how to select a safety plc
DESCRIPTION
A general guide on how to select a safety PLC systemTRANSCRIPT
HOW TO SELECT A SAFETY PLC
Mike Scott, PE, CFSEV P, Process Safety
AE SolutionsGreenville, SC 29616
Bud AdlerDirector, Business Development
Process Safety SystemsAE Solutions
Lake Mary, FL 32746
KEYWORDS
Safety Instrumented System, SIS, Logic Solver, ANSI/ISA 84, IEC 61508, IEC 61511, SafetyPLC, Redundant Architecture, Lifecycle Cost, Benefit-to-Cost Ratio
ABSTRACT
Throughout the industrial process control industry Safety Instrumented Systems are becominghigh profile. Most companies have accepted that the performance-based standards such asANSI/ISA 84.01, IEC 61508 and IEC 61511 are here to stay and that conformance is notoptional. A growing number of instrumentation manufacturers have recognized the steadilyincreasing interest that this market has shown in bringing their plants into conformance withthe standards. They have responded by introducing a wide range of products that are “suitablefor use” in Safety Instrumented Systems (SIS). These products include sensors, transmitters,valves and valve positioners and a wide range of logic solvers.
Most users have little concern about being able to select a proper sensor, transmitter or valvepositioner but when it comes to choosing from the vast array of logic solvers, they often donot know how to make a proper decision. The problem is clear when you consider the rangeof choices for Logic Solvers that range from the relatively simple alarm trip architectures upthrough the wide variety of safety PLCs offered by about twenty different manufacturers.These PLC architectures cover the scale from simple one-out-of-one (1oo1) architectures upthrough triple and quadruple redundant systems with differing degrees of self-diagnostics.
With all of these choices, how is a control engineer supposed to pick the “best” system for hisproject and / or plant standard? If he errors on the side of conservatism, he may cost hiscompany tens of thousands of wasted dollars by selecting a more sophisticated system than iswarranted by the application. And, even worse, a simplistic system may not be inconformance with the standards and could place human life at unnecessary risk. The problemis exacerbated when all factors of lifecycle costs are considered.
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
This paper will present a systematic methodology for selecting a Safety PLC platform. It willdescribe the evaluation of Safety PLC’s based upon both technical requirements (i.e. safetyrequirements) and commercial requirements (i.e. availability and Life Cycle Cost analysis).
INTRODUCTION
Once you’ve completed your risk analysis, performed initial conceptual design and completedsome Safety Integrity Level calculations you may think that your work is complete?However, there are other issues to consider. What about the economics of the project? WhichSafety Instrumented System architecture optimizes costs through increased availability andreduced nuisance trips? Is the Safety Instrumented System even a sound financial investmentfor the facility? For instance consider the following simple scenario:
• A person has a house located in a possible flood plain• Cost of a flood insurance policy is $1,000 / year• It is estimated that cost to repair flood damage to a typical home is $10,000• Probability of a significant flood is once every 50 years
Is it a sound investment to purchase a flood insurance policy for the above event? Assuminga 6% discount rate and home ownership for ten (10) years, a Future Value calculation yields acost of $13,181. Thus, the insurance policy as stated above would cost more than the actualevent. If one can analyze the above scenario, why not apply similar logic to review aproposed Safety Instrumented System design?
This paper will highlight a five (5) step methodology, which can be applied to performeconomic analysis on Safety Instrumented Systems to ensure the “best” system has beenselected
1. Step 1 – Select an architecture for the SIS for evaluation (sensors, logic solver andfinal elements)
2. Step 2 – Perform SIL Calculations to determine Probability of Failure on DemandAverage (PFDavg) and Mean Time To Fail Safe (MTTFS) based upon a givenFunctional Test Interval
3. Step 3 – Calculate Lifecycle Cost in terms of Net Present Value (NPV)4. Step 4 – Calculate Benefit-to-Cost Ratio5. Repeat above steps for each possible SIS architecture being considered for the project
Note: Steps 1 and 2 represent tasks associated with the Safety Lifecycle and are typicallyalready being performed by designers of Safety Instrumented Systems.
