Introduction to Functional Safety

Functional Safety Engineering

FUNCTIONAL SAFETY COURSE

SAFETY INSTRUMENTED SYSTEMS

FOR

ENGINEERS

USING

IEC 61511 AND IEC 61508

Function Safety Engineering

Objective of this Workshop

To provide a basic knowledge of the fundamental principles of functional safety and good practice in the specification, design and management of safety instrumented systems in the process industry

To encourage a multi-disciplined approach to the management of functional safety


Content of the Workshop

Overview of key topics of interest covering the design and implementation of safety instrumented systems based on the functional safety lifecycle.

The workshop uses the functional safety lifecycle as a framework for applying the standards IEC 61508 and IEC 61511


Contents

Functional Safety Lifecycle Hazard and Risk Analysis Risk Reduction and Safety Allocation Safety Integrity Level Determination Methods Achieving Safety and Availability Targets Hardware Safety Integrity Level Verification Methods Software Diagnostics and Proof Testing


Dike Passive protection layer

Emergency response layerPlant andEmergency Response

ProcessValue Normal behaviour

BasicProcessControlSystem

Process control layer

Safety Through Layers of Protection

OperatorIntervention

Process control layer

Process alarm

ProcessShutdown

Trip level alarm

SafetyInstrumentedSystem

Safety layerEmergencyShut Down

Relief valve,Rupture disk Active protection layer

Prevent

Mitigate

x x

Slide acknowledgement: Emerson


What is Functional Safety?

A safety system is functionally safe if: Random, common cause and systematic failures do not

lead to malfunctioning of the safety system and do not result in:

Injury or death of humans Spills to the environment Loss of equipment or production


Functional Safety Standards

For safety instrumented systems there are two important standards when it comes to functional safety:

IEC 61508: Functional safety of electrical/electronic / programmable electronic safety-related systems

IEC 61511 / ANSI/ISA 84.00.01 Modified: Functional Safety: safety instrumented systems for the process industry sector


Introducing Standard IEC61508

International Electro-technical CommissionTitle:Functional safety of electrical/electronic/programmable electronic safety-related systems –

Part 0: Introduction to functional safetyPart 1: General requirementsPart 2: Requirements for electrical / electronic /programmable electronic systemsPart 3: Software requirementsPart 4: Definitions and abbreviationsPart 5: Examples of methods for the determination of safety integrity levelsPart 6: Guidelines on the application of parts 2, 3Part 7: Overview of techniques and measures


Umbrella Standard

IEC 61508

EN 50402PressureSensors

EN 50128Railway

IEC 61511ProcessIndustry

ANSI/ISA 84.00.01ProcessIndustry

IEC 61513NuclearIndustry

IEC 62061Machinery


Application Area of IEC 61508

The IEC 61508 applies: To any electrical/ electronic / programmable electronic

(E/E/PE) safety related systems Especially where no functional safety standard exists Anywhere in the world where it is accepted



Typical applications are: Programmable electronic system (PES) Safety instrumented systems (SIS) Emergency shutdown systems (ESD) High integrity pressure protection systems (HIPPS) Burner management systems (BMS) Fire and gas system (F&G) High speed over protection system Emergency brake of a train


IEC61511Functional Safety- Safety Instrumented Systems for the Process Industry Sector

Part 1: Framework, definitions, system hardware and software requirements

Part 2: Guidelines in the application of part 1

Part 3: Guidance for the determination of safety integrity levels

IEC: International Electro technical Commission, PO Box 131, CH –1211, Geneva, SwitzerlandWebstore at www.iec.ch.



IEC 61511 applies: To safety instrumented system

Instruments (E/E/PE or not) Logic solver (E/E/PE or not) Actuators (E/E/PE or not)


IEC 61508 vs. IEC 61511

Manufacturers and suppliers of devices

IEC 61508

Safety InstrumentedSystems designers,

Integrators and usersIEC 61511

Process SectorSafety Instrumented System Standards


Safety Integrity Level

What is this SIL? First of all it is a qualitative measure of safety Second, it is a quantitative reliability metric There are 4 SIL levels, 1-4

What is not SIL?

