exsilentia user guide

exida.com L.L.C. August 20, 2009 exSILentia User Guide v25 Page 1 of 167

exSILentia User Guide exSILentia Version 2

exida.com LLC 64 North Main Street Sellersville, PA, 18960 +1 215 453 1720 [email protected]


Introduction Thank you for purchasing the exida exSILentia Safety Lifecycle engineering tool.

The name exSILentia is derived from the Latin word for excellence. Excellence is exidas first name (excellence in dependable automation). exSILentia allows you direct access to exidas years of experience when performing Safety Lifecycle engineering tasks.

The exSILentia team at exida is confident that you will appreciate this tool, the power of our online Safety Lifecycle engineering tools directly accessible from your workstation. The exSILentia tool currently integrates three Safety Lifecycle tools, these are:

SILect for SIL selection SIF SRS for SIF Safety Requirements Specification SILver for SIL verification

In addition to these standard Safety Lifecycle tools, the second version of exSILentia is designed to enable various plug-ins that are optional additions to the standard Safety Lifecycle tools. These plug-ins include the PHA import plug-in, the System SRS with C&E Matrix plug-in, Proof Test Report Generator, and Lifecycle Cost Estimator plug-in for example.

In Appendix A of this user guide we have provided a Trouble Shooting and Frequently Asked Questions section. If you have any problems we urge you to look in this section first. If this user guide doesnt answer your questions you can contact the exSILentia team via [email protected]. There is also a FAQ section available on the exSILentia website, visit www.exsilentia.com and click on the FAQ link.

If you have any suggestions for tool improvements we would be happy to hear from you! Please contact the exSILentia team via [email protected].

Furthermore exida has started an exSILentia home page. We intend to provide tool updates and Safety Equipment Reliability Handbook Database updates from this website. Visit us at www.exsilentia.com.

Appendix C contains a copy of the Software License Agreement that will also be displayed during installation. Installation will only be successful when you accept this software license agreement.


Table of Contents Introduction ........................................................................................................................................... 21 Installation ...................................................................................................................................... 7

1.1 Installation Package ............................................................................................................................. 71.2 Minimal System Requirements ............................................................................................................ 71.3 Installation Instructions ........................................................................................................................ 71.4 Licensing ............................................................................................................................................ 10

2 exSILentia .................................................................................................................................... 122.1 exSILentia Structure .......................................................................................................................... 122.2 Using exSILentia ................................................................................................................................ 13

2.2.1 Projects ..................................................................................................................................... 132.2.2 Menu Options ........................................................................................................................... 152.2.3 Available SIFs ........................................................................................................................... 152.2.4 Safety Instrumented Functions ................................................................................................. 162.2.5 SIF Sorting and Filtering ........................................................................................................... 18

2.3 Audit Trail; Configuring Users, Modifying Tool Status, Session Logs ................................................ 202.3.1 exSILentia Users ...................................................................................................................... 202.3.2 Tool Status ............................................................................................................................... 222.3.3 Session Logs ............................................................................................................................ 23

2.4 Using Project Files ............................................................................................................................. 242.5 Generating exSILentia Reports .......................................................................................................... 252.6 Maintaining the Project ...................................................................................................................... 272.7 Updating exSILentia ........................................................................................................................... 282.8 Updating Equipment Reliability Data ................................................................................................. 30

2.8.1 Updating the Safety Equipment Reliability Handbook Database .............................................. 302.8.2 Updating Equipment Items ....................................................................................................... 32

2.9 Spell Checking ................................................................................................................................... 322.10 exSILentia Help Options .................................................................................................................... 34

3 SILect SIL Selection .................................................................................................................. 363.1 SILect Structure ................................................................................................................................. 363.2 Tolerable Risk .................................................................................................................................... 373.3 Risk Graph ......................................................................................................................................... 393.4 VDI/VDE 2180 Risk Graph ................................................................................................................. 423.5 Hazard Matrix ..................................................................................................................................... 443.6 Frequency Based Targets .................................................................................................................. 473.7 Independent Protection Layer Reuse................................................................................................. 52

4 SIF SRS SIF Safety Requirements Specification ...................................................................... 554.1 SIF SRS Structure ............................................................................................................................. 554.2 Using SIF SRS ................................................................................................................................... 55


5 SILver SIL Verification ............................................................................................................... 575.1 SILver Structure ................................................................................................................................. 575.2 Using SILver ...................................................................................................................................... 58

5.2.1 Example SIF ............................................................................................................................. 595.2.2 Step 1: Enter general information ............................................................................................. 595.2.3 Step 2: Enter Sensor Part Information ...................................................................................... 625.2.4 Step 3: Enter Logic Solver Information ..................................................................................... 665.2.5 Step 4: Enter Final Element Part Information ........................................................................... 685.2.6 Step 5: Review Results ............................................................................................................ 72

5.3 Maintenance Capability ...................................................................................................................... 745.4 Proven-In-Use Justification ................................................................................................................ 765.5 Group Reuse ...................................................................................................................................... 795.6 The My Own component ................................................................................................................. 825.7 Beta Estimator Quick Tool ................................................................................................................. 845.8 Proof Test Coverage Calculator ......................................................................................................... 865.9 Resetting of Calculation Results / Recalculate SIFs .......................................................................... 875.10 Update Parameters ............................................................................................................................ 875.11 Unit Mean Time To Fail Spurious (MTTFS) ....................................................................................... 905.12 Sensor Configuration Options ............................................................................................................ 91

5.12.1 Low Trip or High Trip (in the Application Software) .................................................................. 915.12.2 Alarm Setting (in the Transmitter) ............................................................................................. 915.12.3 PLC Detection Configuration .................................................................................................... 925.12.4 Failure Rate Classification ........................................................................................................ 935.12.5 External Comparison ................................................................................................................ 935.12.6 Process Connection ................................................................................................................. 93

5.13 Final Element Options Remote Actuated Valve .............................................................................. 945.13.1 Actuator and Valve or Actuator-Valve Combination ................................................................. 945.13.2 Open on Trip or Close on Trip .................................................................................................. 945.13.3 Tight Shutoff ............................................................................................................................. 955.13.4 Severe Service ......................................................................................................................... 955.13.5 Partial Stroke Testing ............................................................................................................... 95

5.14 Detailed example for the Sensor part ................................................................................................ 965.15 Detailed example for the Final Element part ...................................................................................... 985.16 SILver Graphs .................................................................................................................................. 101

6 exSILentia Plug-ins .................................................................................................................... 1047 PHA Import Plug-in ..................................................................................................................... 105

7.1 exSILentia PHA Import Plug-in Background .................................................................................... 1057.1.1 References ............................................................................................................................. 1057.1.2 Support for PHAs and PHA Application Setup ....................................................................... 1057.1.3 HAZOP Principles ................................................................................................................... 106

7.2 Working with PHA-Pro ..................................................................................................................... 108


7.2.1 Default Worksheets ................................................................................................................ 1087.2.2 Recommended Worksheets ................................................................................................... 1137.2.3 Advanced Worksheets ............................................................................................................ 1157.2.4 Worksheet Export ................................................................................................................... 117

7.3 Working with PHAWorks .................................................................................................................. 1207.3.1 Default Worksheets ................................................................................................................ 1207.3.2 Recommended Worksheets ................................................................................................... 1227.3.3 Advanced Worksheets ............................................................................................................ 1227.3.4 Worksheet Export ................................................................................................................... 124

7.4 Working with Custom CSV Files ...................................................................................................... 1257.5 Using the exSILentia PHA Import Plug-in ........................................................................................ 125