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
Figure 1 – Economic Analysis Flowchart
LIFECYCLE COST
Lifecycle Cost is a technique that allows those responsible for system selection to consider allof the costs incurred over the lifetime of the Safety Instrumented System rather than just theinitial purchase costs. This is especially important where the cost of equipment failure can besignificant. The intent of this evaluation is to include all costs of procurement and ownership
Calculate Benefit-to-CostRatio
Start
Perform SILCalculations (PFDavg
SIS Conceptual DesignArchitecture Options
YesNo
LowestLifecycle
Cost?
YesNo
Calculate Lifecycle
BenefitTo Cost >
1.0
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
over the life span of the Safety Instrumented System. Procurement costs represent costs thatoccur only once during life of the project. Operating costs occur over the life of the SafetyInstrumented System and can be repetitive. Costs associated with system failure candominate overall Lifecycle Costs.
A Lifecycle Cost evaluation can show one how to minimize overall cost of ownership byinitially selecting the “best” Safety Instrumented System architecture. The evaluationconsiders the costs for: design, purchase, installation, start-up, functional testing, energy,repair, a failure event, and lost production. To obtain the complete Lifecycle Cost, all yearlyoperating costs are converted to “present value”. All future expenses are converted into theircurrent valve, accounting for discount rate (interest / inflation). Initial costs and the presentyearly costs are added to obtain total Lifecycle Cost. Refer to reference [5] for additionalinformation regarding Lifecycle Cost calculations. The proposed architecture for each SafetyInstrumented System should be evaluated for minimum Lifecycle Cost.
Table 1 – Lifecycle Cost Components
Lifecycle CostsProcurement Costs DescriptionSystem Design Engineering costs associated with Front End Loading and
Detailed DesignPurchase Cost of Equipment including Factory Acceptance Testing
and shippingInstallation Construction costs associated with SISStart-up Commissioning, PSAT and Initial Functional Testing of
SISOperating Costs DescriptionEngineering Changes Engineering costs associated with maintenanceConsumption Power, spares parts, instrument air, etc.Maintenance Inspection, Functional TestingCost of System Failure DescriptionLost Production Cost of lost productionAsset Loss Cost of lost equipment
BENEFIT-TO-COST RATIO
Another tool to determine if the “best” Safety Instrumented System architecture has beenselected is to calculate the ratio of benefits to costs on a financial basis. If the ratio is greaterthan one, the system is cost effective. For example if a system has a Benefit-to-Cost Ratio of1.5, for every $1.00 invested, the system will return $1.50.
Therefore, the Benefit – Cost Ratio is as follows:
B-C Ratio = FNo-SIS x EVNo-SIS - FSIS x EVSIS
CostSIS + CostNT
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
Where,
B-C Ratio = The ratio of benefits to costFNo-SIS = The frequency of the unwanted event without a SISFSIS = The frequency of the unwanted event with a SISEVNo-SIS = The total expected value of loss of the event without a SISEVSIS = The total expected value of loss of the event with a SISCostSIS = The total lifecycle cost of the SIS (Annualized)CostNT = The cost incurred due to nuisance trips (Annualized)
SAMPLE PROBLEM
The following sample problem will highlight how economic analysis must be an integral partof the overall SIS architecture selection / design process.
A company has completed their initial risk analysis and SIL selection exercises associatedwith a batch reactor. The team identified a single SIF for this particular unit operation. Theresults are as follows:
Table 2 – SIF Summary
SIF ID SIF Description Hazard SIL Inputs Outputs
1High pressure inreactor isolates
inlet feed
Potentialoverpressure of
vessel withsubsequent release
of flammable / toxicmaterial. Potentialfire / explosion and
injury / fatality
2 PT-101 HV-100
The SIL Selection process included a Layer of Protection Analysis (LOPA). Based upon theabove information the SIS Engineer needs to perform the following:
1. Select the “best” Functional Test Interval2. Select the “best” SIS Architecture (sensor(s), logic solver & final element(s))3. Design SIS for least cost of ownership over a 15 year time frame assuming a 6%
discount rate
Thus, the SIS Engineer needs to answer the following questions about the “best” design:
1. Sensors: transmitters versus switches and associated architecture (1oo1, 1oo2, 2oo3,etc)
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
2. Logic Solver: relays versus programmable electric and associated architecture (1oo1,1oo1D, 1oo2, 1oo2D, 2oo3, 2oo4, etc.)
