Download - Compliant Safety System
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 1 -
How To Implement an ANSI/ISA 84 Compliant Safety System
Jan N. de BreetTechnical Solutions Consultant
Yokogawa Corporation of America
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 2 -
Presenter
Jan de Breet
Technical Solutions ConsultantSafety Instrumented SystemsYokogawa Corporation of America
o Jan de Breet is a Senior Technical Solutions Consultant at Yokogawa Corporation of America for safety instrumented systems solutions, based in the Sugar Land, Texas office.
o Since 1988, Jan de Breet has been working in the safety instrumented systems industry in research and development, field service, operations, sales and marketing.
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 3 -
Introduction
Why replace a safety system?Why ANSI/ISA 84 compliance?ANSI/ISA 84 – OverviewWhat does it require to comply?Why Yokogawa - ProSafe-RS?
- 4 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Why replace a safety system?Current Situation
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 5 -
Current Situation
Aging installed base of safety systemsOld relay and pneumatic need to be replaced.Old technologies, compatibility issuesDisappearing knowledge/experienceEnd of product life, no more supportHigh reliability leads to longer (= too long) use.Variety of different systems through acquisitionSpecialized knowledge for each brand required
Source: ARC Advisory Group - Process Safety Systems
- 6 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Why ANSI/ISA 84 Compliance?‘Good Engineering Practice’
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 7 -
Why ANSI/ISA 84 Compliance?
Major incidentsLiability, InsuranceEven with good personal safety management plants are still at risk from process hazards
OSHA – 29 CFR PSM 1910– Good Engineering Practice– ‘Grandfather Clause’
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 8 -
Why ANSI/ISA 84 Compliance?
‘Grandfather Clause’"For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard, the owner/operator shall determine that the equipment is designed, maintained, inspected, tested and operating in a safe manner.“
• Issue: 2004 (and 1996)• Only very basic upgrades possible, e.g. repairs• Very hard to keep up-to-date
‘De Facto’ not possible anymore
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 9 -
Why ANSI/ISA 84 Compliance?
ISA 84: The Most Widely Used Standard
- 10 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
ANSI/ISA 84An Overview
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 11 -
ANSI/ISA 84 Overview
ANSI/ISA-84.00.01-2004 Functional Safety –Safety Instrumented Systems for the Process Industry Sector
Part 1 Describes the safety life cycle and all the requirements that apply.
Part 2 Guidelines for the application of part 1.
Part 3 Examples of methods to determine the required safety integrity level.
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 12 -
ANSI/ISA 84 Overview
Main Characteristics– Management of Functional Safety– Safety Life Cycle– Pipe-to-Pipe Approach– Quantitative Safety Assessment
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 13 -
ANSI/ISA 84 Overview
Management of Functional Safety– Must have a Functional Safety Management (FSM)
system in place– Specifies all management and technical activities
necessary to achieve required functional safety• Life cycle• Procedures• Competencies, Responsibilities• Verification and Validation Procedures• Auditable• Traceable
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 14 -
ANSI/ISA 84 Overview
Safety Life Cycle
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 15 -
ANSI/ISA 84 Overview
Pipe-to-Pipe Approach– Safety Instrumented Function, SIF
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 16 -
ANSI/ISA 84 Overview
Quantitative Safety Assessment
– => Risk Reduction
– Expressed as Safety Integrity Level, SIL
SIF
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 17 -
ANSI/ISA 84 Life Cycle Overview
HAZARD and Risk Assessment– As Low As Reasonably Practicable (ALARP) and
tolerable risk concepts– Semi-quantitative method– The safety layer matrix method– Determination of the required safety integrity levels
– a semi qualitative method: calibrated risk graph– Determination of the required safety integrity levels
– a qualitative method: risk graph– Layer of protection analysis (LOPA)
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 18 -
ANSI/ISA 84 Life Cycle Overview
HAZARD and Risk Assessment– Team consists of:
• Process designers• Instrumentation engineers• Safety engineers• Electrical engineers• Mechanical engineers• Operators• Maintenance engineers
• Facilitator
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 19 -
ANSI/ISA 84 Life Cycle Overview
HAZARD and Risk Assessment
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 20 -
ANSI/ISA 84 Life Cycle Overview
Allocation of Safety Functions
HAZOP Available Layers of Protection
SIS
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 21 -