7.5.1 exSILentia PHA Import Plug-in GUI ....................................................................................... 1257.5.2 Data Import ............................................................................................................................. 130

8 System SRS with C&E Matrix Plug-in ........................................................................................ 1348.1 SRSC&E Components ........................................................................................................................ 1348.2 Using SRSC&E ................................................................................................................................... 134

8.2.1 System Level SRS .................................................................................................................. 1348.2.2 Process SRS .......................................................................................................................... 1368.2.3 Design SRS ............................................................................................................................ 138

8.3 SRSC&E Output ................................................................................................................................. 1409 Proof Test Generator Plug-in ..................................................................................................... 14210 Lifecycle Cost Estimator Plug-in ................................................................................................. 14411 Third Party Tool Interfaces ......................................................................................................... 15012 Disclaimer, Assumptions, Equipment Data ................................................................................ 151

12.1 Disclaimer ........................................................................................................................................ 15112.2 Assumptions SILect ......................................................................................................................... 15112.3 Assumptions SIF SRS ..................................................................................................................... 15112.4 Assumptions SILver ......................................................................................................................... 151

12.4.1 Demand Modes ...................................................................................................................... 15212.4.2 De-energize-to-trip Based Safety Equipment Data................................................................. 15212.4.3 Reliability Modeling Assumptions ........................................................................................... 15212.4.4 Proof Test Coverage Calculator ............................................................................................. 153

12.5 Safety Equipment data ..................................................................................................................... 15312.6 Assumptions SRSC&E ....................................................................................................................... 153

13 Terms and Abbreviations ........................................................................................................... 15414 Status of the document .............................................................................................................. 156

14.1 Releases .......................................................................................................................................... 156Appendix A Trouble Shooting and FAQ ........................................................................................ 157

A.1 Installation and uninstall ................................................................................................................... 157


A.2 License Key ..................................................................................................................................... 157A.3 exSILentia ........................................................................................................................................ 157A.4 SILect ............................................................................................................................................... 157A.5 SIF SRS ........................................................................................................................................... 157A.6 SILver ............................................................................................................................................... 157A.7 exSILentia PHA Import Plug-in ........................................................................................................ 158A.8 exSILentia Customer Proprietary Equipment Database Plug-in ...................................................... 158A.9 exSILentia System SRS with C&E Matrix Plug-in ............................................................................ 158A.10 exSILentia Proof Test Generator Plug-in ......................................................................................... 158A.11 exSILentia Lifecycle Cost Estimator Plug-in .................................................................................... 158

Appendix B Table of Figures ........................................................................................................ 159Appendix C Software License Agreement exida exSILentia ...................................................... 164


1 Installation Installing exSILentia is a quick and simple process. This chapter will explain the contents of the installation package, the minimal system requirements, installation instructions, and licensing restrictions.

1.1 Installation Package The exSILentia installation package consists of

exSILentia CD exSILentia USB key exSILentia User Guide

1.2 Minimal System Requirements To use exSILentia your system should meet the following minimum requirements

Microsoft Windows 2000, Windows XP (all service packs installed), Windows Vista Personal Computer with Pentium 700 MHz or higher processor 256 MB of RAM (512 MB recommended) 100 MB of free hard disk space CD-ROM drive Free USB port Microsoft Internet Explorer 6.0 or later Minimum screen resolution of 1024 x 768

1.3 Installation Instructions Do not insert the exSILentia USB key into your computers USB port until you have installed the exSILentia software.

To install exSILentia on your computer place the exSILentia CD in your CD-ROM drive. exSILentia setup will take you through the installation process.

If setup does not start automatically for any reason, follow these steps: 1. Insert the exSILentia CD into your CD-ROM drive. 2. On the Start menu, click Run.

Windows Vista users: type Run in the Start Search box of the Start menu 3. Type d:\setup.exe, where d is the letter assigned to your CD-ROM drive. 4. Click OK.

Setup starts and guides you through installing exSILentia.

The initial exSILentia Setup Wizard screen looks as is shown in Figure 1.


Figure 1 Initial exSILentia Setup Wizard Screen

During the installation process you will be asked if you agree with the exSILentia Software License Agreement, see Figure 2. A copy of the agreement is also available in Appendix C. If you do not agree with the exSILentia Software License Agreement do not install the software on your system.

Figure 2 exSILentia Software License Agreement

Clicking I Agree will continue the installation. exSILentia installer will guide you through the remaining steps. During the installation process you will be able to indicate the location where you want the exSILentia software to be installed, see Figure 3.


Figure 3 Select Installation Folder

Next the exSILentia installer will ask if you want a menu item to be created in your programs folder. If you do not want any shortcut to be created check the Do not create shortcuts checkbox. If you want shortcuts to be created you can modify the start menu folder name, see Figure 4. Once you have specified your preferences click Install.

Figure 4 Choose Start Menu Options

When the installation is complete the dialog box shown in Figure 5 will appear. Click Finish to conclude the installation. Note that by checking the Show Release Notes checkbox you will be able to review the latest exSILentia release notes.


Figure 5 exSILentia Setup Wizard Completion

In order to use exSILentia you will have to put the exSILentia USB key into a free USB port and double click the exSILentia icon or select exSILentia from your Programs menu.

1.4 Licensing exSILentia uses the Sentinel Protection software to enforce its licensing. You need to install the Sentinel Protection Driver to use the exSILentia USB key. If you do not have Sentinel Protection Driver installed on your machine a message box as shown in Figure 6 will appear when you insert the USB key into your system. To download and install the driver click Yes.

Figure 6 Initial exSILentia Installer Screen

In order to use exSILentia you need the exSILentia USB key inserted in a USB port of your system. The exSILentia program will not work without this USB key, an error message as shown in Figure 7 will appear.


Figure 7 Missing Hardware License Key

The USB key allows you to install the exSILentia software on multiple machines, for example your desktop station in the office and a laptop used while traveling, you will however only be able to use the software on the system where the USB key is inserted in.

exSILentia 1.x USB license keys will not work with version 2 of the exSILentia software. Contact the exSILentia team at [email protected] or go to the exSILentia website www.exSILentia.com for upgrade information.


2 exSILentia This exSILentia user guide chapter will provide an overview of the exSILentia tasks and options. It will explain how users can setup a Project and Safety Instrumented Functions within that project. Furthermore it will be explained how, optional, user access rights can be specified for a project. In addition it will be described how users can store and exchange Projects and Safety Instrumented Functions created by different exSILentia users or even the exSILentia Online and exSILentia Server tools. Finally it will be explained how reports can be generated using exSILentia in the Microsoft Word document format.

Specific explanations for the standard Safety Lifecycle tools SILect, SIF SRS, and SILver and explanations of available plug-ins can be found in the subsequent chapters of this user guide.

2.1 exSILentia Structure The structure of the exSILentia tool is very straightforward. A user will define a project and store this in an .exi file. Each Project can consist of any number of Safety Instrumented Functions. For example the first Project consists of SIF 1, SIF 2, ... , SIF n. For each Safety Instrumented Function a SIL selection can be performed, the Safety Requirements can be Specified, or a SIL verification can be performed through the Safety Lifecycle tools:

SIL selection - SILect Safety Requirements Specification - SIF SRS SIL verification - SILver

The exSILentia structure is also displayed in Figure 8. Note that the position of plug-ins within the exSILentia structure will be described for specific plug-in separately.

Figure 8 exSILentia Structure


2.2 Using exSILentia

2.2.1 Projects As can be seen from the structural overview of the exSILentia tool, through the exSILentia tool a user can access a specific Project at a time and through that Project access a specific Safety Instrumented Function with associated SILect, SIF SRS, and SILver records.

