Download - Compliant Safety System

SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015

- 1 -

How To Implement an ANSI/ISA 84 Compliant Safety System

Jan N. de BreetTechnical Solutions Consultant

Yokogawa Corporation of America


- 2 -

Presenter

Jan de Breet

Technical Solutions ConsultantSafety Instrumented SystemsYokogawa Corporation of America

o Jan de Breet is a Senior Technical Solutions Consultant at Yokogawa Corporation of America for safety instrumented systems solutions, based in the Sugar Land, Texas office.

o Since 1988, Jan de Breet has been working in the safety instrumented systems industry in research and development, field service, operations, sales and marketing.


- 3 -

Introduction

Why replace a safety system?Why ANSI/ISA 84 compliance?ANSI/ISA 84 – OverviewWhat does it require to comply?Why Yokogawa - ProSafe-RS?

- 4 -SIS – ISA84 ComplianceCopyright © Yokogawa Electric CorporationJanuary 27th, 2015

Why replace a safety system?Current Situation


- 5 -

Current Situation

Aging installed base of safety systemsOld relay and pneumatic need to be replaced.Old technologies, compatibility issuesDisappearing knowledge/experienceEnd of product life, no more supportHigh reliability leads to longer (= too long) use.Variety of different systems through acquisitionSpecialized knowledge for each brand required

Source: ARC Advisory Group - Process Safety Systems


Why ANSI/ISA 84 Compliance?‘Good Engineering Practice’


- 7 -

Why ANSI/ISA 84 Compliance?

Major incidentsLiability, InsuranceEven with good personal safety management plants are still at risk from process hazards

OSHA – 29 CFR PSM 1910– Good Engineering Practice– ‘Grandfather Clause’


- 8 -


‘Grandfather Clause’"For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard, the owner/operator shall determine that the equipment is designed, maintained, inspected, tested and operating in a safe manner.“

• Issue: 2004 (and 1996)• Only very basic upgrades possible, e.g. repairs• Very hard to keep up-to-date

‘De Facto’ not possible anymore


- 9 -


ISA 84: The Most Widely Used Standard


ANSI/ISA 84An Overview


- 11 -

ANSI/ISA 84 Overview

ANSI/ISA-84.00.01-2004 Functional Safety –Safety Instrumented Systems for the Process Industry Sector

Part 1 Describes the safety life cycle and all the requirements that apply.

Part 2 Guidelines for the application of part 1.

Part 3 Examples of methods to determine the required safety integrity level.


- 12 -


Main Characteristics– Management of Functional Safety– Safety Life Cycle– Pipe-to-Pipe Approach– Quantitative Safety Assessment


- 13 -


Management of Functional Safety– Must have a Functional Safety Management (FSM)

system in place– Specifies all management and technical activities

necessary to achieve required functional safety• Life cycle• Procedures• Competencies, Responsibilities• Verification and Validation Procedures• Auditable• Traceable


- 14 -


Safety Life Cycle


- 15 -


Pipe-to-Pipe Approach– Safety Instrumented Function, SIF


- 16 -


Quantitative Safety Assessment

– => Risk Reduction

– Expressed as Safety Integrity Level, SIL

SIF


- 17 -

ANSI/ISA 84 Life Cycle Overview

HAZARD and Risk Assessment– As Low As Reasonably Practicable (ALARP) and

tolerable risk concepts– Semi-quantitative method– The safety layer matrix method– Determination of the required safety integrity levels

– a semi qualitative method: calibrated risk graph– Determination of the required safety integrity levels

– a qualitative method: risk graph– Layer of protection analysis (LOPA)


- 18 -


HAZARD and Risk Assessment– Team consists of:

• Process designers• Instrumentation engineers• Safety engineers• Electrical engineers• Mechanical engineers• Operators• Maintenance engineers

• Facilitator


- 19 -


HAZARD and Risk Assessment


- 20 -


Allocation of Safety Functions

HAZOP Available Layers of Protection

SIS


- 21 -


Allocation ofSafety Functions


- 22 -


Safety Requirements Specifications• Description of the safety functions and SIL• I/O Assignment to SIFs• Safe state of the process (open/closed, de-/energized)• Process inputs and trip points, Process outputs and actions• Functional relationships, failure modes• Manual shutdown and reset requirements• Maintenance/bypassing requirements• Safe state Process safety time and Response time

requirements• Operator interfaces modes: start-up, steady operation,

shut down.• Foreseeable abnormal conditions• Requirements for starting-up and shutting-down


- 23 -


Safety Requirements Specifications

– References to several documents, e.g.:• C&E diagrams or Logic diagrams, describing the

functionality of the SIS• I/O lists defining all inputs and outputs to/from the SIS• Narratives• Safety philosophy • Shutdown hierarchy• Maintenance override philosophy


- 24 -


The SIS design• Availability• System Architecture• Sensors• Final Elements• Logic Solver• Failure Modes and PFD Calculations• Design Principles• Failure Modes• Necessary calculation parameters• Proof Testing• Common Cause• Reliability Data and calculation methodology