Only a probability calculation …


SIS

OperatingEquipment

ControlSystem

Safety Instrumented Systems act independently of the process or its control system to try to prevent a hazardous event.

Function Safety EngineeringThe SIS achieves risk reduction by reducing the frequency

(likelihood) of the hazardous event

SIS

OperatingEquipment

ControlSystem

Function Safety EngineeringThe amount of risk reduction allocated to the SIS determines its

“target Safety Integrity Level” i.e. SIL

SIS

OperatingEquipment

ControlSystem

Function Safety EngineeringSafety Integrity Level

Three important SIL properties Applies to the complete safety function/loop Higher SIL means stricter requirements There are technical and non-technical requirements

SIL PFD Safety Availability Risk Reduction

4 0.0001 - 0.00001 0.9999 – 0.99999 10000 - 100000

3 0.001 – 0.0001 0.999 – 0.9999 1000 - 10000

2 0.01 – 0.001 0.99 – 0.999 100 – 1000

1 0.1 – 0.01 0.9 – 0.99 10 - 100


Scope of the plant, identify the hazard and evaluate the risks

Define the risk reduction requirements. Allocate to protection layers. Define SIFs and SILs

Detailed engineering activitiesto design and build the SIS

Operating and maintenance regimeManage the modifications

Summary of IEC61511 Safety Lifecycle Phases

Verification

De-commissioning

Installation, commissioning and validation stages 5

6

4

2and 3

1

8

8

7


(Hardware and Software)

Logic solver

Sensor Logic Solver Actuator

Scope of a Safety Instrumented System

Function Safety EngineeringSIL Classification by Risk Parameters Chart

a

1

2

3

4

b

-

a

1

2

3

4

-

-

a

1

2

3

W3 W2 W1

CA

CB

CC

CD

FA

FB

FA

FB

FA

FB

PA

PB

PB

PB

PA

PA

PA

PB

- = No safety requirementsa = No special safety requirementsb = A single E/E/PES is not sufficient1,2,3,4 = Safety integrity level

F – Frequency & Exposure timeFA:FB:

Seldom to relatively frequentFrequent to continuous

Risk Parameters:

C – Extent of Damage

CA:CB:

CC:CD:

Slight injurySevere irreversible injury to one or more persons or death of a personDeath of several personsCatastrophic consequences multiple deaths

P – Hazard Avoidance / MitigationPossible under certain conditionsHardly possible

PA:PB:

W – Occurrence ProbabilityVery lowLowRelatively high

W1:W2:W3:

Startingpoint

Function Safety EngineeringSIL Classification by Risk Parameters Chart: Example

a

1

2

3

4

b

-

a

1

2

3

4

-

-

a

1

2

3

W3 W2 W1

CA

CB

CC

CD

FA

FB

FA

FB

FA

FB

PA

PB

PB

PB

PA

PA

PA

PB

- = No safety requirementsa = No special safety requirementsb = A single E/E/PES is not sufficient1,2,3,4 = Safety integrity level

F – Frequency & Exposure timeFA:FB:

Seldom to relatively frequentFrequent to continuous

Risk Parameters:C – Extent of Damage

CA:CB:

CC:CD:

Slight injurySevere irreversible injury to one or more persons or death of a personDeath of several personsCatastrophic consequences multiple deaths

P – Hazard Avoidance / MitigationPossible under certain conditionsHardly possible

PA:PB:

W – Occurrence ProbabilityVery lowLowRelatively high

W1:W2:W3:

Startingpoint

W2

CB

FB

C – Extent of Damage

PA


End

Introduction to Functional Safety

Documents

Transcript of Introduction to Functional Safety