Double clicking the exSILentia Icon on your desktop or selecting exSILentia from your programs in your start menu will launch the exSILentia tool. This will launch the exSILentia Mainframe, see also Figure 9.

Figure 9 exSILentia Main Frame

From the Project menu you can select to open an existing exSILentia project file, either through the Open or Open Recent options, or to create a new project using the New menu option. Section 2.4 will describe the storing and exchanging of project files in more detail.

Selecting the Project New menu option will open the Project Information dialog box, see also Figure 10. Here all Project specific information can be entered. The information only needs to be entered once for each project. As part of the project information you can specify the lifecycle tools you want to use in this project. You can for example opt to not perform SIL selection using exSILentia if that lifecycle task has already been performed outside the scope of the current project. In that case you would uncheck the SILect checkbox in the Enable Tools section of the Project Information Dialog Box. Adjusting the Project Information can be done directly in the side bar or by selecting the menu option Project Properties to update this information.


Figure 10 New Project Dialog Box

The Maintenance Capability selections are project level selections that impact the SIL verification of each SIF. This concept is further explained in the SILver section of this user guide. Clicking OK on the Project Information dialog box will bring you to an empty exSILentia tool; see Figure 11, with all Project information displayed on the sidebar on the left of the screen. This is the center page from which all further navigation will occur with relation to Safety Instrumented Functions and SILect, SIF SRS, and SILver tool sessions. This page also provides an overview of the Safety Instrumented Functions defined in a Project in the upper left corner.

The Cancel button on the Project Information dialog box is disabled when you are in the process of creating a new project. If you are modifying the information after clicking the Project Properties menu option, clicking the Cancel button will return you to the exSILentia Main Frame while disregarding any changes to the project information that you may have made.

Figure 11 exSILentia Main Frame With Project Information


2.2.2 Menu Options Figure 12 displays a composed screenshot showing all available exSILentia Menu Options. The main categories are Project, SIF, PHA (optional), SRS_C&E (optional) SILver, Reports, Spelling, Window, and Help.

Figure 12 exSILentia Menu Options

Each of the menu items will be discussed in the remaining sections of this chapter and the subsequent chapters.

2.2.3 Available SIFs In the top left corner of the exSILentia Main Frame an overview of all Safety Instrumented Functions defined for this project is provided in the Available SIFs box, see Figure 13. The SIFs are identified by the SIF Tag. As these tags can sometimes be very cryptic, exSILentia will have the appropriate SIF Name and SIF Description appear when you however over the specific SIF Tag.

Figure 13 Available SIFs Box


2.2.4 Safety Instrumented Functions To add a Safety Instrumented Function to the current project you can either right click in the available SIFs box and select New SIF or select New SIF from the SIF Menu option. Selecting New SIF will open a SIF window as shown in Figure 14.

Figure 14 New SIF Window

A SIF window for a Project that has all Safety Lifecycle tools enabled will have four (4) tabs. The first tab is the SIF Information tab, the subsequent tabs are the SILect, SIF SRS, and SILver tabs, see Figure 14. The functionality of the latter three tabs will be discussed in the subsequent chapters. If you unchecked a specific lifecycle tools Enable Tool checkbox on the Project Information dialog box, see Figure 10, that tool tab will not appear in the SIF window for this project. Depending on your use of exSILentia plug-ins additional tabs may be available like the PHA tab, the Process SRS and Design SRS tabs, etc. On the SIF Information tab you can specify all SIF specific information like SIF name, SIF Tag, SIF description, SIF reference, and Unit Name. The Unit Name can be specified directly or by selecting a Unit Name from the dropdown box. The dropdown box is populated by Unit Names specified for the other SIFs in this project. Furthermore a Hazard (or Hazardous event) description and Consequence description can be provided. Engineering responsibilities can be documented in the Responsibilities entry boxes including actual Analysis Dates. Finally the various tool statuses can be seen in the lower part of the SIF Information tab. The tool statuses are addressed in section 2.3.2 of this user guide.

If you disabled the use of the SILect tool in this project on the Project Information dialog box you will be able to specify the Target SIL for this Safety Instrumented Function, using the entry box that will appear in the lower left-hand corner of the SIF Information tab, see also Figure 15.


Figure 15 Target SIL Specification on SIF Information Tab

The information you entered on the SIF Information tab will be stored when you switch tabs. By selecting the menu option Project Save the information will be saved to the project .exi file, see also section 2.4. A filled in SIF Information tab could look like is shown in Figure 16.


Figure 16 Filled in SIF Information Tab

Using the SILect, SIF SRS, and SILver tools is now straightforward. Simply click the tab that is associated with the specific safety lifecycle tool. Note that in order to perform a SIL selection, you first need to define the tolerable risk calibration for this Project. This can be done by clicking Set Tolerable Risk on the Project information pane. This will be further explained in the SILect chapter.

2.2.5 SIF Sorting and Filtering The Available SIFs box on the exSILentia Main Frame, see Figure 13, is easy to navigate through but can become overwhelming on larger projects. exSILentia provides both Sorting and Filtering options to provide you with quick ways to get to the SIFs you need. The SIF List View Options dialog box, see Figure 17, can launched by clicking on the filter icon above the Available SIFs box. The following sorting options are available:

Unit name Target SIL Achieved SIL SILect Status SILver Status


Figure 17 Sorting the Available SIFs Box

Figure 18 shows an example result of the SIF sorting option for the example fired heater project that can be downloaded from the exSILentia website.

Figure 18 Available SIFs Box Sorting Results

The filtering options allow for more advanced selection of the various available SIFs. Figure 19 shows the filtering options on the SIF List View Options dialog box.

Figure 19 Filtering the Available SIFs Box


The available SIFs dialog can be filtered based on the following options:

Unit Name Specific Target SIL Specific Achieved SIL Target SIL & RRF vs. Achieved SIL & RRF SILect Status SILver Status

Figure 20 shows an example result of the SIF filtering option for the example fired heater project that can be downloaded from the exSILentia website. In this case the SIFs were filtered on the option where all Target SIL & RRF are greater than the Achieved SIL and RRF. The results were then sorted on achieved SIL level. Note the exida logo inside of the Filter icon which indicates that not all available SIFs are shown.

Figure 20 Available SIFs Box Filtering Results

2.3 Audit Trail; Configuring Users, Modifying Tool Status, Session Logs

2.3.1 exSILentia Users exSILentia allows you to define tool users with different levels of access rights. By default no users will be defined for a project, as far as exSILentia is concerned there is only one super user who has all access rights. Defining different users with different capabilities is especially useful in larger projects where different people have different roles. The user rights can be specified on a per tool basis. The rights are defined as:

None: User can only view information, he cannot make any changes Edit: User can make changes to all information associated with the specific tool Review: User can review all tool information and approve or disapprove All: User has both edit and review rights

In order to specify different users for a project select the Project User Configuration menu option. This will launch the User Overview dialog box as shown in Figure 21. By default two users will be defined an Administrator and a Guest. The Administrator is the only user who has the ability to create new users and specify access rights. The Guest has no edit or review rights and can only view information. Selecting Cancel or OK will at this point not modify or set any user rights.


Figure 21 User Overview Dialog Box

In order to Add users click the Add User menu option. To delete a user select the user from the list with users and click the Delete User menu option. Clicking the Add User menu option will launch the Administrator Password dialog box shown in Figure 22. Before any new users can be defined the administrator must specify a password to limit access to the exSILentias user definition.