3. Final Elements: architecture and testing requirements (full stroke versus partialstroke)
The P&ID for SIF-001 is shown below in Figure 2.
Figure 2 – High Pressure SIF Sketch
Using the steps highlighted in Figure 1 Economic Analysis Flowchart, the following analysiswas completed. To underscore the importance of cost of ownership the analysis shall becompleted for two (2) different nuisance trips cost scenarios (cost of nuisance trip is $10,000and $150,000). In addition two (2) different cost of the event shall be evaluated (rupture ofvessel costs $1,000,000 and $12,000,000).
Step 1: SIS Conceptual Design Architecture Options
This was the first Safety Instrumented System to be installed in this particular area of theplant. As such, the SIS Engineer decided to evaluate a wide variety of options with respect tothe architecture of the new SIS. Thus, the following options were to be evaluated:
• Switches versus transmitters and required redundancy if any• Relays versus Safety PLC’s and required redundancy if any• Valves and required redundancy if any• 12 month test interval versus 24 month test interval
Feed
Reactor
HV100
FCV
To Safe Location
PSV102
PT101
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
Step 2: Perform SIL Calculations (PFDavg and MTTFS)
The SIS Engineer completed the following SIL calculations based upon the following designconditions:
Table 3 – SIS Architecture Analysis Summary
Case Sensors Logic Solver FinalElements
FuncTest
SIL PFDavg MTTFS
1a Switch(1oo1)
Relay (1oo1) Valve(1oo1)
12months
1 3.58 x 10-2 13.6
1b Switch(1oo1)
Relay (1oo1) Valve(1oo1)
24months
N/A N/A N/A
2a Switch(1oo2)
Relay (1oo2) Valve(1oo2)
12months
2 1.48 x 10-3 6.84
2b Switch(1oo2)
Relay (1oo2) Valve(1oo2)
24months
2 3.92 x 10-3 6.94
3a Xmtr (1oo1) CurrentSwitch (1oo1)
Valve(1oo1)
12months
1 1.85 x 10-2 20.21
3b Xmtr (1oo1) CurrentSwitch (1oo1)
Valve(1oo1)
24months
N/A N/A N/A
3c Xmtr (1oo2) CurrentSwitch (1oo2)
Valve(1oo2)
12months
2 4.09 x 10-4 10.11
3d Xmtr (1oo2) CurrentSwitch (1oo2)
Valve(1oo2)
24months
2 1.37 x 10-3 10.24
4a Xmtr (1oo2) Safety PLC(1oo1D)
Valve(1oo2)
12months
1 8.67 x 10-4 5.26
4b Xmtr (1oo2) Safety PLC(1oo1D)
Valve(1oo2)
24months
2 2.22 x 10-3 4.25
5a Xmtr (1oo2) Safety PLC(1oo2D)
Valve(1oo2)
12months
2 7.29 x 10-4 10.63
5b Xmtr (1oo2) Safety PLC(1oo2D)
Valve(1oo2)
24months
2 1.95 x 10-3 10.79
6a Xmtr (1oo2) Safety PLC(2oo3)
Valve(1oo2)
12months
2 7.30 x 10-4 10.99
6b Xmtr (1oo2) Safety PLC(2oo3)
Valve(1oo2)
24months
2 1.95 x 10-3 11.14
Note: Based upon the need to meet SIL 2 options 1a, 1b, 3a, 3b, and 4a have been eliminatedfrom further analysis since they could not reach SIL 2.
