4 - SIL.pdf

RELIABILITY ENGINEERING MODULE 4 LOPA / SIS / SIL

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 1

JANUARY 28, 2014

R&I Management Framework Modifications Replacements

Asset Register

Rules & regulations

Criticality Analysis

Compliance analysis

RBI

SIL

RCM

Risk Based Maintenance strategies Run to failure; Fixed interval; Condition based Maintenance tasks/ plans Work planning

Adapt RBM strategies

Adapt task frequencies maintenance methods

Asset

Execute maintenance plans Breakdown maintenance Data logging

Maintenance Efficiency Schedule compliance Breakdown analysis RCA Proactive analysis FRACAS Condition monitoring/analysis SOW analysis ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 2

JANUARY 28, 2014

Training Program Asset knowledge

LOPA LAYERS OF PROTECTION ANALYSIS

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 3

JANUARY 28, 2014

Layered protection Background • • • •

Piper Alpha Bhopal Seveso Texas City

Accidents with catastrophic consequence that cost many lives, made it clear that for safe operation of high risk plants it is not enough to rely on proper design and operation of plants and to rely on normal process controls and alarms.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 4

JANUARY 28, 2014

LOPA What is it? Layer of Protection Analysis (LOPA) is a Process Hazard Analysis tool. The method utilizes the hazardous events, event severity, initiating causes and initiating likelihood data developed during the Hazard and Operability analysis (HAZOP). • • • • • • •

ASSET LIFECYCLE INTEGRITY PARTNER

Process Design Basic Process Control Alarms, manual intervention Safety Instrumented Systems Active protection layer Passive protection layer Emergency response layers

PAGE 5

JANUARY 28, 2014

LOPA How do we use it? LOPA allows us to determine the risk associated with the various hazardous events by utilizing their severity and the likelihood of the events occurring. LOPA analyzes the risk reduction that can be achieved from various layers of protection. If additional risk reduction is required after the reduction provided by process design, the basic process control system (BPCS), alarms and associated operator actions, pressure relief valves, etc., a Safety Instrumented System (SIS) may be required. The safety integrity level (SIL) of the SIS can be determined directly from the additional risk reduction required.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 6

JANUARY 28, 2014

LOPA What does it all mean?

Intrinsic safety embedded in the design

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 7

JANUARY 28, 2014

LOPA Referenced Standards • IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic Safetyrelated Systems • IEC 61511 Functional safety – Safety instrumented systems for the process industry sector • ANSI/ISA S84 Functional safety of safety instrumented systems for the process industry sector • IEC 62061 Machinery systems

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 8

JANUARY 28, 2014

SIS SAFETY INSTRUMENTED SYSTEM

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 9

JANUARY 28, 2014

Safety Instrumented Systems SIS • A Safety Instrumented System is a set of hardware and software controls specifically engineered and used to put a safety critical process into a "Safe State" to avoid adverse Safety, Health and Environmental(SH&E) consequences. • Safety Instrumented Systems must be independent from all other control systems that control the same equipment in order to ensure SIS functionality is not compromised. • The specific control functions performed by a SIS are called Safety Instrumented Functions (SIF). They are implemented as part of an overall risk reduction

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 10

JANUARY 28, 2014

Safety Instrumented System Example

In accordance with IEC 61508 IEC 61511

HIPPS – High Integrity Pressure Protection System

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 11

JANUARY 28, 2014

SIL SAFETY INTEGRITY LEVEL

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 12

JANUARY 28, 2014

SIL level determination Risk graph

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 13

JANUARY 28, 2014

What do the SIL levels mean? PFD and RRF • PFD – Probability of Failure on Demand • What is the probability that it will not do what it is supposed to do.

• RRF – Risk Reduction Factor • The risk will be reduced RRF times

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 14

JANUARY 28, 2014

Probability of Failure on Demand Hidden failure Probability of Failure on Demand is a hidden failure. We will only find out that the SIS is not doing what it is supposed to do when we need it. This of course is not acceptable. For all the components that make up a SIS we will have to calculate a test frequency and describe a test procedure to reduce the probability of an undetected failure in the SIS that would result in Failure to Function on Demand.

• Formula according to IEC61508:

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 15

JANUARY 28, 2014

SIL tests Implementation and record keeping • After having calculated the test frequencies and having described the test scenario’s, the test activities have to be implemented in CMMS or a dedicated software program in order to schedule and execute these activities. • SIL testing activities are considered compliance tasks. • Through the CMMS or a dedicated software program timely execution of the tasks must be monitored. • Test date and findings must be recorded in CMMS or dedicated software for reference in audits or RCA’s. Axiom: IF IT ISN’T RECORDED, IT WASN’T DONE !

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 16

JANUARY 28, 2014

SIL Reliability aspects not covered by IEC 61508 • It is important to understand that IEC 61508 and similar standards are only concerned with the safety aspects regarding Probability of Failure on Demand. • For reliability we also have to look at the consequence and probability of spurious trip. (unjustified trip, “false alarm”). • For this reason relying on SIL testing alone may not be enough and an RCM or FMEA may be needed to identify risks and mitigating actions related to spurious trip.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 17

JANUARY 28, 2014

SIL rated instruments and final elements Electric and electronic devices can be certified for use in Functional Safety applications according to IEC 61508, providing application developers with the evidence required to demonstrate that the application including the device is also compliant with IEC 61508.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 18

JANUARY 28, 2014

SIS/SIL testing and maintenance Building block of the Asset Management Concept Asset Management Concept Criticality Analysis

Maintenance Concept

Compliance & Integrity Concept

Data & Document Concept

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 19

JANUARY 28, 2014

R&I Management Framework Modifications Replacements

Asset Register

Rules & regulations

Criticality Analysis

Compliance analysis

RBI

SIL

RCM

Risk Based Maintenance strategies Run to failure; Fixed interval; Condition based Maintenance tasks/ plans Work planning

Adapt RBM strategies

Adapt task frequencies maintenance methods

Asset

Execute maintenance plans Breakdown maintenance Data logging

Maintenance Efficiency Schedule compliance Root Cause Analysis Proactive analysis FRACAS Condition monitoring/analysis

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 20

JANUARY 28, 2014

Training Program Asset knowlegde

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 21

JANUARY 28, 2014

RELIABILITY ENGINEERING MODULE 4 THANK YOU FOR YOUR ATTENTION

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 22

JANUARY 28, 2014