Figure 22 Set Administrator Password Dialog Box

Clicking OK after specifying the Administrator password will launch the user specification dialog box shown in Figure 23. On this user specification dialog the administrator is able to specify a user name, e-mail address, and initial password for the new user. In addition the administrator is able to specify the access rights the user has for the various exSILentia tools, like SILect, SIF SRS, and SILver. The administrator can also specify up to what integrity level a user can perform review tasks. This is to satisfy the levels of independence required for the various Safety Integrity Level designs as shown below.

SIL 1: Independent Person SIL 2: Independent Department SIL 3: Independent Organization

Furthermore the administrator can indicate if a user is allowed to modify project level data and if the user is allowed to generate reports. It is best practice to save and close the exSILentia project after users are defined.


Figure 23 Specify User Dialog Box

Opening a project for which users are defined will launch the User Login dialog box as shown in Figure 24. Before access to the tool is granted the user needs to specify his user name and password.

Figure 24 User Login Dialog Box

2.3.2 Tool Status Each of the exSILentia tools can have a status associated with it. Whenever a status is changed, this change will be documented in the session log. There are currently five (5) different statuses defined:

Edit Review Closed Rejected N/A

When a tool is in Edit mode a user with Edit rights can make changes to any of the selections, textboxes, etc. within that tool. The user will also be able to change the tool status from Edit mode to Review mode.


When a tool is in Review mode a user with Review rights can view all selections made and text entered in that tool but will not be able to make any changes to the tool himself. This review user can however change the tool status to Closed or Rejected. Closed indicates that the reviewer approves of the analysis that was performed; Rejected means that the reviewer disapproves of the analysis performed. At this point an user with Edit rights will be able to move the tool back into the Edit mode where he can make modifications to his original design.

A user with Edit rights will also be able to change the tool status from Edit to N/A. The N/A, Not Applicable state for a tool indicates that for the specific SIF under consideration that tool does not apply. As an example an initial SIL selection may have been done where for a specific SIF a SIL 1 target Safety Integrity Level was selected where no further analysis needs to be performed. For some other Safety Instrumented Functions additional analysis, for example using the Layer of Protection Analysis method, may be required. In this situation completely disabling the SILect tool on the Project Properties dialog box, shown in Figure 10, would also prevent the additional analyses that are needed. Consequently the user should only disable the SILect tool for this specific SIF.

2.3.3 Session Logs Whenever a user change the tool status a dialog box will appear that allows the user to provide a description with the reason for the tool status change. An example of this dialog box is shown in Figure 25.

Figure 25 Tool Status Change Comments

A complete over overview of all tool status change made in a specific project for all SIFs can be review by selecting the Project View Session Log menu option. This will launch the Session Log dialog box as shown in Figure 26.


Figure 26 Session Log Overview

The session log can be exported as a comma separated (CSV) file via the Session Log dialog box file menu.

2.4 Using Project Files exSILentia projects are stored in the proprietary .exi format. This project .exi file can be stored on any file server / hard disk that the tool user has access to via the standard Windows network neighborhood. To open a specific project select the Project Open menu option. A windows file dialog as shown in Figure 27 will appear.

Figure 27 Open Project File Dialog Box

If you save a new project by selecting the Project - Save menu option or if you save an already saved project by selecting by selecting Project - Save as menu option the file dialog as shown in Figure 28 will appear.


Figure 28 Save Project File Dialog Box

Once you save the exSILentia Project file you can exchange this file with other exSILentia users if you like. The use of project specified users, as described in section 2.3, is extremely useful in this case. The exSILentia .exi files are interchangeable between all exSILentia platforms, i.e. exSILentia Standalone, exSILentia Online, and exSILentia Server provided the platforms are all using exSILentia 2.x.

2.5 Generating exSILentia Reports exSILentia provides you with the option to generate several types of reports, i.e. SIF List, SILver Summary Report, Analysis Report, Proven In Use Justification, SRSC&E Report, Proof Test Report, and Lifecycle Cost Estimator Report. The reports are available in the English, German, Portuguese, and Spanish languages and are created in the Microsoft Word Format. The exSILentia report wizard is shown in Figure 29.

Figure 29 exSILentia Report Wizard


The Safety Instrumented Function List provides an overview of all Safety Instrumented Functions that are associated with the current project. For each Safety Instrumented Function the SIF Tag, SIF Name, SIF description, and SIF reference are displayed. Furthermore the Required Safety Integrity Level, calculated using the SILect tool, and the Achieved Safety Integrity Level, calculated using the SILver tool, are provided for each SIF. It is also indicated for each SIF if the Safety Requirements have been specified. To create a SIF List select the Safety Instrumented Function List option from the Report Type selections and click OK. An example SIF List report is shown in Figure 30.

Figure 30 SIF List Example Report

When you select the Safety Instrumented Function List option you will be able to indicate the location where you want the document to be saved. After storing the document it will automatically be opened if the Launch associated viewer checkbox is selected. The SILver Summary Report provides a one page summary of each SIFs SILver records. This report shows the achieved SIL, calculated PFDavg and MTTFS numbers and also shows a graphical representation of the SIF as analyzed. A SILver Summary Report can be created for specific Safety Instrumented Functions, by checking the appropriate SIF checkboxes, or for all Safety Instrumented Functions in a project. In addition you can determine the order in which the SIFs are arranged in the SILver Summary Report, the order is either by order of entry in exSILentia (chronologically), alphabetized by SIF Name, or alphabetized by SIF Tag. To create a SILver Summary Report select the SILver Summary Report option from the Report Type selections, select the appropriate SIFs, specify the order that the SIFs should go in the report, and click OK. An example SILver Summary Report is shown in Figure 31.


Figure 31 SILver Summary Report Example

Where the SIF Lists and SILver Summary Reports provide a quick overview of all Safety Instrumented Functions, the Analysis Report generates all the documentation required for functional safety standard conformance. An Analysis Report can be created for specific Safety Instrumented Functions, by checking the appropriate SIF checkboxes, or for all Safety Instrumented Functions in a project. Furthermore you can specify what safety lifecycle tool output the Analysis Report should contain. It is possible to include / exclude SILect output, SIF SRS, or SILver output in the Analysis Report via the Analysis Report Options. Note that an Analysis Report should always contain at least one of the lifecycle tools.

In addition you can specify the order in which the Safety Instrumented Functions should be listed in the Analysis Report. The order is either by order of entry (chronologically), alphabetized by SIF Name or by SIF Tag. To create a SILver Summary Report select the Analysis Report option from the Report Type selections, select the Safety Lifecycle Tools that need to be covered in the report, select the appropriate SIFs, specify the order that the SIFs should go in the report, and click OK.

2.6 Maintaining the Project Since the exSILentia Safety Lifecycle tool can hold several Safety Instrumented Functions per project some project maintenance might be required. Several maintenance options are available primarily through the menu options.

Safety Instrumented Functions can be added to a Project. This option will add a new SIF record to the current Project as described in section 2.2.4. A Safety Instrumented Function can also be deleted when it becomes superfluous in a Project. You can delete a SIF by selecting that SIF from the Available SIFs list, right click and select Delete SIF. Alternatively you can select the SIF from the Available SIFs list and select the menu option SIF Delete SIF. In both cases a confirmation dialog box appears where you can indicate if you indeed want to delete the SIF. Note that the action of deleting a SIF is irreversible.


With regard to Projects you can switch between Projects by selecting the Project Open menu option, this will allow you to open a different project .exi file. If you made any changes to the currently open project exSILentia will ask if you want to save those changes. You can also start a new Project by selecting the menu option Project New. You can close a project by selecting the menu option Project Close. Further you can save all changes to a current project by selection the Project Save menu option and if you want to save the changed project under a different name you can select the Project Save As menu option.