Step 3: Calculate Lifecycle Costs
To calculate the Lifecycle Costs several additional pieces of information are required. Forthis sample problem, the following data was utilized:
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
• Operating Costs were assumed to be $500 / year plus cost of functional testing.• Functional Testing = 2 people for 8 hours @ $70/hr plus cost of 8 hours lost
production
Table 4 – SIS Lifecycle Cost Analysis Summary - $10,000 Nuisance Trip Cost
Case FunctionalTest
ProcurementCosts
OperatingCosts
Cost ofSystemFailure
LifecycleCost
2a 12 months $26,000 $11,620 $10,000 $167,2512b 24 months $26,000 $6,060 $10,000 $112,8423c 12 months $34,100 $11,620 $10,000 $166,1683d 24 months $34,100 $6,060 $10,000 $111,9244b 24 months $67,600 $6,060 $10,000 $172,1515a 12 months $82,600 $11,620 $10,000 $213,7285b 24 months $82,600 $6,060 $10,000 $159,4576a 12 months $107,600 $11,620 $10,000 $238,1306b 24 months $107,600 $6,060 $10,000 $183,892
Table 5 – SIS Lifecycle Cost Analysis Summary - $150,000 Nuisance Trip Cost
Case FunctionalTest
ProcurementCosts
OperatingCosts
Cost ofSystemFailure
LifecycleCost
2a 12 months $26,000 $151,620 $150,000 $1,924,4902b 24 months $26,000 $76,060 $150,000 $1,184,4963c 12 months $34,100 $151,620 $150,000 $1,794,8423d 24 months $34,100 $76,060 $150,000 $1,057,3274b 24 months $67,600 $76,060 $150,000 $1,491,7375a 12 months $82,600 $151,620 $150,000 $1,829,2475b 24 months $82,600 $76,060 $150,000 $1,091,3266a 12 months $107,600 $151,620 $150,000 $1,845,2706b 24 months $107,600 $76,060 $150,000 $1,107,843
The above two tables underscore how the cost of a nuisance trip can dominate the overall costof ownership. In Table 4 with a nuisance trip cost being assumed to be $10,000, the best SISarchitecture consists of redundant pressure transmitters, current switches and valves testedevery 24 months. In Table 5 with a nuisance trip cost being assumed to be $150,000, the bestSIS architecture consists of redundant pressure transmitters, 1oo2D Safety PLC and 1oo2Shutoff Valves tested every 24 months. Note depending upon actual costs utilized, the resultswill vary and different SIS architectures may prove to be “best” for your project.
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
Step 4: Calculate Benefit-to-cost Ratio
To calculate the Benefit-to-Cost ratio several additional pieces of information are requiredand typically are available as a result of completing the SIL Selection process. For thissample problem, the following data was utilized:
FNo-SIS = 1 / 50 years (from SIL Selection Risk Ranking process)FSIS = Calculated based upon (PFDavg x FNo-SIS)EVNo-SIS = Evaluate $1,000,000 or $12,000,000 eventsEVSIS = Evaluate $1,000,000 or $12,000,000 eventsCostSIS = Varies per architecture consideredCostNT = Evaluate $10,000 and $150,000 events
Note: To underscore importance of costs in overall analysis, two different event costs wereevaluated as well as two different cost of a nuisance trip.
Table 6 – SIS Benefit-to-Cost Ratio Analysis Summary - $10,000 Nuisance Trip Cost
Case
Cost SIS(per yr)
Cost NT EV No SIS EV SIS FNo SIS PFDavg FSIS
NuisanceTrip Rate
(Yrs)
Cost NT(per yr)
B-CRatio
2a $11,150 $10,000 $1,000,000 $1,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 1,462 1.792b $7,523 $10,000 $1,000,000 $1,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 1,441 2.653c $11,078 $10,000 $1,000,000 $1,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 989 0.953d $7,462 $10,000 $1,000,000 $1,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 977 1.144b $11,477 $10,000 $1,000,000 $1,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 2,353 0.935a $14,249 $10,000 $1,000,000 $1,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 941 0.825b $10,630 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 927 0.976a $15,875 $10,000 $1,000,000 $1,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 910 0.776b $12,259 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 898 0.90
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
Table 7 – SIS Benefit-to-Cost Ratio Analysis Summary - $150,000 Nuisance Trip Cost
CaseCost
SIS (peryr)
CostNT
EV No SIS EV SIS FNo SIS PFDavg FSIS
NuisanceTrip Rate
(Yrs)
Cost NT(per yr)
B-CRatio
2a $128,299 $150,000 $12,000,000 $12,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 21,930 0.862b $78,966 $150,000 $12,000,000 $12,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 21,614 1.043c $119,656 $150,000 $12,000,000 $12,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 14,837 0.893d $70,488 $150,000 $12,000,000 $12,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 14,648 1.094b $99,449 $150,000 $12,000,000 $12,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 35,294 0.965a $121,950 $150,000 $12,000,000 $12,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 14,111 0.885b $72,755 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 13,902 1.086a $123,018 $150,000 $12,000,000 $12,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 13,649 0.886b $73,856 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 13,465 1.07
As can be seen by the above Benefit-to-Cost numbers, not all architectures represent a soundfinancial investment.
