4 - sil.pdf
TRANSCRIPT
-
8/18/2019 4 - SIL.pdf
1/22
RELIABILITY ENGINEERINGMODULE 4LOPA / SIS / SIL
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 1
-
8/18/2019 4 - SIL.pdf
2/22
R&I Management Framework
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 2
Execute maintenance plansBreakdown maintenance
Data logging
Maintenance EfficiencySchedule compliance
Adapt task frequenciesmaintenance methods
Maintenance tasks/ plansWork planning
Asset
Breakdown analysis RCAProactive analysis FRACAS
Condition monitoring/analysisSOW analysis
Compliance analysis
Training Program
Asset knowledge
Rules & regulations
Adapt RBM
strategies
Modifications
Replacements
SIL RCMRBI
Asset Register
Criticality Analysis
Risk Based Maintenancestrategies
Run to failure; Fixedinterval; Condition based
-
8/18/2019 4 - SIL.pdf
3/22
LOPALAYERS OF PROTECTION ANALYSIS
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 3
-
8/18/2019 4 - SIL.pdf
4/22
Layered protection
Background• Piper Alpha
• Bhopal
• Seveso• Texas City
Accidents with catastrophic consequence that cost many lives,
made it clear that for safe operation of high risk plants it is
not enough to rely on proper design and operation of plants
and to rely on normal process controls and alarms.
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 4
-
8/18/2019 4 - SIL.pdf
5/22
LOPA
What is it?Layer of Protection Analysis (LOPA) is a Process Hazard Analysis
tool.
The method utilizes the hazardous events, event severity,initiating causes and initiating likelihood data developed
during the Hazard and Operability analysis (HAZOP).
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 5
• Process Design• Basic Process Control• Alarms, manual intervention• Safety Instrumented Systems• Active protection layer
• Passive protection layer• Emergency response layers
-
8/18/2019 4 - SIL.pdf
6/22
LOPA
How do we use it?LOPA allows us to determine the risk associated with the
various hazardous events by utilizing their severity and the
likelihood of the events occurring.LOPA analyzes the risk reduction that can be achieved from
various layers of protection. If additional risk reduction is
required after the reduction provided by process design, the
basic process control system (BPCS), alarms and associatedoperator actions, pressure relief valves, etc., a Safety
Instrumented System (SIS) may be required.
The safety integrity level (SIL) of the SIS can be determined
directly from the additional risk reduction required.
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 6
-
8/18/2019 4 - SIL.pdf
7/22
LOPA
What does it all mean?
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 7
Intrinsic safety embedded in the design
-
8/18/2019 4 - SIL.pdf
8/22
LOPA
Referenced Standards• IEC 61508 Functional Safety of
Electrical/Electronic/Programmable Electronic Safety-
related Systems• IEC 61511 Functional safety – Safety instrumented systems
for the process industry sector
• ANSI/ISA S84 Functional safety of safety instrumented
systems for the process industry sector
• IEC 62061 Machinery systems
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 8
-
8/18/2019 4 - SIL.pdf
9/22
SISSAFETY INSTRUMENTED SYSTEM
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 9
-
8/18/2019 4 - SIL.pdf
10/22
Safety Instrumented Systems
SIS• A Safety Instrumented System is a set of hardware and
software controls specifically engineered and used to put a
safety critical process into a "Safe State" to avoid adverse
Safety, Health and Environmental(SH&E) consequences.
• Safety Instrumented Systems must be independent from allother control systems that control the same equipment in
order to ensure SIS functionality is not compromised.• The specific control functions performed by a SIS are called
Safety Instrumented Functions (SIF). They are implemented
as part of an overall risk reduction
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 10
-
8/18/2019 4 - SIL.pdf
11/22
Safety Instrumented System
Example
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 11
HIPPS – High Integrity Pressure Protection System
In accordance withIEC 61508
IEC 61511
-
8/18/2019 4 - SIL.pdf
12/22
SILSAFETY INTEGRITY LEVEL
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 12
-
8/18/2019 4 - SIL.pdf
13/22
SIL level determination
Risk graph
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 13
-
8/18/2019 4 - SIL.pdf
14/22
What do the SIL levels mean?
PFD and RRF• PFD – Probability of Failure on Demand
• What is the probability that it will not do what it is supposed
to do.
• RRF – Risk Reduction Factor
• The risk will be reduced RRF times
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 14
-
8/18/2019 4 - SIL.pdf
15/22
Probability of Failure on DemandHidden failure
Probability of Failure on Demand is a hidden failure. We will
only find out that the SIS is not doing what it is supposed to do
when we need it.
This of course is not acceptable.
For all the components that make up a SIS we will have to
calculate a test frequency and describe a test procedure to
reduce the probability of an undetected failure in the SIS thatwould result in Failure to Function on Demand.
• Formula according to IEC61508:
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 15
-
8/18/2019 4 - SIL.pdf
16/22
SIL testsImplementation and record keeping
• After having calculated the test frequencies and havingdescribed the test scenario’s, the test activities have to be
implemented in CMMS or a dedicated software program in
order to schedule and execute these activities.
• SIL testing activities are considered compliance tasks.
• Through the CMMS or a dedicated software program timely
execution of the tasks must be monitored.
• Test date and findings must be recorded in CMMS ordedicated software for reference in audits or RCA’s.
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 16
Axiom: IF IT ISN’T RECORDED, IT WASN’T DONE !
-
8/18/2019 4 - SIL.pdf
17/22
SILReliability aspects not covered by IEC 61508
• It is important to understand that IEC 61508 and similarstandards are only concerned with the safety aspects
regarding Probability of Failure on Demand.
• For reliability we also have to look at the consequence andprobability of spurious trip. (unjustified trip, “false
alarm”).
• For this reason relying on SIL testing alone may not beenough and an RCM or FMEA may be needed to identify risks
and mitigating actions related to spurious trip.
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 17
-
8/18/2019 4 - SIL.pdf
18/22
SIL ratedinstruments and final elements
Electric and electronic devices can be certified for use in
Functional Safety applications according to IEC 61508,
providing application developers with the evidence required
to demonstrate that the application including the device is
also compliant with IEC 61508.
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 18
-
8/18/2019 4 - SIL.pdf
19/22
SIS/SIL testing and maintenanceBuilding block of the Asset Management Concept
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 19
Asset Management Concept
Criticality Analysis
Compliance &Integrity
Concept
Data &
Document
Concept
Maintenance
Concept
-
8/18/2019 4 - SIL.pdf
20/22
R&I Management Framework
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 20
Execute maintenance plansBreakdown maintenance
Data logging
Maintenance EfficiencySchedule compliance
Adapt task frequenciesmaintenance methods
Maintenance tasks/ plansWork planning
Asset
Root Cause AnalysisProactive analysis FRACAS
Condition monitoring/analysis
Compliance analysis
Training Program
Asset knowlegde
Rules & regulations
Adapt RBM
strategies
Modifications
Replacements
SIL RCMRBI
Asset Register
Criticality Analysis
Risk Based Maintenancestrategies
Run to failure; Fixedinterval; Condition based
-
8/18/2019 4 - SIL.pdf
21/22
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 21
-
8/18/2019 4 - SIL.pdf
22/22
RELIABILITY ENGINEERINGMODULE 4THANK YOU FOR YOURATTENTION
JANUARY 28, 2014ASSET LIFECYCLE INTEGRITY PARTNER PAGE 22