If a new Project is almost identical to a previous Project, instead of (re-)defining the entire Project and associated SIFs, we suggest you copy the previous Project .exi file, rename it and then make change to that new file. You can also copy Safety Instrumented Functions within a project. Select the SIF from the Available SIFs list and either select the menu option SIF Copy SIF or right click and select Copy SIF.

In addition to this you can also import SIFs for a different project by selecting the menu option SIF Import from Another Project. After you select the appropriate project, the Import SIFs dialog box will appear, see Figure 32. In here you can specify which SIFs you want to import, i.e. all or a select set of SIFs. Since the project properties of the second exSILentia project may not be identical to the properties of the active exSILentia project you should review all entries after importing a set of SIFs.

Figure 32 exSILentia Update Dialog Box

2.7 Updating exSILentia exSILentia is equipped with an automatic update checker. Each time you launch the exSILentia tool it will automatically check if a newer version of the tool is available. If a newer version of the tools is available a dialog box as shown in Figure 33 will appear.

Figure 33 exSILentia Update Dialog Box


You have the option to instantly update the tool by clicking Yes in which case the exSILentia updater will download the latest version of the tool and install it on your machine. You can also opt to install the update at a later point in time by clicking No. exSILentia will remind you of the new update each time you launch the tool except when you check the checkbox as shown in Figure 33. At any point during your use of the tool you can check if updates are available using the Help Check For Updates menu options. If no new versions of the tool are available a message box as shown in Figure 34 will appear.

Figure 34 exSILentia Up to Date Message Box

When you click the Yes button on the exSILentia Update Dialog Box exSILentia will be closed and the exSILentia updater will be launched. The exSILentia updater will download the latest version of the tool from the exSILentia website and install it on your machine. The updater dialog box as shown in Figure 35 will appear.

Figure 35 exSILenia Updater

Clicking Next >> will show the release notes for the exSILentia Update. Clicking Next >> again will start the actual download and installation. During this process a progress bar indicates the progress during the download and installation, see also Figure 36.


Figure 36 exSILenia Updater Update Progress

Once the updating process is finished an Update Complete message will appear on the exSILentia Update Dialog Box. Simply click Finish to finalize the process. exSILentia will now automatically be launched.

2.8 Updating Equipment Reliability Data There are two aspects to the updating of reliability data within exSILentia. The first aspect relates to updates to the Safety Equipment Reliability Handbook database. Updates to the Safety Equipment Reliability Handbook database are released at least once every quarter year. Whenever a new database is available users are encouraged to download this database to their local machine and always use the most up to date data.

The second aspect is that on rare occasions information associated with a specific equipment item is updated; this could vary from model designations to the actual reliability data. exSILentia is equipped with an equipment update utility that will update all equipment items selected in any of the exSILentia tools to the latest version.

2.8.1 Updating the Safety Equipment Reliability Handbook Database Similar to the exSILentia program automatic update checker, exSILentia is also equipped with an update checker for the Safety Equipment Reliability Handbook. Whenever a new version of the Safety Equipment Reliability Handbook database is made available, a dialog box as shown in Figure 37 will appear.

Figure 37 Safety Equipment Reliability Handbook Update Dialog Box


You have the option to instantly update the Safety Equipment Reliability Handbook database by clicking Yes in which case the exSILentia updater will download the latest version of the database and install it on your machine. You can also opt to install the update at a later point in time by clicking No. exSILentia will remind you of the new update each time you launch the tool except when you check the checkbox as shown in Figure 37. At any point during your use of the tool you can check if updates are available using the Help Check For Updates menu options. This function will look for both tool and Safety Equipment Reliability Handbook database updates. If no new versions of the tool are available a message box as shown in Figure 34 will appear.

When you click the Yes button on the exSILentia Update Dialog Box exSILentia will download the latest version of the Safety Equipment Reliability Handbook database from the exSILentia website and install it on your machine. A progress bar, as shown in Figure 38, will indicate the progress of the download.

Figure 38 Safety Equipment Reliability Handbook Update Progress Bar

Updates to the Safety Equipment Reliability Handbook database are part of a subscription service. With the purchase of a single exSILentia license comes a one year of Safety Equipment Reliability Handbook database updates. At the end of that year you can renew the subscription by purchasing this for a nominal fee through the exida online store. If your subscription to Safety Equipment Reliability Handbook database updates has expired a message box as shown in Figure 39 will appear. Clicking the Yes button will automatically take you to the exida store where you can renew your subscription.

Figure 39 Safety Equipment Reliability Handbook Subscription Expiration


2.8.2 Updating Equipment Items When a new version of the Safety Equipment Reliability Handbook database is installed on your machine there is the possibility that the information associated with a specific equipment item is updated. Within the Safety Equipment Reliability Handbook database a version is associated with each equipment item. Whenever something changes for that equipment item the latest Safety Equipment Reliability Handbook database version will be associated with it. By selecting the Project Update Project Equipment Data menu option the versions of all equipment items part of the specific project will be compared with the versions of those equipment items in the Safety Equipment Reliability Handbook database. Any equipment item that has a newer version in the updated Safety Equipment Reliability Handbook database will be listed in the Equipment Item Updates dialog box. The dialog box is shown in Figure 40.

Figure 40 Equipment Item Updates Dialog Box

The Equipment Item Update dialog box shows the specific item, the current database version and the new database version, any notes indicating the reason for change, and the report reference that the information associated with the equipment item is obtained from.

By clicking the Update button you will update the equipment item information for all equipment items listed.

2.9 Spell Checking exSILentia is equipped with a spell checking function. The default language that is selected for the spell checking function is English (US). You can change the language library that should be considered during the spell checking by selecting the Spelling Set Language menu option. Selecting this option will launch the Spell Check Language dialog box, see Figure 46.

Figure 41 Spell Check Language Dialog Box


The dropdown box on the Spell Check Language dialog box can be expanded to show all available languages, see Figure 42. After you select the appropriate language from the dropdown box, click OK to set the language for the spell checking function. The language that you selected will not become your default language. You can always change this when necessary.

Figure 42 Spell Check Language Dialog Box - Expanded

You can also specify specific spell checker options like Ignore All-Capital Words by selecting the Spelling Set Options menu option. This will launch the Spell Checker Options dialog box shown in Figure 43.

Figure 43 Spell Checker Options

In order to use the spell checking function select the Spelling Check Spelling in Current Page menu option. If the spell checking function finds a misspelled word the Spell Checker dialog box will appear and suggest an alternate spelling of your word. You have the standard spell checking options like Change, Change All, Ignore, Ignore All, and Add. You can also launch the Spell Checker Options dialog box from the Spell Checker dialog box by selecting the Options button. An example of the spell checking function in action is shown in Figure 44.


Figure 44 Spell Checker in Action

Once the spell checking function has completed its task a completion message will appear, see Figure 45. Note that the spell checking function will be applied to the active window only.

Figure 45 Spell Check Completed

2.10 exSILentia Help Options This exSILentia user guide is your first line of support when using the Safety Lifecycle tools. The user guide gives an overview of all options part of exSILentia and using various examples it explains how to use the tool and the embedded SILect, SIF SRS, and SILver tools.

Further assistance can be found in Appendix A of this user guide where a Trouble Shooting and Frequently Asked Questions section is provided. In addition exida has launched the exSILentia website www.exsilentia.com, where we intent to provide both exSILentia updates as well as Safety Equipment Reliability Handbook Database updates. There is also a FAQ section available on the exSILentia website, visit www.exsilentia.com and click on the FAQ link.


