how to select a safety plc

HOW TO SELECT A SAFETY PLC

Mike Scott, PE, CFSEV P, Process Safety

AE SolutionsGreenville, SC 29616

Bud AdlerDirector, Business Development

Process Safety SystemsAE Solutions

Lake Mary, FL 32746

KEYWORDS

Safety Instrumented System, SIS, Logic Solver, ANSI/ISA 84, IEC 61508, IEC 61511, SafetyPLC, Redundant Architecture, Lifecycle Cost, Benefit-to-Cost Ratio

ABSTRACT

Throughout the industrial process control industry Safety Instrumented Systems are becominghigh profile. Most companies have accepted that the performance-based standards such asANSI/ISA 84.01, IEC 61508 and IEC 61511 are here to stay and that conformance is notoptional. A growing number of instrumentation manufacturers have recognized the steadilyincreasing interest that this market has shown in bringing their plants into conformance withthe standards. They have responded by introducing a wide range of products that are “suitablefor use” in Safety Instrumented Systems (SIS). These products include sensors, transmitters,valves and valve positioners and a wide range of logic solvers.

Most users have little concern about being able to select a proper sensor, transmitter or valvepositioner but when it comes to choosing from the vast array of logic solvers, they often donot know how to make a proper decision. The problem is clear when you consider the rangeof choices for Logic Solvers that range from the relatively simple alarm trip architectures upthrough the wide variety of safety PLCs offered by about twenty different manufacturers.These PLC architectures cover the scale from simple one-out-of-one (1oo1) architectures upthrough triple and quadruple redundant systems with differing degrees of self-diagnostics.

With all of these choices, how is a control engineer supposed to pick the “best” system for hisproject and / or plant standard? If he errors on the side of conservatism, he may cost hiscompany tens of thousands of wasted dollars by selecting a more sophisticated system than iswarranted by the application. And, even worse, a simplistic system may not be inconformance with the standards and could place human life at unnecessary risk. The problemis exacerbated when all factors of lifecycle costs are considered.

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.Presented at ISA AUTOMATION WEST; www.isa.org

This paper will present a systematic methodology for selecting a Safety PLC platform. It willdescribe the evaluation of Safety PLC’s based upon both technical requirements (i.e. safetyrequirements) and commercial requirements (i.e. availability and Life Cycle Cost analysis).

INTRODUCTION

Once you’ve completed your risk analysis, performed initial conceptual design and completedsome Safety Integrity Level calculations you may think that your work is complete?However, there are other issues to consider. What about the economics of the project? WhichSafety Instrumented System architecture optimizes costs through increased availability andreduced nuisance trips? Is the Safety Instrumented System even a sound financial investmentfor the facility? For instance consider the following simple scenario:

• A person has a house located in a possible flood plain• Cost of a flood insurance policy is $1,000 / year• It is estimated that cost to repair flood damage to a typical home is $10,000• Probability of a significant flood is once every 50 years

Is it a sound investment to purchase a flood insurance policy for the above event? Assuminga 6% discount rate and home ownership for ten (10) years, a Future Value calculation yields acost of $13,181. Thus, the insurance policy as stated above would cost more than the actualevent. If one can analyze the above scenario, why not apply similar logic to review aproposed Safety Instrumented System design?

This paper will highlight a five (5) step methodology, which can be applied to performeconomic analysis on Safety Instrumented Systems to ensure the “best” system has beenselected

1. Step 1 – Select an architecture for the SIS for evaluation (sensors, logic solver andfinal elements)

2. Step 2 – Perform SIL Calculations to determine Probability of Failure on DemandAverage (PFDavg) and Mean Time To Fail Safe (MTTFS) based upon a givenFunctional Test Interval

3. Step 3 – Calculate Lifecycle Cost in terms of Net Present Value (NPV)4. Step 4 – Calculate Benefit-to-Cost Ratio5. Repeat above steps for each possible SIS architecture being considered for the project

Note: Steps 1 and 2 represent tasks associated with the Safety Lifecycle and are typicallyalready being performed by designers of Safety Instrumented Systems.


Figure 1 – Economic Analysis Flowchart

LIFECYCLE COST

Lifecycle Cost is a technique that allows those responsible for system selection to consider allof the costs incurred over the lifetime of the Safety Instrumented System rather than just theinitial purchase costs. This is especially important where the cost of equipment failure can besignificant. The intent of this evaluation is to include all costs of procurement and ownership

Calculate Benefit-to-CostRatio

Start

Perform SILCalculations (PFDavg

SIS Conceptual DesignArchitecture Options

YesNo

LowestLifecycle

Cost?

YesNo

Calculate Lifecycle

BenefitTo Cost >

1.0


over the life span of the Safety Instrumented System. Procurement costs represent costs thatoccur only once during life of the project. Operating costs occur over the life of the SafetyInstrumented System and can be repetitive. Costs associated with system failure candominate overall Lifecycle Costs.

A Lifecycle Cost evaluation can show one how to minimize overall cost of ownership byinitially selecting the “best” Safety Instrumented System architecture. The evaluationconsiders the costs for: design, purchase, installation, start-up, functional testing, energy,repair, a failure event, and lost production. To obtain the complete Lifecycle Cost, all yearlyoperating costs are converted to “present value”. All future expenses are converted into theircurrent valve, accounting for discount rate (interest / inflation). Initial costs and the presentyearly costs are added to obtain total Lifecycle Cost. Refer to reference [5] for additionalinformation regarding Lifecycle Cost calculations. The proposed architecture for each SafetyInstrumented System should be evaluated for minimum Lifecycle Cost.

