sil for starters.pdf

8/12/2019 SIL for Starters.pdf

1/22

Functional Safety

Guide for Safety Instrumented Function Application

Title1


2/22

Content

Why should you require a Safety Instrumented Function (SIF)?

Requirement when selecting the component according to IEC 61511 for a SIF

Assessment of component according to IEC 61508 to be implemented into a SIF

Advantages using fully assessed 9000 Series in SIF


3/22

SIFWhy should you require a

Safety Instrumented Function


4/22

Hazard and risk assessment

When going into functional Safety, the primary requirement of the IEC 61511 is to have

a Functional Safety Management Systemwith identification of the safety strategy to

reach safety and identification of the people involved.

People must be aware of their responsibility and be educate for it.

One of the first step of functional safety is to realize a risk assessment to identify,

analyze possible hazard events and define the risk reduction requirement when

necessary.

Main risk analysis technics are:

HAZOP (Hazard and Operability analysis), FMEA (Failure Modes and Effects

Analysis), Bow Tie, FTA (Fault Tree Analysis), ETA (Event Tree Analysis),

A tolerable risk must be defined

Risk related to the

potential hazard

Severity of the

potential armProbability of

occurence


5/22

Hazard and risk assessment

Further the risk assessment, safety barrier willbe defined with an associated risk reduction

factor

Safety barriers can be mechanical or Safety

Instrumented Functions

Safety Barriers can be for prevention of the

hazard to occur or for mitigation after an hazard

occurs.

Safety Integrated Level

(SIL) is introduced here as a risk

risk reduction factor

Identification of thepotential hazards

Risk estimation

Risk evaluation

Risk reduction

Tolerable risk targeted


6/22

COMMUNITY EMERGENCY RESPONSE

PLANT EMERGENCY RESPONSE

MITIGATION

Mechanical protection system

Safety Instrumented System

PREVENTION

Mechanical protection systemSafety Instrumented System

BPCS (SNCC)

Monitorins Systems

Operator supervision

PROCESS DESIGN

Allocation of the safety function

Protection Layer Model


7/22

Safety Instrumented Functions

When requested SIL level is defined, the mode of operation of the safety

function shall be identified thus enable to implement component within an

instrumented safety function using corresponding figures.

DEMAND MODEOF OPERATION (Low demand)

SIL Target PFDavg Target risk reduction

4 10-5 to < 10-4 >10 000 to 100 000

3 10-4to < 10-3 >1 000 to 10 000

2 10-3 to < 10-2 >100 to 1 000

1 10-2 to < 10-1 >10 to 100

CONTINUOUS MODEOF OPERATION (High demand)

SIL Target PFH

4 10-9 to < 10-8

3 10-8 to < 10-7

2 10-7 to < 10-6

1 10-6to < 10-5


8/22

Requirement when selecting

the component

according to IEC 61511


9/22

Statement of the IEC 61511


10/22

SIS Design and Engineering

SIS Design and Engineering

An end-user has two possibilities in selecting component or sub-systems to be

implemented in Safety Instrumented Functions.

Either the end-user can show that the device has a prior-use historyin accordance with

the requirements of IEC 61511 or

Either the device was developed and assessed according to IEC 61508

(this corresponds to an IEC 61508 full assessment)

It is very important to notice that the first requirement is to be fulfilled by the end-user only.


11/22

Requirement for Prior use evidence

The Prior-Use clause of IEC 61511 states the following:

IEC 61511-1, Section 11.5.3.1: Appro pr iate evidence sh al l be avai lablethat the

components and sub-systems are suitable for use in the safety instrumented system.

IEC 61511 , Section 11.5.3.2 : The appropriate evidence for devices

must be a documented case that includes:

Consideration of the manufacturers quality, management and configuration

management systems

Adequate identification and specification of the components or subsystems

Demonstration of the performance of the components or sub-systems in similar operating

profiles and physical environments

The volume of operating experience


12/22

Discussion on Prior use evidence

Consideration of the manufacturers quality, management and configuration

management systems?