If none of the above options provide answer to your question(s) you can contact the exSILentia team via [email protected]. Please note that we cannot answer any detailed safety lifecycle engineering questions as that would go beyond general tool support.


3 SILect SIL Selection The use of the exSILentia SILect tool will be described in this chapter. This chapter will provide an overview of the SILect tasks and options. It will explain how you can select between three different SIL selection techniques, i.e. Risk Graph, Hazard Matrix, and Frequency Based Targets. Based on the SIL selection technique applied, this chapter will explain how you can perform Safety Integrity Level selections for Safety Instrumented Functions. The first part of the selection process is to calibrate the tolerable risk to be considered during the SIL selection that fits your plant / company. The second part of the selection process is to specify the severity and likelihood of the hazard that the Safety Instrumented Function is protecting against. The tolerable risk specification and severity and likelihood selections will be described per SIL selection technique.

3.1 SILect Structure In Safety Integrity Level selection there are two key aspects, i.e. inherent risk of the process versus the tolerable risk. The Process inherent risk or unmitigated risk is determined by the Severity (Consequence) and Frequency (Likelihood) of the Hazard that the Safety Instrumented Function will be protecting against. The safety integrity that the SIF should provide is determined by dividing the unmitigated risk by the tolerable risk which yields the required risk reduction. The required risk reduction directly relates to a PFDavg value which in its turn relates to a required or target SIL level for the Safety Instrumented Function.

The key parameters in the above description of determining the target Safety Integrity Level are the tolerable risk, the severity, and the frequency. exSILentia incorporates the tolerable risk level on a project level, whereas the severity and frequency are determined on a Safety Instrumented Function level. An overview of the SILect structure is provided in Figure 46.

Figure 46 SILect Structure


3.2 Tolerable Risk A fundamental parameter in SIL selection is tolerable risk. You will only be able to determine the required risk reduction given a certain level of process risk after you have specified the tolerable level of risk. If you want to try and calculate a Target SIL level before you have specified the tolerable risk, exSILentia will give you the following warning, see Figure 47.

Figure 47 SILect Tab No Tolerable Risk Specified

The SILect safety lifecycle tool will not allow you to determine a Target SIL without the specification of a tolerable risk. Consequently selecting the SILect tab will only yield the above warning. To specify the tolerable risk you will need to click on the Set Tolerable Risk button on the project information sidebar. The tolerable risk information is valid for an entire project, so you will only need to specify it once. Once you select Set Tolerable Risk the following warning message box will appear. This warning especially applies to projects where you are going to change an existing tolerable risk specification. This will warrant a review of all SIL selections that are part of the project. exSILentia will automatically close all SIF windows to ensure that the updated tolerable risk settings are applied to all SIFs.


Figure 48 Set Tolerable Risk Warning

Selecting OK will close all open SIF windows, if any, and the Tolerable Risk Calibration Wizard dialog box that is displayed in Figure 49 will appear. If you would have select Cancel nothing would have happened. This is especially useful in case you have several existing Safety Instrumented Functions where you already performed SIL selections for.

Figure 49 Tolerable Risk Calibration Wizard

The Tolerable Risk Calibration Wizard allows you to choose from three different SIL selection methods, where the third method is further divided into three sub methods:

Risk Graph VDI/VDE 2180 Risk Graph Hazard Matrix Frequency Based Targets

o Health and Safety Executive - HSE UK o IEC 61511 part 3, Annex C o Single tolerable risk quantitative o Tolerable risk categories qualitative o Tolerable risk categories quantitative


Each of the methods will be separately described in the subsequent sections.

For a specific end-user organization the tolerable risk calibration will most likely be identical for all projects. exSILentia allows you to save and load your tolerable risk data. Once you have specified your tolerable risk simply select the SILect Save Tolerable Risk Data menu option, see Figure 50. This will launch a save as dialog box and save the tolerable risk calibration in a .etr (exSILentia Tolerable Risk) file.

Figure 50 Save and Load Tolerable Risk Data Menu Option

If you have a new project where you want to use the previously saved tolerable risk calibration, select the SILect Load Tolerable Risk Data menu option. Your new project will now be populated with the specific tolerable risk calibration.

3.3 Risk Graph If you select Risk Graph in the Tolerable Risk Calibration Wizard dialog box, see Figure 49, and select Next the Tolerable Risk Calibration Wizard will show the Risk Graph tolerable risk calibration page, see Figure 51.

The Risk Graph that is part of SILect uses the well know parameters C (Consequence), F (Presence in Danger Zone), P (Probability to avert Hazard), and W (Demand Rate). In addition E, A, and U are used for Environmental Loss, Asset Loss, and User Defined / Custom Loss respectively.

You are able to specify which risk receptor category, i.e. Personnel Safety, Environmental Loss, Asset Loss, and/or Custom Loss should be considered during the SIL selection by simply checking or un-checking the appropriate checkbox(es). In addition you are able to completely modify this Risk Graph. You can specify the meaning of each of the Parameters, e.g. change CA = Minor Injury to CA = One Death, by selecting Edit Classifications. Furthermore through the use of dropdown boxes you can change the target Safety Integrity Level that is associated with a certain combination of parameters, e.g. you can change CA W1 to Target SIL 1 if desired.


Figure 51 Risk Graph Tolerable Risk Specification

Selecting Finish will return you to the exSILentia Main Frame. Now you will be able to open any SIF that you defined for this project and perform the Risk Graph SIL selection using SILect.

If you selected Risk Graph as the SIL selection method, the SILect tab will look similar to the one shown in Figure 52. You can easily make your category selections to derive your Target SIL. In addition a Comments and Assumptions field is available to document any specific SILect remarks. Enter comments and/or assumptions by double clicking the textbox or by clicking the comments and assumptions button on the right side of the textbox. The Comments, Assumptions and/or Remarks dialog box is shown in Figure 53.


Figure 52 Risk Graph Personnel Safety SILect Tab

Figure 53 Comments, Assumptions and/or Remarks SILect Tab

The appropriate calibrated Risk Graph will be shown in the upper right-hand corner of the SILect tab. Notice how the displayed Risk Graph changes when different risk receptors are addressed. Also note that the Risk Graph picture will depend on your tolerable risk specification.

When you perform SIL selection using the Risk Graph you are able to specify Independent Protection Layers. By clicking the Add button in the Independent Layers of Protection area on the SILect tab, an IPL is automatically added to this SIL selection. This action will also launch the Independent Layers of Protection Configuration dialog box shown in Figure 54. Note: an IPL can only be considered an IPL when the following requirements for that IPL are met. An IPL needs to be

Specific Independent Auditable


Dependable

Figure 54 Independent Layers of Protection Configuration Dialog Box

On the Independent Layers of Protection Configuration dialog box you can specify the effectiveness of an IPL per risk receptor category. For example a relief valve may be very useful in protecting personnel and equipment; however it will be less effective for the environment because of the release. IPL effectiveness can be expressed in Risk Reduction Factor (RRF) or Probability of Failure on Demand (PFD). The IPL Reuse functionality is further described in section 3.7. Selecting OK will bring you back to the SILect tab. If you want to edit the details for an IPL you can simply do so by double clicking the IPL in the list, or selecting the IPL and clicking Edit, on the SILect tab. If you want to delete an IPL, select the IPL from the list and click Delete. Once deleted, the IPL cannot be recovered.

All information you entered on the SILect tab will be stored when you switch tabs. By selecting the menu option Project Save the information will be saved to the project .exi file, see also section 2.4.