ANSI/ISA 84 Life Cycle Overview
Allocation ofSafety Functions
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 22 -
ANSI/ISA 84 Life Cycle Overview
Safety Requirements Specifications• Description of the safety functions and SIL• I/O Assignment to SIFs• Safe state of the process (open/closed, de-/energized)• Process inputs and trip points, Process outputs and actions• Functional relationships, failure modes• Manual shutdown and reset requirements• Maintenance/bypassing requirements• Safe state Process safety time and Response time
requirements• Operator interfaces modes: start-up, steady operation,
shut down.• Foreseeable abnormal conditions• Requirements for starting-up and shutting-down
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 23 -
ANSI/ISA 84 Life Cycle Overview
Safety Requirements Specifications
– References to several documents, e.g.:• C&E diagrams or Logic diagrams, describing the
functionality of the SIS• I/O lists defining all inputs and outputs to/from the SIS• Narratives• Safety philosophy • Shutdown hierarchy• Maintenance override philosophy
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 24 -
ANSI/ISA 84 Life Cycle Overview
The SIS design• Availability• System Architecture• Sensors• Final Elements• Logic Solver• Failure Modes and PFD Calculations• Design Principles• Failure Modes• Necessary calculation parameters• Proof Testing• Common Cause• Reliability Data and calculation methodology
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 25 -
ANSI/ISA 84 Life Cycle Overview
The SIS Design
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 26 -
ANSI/ISA 84 Life Cycle Overview
Application Software
– ANSI/ISA 84 gives this very much attention• Many clauses to comply with• Has its own life cycles
– Use a certified (IEC61508) system and programming tools
– Combine hardware and software life cycle• Describe this well in project documentation
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 27 -
ANSI/ISA 84 Life Cycle Overview
Installation, Commissioning and Validation
– Installation and Commissioning• Plan this well• Document all activities• Document changes (e.g. resolving issues)
– Validation (SAT)• Safety Validation Plan• Validate that the requirements in the SRS are met• Plan this well, from the start
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 28 -
ANSI/ISA 84 Life Cycle Overview
Functional Assessment• Has a hazard and risk analysis been carried out• Are the recommendations from this analysis implemented or
resolved• Are design change procedures in place and properly used• Are recommendations from earlier assessments resolved• Is the SIS designed and installed in accordance with the SRS• Are the procedures for operation, maintenance and modification
of the SIS ready• Has the validation of the SIS been done, and are all
recommendations resolved• Are the operators and maintenance engineers educated and
trained• Is there a plan for further safety assessments in place
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 29 -
ANSI/ISA 84 Life Cycle Overview
Operation, Maintenance and Repair– Collect data on
• Failures• Test Results• Actual Demands• Accidents
– Use data to verify assumptions made• HAZOP• SIL Calculations Failure Rates
– Proof Testing • Transmitters• Valves• Logic Solvers
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 30 -
ANSI/ISA 84 Life Cycle Overview
Modification and Retrofit– MOC Procedure
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 31 -
ANSI/ISA 84 Life Cycle Overview
Modification and Retrofit Check List• HAZOP consequences.• Risk assessment consequences.• C&E diagrams changes./I/O lists changes.• SIL target effects other or modified SIF.• SRS changes• Application logic changes.• Overriding, by-pass requirements or changes.• Design documentation changes.• Commissioning Pre-Start-up and Acceptance Test
procedure(s)• SIS operating procedure(s).• SIS maintenance procedure(s).• Proof test procedure(s).• Safety validation procedures.
- 32 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
What does it require to comply?DOs and DON’Ts
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 33 -
What does it require to comply?
Compliance to ANSI/ISA 84 must be full
That is the actual cost of a compliant safety system– One time expense– Lifecycle expense
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 34 -
What does it require to comply?
What is the cost of • A shutdown?• An accident?• A calamity?
What is prevention of each worth?• $ …• $ …• $ …
Reduce cost by the right approach
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 35 -
What does it require to comply?
Management of the safety life cycle requires competent individuals, trained/certifiedAssign personnel to FSM (1 – 2+)Develop a coherent strategy from the beginning stages of the project, include all steps of the lifecycle.Look for industry expertise and project execution experience
Source: ARC Advisory Group - Process Safety Systems
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 36 -
What does it require to comply?
