Environment
– What is the nature of the risk? Fatality / Injury Permanent / Temporary Damage Financial Loss
MoralLegal
Financial
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
ALARP: As Low As Reasonably Practicable
Copyright exida Asia Pacific © 2013 [email protected]
Tolerable Risk Sample – Statistics UK
A ctivity P robability per person per year
F A R P er 10 8
exposure hrs T ravel A ir 2 x 10 -6 T ra in 3 x 10 –6 3 -5 B us 2 x 10 -4 4 C ar 2 x 10 –4 50-60 M otorcycle 2 x 10 -2 500-1000 O ccupation C hem ical Industry 5 x 10 –5 4 M anufacturing 8 Shipping 9 x 10 –4 8 C oa l M ining 2 x 10 –4 10 A griculture 10 B oxing 20 000 V o luntary R ock clim bing 1 .4 x 10 –4 4 000 Sm oking 5 x 10 –3
Copyright exida Asia Pacific © 2013 [email protected]
Analyze Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Analyze Actual RISK
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Design Changes
Calculated Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Design Changes
Other Risk Reduction
Calculated Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Analyze other Layers of Protection
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Calculated Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
Bring Risk below Tolerable
Risk Analysis
(defined by Customer per application)
Design Changes
Other Risk Reduction
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Calculated Process Risk (Inherent Risk)
Tolerable Level of Risk
Risk
SIL is measure for Risk Reduction
Risk Analysis
(defined by Customer per application)
Design Changes
Other Risk Reduction
High
Low
Copyright exida Asia Pacific © 2013 [email protected]
Risk Reduction Factor (RRF) and SIL
High Risk
Low Risk
1/RRF = PFD
Copyright exida Asia Pacific © 2013 [email protected]
Risk Reduction Factor (RRF) and SIL
1/RRF = PFD
Copyright exida Asia Pacific © 2013 [email protected]
Risk Reduction Factor (RRF) and SIL
Copyright exida Asia Pacific © 2013 [email protected]
Safety Requirements Specification
• Target SIL• Functional Description of Each SIF• Response Time• Bypass Requirement
...
( IEC 61511-1 clause 10)
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Realization Phase
Copyright exida Asia Pacific © 2013 [email protected]
SIF Design
The SIL achieved is the minimum of:1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
Copyright exida Asia Pacific © 2013 [email protected]
Probability of Failure on Demand
The SIL achieved is the minimum of:1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
PFDsensor + PFDmux + PFDinput + PFDmp + PFDOutput + PFDrelay + PFDfe + PDFprocess-connection
Copyright exida Asia Pacific © 2013 [email protected]
SSDSU
SAFE DETECTED
SAFE UNDETECTED
DANGEROUSUNDETECTED
DANGEROUSDETECTED
DDDDU
60%
40%
Divide each failure rate into specific failure modes
IEC 61508-6 Method
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Fail Danger: A failure that prevents the safety function from performing
Fail Safe: Anything that is not Fail Danger
.
NOTE: Definitions refer to single channel architectures.
Copyright exida Asia Pacific © 2013 [email protected]
SIF Design
The SIL achieved is the minimum of:1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function
ArchitectureHardware
FaultTolerance
1oo1 01oo1D 01oo2 12oo2 02oo3 1
2oo2D 01oo2D 11oo3 2
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function
ArchitectureHardware
FaultTolerance
1oo1 01oo1D 01oo2 12oo2 02oo3 1
2oo2D 01oo2D 11oo3 2
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Safe Failure Fraction: A measurement of the likelihood of getting a dangerous failure that is NOT detected by automatic self diagnositcs
.
NOTE: Definitions refer to single channel architectures.
