iec61511 standard overview
play

IEC61511 Standard Overview Andre Kneisel Instrumentation Engineer - PowerPoint PPT Presentation

IEC61511 Standard Overview Andre Kneisel Instrumentation Engineer Chevron C.T. Refinery SAFA Symposium 2011 August 5 th , 2011 Presentation Overview Provide some understanding of the key aspects of Functional Safety and the applicable


  1. IEC61511 Standard Overview Andre Kneisel Instrumentation Engineer Chevron C.T. Refinery SAFA Symposium 2011 August 5 th , 2011

  2. Presentation Overview  Provide some understanding of the key aspects of Functional Safety and the applicable standards - IEC61511.  Attempt to explain some of the associated terminology and acronyms which are frequently used.  Answer the question: ―How do we determine if a safety function is required, and if it is required how reliable it should be?‖  Answer the question: ―How do we calculate the reliability of a given safety function?‖ 2

  3. Presentation Overview  Explore what the impact is of including explosion protection devices (such as IS Isolators) in the reliability calculations.  Explore the impact of including the probability of ignition in the SIL selection process. 3

  4. INTRODUCTION What is Functional Safety? It is the application of systems to maintain or achieve a safe state for a process and its associated equipment. For the purpose of this presentation we are referring to automated Safety Systems which generally operate without operator intervention. We are not referring to mitigation systems such as deluge systems or emergency response systems. These are largely outside the IEC61511 standard. 4

  5. IEC 61511 Overview What is IEC-61511?  The Newly Released International Standard for the Design, Implementation, Operation, Maintenance, Testing & Decommissioning of Safety Instrumented Systems for the Process Industries.  Performance vs. Prescriptive Based Standard  Focus on Management of Functional Safety & Design Lifecycle  Focus on SIS Design / Performance that Mitigates Risk Appropriately  Accepted by CENELEC (European Committee for Electrotechnical Standardization) as European standard in 2003.  Accepted by ANSI (American National Standards Institute) as United States’ standard, ANSI/ISA 84.00.01 -2004 Parts 1-3 (IEC 61511 modified). 5

  6. IEC61511 – WHAT IT IS NOT  IEC61511 is not a prescriptive standard in terms of prescribing what safety functions should be implemented. An engineer would not find a list of recommended safety functions for a particular process or type of equipment in the standard. The standard also does not provide a guide for the required  reliability (SIL) of safety functions. It is, in fact, quite possible for two different companies both implementing the same process and equipment to arrive at different target SIL values for the same safety functions. 6

  7. IEC 61508 SAFETY-RELATED SYSTEMS  Process Industries – IEC 61511  Safety Instrumented Systems  Manufacturing Industries – IEC IEC 61508 is the 62061 umbrella standard  Industrial Robots that covers different industrial sectors.  Machine Tools  Transportation Each sector can  Railway Signaling develop its own  Braking Systems standard using its  Lifts terminology, but  Medical must follow the framework and core  Miscellaneous Electro-medical requirements of IEC apparatus 61508  Radiography 7

  8. Relationship between IEC 61508 & IEC 61511 PROCESS SECTOR SAFETY INSTRUMENTED SYSTEM STANDARDS Safety instrumented systems designers, Manufacturers and integrators and suppliers of users devices IEC 61511 ANSI/ISA- 84.00.01-2003 (IEC IEC 61508 61511 Mod) 8

  9. IEC 61511 Overview (cont’d)  Functional Safety: Safety Instrumented Systems for the Process Industry Sector  Part 1-Framework,defintions,system, hardware and software requirements  Part 2-Guidelines for Part 1  Part 3-Guidance for determining required Safety Integrity Levels 9

  10. IEC 61511 Overview : SIS Lifecycle (cont’d) FUNCTIONAL SAFETY MANAGEMENT Hazard & Risk Analysis Verification Clause 8 1 HAZARD & Management RISK Safety of Functional ANALYSIS Lifecycle Allocation of Safety Functions to Safety and Structure Protection Layers EPC – Engineering, Functional and Clause 9 Safety Planning 2 Assessment Procurement & and auditing Construction DESIGN BASIS Safety Requirements Specification (Includes for the Safety Instrumented System Clause 10 & 12 Implementation, 3 Commissioning, and Design and Development Design and Engineering of Safety Validation). of Other Means of Instrumented System Risk Reduction Clauses 11 & 12 4 Clause 9 O&M – Operations and Maintenance EPC Installation, Commissioning and including provisions Validation Detailed Clauses 14 & 15 5 Engineering for Management Of Change (MOC) Operation and Maintenance Clause 16 6 Modification Clause O&M Clause 6.2 Clause 5 Clause 17 7 7,12.4, & 12.7 Decommisioning 11 10 Clause 18 8 9 10