3.4 VDI/VDE 2180 Risk Graph If you select VDI/VDE 2180 Risk Graph in the Tolerable Risk Calibration Wizard dialog box, see Figure 49, and select Next the Tolerable Risk Calibration Wizard will show the VDI/VDE 2180 Risk Graph tolerable risk calibration page, see Figure 55.

This Risk Graph is based on the German VDI/VDE 2180 standard and uses the parameters S (Consequence), A (Presence in Danger Zone), G (Probability to avert Hazard), and W (Demand Rate). This standard does not address Environmental, Asset, or any custom risk receptor. Therefore only the Personnel Safety risk receptor is available. No customizations are available for this risk graph


Figure 55 VDI/VDE 2180 Risk Graph Tolerable Risk Specification

Selecting Finish will return you to the exSILentia Main Frame. Now you will be able to open any SIF that you defined for this project and perform the VDI/VDE 2180 Risk Graph SIL selection using SILect.

If you selected VDI/VDE 2180 Risk Graph as the SIL selection method, the SILect tab will look similar to the one shown in Figure 56. You can easily make your category selections to derive your Target SIL. In addition a Comments and Assumptions field is available to document any specific SILect remarks. Enter comments and/or assumptions by double clicking the textbox or by clicking the comments and assumptions button on the right side of the textbox. The Comments, Assumptions and/or Remarks dialog box was shown in Figure 53.


Figure 56 VDI/VDE 2180 Risk Graph SILect Tab

When you perform SIL selection using the VDI/VDE 2180 Risk Graph you will not be able to specify Independent Protection Layers as this concept is not defined in the VDI/VDE 2180 standard.

3.5 Hazard Matrix If you select Hazard Matrix in the Tolerable Risk Calibration Wizard dialog box, see Figure 49, and select Next the Tolerable Risk Calibration Wizard will show the Hazard Matrix tolerable risk calibration page, see Figure 57.

The Hazard Matrix is set up to be a 7-by-7 matrix. With this format you will be able to implement any m-by-n hazard matrix as long as both m and n are less than or equal to 7.

The 7-by-7 matrix is an extension of the previously available 5-by-5 matrix. Projects with calibrations defined in the 5-by-5 matrix format are automatically upgraded and will show empty D6, D7, C6, and C7 parameters.


Figure 57 Hazard Matrix Tolerable Risk Specification

Like for the Risk Graph option, the Hazard Matrix tolerable risk calibration page allows you to specify which risk receptor category, i.e. Personnel Safety, Environment, Assets, and User Defined / Custom, you want to consider during the SIL selection. You can simply check or un-check the appropriate checkbox(es). In addition you are able to completely modify this Hazard Matrix. You can specify the meaning of each of the Parameters, e.g. change C1 = Slight Injury to C1 = Major Injury, by directly typing in the Consequence Category and Demand Frequencies text boxes. Furthermore through the use of dropdown boxes you can change the target Safety Integrity Level that is associated with a certain combination of parameters, e.g. you can change C1 D1 to Target SIL 1 if desired.

If you would like to use a 5-by-5 matrix, for example, the C6, C7, D6, and D7 selections become superfluous. Simply change the descriptions to something like N/A as a reminder for you not to consider these selection options. In addition you could set the associated target Safety Integrity Levels to --".

Selecting Finish will return you to the exSILentia Main Frame. Now you can open any SIF that you defined for this project and perform the Hazard Matrix SIL selection using SILect.

If you selected Hazard Matrix as the SIL selection method, the SILect tab will look similar to the one shown in Figure 58. You can easily make your category selections using the dropdown boxes to derive your Target SIL. In addition, similar as for the Risk Graph SIL selection, a Comments and Assumptions field is available to document any specific SILect remarks, see also Figure 53.


Figure 58 Hazard Matrix SILect Tab

When you perform SIL selection using the Risk Graph you are able to specify Independent Protection Layers. By clicking the Add button in the Independent Layers of Protection area on the SILect tab, an IPL is automatically added to this SIL selection. This action will also launch the Independent Layers of Protection Configuration dialog box shown in Figure 59. Note: an IPL can only be considered an IPL when the following requirements for that IPL are met. An IPL needs to be

Specific Independent Auditable Dependable



On the Independent Layers of Protection Configuration dialog box you can specify the effectiveness of an IPL per risk receptor category. For example a relief valve may be very useful in protecting personnel and equipment; however it will be less effective for the environment because of the release. IPL effectiveness can be expressed in Risk Reduction Factor (RRF) or Probability of Failure on Demand (PFD). The IPL Reuse functionality is further described in section 3.7. Selecting OK will bring you back to the SILect tab. If you want to edit the details for an IPL you can simply do so by double clicking the IPL in the list, or selecting the IPL and clicking Edit, on the SILect tab. If you want to delete an IPL, select the IPL from the list and click Delete. Once deleted, the IPL cannot be recovered.

All information you entered on the SILect tab will be stored when you switch tabs. By selecting the menu option Project Save the information will be saved to the project .exi file.

3.6 Frequency Based Targets If you select Frequency Based Targets in the Tolerable Risk Calibration Wizard dialog box, see Figure 49, and select Next the Tolerable Risk Calibration Wizard will show the Frequency Based Targets tolerable risk calibration page.

Five types of Frequency Based Targets tolerable risk specifications are available;

Health and Safety Executive - HSE UK IEC 61511 part 3, Annex C Single tolerable risk quantitative Tolerable risk categories qualitative Tolerable risk categories quantitative

The first three methods specify a single, quantitative tolerable risk level. These three tolerable risk specifications therefore represent a so-called risk neutral approach: there is a linear relation between the severity of the hazard and the tolerable frequency. For the Health and Safety Executive - HSE UK and the IEC 61511 part 3, Annex C tolerable risk specifications, the tolerable frequency of a fatality is automatically specified based on reference documents from HSE and IEC respectively. You will need to specify the tolerable frequency of a fatality in case of the Single tolerable risk, quantitative. For each of these three specifications you can specify if you want to include environmental and equipment damage aspects in the SIL selections and what the tolerable losses per year are for these categories.

The Single tolerable risk, quantitative tolerable risk calibration page is shown in Figure 60.


Figure 60 Frequency Based Targets Tolerable Risk Specification

On the Frequency Based Targets tolerable risk calibration page, You are also able to specify the Target SIL Threshold Ratio. This parameter determines how the Required Risk Reduction (as determined by the SIL selection process) is related to the Target SIL. By default this Ratio is set to 1, meaning that a Required Risk Reduction between 10 and 100 will results in a Target SIL of SIL 2. With a SIL Threshold Ratio of, for example 3, a SIL 2 target is related to a Required Risk Reduction of 30 and 300. The SIL determination threshold (the boundary between one SIL level and the next one up) is calculated by multiplying the relevant lower limit of the Risk Reduction range times the SIL Threshold Ratio.

Though the SIL Threshold Ratio parameter is not specified by any of the functional safety standards it is implemented in the SILect tool per request of several customers. If you have no company policy requiring the need for a SIL Threshold, exida suggest leaving it at the default number of 1.

The last two methods specify tolerable risk categories. A tolerable frequency is defined for five (5) different categories, Minor, Serious, Severe, Extensive, and Catastrophic. You have the ability to create a tolerable risk specification that is not risk neutral, i.e. the relation between the severity of the hazard and the tolerable frequency is not linear. The tolerable risk categories qualitative tolerable risk calibration page is shown in Figure 61. The Tolerable risk categories quantitative tolerable risk calibration page is near identical, the consequence dropdown boxes with descriptive text (qualitative) have however been replaced by text boxes where you can enter actual numbers (quantitative).


Figure 61 Frequency Based Target Categories Qualitative Tolerable Risk Specification

If you selected Frequency Based Targets as the SIL selection method, the SILect tab will look similar to the one shown in Figure 62.