CONCLUSION
Based upon the scenarios evaluated it is readily apparent that one cannot simply stop atcompleting a SIL calculation to determine if the required SIL has been achieved. Fourteen(14) different SIS architectures were reviewed and of these designs only nine (9) met therequired SIL requirements. Upon further review, only two SIS architectures were clearly the“best” in that they minimized cost of ownership, as well as, had a Benefit-to-Cost Ratio > 1.0.These SIS architectures were as follows:
Table 8 – Final SIS Analysis Summary
Case SIS Architecture NuisanceTrip
Event Cost LifecycleCost
B-C Ratio Savings
3d Xmtr (1oo2)Current Switch(1oo2)Valve (1oo2)
$10,000 $1,000,000 $111,924 1.14 $126,206
5b Xmtr (1oo2)Safety PLC(1oo2D)Valve (1oo2)
$150,000 $12,000,000 $1,091,326 1.08 $833,164
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
In summary, in today’s competitive business environment sound financial justification of aproject must be performed during the Safety Instrumented System conceptual design process.This should include a Lifecycle Cost Analysis as well as a Benefit-to-Cost Ratio Analysis.Based upon the scenarios reviewed, significant savings could be realized by selecting the“best” architecture.
DISCLAIMER
Although it is believed that the information in this paper is factual, no warranty orrepresentation, expressed or implied, is made with respect to any or all of the content thereof,and no legal responsibility is assumed therefore. The examples shown are simply forillustration, and, as such, do not necessarily represent any company’s guidelines. The readershould use data, methodology, formulas, and guidelines that are appropriate for their ownparticular situation.
REFERENCES
1. ANSI/ISA S84.01-1996, Application of Safety Instrumented Systems for the ProcessIndustries, The Instrumentation, Systems, and Automation Society, Research TrianglePark, NC, 1996.
2. IEC 61508, Functional Safety of Electrical/Electronic/Programmable Safety-relatedSystems, Part 1-7,Geneva: International Electrotechnical Commission, 1998.
3. IEC 61511, Functional Safety: Safety Instrumented Systems for the Process IndustrySector, Parts 1-3, Geneva: International Electrotechnical Commission, 2003.
4. Dieter, G. E., Engineering Design A Materials and Processing Approach, McGraw-Hill,1983
5. Goble, W.M., Control Systems Safety Evaluation & Reliability, 2nd Edition, ISA, 1998
6. Barringer, H. P, Life Cycle Cost and Good Practices, NPRA Maintenance Conference,1998
7. Marszal, E & Scharpf, E, Safety Integrity Level Selection – Systematic Methods IncludingLayer of Projection Analysis, 2002, ISA, Research Triangle Park, NC
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org
ABBREVIATIONS AND DEFINITIONS
1oo1 1-out-of-11oo1D 1-out-of-1 D (D for extensive self-diagnostics)1oo2 1-out-of-21oo2D 1-out-of-2 D (D for extensive self-diagnostics)2oo3 2-out-of-3IEC International Electrotechnical CommissionMTTFS Mean Time To Fail SpuriousNPV Net Present ValueFV Future ValuePFDavg Average Probability of Failure on DemandPLC Programmable Logic ControllerRRF Risk Reduction FactorSIF Safety Instrumented FunctionSIL Safety Integrity LevelSIS Safety Instrumented System
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org