- 25 -


The SIS Design


- 26 -


Application Software

– ANSI/ISA 84 gives this very much attention• Many clauses to comply with• Has its own life cycles

– Use a certified (IEC61508) system and programming tools

– Combine hardware and software life cycle• Describe this well in project documentation


- 27 -


Installation, Commissioning and Validation

– Installation and Commissioning• Plan this well• Document all activities• Document changes (e.g. resolving issues)

– Validation (SAT)• Safety Validation Plan• Validate that the requirements in the SRS are met• Plan this well, from the start


- 28 -


Functional Assessment• Has a hazard and risk analysis been carried out• Are the recommendations from this analysis implemented or

resolved• Are design change procedures in place and properly used• Are recommendations from earlier assessments resolved• Is the SIS designed and installed in accordance with the SRS• Are the procedures for operation, maintenance and modification

of the SIS ready• Has the validation of the SIS been done, and are all

recommendations resolved• Are the operators and maintenance engineers educated and

trained• Is there a plan for further safety assessments in place


- 29 -


Operation, Maintenance and Repair– Collect data on

• Failures• Test Results• Actual Demands• Accidents

– Use data to verify assumptions made• HAZOP• SIL Calculations Failure Rates

– Proof Testing • Transmitters• Valves• Logic Solvers


- 30 -


Modification and Retrofit– MOC Procedure


- 31 -


Modification and Retrofit Check List• HAZOP consequences.• Risk assessment consequences.• C&E diagrams changes./I/O lists changes.• SIL target effects other or modified SIF.• SRS changes• Application logic changes.• Overriding, by-pass requirements or changes.• Design documentation changes.• Commissioning Pre-Start-up and Acceptance Test

procedure(s)• SIS operating procedure(s).• SIS maintenance procedure(s).• Proof test procedure(s).• Safety validation procedures.


What does it require to comply?DOs and DON’Ts


- 33 -

What does it require to comply?

Compliance to ANSI/ISA 84 must be full

That is the actual cost of a compliant safety system– One time expense– Lifecycle expense


- 34 -


What is the cost of • A shutdown?• An accident?• A calamity?

What is prevention of each worth?• $ …• $ …• $ …

Reduce cost by the right approach


- 35 -


Management of the safety life cycle requires competent individuals, trained/certifiedAssign personnel to FSM (1 – 2+)Develop a coherent strategy from the beginning stages of the project, include all steps of the lifecycle.Look for industry expertise and project execution experience



- 36 -


Replacing a safety system can mean replacing transmitters and valvesUse certified sensors and valves



- 37 -


High standards of maintenance are required.• Maintenance of safety equipment is often overlooked.

New technology offers predictive maintenance. • Safety systems require this more than control systems

Asset management systems – To prevent unwanted shutdowns– Make use of new diagnostic capabilities



- 38 -

DOs

Supplier selection– Look for long term support– Vendor track record– Technology roadmap– MAC approach

Hardware and Software IEC 61508 compliant– High Availability

Integrate security with safety



- 39 -

DON’Ts

Don’t phase an sis upgrade– Avoid re-doing many activities

Plant on or off line during replacement?– Prepare for Off Line



Yokogawa – ProSafe-RS


Corporate Information March 31, 2013

Company Name

Founded

Total Assets

Shareholder Equity

Capital Ratio

Sales

Operating Income

R&D Investment/Sales

Number of Employees

Yokogawa Electric Corporation

September 1, 1915

$4.4B USD

$1.8B USD

40.5%

$4.1B USD

$202M USD

8.2%

19,437


Yokogawa North America Locations

Yokogawa Canada, Inc.Calgary, Alberta

Yokogawa Corporation of America Atlanta, Georgia

Yokogawa Corporation of AmericaNorth America HeadquartersHouston, Texas Yokogawa de Mexico, S.A. de C.V.

Mexico City, DF


ProSafe-RS Global Market Share in Refining

34.7

25.6

23.3

30.1

13.9

0

5

10

15

20

25

30

35

40

2009 2011 2012 2013

Mar

ket

Shar

es in

%

Refining

Source ARC 2013


NORTH AMERICACanada (6)

USA (80)

Africa

AsiaMiddle East

South America

North America

Europe

EUROPEAustria (1)Belarus (4)Belgium (16)Bosnia (2)Bulgaria (3)Croatia (1)Cyprus (1)Czech (2)Denmark (1)France (58)Germany (32)Greece (1)Hungary (16)Italy (16) Kazakhstan (6)Macedonia (1)Netherlands (23)Norway (2)Poland (2)Portugal (1)Romania (5)Russia (137)Serbia (2)Slovakia (14)Spain (13)Sweden (1)Turkmenistan (4)UK (19)Ukraine (4)

As of December 31, 2014

TOTAL

1521projects

AFRICAAlgeria (12)Angola (14)Cameroun (1)Congo (6)Egypt (8)Ghana (4)Libya (3)Morocco (3)Namibia (2)Nigeria (13)Senegal (1)South Africa (3)Sudan (5)Tunisia (2)