  11. TERMS AND DEFINITIONS SIS – SAFETY INSTRUMENTED SYSTEM A SIS is an instrumented system used to implement one or more safety functions. A SIS is composed of input sensor(s), logic solver(s) and final element(s). Typically a single SIS implements multiple safety instrumented functions and is normally independent of the control systems. In the past SIS were known as Emergency Shutdown Systems (ESD) or as Safety Systems. Typically the Logic Solver is a high reliability programmable system with redundant power supplies, CPU’s and IO modules. However, the logic solver may also just be a simple system comprising of relays and contacts used to implement some tripping logic. 11

  12. TERMS AND DEFINITIONS SIS- Typical Configuration LOGIC SOLVER PT Power Output Input CPU 3 Supply Module Module REACTOR PT 1 TT 2 PT 2 TT 3 TT 1 SIS Power Output Input CPU Supply Module Module FINAL ELEMENTS INPUT SENSORS BPCS 12

  13. TERMS AND DEFINITIONS SIF – Safety Instrumented Function A SIF is a function implemented by a safety instrumented system which is intended to achieve or maintain a safe state for the process with respect to a specific hazardous event . Different SIFs can use the same final elements. It is common for different hazards to cause the shutdown of the same unit – in which case the final elements are shared between different SIFs. It is possible, but less common, for the input sensors to be shared between different safety functions. 13

  14. TERMS AND DEFINITIONS SIF – Typical Configuration 14

  15. TERMS AND DEFINITIONS PFD – Probability of Failure on Demand PFD is the likelihood (between 0 and 1) that a safety function will fail to perform as required. Examples: Sensor fails to detect a dangerous condition due to an • internal fault. Block valve fails to close due sticking. • The PFD of a safety function increases over time as shown on the following slide. 15

  16. TERMS AND DEFINITIONS PFD – Probability of Failure on Demand The PFD of a safety function increases over time as shown below. 16

  17. TERMS AND DEFINITIONS SIL – Safety Integrity Level The SIL of a safety instrumented function is the measure of the reliability of the function, i.e. the probability of the function performing its intended function and is based directly on the average PFD of the safety instrumented function over its intended life span. The SIL value is a discrete value 1 to 4, with 1 being the least reliable and 4 being the most reliable. For instance a PFD AVG of 5x10 -3 would equate to a SIL 2. 17

  18. TERMS AND DEFINITIONS SIL – Safety Integrity Level Safety Availability PFD Average Range Risk Reduction SIL Range (chance of failing) Factor 10 -1 to > 10 -2 1 0.9 to < 0.99 10 to < 100 10 -2 to > 10 -3 2 0.99 to < 0.999 100 to < 1,000 10 -3 to > 10 -4 3 0.999 to < 0.9999 1,000 to < 10,000 10 -4 to > 10 -5 4 0.9999 to < 0.99999 10,000 to < 100,000 18

  19. TERMS AND DEFINITIONS SIL – Safety Integrity Level Key Concept : Key Concept A SIL value is normally associated with an entire safety function, A SIL value is normally associated with an entire safety function, however individual SIF components may be certified in terms of however individual SIF components may be certified in terms of IEC51508 to have a SIL value. For instance a Logic Solver may be IEC51508 to have a SIL value. For instance a Logic Solver may be certified SIL 3. certified SIL 3.  This means that the logic solver may be used as part of a SIL 3 safety instrumented function.  It does not mean that any safety instrumented function using this logic solver will automatically meet SIL 3. 19

  20. TERMS AND DEFINITIONS Proof Tests These are tests which are carried out to ensure the functioning of a safety instrumented function. Key Concept: Key Concept: The PFD AVG of a safety instrumented function is directly related to the the proof test frequency. Consequently the SIL of a safety instrumented instrumented function is also directly related to the proof test frequency. 20

  21. TERMS AND DEFINITIONS Annual Proof Test 21

  22. TERMS AND DEFINITIONS Proof Test Every Four Years – Same SIF 22

  23. SIL SELECTION In the past when deciding what Safety Functions to implement, engineers either based their decisions on prescriptive standards (where available) or in many cases based their decisions on ―good engineering practice‖ or past experience. IEC61511 requires that a company should follow a SIL selection process as part of the Hazard and Risk Analysis Phase. The standard is not prescriptive with regard to what SIL selection method to use, but does propose some example methods:  Risk Graph Method  Risk Matrix Method  Quantitative - Layer Of Protection Analysis (LOPA)  As Low as Reasonably Practical (ALARP) 23

Recommend


More recommend