sicherheitstechnische verschaltung beim einbau von package
TRANSCRIPT
Sicherheitstechnische Verschaltungbeim Einbau von Package Units in eine
verfahrenstechnische Anlage am Beispiel eines Kompressors
Thomas Martin
thyssenkrupp Industrial Solutions AG Chemical Plant Technology
Friedrich-Uhde-Str. 15 44141 DortmundTelefon: 0231 547 2505
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>2
Projekt Qafco 4 in QatarAmmoniak-Harnstoff
4733 DCS Signale1272 ESD Signale
Projekt Safco in Saudi ArabienAmmoniak-Harnstoff
5250 DCS Signale3152 ESD Signale
Ähnliche Anlagen aber Unterschiede durch:• HAZOP• SIL- Methode• Umgang mit passiven Sicherheitseinrichtungen• Einbindung von Schutzebene (LOPA)• Verfügbarkeit versus Sicherheit• Gesellschaftlich tolerierbares Risiko
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>3Seite 3
Quelle:GE Nuovo Pignone
Beispiel einer sicherheitsgerichteten
Turbinen- und Kompressorsteuerung
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>4Th. Martin Seite 4
1
Distributed Control System (DCS)
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>5Th. Martin Seite 5
Central Control Room Engineering Room
HIS HIS HIS HIS HISHIS HISHIS HISHIS EWSHIS EWS
Ammonia / O & U UAN/ANUREA HNO 3
Patchfield
Fibre-Optic
Sysnet/IP
Color Printer
Printserver
Alarm Printer
Color Printer
Printserver
Alarm Printer
Hardwired Interconnection
HIS
Substation 1
Open Racks for Terminal Boards
Offsite & Utilities 1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
SB
E
S
B
E
SB
E
S
B
E
C4
0
1
E
C4
0
1
ES
B
E
S
B
ES
B
E
S
B
Ammonia Back End
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
SB
E
S
B
E
SB
E
S
B
E
C
4
01
E
C
4
01
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
Ammonia Front End
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
S
B
E
S
B
E
C
4
01
E
C
4
01
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
Ammonia Front End
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
S
B
E
S
B
E
C
4
01
E
C
4
01
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
Ammonia Back End
SysNet/IP
O&U 1Ammonia Front End
Patchfield
HIS EWS
VMSTurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge
HIS
Open Racks for Terminal Boards
Substation 2
E
SB
E
S
B
E
SB
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
SB
E
S
B
E
SB
E
S
B
E
C4
0
1
E
C4
0
1
UREA/UAN
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
S
B
E
S
B
E
C
4
01
E
C
4
01
Offsite & Utilities 2
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
S
B
E
S
B
E
C
4
01
E
C
4
01
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
E
SB
E
SB
E
SB
E
SB
E
S
B
E
S
B
E
S
B
E
S
B
UREA O&U 2 UAN/UN HNO3 BMS
Patchfield
HNO3
SysNet/IP
HIS EWS
VMSTurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge Modbus RTURefrige Compr.
Boiler Panel
GPS-Clock
E
S
B
E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
C
4
01
E
C
4
01
Distributed Control System (DCS)
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>6Th. Martin Seite 6
Emergency Shutdown Device (ESD)2
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>7Th. Martin Seite 7
Central Control Room Engineering Room
HIS HIS HIS HIS HISHIS HISHIS HISHIS EWSHIS EWS
Ammonia / O & U UAN/ANUREA HNO 3
Patchfield
Fibre-Optic
Sysnet/IP
Color Printer
Printserver
Alarm Printer
Color Printer
Printserver
Alarm Printer
Hardwired Interconnection
HIS
Substation 1
Open Racks for Terminal Boards
Offsite & Utilities 1
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
E
C4
0
1
E
C4
0
1 E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
SB
E
SB
E
SB
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
SysNet/IP
O&U 1Ammonia Front End
Patchfield
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge
HIS
Open Racks for Terminal Boards
Substation 2
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
UREA/UAN
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
Offsite & Utilities 2
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
ES
B
E
S
B
ES
B
ES
B
ES
B
ES
B
ES
B
UREA O&U 2 UAN/UN HNO3 BMS
Patchfield
HNO3
SysNet/IP
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge Modbus RTURefrige Compr.