Replacing a safety system can mean replacing transmitters and valvesUse certified sensors and valves
Source: ARC Advisory Group - Process Safety Systems
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 37 -
What does it require to comply?
High standards of maintenance are required.• Maintenance of safety equipment is often overlooked.
New technology offers predictive maintenance. • Safety systems require this more than control systems
Asset management systems – To prevent unwanted shutdowns– Make use of new diagnostic capabilities
Source: ARC Advisory Group - Process Safety Systems
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 38 -
DOs
Supplier selection– Look for long term support– Vendor track record– Technology roadmap– MAC approach
Hardware and Software IEC 61508 compliant– High Availability
Integrate security with safety
Source: ARC Advisory Group - Process Safety Systems
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 39 -
DON’Ts
Don’t phase an sis upgrade– Avoid re-doing many activities
Plant on or off line during replacement?– Prepare for Off Line
Source: ARC Advisory Group - Process Safety Systems
- 40 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Yokogawa – ProSafe-RS
- 41 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Corporate Information March 31, 2013
Company Name
Founded
Total Assets
Shareholder Equity
Capital Ratio
Sales
Operating Income
R&D Investment/Sales
Number of Employees
Yokogawa Electric Corporation
September 1, 1915
$4.4B USD
$1.8B USD
40.5%
$4.1B USD
$202M USD
8.2%
19,437
- 42 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Yokogawa North America Locations
Yokogawa Canada, Inc.Calgary, Alberta
Yokogawa Corporation of America Atlanta, Georgia
Yokogawa Corporation of AmericaNorth America HeadquartersHouston, Texas Yokogawa de Mexico, S.A. de C.V.
Mexico City, DF
- 43 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
ProSafe-RS Global Market Share in Refining
34.7
25.6
23.3
30.1
13.9
0
5
10
15
20
25
30
35
40
2009 2011 2012 2013
Mar
ket
Shar
es in
%
Refining
Source ARC 2013
- 44 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
NORTH AMERICACanada (6)
USA (80)
Africa
AsiaMiddle East
South America
North America
Europe
EUROPEAustria (1)Belarus (4)Belgium (16)Bosnia (2)Bulgaria (3)Croatia (1)Cyprus (1)Czech (2)Denmark (1)France (58)Germany (32)Greece (1)Hungary (16)Italy (16) Kazakhstan (6)Macedonia (1)Netherlands (23)Norway (2)Poland (2)Portugal (1)Romania (5)Russia (137)Serbia (2)Slovakia (14)Spain (13)Sweden (1)Turkmenistan (4)UK (19)Ukraine (4)
As of December 31, 2014
TOTAL
1521projects
AFRICAAlgeria (12)Angola (14)Cameroun (1)Congo (6)Egypt (8)Ghana (4)Libya (3)Morocco (3)Namibia (2)Nigeria (13)Senegal (1)South Africa (3)Sudan (5)Tunisia (2)
MIDDLE EAST
ASIAAustralia (32)Bangladesh (5)Brunei (3)China (138)India (122)Indonesia (35)Japan (76)Korea (41)
SOUTH AMERICA
ProSafe-RS Installation Map
Malaysia (32)Myanmar (1)Pakistan (5)Philippines (3)Singapore (28)Taiwan (10)Thailand (71)Vietnam (9)
Brazil (48)Bolivia (4)Chile (1)Colombia (2)Cuba (6)Mexico (8)Trinidad and Tobago (2) Venezuela (6)
8772 controllers81 countries
on the sea (7)N/A (4)
Bahrain (3)Iran (32)Iraq (9)Jordan (1)KSA (78)Kuwait (7)Oman (39)Qatar (10)Syria (2)Turkey (19)UAE (51)Yemen (11)
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 45 -
CENTUM has kept evolving, driving productivity and improving plant operations while securing consistency and a smooth migration path…
CFFS
HF-Bus
CFCS
COPSF-Bus
250 KBPSDual
RedundantToken Pass
CENTUM
CFCD
1MBPSDual
RedundantToken Pass
CENTUM-XL
EOPS
CFCS EFCD
ENGSPFCS
KFCSLFCSCOPS2
CENTUM V
CFCS2
COPSV
CFCD2
ABC
CENTUM CS
ICS
EWS PICS
V net
10 MBPSDual
RedundantToken Pass HIS
CENTUM CS 3000
AVR
FFCS
HIS
CENTUM CS 3000 R3
HIS
CENTUM VP
Vnet/IP
2013