MIDDLE EAST

ASIAAustralia (32)Bangladesh (5)Brunei (3)China (138)India (122)Indonesia (35)Japan (76)Korea (41)

SOUTH AMERICA

ProSafe-RS Installation Map

Malaysia (32)Myanmar (1)Pakistan (5)Philippines (3)Singapore (28)Taiwan (10)Thailand (71)Vietnam (9)

Brazil (48)Bolivia (4)Chile (1)Colombia (2)Cuba (6)Mexico (8)Trinidad and Tobago (2) Venezuela (6)

8772 controllers81 countries

on the sea (7)N/A (4)

Bahrain (3)Iran (32)Iraq (9)Jordan (1)KSA (78)Kuwait (7)Oman (39)Qatar (10)Syria (2)Turkey (19)UAE (51)Yemen (11)


- 45 -

CENTUM has kept evolving, driving productivity and improving plant operations while securing consistency and a smooth migration path…

CFFS

HF-Bus

CFCS

COPSF-Bus

250 KBPSDual

RedundantToken Pass

CENTUM

CFCD

1MBPSDual

RedundantToken Pass

CENTUM-XL

EOPS

CFCS EFCD

ENGSPFCS

KFCSLFCSCOPS2

CENTUM V

CFCS2

COPSV

CFCD2

ABC

CENTUM CS

ICS

EWS PICS

V net

10 MBPSDual

RedundantToken Pass HIS

CENTUM CS 3000

AVR

FFCS

HIS

CENTUM CS 3000 R3

HIS

CENTUM VP

Vnet/IP

2013

1975

1983 1988

1998

2001 2005

1993

FFCS

1Gbps Dual

Redundant

Progressive Compatibility

Progressive compatibility


- 46 -

Standard Maintenance Phasing


Spare Parts/Lead Time– Consignment Program is available for shipping within 24hrs– Typical parts ProSafe RS parts availability is 8 weeks

Service Organization YCA– Dedicated SIS engineers dedicated for Service– Options available for on-site long term support

240 Functional Safety Engineers & Experts Worldwide

Service and Support


Yokogawa ONE CALL


ProSafe-RSHighlights


- 50 -

Prosafe-RS Safety Solutions


- 51 -

Modbus, Redundant or Single- TCP/IP- RS-485- RS-232

PCS Connection

Process Control System


- 52 -

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

Redundant module option:- Proven redundant technology from CENTUM’s architecture- For Higher Availability

Single module option

Single or Redundant, both SIL3 (IEC61508/61511)


- 53 -

Secure Control Communications at the Speed of Light

Network IEEE 802.3z gigabit EthernetTopology Star NetworkControl Protocol UDP/IP (V-Net/IP)Open Protocol TCP/IPDistance 100 m to 5 Km (typical) 100,000 m (maximum)Trans. Speed 1 Gbps

100 Mbps for Ethernet NICsYokogawa VI-701/702 Control Firewall Interface Card (NIC)

Security

Time synchronized to 1 ms

Yokogawa manufactured

Encryption, random changing keys, bandwidth partitioning.


- 54 -

Achilles Controller Level One+ certification tests the security and reliability of a controller. The controller must pass all of the 30million+ tests to achieve the certification.

Vnet/IP – Data Network Security


- 55 -

CPU Rack

Fiber Optic Cable

Remote I/O Rack

31 mi

Remote I/O


- 56 -

To Field Termination Board

I/O Modules

Racks and Modules


- 57 -

Analog (I & O)

Digital (I & O)

Relay Board

Terminal Boards


- 58 -

Cabinet - Termination Example


- 59 -

Cabinet - Termination Example


- 60 -

Analog InSAI143 16 ch. 4 -20mA 2/4 wire configurable per channel.SAV144 16 ch. 1-10V/1-5V configurable per channel.SAT145 16 ch. TC; Type J, K, E, T, S, R, N, B

mV; -100mV～150mV, -20～80mV, -5～25mVSAR145 16 ch. Pt50, Pt100, Pt200, Pt500, Pt1000

Ni100, Ni120

Digital InSDV144 16 ch. 24Vdc, 1 msec SOE. Line monitoring.

Digital OutSDV541 16 ch. 24Vdc, 0.2 A, each channel. +20%/-10% Field SupplySDV531 8 ch. 24Vdc, 0.6 A, each channel. +20%/-10% Field SupplySDV521 4 ch. 24Vdc, 2.0 A, each channel. +20%/-10% Field SupplySDV526 4 ch. 100-120Vac, 0.5 A, each channel. +10%/-15%SDV53A 8 ch. 48Vdc, 0.6 A, each channel. +20%/-10% Field Supply

Analog OutSAI533 8 ch. 4 – 20mA.

I/O Modules


- 61 -

Thank you for your attention

Jan N. de BreetTechnical Solutions Consultant

Yokogawa Corporation of [email protected]

1-800-449-2637


Thank You

Download - Compliant Safety System

Top Related