Do you verify the ISO 9000, the documented design process,

the safety manual of your supplier ?

Adequate identification and specification of the components or subsystems?

(Description of the components including design revision information?)

Do you verify your supplier version control of hardware, software?

Do you review the return data and field failure feedback system ?

Demonstration of the performance of the components or sub-systems in similar operating profiles and

physical environments on the plant, within the company?

Do you manage all operating profiles at your plant?

Type of device, environment condition,

The volume of operating experience?

Do you have a necessary recorded experience?

Prior use justification for component selection require high resources and cost


13/22

Assessment of component

according to IEC 61508


14/22

Component certification to IEC 61508

For a manufacturer, being IEC 61508 compliant means being fully compliant

to the standard not just a part of it.

Part 1: General requirements (required for compliance)

Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems

(required for compliance)

Part 3: Software requirements

(required for compliance)

Part 4 to 7 are supporting information

Type A component shall be Part 1-2 compliant

Type B component shall be Part 1-2-3 compliant

At PR, we apply all requested parts for each Type A/B device of the 9000 Series

Technical

requirements


15/22

Component certification to IEC 61508

A Safety Management System (SMS) has been created and assessed at PR

Competent and trained person, independency, Safety management plan,

A hardware assessment is performed for each model of the 9000 Series

Safety life cycle, Failure rates (FMEDA , Failure rates , SFF, HFT,)

A Software assessment is performed for each type B devices of the 9000 Series

Software Functional Safety plan, SW Safety Cycle, Validation planning,

SW Safety validation, operation and modification Verification,

Assessment by third party EXIDA


16/22

FUNCTIONAL ASSESSMENT

Being IEC 61508 means being fully compliant to the standard, not only part of it.

At PR, we provide you:

Functional Safety Management System certificate

Software and/or Hardware Assessment Report

FMEDA report

Safety Manual

SIL Capable Certificate

Nothings missing We are full compliant!

Covering all 61508 requirement, our product can thus be selected

according to the IEC 61511, the end user standard.


17/22

Advantages using the fully assessed

9000 Series


18/22

Example : SIL2 achievement

Sensor Isolator SCS Isolator Actuator

Simple device PR electronics

9113BA

Invensys

Triconex

PR electronics

9107BA

Foxboro SRI990

Type B

HFT=0

SFF > 90%

Type B

HFT=1

SFF > 99%

Type A

HFT=0

SFF > 90%

Type A

HFT=0

SFF > 90%

SIL 2 SystematicCapability SystematicCapability SystematicCapability SystematicCapability

PFD or PFH calculation to check if it achieves the SIL level requirement with

corresponding Ti ( of all PFD SIF components)

The requirements for the SIF for a SIL 2 is achieved


19/22



Simple device Manufacturer Invensys

Triconex

Manufacturer Foxboro SRI990

Type B

HFT=0

SFF 99%

Type A

HFT=0

SFF 90%

SIL1 only

No Systematic

Capability

Systematic

Capability

No Systematic

Capability

Systematic

Capability

PFD or PFH calculation to check if it achieves the SIL level requirement with


The requirements for the SIF for a SIL 2 is not achieved


20/22



Simple device Manufacturer Invensys

Triconex

Manufacturer Foxboro SRI990

Type B

HFT=1

SFF 99%

Type A

HFT=0

SFF 90%

No Systematic

Capability

Systematic

Capability

No Systematic

Capability

Systematic

CapabilityPFD or PFH calculation to check if it achieves the SIL level requirement with


The requirements for the SIF for a SIL 2 is only partially achieved

It MUST be completed by an END USER proven in use


21/22

Assessment according to IEC 61508 at PR

21

PR electronics innovate with full assessment by

means of :

Functional Safety Management System assessment

Hardware and Software assessment report on

individual products

SIL Capability Certificate on individual products

By selecting the PR system 9000 devices for

Safety Instrumented Function, you ensure that

the IEC 61511 requirements for component

selection are always fulfilled!

Both SIL2 & SIL3 level can be achieved with

the 9000 Series.


22/22

Title22

sil for starters.pdf

Documents