Figure 62 Empty Frequency Based Targets SILect Tab


On the top part of the Frequency Based Targets SILect tab, you will be able to specify severity levels and/or consequences for the Hazard that the Safety Instrumented Function is protecting against. Based on the risk receptors that are included in the tolerable risk selections you will be able to specify severity levels for personnel safety, environmental impact, and/or equipment damage. You will need to specify the severity levels and/or consequences either using dropdown boxes with descriptive text as shown in the top part of Figure 63, through text fields as shown in the bottom part of Figure 63, or using a combination of dropdown boxes and text fields as shown in Figure 62.

Figure 63 Severity Level Selection Options

The middle part of the Frequency Based Targets SILect tab allows for specification of initiating events. SILect allows for specification of more than one Initiating Event per Hazard. Once there is more than one Initiating Event you can simply switch between Initiating Events using the dropdown box or the left and right () browse buttons. In order to change an Initiating Event simply double click the event frequency of that initiating event or click the Edit button in the Initiating Event area when the specific initiating event is selected. This will bring up the Initiating Event dialog box, see Figure 64.

Figure 64 Initiating Event Dialog Box

Using the Initiating Event dialog box you can specify the details about the initiating event, sometimes known as the initiating cause, which causes the hazard. You can specify a name for the initiating event and its frequency in number of occurrences per year. Furthermore each Initiating Event can have a single Enabling Condition. If there is an Enabling Condition you can specify a description and assign a probability to the condition. An entry for Enabling Condition is not required; however the default probability of 1 will always be displayed if no Enabling Condition exists.


An example of an enabling condition is the usage factor of a batch process. Sometimes the usage factor is accounted for as an IPL. Note that the enabling condition applies to all risk receptors. If a usage factor is to be used to account for 8 hour workdays per 24 hours this should be implemented as an IPL since this usage factor has no effect on the environmental and equipment damage risk receptors.

When you select OK on the Initiating Event dialog box you will return to the SILect tab. You can add an additional Initiating Event to a Safety Instrumented Functions SIL selection by selecting the Add button in the Initiating Event Area. This will bring up the Initiating Event dialog box where you can specify the relevant information for this additional Initiating Event.

If you want to delete an Initiating Event, select the Initiating Event either through use of the dropdown or using the left and right browse buttons and click Del. Note that once deleted the Initiating Event can not be recovered.

Per initiating event it is also possible to specify Independent Protection Layers. By clicking the Add button in the Independent Layers of Protection area on the SILect tab, an IPL is automatically added to this Initiating Event. This action will also launch the Independent Layers of Protection Configuration dialog box shown in Figure 65. Note: an IPL can only be considered an IPL when the following requirements for that IPL are met. An IPL needs to be

Specific Independent Auditable Dependable


On the Independent Layers of Protection Configuration dialog box you can specify the effectiveness of an IPL per risk receptor category. For example a relief valve may be very useful in protecting personnel and equipment; however it will be less effective for the environment because of the release. IPL effectiveness can be expressed in Risk Reduction Factor (RRF) or Probability of Failure on Demand (PFD). The IPL Reuse functionality is further described in section 3.7. Selecting OK will bring you back to the SILect tab. If you want to edit the details for an IPL you can simply do so by double clicking the IPL in the list on the SILect tab. If you want to delete an IPL, select the IPL from the list and click Delete. Once deleted, the IPL can not be recovered.


Once the severity level selections are made and while the details of the Initiating Event and associated Independent Protection Layers are entered the calculated results, and consequently Target SIL, will be updated on the lower portion of the SILect tab. A filled in Frequency Based Targets SILect tab is shown in Figure 66.

Figure 66 Filled in Frequency Based Targets SILect Tab

All information you entered on the SILect tab will be stored when you switch tabs. By selecting the menu option Project Save the information will be saved to the project .exi file. Also note the availability of a Comments and Assumptions field to document any specific SILect remarks, see also Figure 53.

3.7 Independent Protection Layer Reuse In many projects it is highly likely that the same Independent Protection Layer is effective in protecting against various or in some cases to protect against several initiating events that lead to the same hazard. When you specify an IPL you can identify if this IPL is to be reused by checking the Reuse this IPL? checkbox. Once an IPL is marked as a reuse IPL you can select this IPL from the dropdown box on the Independent Layers of Protection Configuration dialog box. Figure 67 highlights the IPL reuse checkbox and the IPL dropdown box from which you can select previously marked reuse IPLs.


Figure 67 Independent Layers of Protection Reuse Checkbox

The key requirement for the reuse of IPLs is that the effectiveness of the IPL is similar.

In order to obtain a clear overview of the IPLs that are reused you can select the SILect Reused IPLs menu option. This will launch a dialog box as show in Figure 68. Each reused IPL is shown with the SIF Tags of the Safety Instrumented Functions that it is used in and the initiating event that it applies to. Note that IPLs that are not reused will not be shown in this overview.

Figure 68 Reused IPLs Overview

When you are using an IPL in multiple Safety Instrumented Functions / Initiating Events a change to that IPL will affect all those Safety Instrumented Functions / Initiating Events. exSILentia will pop-up the warning message shown in Figure 69. If you click Cancel the changes will not be saved, if you click OK the changes will be applied to all IPLs. The warning message is a good reminder of the impact of your changes, however if you decide that you dont want to see the message anymore you can check the Dont show this warning again checkbox.

Figure 69 Warning: Change to a Reused IPL Impacts other SIFs / Initiating Events


If you want to make changes to a Independent Protection Layer that only affects the current Safety Instrumented Function / Initiating Event you can deselect the Reuse this IPL? checkbox (shown in Figure 67) and make the IPL independent. A warning message will appear, see Figure 70. By making an IPL independent none of the changes made to that IPL will affect the other Safety Instrumented Functions / Initiating Events. Similarly none of the changes made to the original reused IPL will affect the independent IPL.

Figure 70 Warning: Making a Reused IPL Independent

If you decided that an existing Independent Protection Layer needs to be replaced by a IPL available from the reuse IPL dropdown list you can do so by simply selecting that reuse IPL. A warning message will appear explaining that the current data will be replaced by the reused IPL data, see Figure 71.

Figure 71 Warning: Replacing an existing IPL with a Reused IPL


4 SIF SRS SIF Safety Requirements Specification This exSILentia user guide chapter will provide an overview of the SIF SRS tool and how it can be used. The SIF SRS tool is designed to help the user with the Safety Requirements Specification task of the Safety Lifecycle. Users of the System SRS with C&E Matrix plug-in (SRSC&E) should see chapter 8 for an overview the plug-in functionality.

4.1 SIF SRS Structure The SIF SRS tool provides a template for the collecting of the Safety Requirements for a Safety Instrumented Function. As such its primarily focus is on the collection of information. The SIF SRS tool structure is very straight forward with only one level of user interaction. Figure 72 shows the SIF SRS tab.

Figure 72 SIF SRS Tab

On this tab you can enter detailed safety requirements and descriptions of the Sensor, Logic Solver, and Final Element part of the SIF.

4.2 Using SIF SRS In the SRS Details area of the SIF SRS tab the following information can be filled in; Reference, Equipment, Process Safe State, SIF Test Interval, Overall Response Time, Protection Method, Trip Reset, Maximum Spurious Trip Rate, Diagnostics, Manual Shutdown, Regulatory Require

exsilentia user guide

Documents

exsilentia tool

exsilentia team

version of exsilentia

exsilentia website

exsilentia user guide

exsilentia home page

user guide doesnt

tool updates