Copyright exida Asia Pacific © 2013 [email protected]
IEC 61508 Safe Failure Fraction
SFF = lSD + lSU + lDD
lSD + lSU + lDD + lDU
= 1 - lDU
lTotal
Copyright exida Asia Pacific © 2013 [email protected]
Example FMEDA 3051S SILac
Copyright exida Asia Pacific © 2013 [email protected]
Example 3051S
Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function
ArchitectureHardware
FaultTolerance
1oo1 01oo1D 01oo2 12oo2 02oo3 1
2oo2D 01oo2D 11oo3 2
Copyright exida Asia Pacific © 2013 [email protected]
SIF Design
The SIL achieved is the minimum of:1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
Copyright exida Asia Pacific © 2013 [email protected]
Certified versus Proven in Use
Certificate by
Independent Assessor
Justification by User
Copyright exida Asia Pacific © 2013 [email protected]
Product Certification
Functional safety certification for devices is accomplished per IEC 61508Products are certified to a Safety Integrity Level (SIL)The result is typically a certificate and a certification report
SIL Certification Vendor showed
sufficient protection against Random and Systematic Failures
Copyright exida Asia Pacific © 2013 [email protected]
Example…
The SIL achieved is the minimum of:
1. SILPFD: SIL2
2. SILAC : SIL1
3. SILCAP: SIL3The SIL level for this Safety Instrumented
Function (SIF) is:???
Copyright exida Asia Pacific © 2013 [email protected]
Example
The SIL achieved is the minimum of:
1. SILPFD: SIL2
2. SILAC : SIL1
3. SILCAP: SIL3The SIL level for this Safety Instrumented
Function (SIF) is:SIL1
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Realization Phase
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Operate and Maintain
Copyright exida Asia Pacific © 2013 [email protected]
What is…?
Proof Testing: A manually initiated test designed to detect failure of any part of a SF. Different proof test procedures can have different levels of effectiveness.
No practical proof test will detect all
failures
Copyright exida Asia Pacific © 2013 [email protected]
The IEC 61511 Safety Lifecycle
Copyright exida Asia Pacific © 2013 [email protected]
“Disabled” Safety is not SAFE!
T h e R e p o s i t o r y o f I n d u s t r i a l S e c u r i t y I n c i d e n t swww.securityincidents.org
Anti-Virus Software Prevents Safety Shutdown
Date: May 2001
Company: Confidential
Location: Confidential
Industry: Petroleum
Incident Type: Accidental – Inappropriate Control
Impact: Confidential
© 2009 Security Incidents Organization
Description:A TÜV approved boiler safety protection system used Microsoft Excel on a PC workstation for programming. This workstation also had Norton anti-virus software running. The anti-virus software prevented the proper communications between the PC and the protection system. A safety shutdown that should have occurred did not.
Incident with “Certified” BoilerAnti-Virus Software
Prevents Safety ShutdownSource www.securityincidents.org
Copyright exida Asia Pacific © 2013 [email protected]
“Disabled” Safety is not SAFE!
T h e R e p o s i t o r y o f I n d u s t r i a l S e c u r i t y I n c i d e n t swww.securityincidents.org
Anti-Virus Software Prevents Safety Shutdown
Date: May 2001
Company: Confidential
Location: Confidential
Industry: Petroleum
Incident Type: Accidental – Inappropriate Control
Impact: Confidential
© 2009 Security Incidents Organization
Description:A TÜV approved boiler safety protection system used Microsoft Excel on a PC workstation for programming. This workstation also had Norton anti-virus software running. The anti-virus software prevented the proper communications between the PC and the protection system. A safety shutdown that should have occurred did not.
Explosion of “Certified” BoilerAnti-Virus Software
Prevents Safety ShutdownSource www.securityincidents.org
Advanced Technology introduces
new THREATS?
Copyright exida Asia Pacific © 2013 [email protected]
exida Functional Integrity Certification™
Functional Integrity Certification™
Functional Safety Certification ™
+Functional Security Certification ™
“Integrity is doing the right thing, even if nobody is watching.”
(Anonymous)
Copyright exida Asia Pacific © 2013 [email protected]
Safety is Only as Strong as its Weakest Link
exida
Copyright exida Asia Pacific © 2013 [email protected]
Thank You