Boiler Panel
GPS-Clock
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
C4
0
1
E
C4
0
1
Emergency Shutdown Device (ESD)
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>8Th. Martin Seite 8
Vibration Monitoring System (VMS)3
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>9Th. Martin Seite 9
Central Control Room Engineering Room
HIS HIS HIS HIS HISHIS HISHIS HISHIS EWSHIS EWS
Ammonia / O & U UAN/ANUREA HNO 3
Patchfield
Fibre-Optic
Sysnet/IP
Color Printer
Printserver
Alarm Printer
Color Printer
Printserver
Alarm Printer
Hardwired Interconnection
HIS
Substation 1
Open Racks for Terminal Boards
Offsite & Utilities 1
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
E
C4
0
1
E
C4
0
1 E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
SB
E
SB
E
SB
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
SysNet/IP
O&U 1Ammonia Front End
Patchfield
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge
HIS
Open Racks for Terminal Boards
Substation 2
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
UREA/UAN
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
Offsite & Utilities 2
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
ES
B
E
S
B
ES
B
ES
B
ES
B
ES
B
ES
B
UREA O&U 2 UAN/UN HNO3 BMS
Patchfield
HNO3
SysNet/IP
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge Modbus RTURefrige Compr.
Boiler Panel
GPS-Clock
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
C4
0
1
E
C4
0
1
Vibration Monitoring System (VMS)
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>10Th. Martin Seite 10
Pumpgrenz- und Drehzahlregelung4
5
6
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>11Th. Martin Seite 11
Central Control Room Engineering Room
HIS HIS HIS HIS HISHIS HISHIS HISHIS EWSHIS EWS
Ammonia / O & U UAN/ANUREA HNO 3
Patchfield
Fibre-Optic
Sysnet/IP
Color Printer
Printserver
Alarm Printer
Color Printer
Printserver
Alarm Printer
Hardwired Interconnection
HIS
Substation 1
Open Racks for Terminal Boards
Offsite & Utilities 1
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
ES
B
E
S
B
ES
B
E
S
B
E
C4
0
1
E
C4
0
1 E
S
B
E
S
B
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Front End
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
SB
E
SB
E
SB
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
Ammonia Back End
SysNet/IP
O&U 1Ammonia Front End
Patchfield
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge
HIS
Open Racks for Terminal Boards
Substation 2
ES
B
ES
B
ES
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
ES
B
ES
B
ES
B
ES
B
E
C
4
0
1
E
C
4
0
1
UREA/UAN
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
Offsite & Utilities 2
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
S
B
E
S
B
E
S
B
E
S
B
E
C4
0
1
E
C4
0
1
E
SB
E
S
B
E
SB
E
S
B
E
S
B
E
SB
E
S
B
E
SB
E
S
B
ES
B
E
S
B
ES
B
ES
B
ES
B
ES
B
ES
B
UREA O&U 2 UAN/UN HNO3 BMS
Patchfield
HNO3
SysNet/IP
HIS EWS
VMS
TurbineSpeedControl
SpecialDevices
AnnounciatorPanel
Modbus RTU
Modbus RTU
Modbus RTU
Analyser
MCC (some
winding temp.)
Antisurge Modbus RTURefrige Compr.
Boiler Panel
GPS-Clock
ES
B
E
S
B
ES
B
E
S
B
E
S
B
ES
B
E
S
B
ES
B
E
C4
0
1
E
C4
0
1
Pumpgrenz- und Drehzahlregelung
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>12Th. Martin Seite 12
Hazardous Event
Some danger1
Dangerous2
Critical to catastrophic3
Consequenceon people
First aid, medical treatment Permanent injury One or more fatalities
Consequenceon environment
Damage with recovery time less than 2 years Damage with recovery time less than 5 years Damage with recovery time more than 5 years
Consequenceon materialvalues(cost / €)
Minor damage to equipment, fire with limited extent, emis-sion of toxic flammable or hot substances etc.Small quality or production loss(cost: 10,000,- to 1,000,000.-- €)
Considerable damage to equipment, ruptures etc.Considerable quality or production loss
(cost: > 1,000,000.-- €)
Major damage or demolition of plantMajor production loss or cessation
(cost: 10,000,000.-- € and more)A
nearlyimpossible
Bmost
unlikely
C
unlikely
Dlow
probability
E
probable
F 1)
frequent
Anearly
impossible
Bmost
unlikely
C
unlikely
Dlow
probability
E
probable
F 1)
frequent
Anearly
impossible
Bmost
unlikely
C
unlikely
Dlow
probability
E
probable
F 1)
frequent
Probability
< 10-4
/ yr10
-4-10
-3
/ yr10
-3-10
-2
/ yr10
-2-0.1
/ yr0.1- 1
/ yr> 1/ yr
< 10-4
/ yr10
-4-10
-3
/ yr10
-3-10
-2
/ yr10
-2-0.1
/ yr0.1- 1
/ yr> 1/ yr
< 10-4
/ yr10
-4-10
-3
/ yr10
-3-10
-2
/ yr10
-2-0.1
/ yr0.1- 1
/ yr> 1/ yr
0 SIL 1 SIL 1 SIL 2 SIL 3 SIL 1 SIL 1 SIL 2 SIL 3 SIL 3
1 SIL 1 SIL 2 SIL 1 SIL 1 SIL 2 SIL 3
Additionalprotectionlayers
2
Redesignof
processand/orcontrolsystem
SIL 1
Redesignof
processand/orcontrolsystem
SIL 1 SIL 2
Redesignof
processand/orcontrolsystem
Quelle: ThyssenKrupp Industrial Solutions AG; „ SIL Classification“
SIL- Klassifikation (Matrix-Methode)Schutz von Ausrüstungoder Produktionsausfallmuss/soll nicht durch
SIF erfolgen
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>13Th. Martin Seite 13
SIL und Schutz von Equipment und Produktion durch das ESD?
