functional safety / “sil” in process …tankref.dk/onewebmedia/a2. ors - functional safety -...

THE 10TH TANK & REFINERY CONFERENCE, COPENHAGEN, DEC 2017

FUNCTIONAL SAFETY / “SIL” IN PROCESS INDUSTRIES

BARIS ARSLAN MANAGING DIRECTOR ORS CONSULTING WWW.ORSCONSULTING.NO

http://www.orsconsulting.no/

www.orsconsulting.no

ORS CONSULTING

2

• Control and mitigation of fires & explosions in the process industries – main concern!

• As a part of traditional process design, two different protection layers are installed to avoid accidents

• Typically, it is achieved by – An electrical system (instrumented), such as

Emergency shutdown system (ESD) – A mechanical system – such as Pressure Safety

Valve (PSV) or similar

• These systems are called primary and secondary

• Primary and secondary systems are independent of each other!

PROCESS SAFETY IN PETROLEUM- OCH PETROCHEMICAL INDUSTRIES

Process Safety

Instrumented

systems (ESD)

Mechanical

Systems (PSV)


ORS CONSULTING

3

WHAT DO WE KNOW ABOUT FUNCTIONAL SAFETY?

Sensor Logic Final


ORS CONSULTING

4

SAFETY INTEGRITY LEVEL (SIL) CONCEPT

Maximum one (1) system failure in 500 Times?

SIL 4 10-5 < PFD < 10-4

Fails 1 in 10 000 demands

SIL 3 10-4 < PFD < 10-3

Fails 1 in 1000 demands

SIL 2 10-3 < PFD < 10-2 Fails 1 in 100 demands

SIL 1 10-2 < PFD < 10-1 Fails 1 in 10 demands

Higher reliability

SIL Requirement: Functions+Integrity+Condition


ORS CONSULTING

5

CONTAINMENT OF FLAMMABLE/EXPLOSIVE INVENTORIES IN PROCESS

IEC 61511

Safety Instrumented Systems for the Process Industry

IEC 61508 Functional Safety of Electrical/Electronic

and programmable electronic safety related systems

ISO 13702 Control and mitigation of fires

and explosions

ISO 10418 Basic Surface Process Safety

Systems

API 14 C

(Process Safety)

API 521

(Depressurization, Pressure-relief)


ORS CONSULTING

6

PROTECTION LAYERS VS RELIABILITY

PROTECTION LAYERS PROBABILITY OF FAILURE


ORS CONSULTING

7

FUNCTIONAL SAFETY FROM A LIFECYCLE PERSPECTIVE

• IEC61511 provides a complete framework for management of functional safety from a lifecycle perspectives.

• Different roles as: – Supplier / Vendor – Design Realization (Engineering) – System Integrator (typically the Operator)

• INVOLVEMENT OF ASSET OPERATIONS IN SIS DESIGN PHASE IS CRITICAL FOR SUCCESS

Plan

ning

/ Ve

rific

atio

n / V

alid

atio

n / C

ompe

tenc

e Hazard and Risk Assessment

Allocation of Safety Functions to Protection Layers

Design and Engineering of SIS

Installation, Commissioning and Validation

Operation and Maintenance

Modification

Decommissioning


ORS CONSULTING

8

• Functional requirements • Failure rates (collection and

categorization of failure rates) • Type and number of Demands • Spurious failures • Independent protection layers • Overall PFD/reliability monitoring • Other issues (systematic failures,

Common cause) • Lifetime monitoring

SIS OPERATIONS PERFORMANCE MONITORING

Test procedure SRS

SIS lifecycle

plan

Integrity check

Integrity

Condition

Function


ORS CONSULTING

9

SIS PERFORMANCE MONITORING

0,00E+00

1,00E - 01

2,00E - 01

3,00E - 01

4,00E - 01

5,00E - 01

6,00E - 01

7,00E - 01

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010

Failu

re R

ate

Year

Average Failure Rate per Year/1 Mil hours

Average OREDA Trend Line

Integrity

condition

Function

Testing

Reliability Inspection


ORS CONSULTING

10

FAILURE REPORTING – KEEP IT SIMPLE

In and ideal world; All failures for all components should be reported Pragmatic (mimimum) approach; Dangerous undetected failures must be reported (even if they can be easily fixed!)

Failure

Damage type and damage code

Safe failureDangerous

failure

Safe detected

Safe undetected

Dangerous detected

Dangerous undetected

To be recorded in ERP system

Dangerous undetected

Used in Reliability Analysis

Classification of failures for

Reliability Analsis


ORS CONSULTING

11

SIS RELIABILITY IN OPERATIONAL PHASE

Start Time 1τ 2τ 3τ 4τ 5τ 6τ 7τ TimeTOTAL

(MTTF) Σ Up-time

Σ Down-time (MDT)

Dangerous Undetected Failures (DUF) Function Test Interval (τ)

Repair Time To Repair (MTTR)

Test Independent Failures (TIF)

Time Dependent CSU


ORS CONSULTING

12

FUNCTIONAL SAFETY – WEAKEST LINK

Subsystem PFD

TIF CSU Common Cause Random

Pressure Transmitter 8,86E-6 1,09E-6 2E-6 1,19E-5

Hardwired Logic Solver - 2,22E-4 1E-7 2,22E-4

HIPPS Valve incl. actuator - 2,67E-3 2E-6 2,67E-3

Solenoid Valve - 2,42E-3 2E-6 2,43E-3

Total 8,86E-6 5,32E-3 6,1E-06 5,33E-3

SIL 2?

Final Element

Sensor Element

Logic Element

CSU


ORS CONSULTING

13

FAILURE CATEGORIES

Prob

abili

tty o

f Det

ectio

n

Det

ecte

d U

ndet

ecte

d

Consequence of Failure Safe Dangerous

Our Concern!


ORS CONSULTING

14

CONCEPT OF USEFUL LIFETIME

• Useful Life-time: Constant failure rate.

Not fully true! It is only an assumption - up to 8-10 years.

• Useful Life-time, Extended: Progressive failure rate!

Assumption of constant failure rate invalid

Not allowed to use constant failure rate.

functional safety / “sil” in process …tankref.dk/onewebmedia/a2. ors - functional safety -...

Documents