1975
1983 1988
1998
2001 2005
1993
FFCS
1Gbps Dual
Redundant
Progressive Compatibility
Progressive compatibility
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 46 -
Standard Maintenance Phasing
- 47 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Spare Parts/Lead Time– Consignment Program is available for shipping within 24hrs– Typical parts ProSafe RS parts availability is 8 weeks
Service Organization YCA– Dedicated SIS engineers dedicated for Service– Options available for on-site long term support
240 Functional Safety Engineers & Experts Worldwide
Service and Support
- 48 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Yokogawa ONE CALL
- 49 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
ProSafe-RSHighlights
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 50 -
Prosafe-RS Safety Solutions
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 51 -
Modbus, Redundant or Single- TCP/IP- RS-485- RS-232
PCS Connection
Process Control System
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 52 -
InputCircuit, MPU
Circuit, MPU
CPUMPU, memory
MPU, memory
OutputCircuit, MPU
Circuit, MPU
InputCircuit, MPU
Circuit, MPU
CPUMPU, memory
MPU, memory
OutputCircuit, MPU
Circuit, MPU
InputCircuit, MPU
Circuit, MPU
CPUMPU, memory
MPU, memory
OutputCircuit, MPU
Circuit, MPU
Redundant module option:- Proven redundant technology from CENTUM’s architecture- For Higher Availability
Single module option
Single or Redundant, both SIL3 (IEC61508/61511)
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 53 -
Secure Control Communications at the Speed of Light
Network IEEE 802.3z gigabit EthernetTopology Star NetworkControl Protocol UDP/IP (V-Net/IP)Open Protocol TCP/IPDistance 100 m to 5 Km (typical) 100,000 m (maximum)Trans. Speed 1 Gbps
100 Mbps for Ethernet NICsYokogawa VI-701/702 Control Firewall Interface Card (NIC)
Security
Time synchronized to 1 ms
Yokogawa manufactured
Encryption, random changing keys, bandwidth partitioning.
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 54 -
Achilles Controller Level One+ certification tests the security and reliability of a controller. The controller must pass all of the 30million+ tests to achieve the certification.
Vnet/IP – Data Network Security
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 55 -
CPU Rack
Fiber Optic Cable
Remote I/O Rack
31 mi
Remote I/O
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 56 -
To Field Termination Board
I/O Modules
Racks and Modules
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 57 -
Analog (I & O)
Digital (I & O)
Relay Board
Terminal Boards
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 58 -
Cabinet - Termination Example
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 59 -
Cabinet - Termination Example
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 60 -
Analog InSAI143 16 ch. 4 -20mA 2/4 wire configurable per channel.SAV144 16 ch. 1-10V/1-5V configurable per channel.SAT145 16 ch. TC; Type J, K, E, T, S, R, N, B
mV; -100mV~150mV, -20~80mV, -5~25mVSAR145 16 ch. Pt50, Pt100, Pt200, Pt500, Pt1000
Ni100, Ni120
Digital InSDV144 16 ch. 24Vdc, 1 msec SOE. Line monitoring.
Digital OutSDV541 16 ch. 24Vdc, 0.2 A, each channel. +20%/-10% Field SupplySDV531 8 ch. 24Vdc, 0.6 A, each channel. +20%/-10% Field SupplySDV521 4 ch. 24Vdc, 2.0 A, each channel. +20%/-10% Field SupplySDV526 4 ch. 100-120Vac, 0.5 A, each channel. +10%/-15%SDV53A 8 ch. 48Vdc, 0.6 A, each channel. +20%/-10% Field Supply
Analog OutSAI533 8 ch. 4 – 20mA.
I/O Modules
SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
- 61 -
Thank you for your attention
Jan N. de BreetTechnical Solutions Consultant
Yokogawa Corporation of [email protected]
1-800-449-2637
- 62 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015
Thank You