LSD LSU LDD LDU
Main Processor 4,50E-06 5,00E-07 3,50E-06 1,50E-06
Power Supply 4,51E-06 2,38E-07 2,38E-07 1,30E-08
AI Module 8,50E-07 1,50E-07 7,50E-07 2,50E-07
AI Channel 2,50E-08 2,50E-08 1,30E-08 3,80E-08
DI Module 4,25E-07 7,50E-08 3,75E-07 1,25E-07
DI Channel 5,00E-08 5,00E-08 2,50E-08 7,50E-08
DO Out Module 4,25E-07 7,50E-08 3,75E-07 1,25E-07
DO Out Channe 5,00E-08 5,00E-08 2,50E-08 7,50E-08
AI-DO 1,04E-05 1,04E-06 4,90E-06 2,00E-06
DI-DO 9,96E-06 9,88E-07 4,54E-06 1,91E-06
General Purpose PLC
LSD LSU LDD LDU
Main Processor 7,43E-06 7,50E-08 2,38E-06 1,25E-07
Power Supply 2,25E-06 2,50E-07
AI Module 9,90E-07 1,00E-08 9,00E-07 1,00E-07
AI Channel 4,80E-08 3,00E-09 4,80E-08 3,00E-09
DI Module 5,70E-07 3,00E-09 3,80E-07 2,00E-08
DI Channel 1,24E-07 7,00E-09 6,70E-08 4,00E-09
DO Out Module 7,60E-07 4,00E-08 1,90E-09 1,00E-08
DO Out Channe 1,39E-07 1,00E-09 5,70E-08 3,00E-09
AI-DO 1,16E-05 1,29E-07 3,64E-06 2,41E-07
DI-DO 1,13E-05 1,26E-07 3,14E-06 1,62E-07
Generic Sil3 Certified PLC
1,83E-05 1,56E-05
1,83E-05 + 1,56E-05 = 3,39E-05
Priorität: Verfügbarkeit
Priorität: Abschalten
BG-RCI Workshop 13.2.2020 Heidelberg
Th. Martin Seite <Nr.>14Th. Martin Seite 14
LSD LSU LDD LDUMain Processor 4,50E-06 5,00E-07 3,50E-06 1,50E-06Power Supply 4,51E-06 2,38E-07 2,38E-07 1,30E-08AI Module 8,50E-07 1,50E-07 7,50E-07 2,50E-07AI Channel 2,50E-08 2,50E-08 1,30E-08 3,80E-08DI Module 4,25E-07 7,50E-08 3,75E-07 1,25E-07DI Channel 5,00E-08 5,00E-08 2,50E-08 7,50E-08DO Out Module 4,25E-07 7,50E-08 3,75E-07 1,25E-07DO Out Channe 5,00E-08 5,00E-08 2,50E-08 7,50E-08AI-DO 1,04E-05 1,04E-06 4,90E-06 2,00E-06DI-DO 9,96E-06 9,88E-07 4,54E-06 1,91E-06
General Purpose PLC
1,83E-05
= 1,83E-05
Priorität: Verfügbarkeit
SIL und Schutz von Equipment und Produktion durch das ESD?