Table 1 – Lifecycle Cost Components

Lifecycle CostsProcurement Costs DescriptionSystem Design Engineering costs associated with Front End Loading and

Detailed DesignPurchase Cost of Equipment including Factory Acceptance Testing

and shippingInstallation Construction costs associated with SISStart-up Commissioning, PSAT and Initial Functional Testing of

SISOperating Costs DescriptionEngineering Changes Engineering costs associated with maintenanceConsumption Power, spares parts, instrument air, etc.Maintenance Inspection, Functional TestingCost of System Failure DescriptionLost Production Cost of lost productionAsset Loss Cost of lost equipment

BENEFIT-TO-COST RATIO

Another tool to determine if the “best” Safety Instrumented System architecture has beenselected is to calculate the ratio of benefits to costs on a financial basis. If the ratio is greaterthan one, the system is cost effective. For example if a system has a Benefit-to-Cost Ratio of1.5, for every $1.00 invested, the system will return $1.50.

Therefore, the Benefit – Cost Ratio is as follows:

B-C Ratio = FNo-SIS x EVNo-SIS - FSIS x EVSIS

CostSIS + CostNT


Where,

B-C Ratio = The ratio of benefits to costFNo-SIS = The frequency of the unwanted event without a SISFSIS = The frequency of the unwanted event with a SISEVNo-SIS = The total expected value of loss of the event without a SISEVSIS = The total expected value of loss of the event with a SISCostSIS = The total lifecycle cost of the SIS (Annualized)CostNT = The cost incurred due to nuisance trips (Annualized)

SAMPLE PROBLEM

The following sample problem will highlight how economic analysis must be an integral partof the overall SIS architecture selection / design process.

A company has completed their initial risk analysis and SIL selection exercises associatedwith a batch reactor. The team identified a single SIF for this particular unit operation. Theresults are as follows:

Table 2 – SIF Summary

SIF ID SIF Description Hazard SIL Inputs Outputs

1High pressure inreactor isolates

inlet feed

Potentialoverpressure of

vessel withsubsequent release

of flammable / toxicmaterial. Potentialfire / explosion and

injury / fatality

2 PT-101 HV-100

The SIL Selection process included a Layer of Protection Analysis (LOPA). Based upon theabove information the SIS Engineer needs to perform the following:

1. Select the “best” Functional Test Interval2. Select the “best” SIS Architecture (sensor(s), logic solver & final element(s))3. Design SIS for least cost of ownership over a 15 year time frame assuming a 6%

discount rate

Thus, the SIS Engineer needs to answer the following questions about the “best” design:

1. Sensors: transmitters versus switches and associated architecture (1oo1, 1oo2, 2oo3,etc)


2. Logic Solver: relays versus programmable electric and associated architecture (1oo1,1oo1D, 1oo2, 1oo2D, 2oo3, 2oo4, etc.)

3. Final Elements: architecture and testing requirements (full stroke versus partialstroke)

The P&ID for SIF-001 is shown below in Figure 2.

Figure 2 – High Pressure SIF Sketch

Using the steps highlighted in Figure 1 Economic Analysis Flowchart, the following analysiswas completed. To underscore the importance of cost of ownership the analysis shall becompleted for two (2) different nuisance trips cost scenarios (cost of nuisance trip is $10,000and $150,000). In addition two (2) different cost of the event shall be evaluated (rupture ofvessel costs $1,000,000 and $12,000,000).

Step 1: SIS Conceptual Design Architecture Options

This was the first Safety Instrumented System to be installed in this particular area of theplant. As such, the SIS Engineer decided to evaluate a wide variety of options with respect tothe architecture of the new SIS. Thus, the following options were to be evaluated:

• Switches versus transmitters and required redundancy if any• Relays versus Safety PLC’s and required redundancy if any• Valves and required redundancy if any• 12 month test interval versus 24 month test interval

Feed

Reactor

HV100

FCV

To Safe Location

PSV102

PT101


Step 2: Perform SIL Calculations (PFDavg and MTTFS)

The SIS Engineer completed the following SIL calculations based upon the following designconditions:

Table 3 – SIS Architecture Analysis Summary

Case Sensors Logic Solver FinalElements

FuncTest

SIL PFDavg MTTFS

1a Switch(1oo1)

Relay (1oo1) Valve(1oo1)

12months

1 3.58 x 10-2 13.6

1b Switch(1oo1)


24months

N/A N/A N/A

2a Switch(1oo2)


12months

2 1.48 x 10-3 6.84

2b Switch(1oo2)


24months

2 3.92 x 10-3 6.94

3a Xmtr (1oo1) CurrentSwitch (1oo1)

Valve(1oo1)

12months

1 1.85 x 10-2 20.21

3b Xmtr (1oo1) CurrentSwitch (1oo1)

Valve(1oo1)

24months

N/A N/A N/A

3c Xmtr (1oo2) CurrentSwitch (1oo2)

Valve(1oo2)

12months

2 4.09 x 10-4 10.11

3d Xmtr (1oo2) CurrentSwitch (1oo2)

Valve(1oo2)

24months

2 1.37 x 10-3 10.24

4a Xmtr (1oo2) Safety PLC(1oo1D)

Valve(1oo2)

12months

1 8.67 x 10-4 5.26

4b Xmtr (1oo2) Safety PLC(1oo1D)

Valve(1oo2)

24months

2 2.22 x 10-3 4.25

5a Xmtr (1oo2) Safety PLC(1oo2D)

Valve(1oo2)

12months

2 7.29 x 10-4 10.63

5b Xmtr (1oo2) Safety PLC(1oo2D)

Valve(1oo2)

24months

2 1.95 x 10-3 10.79

6a Xmtr (1oo2) Safety PLC(2oo3)

Valve(1oo2)

12months

2 7.30 x 10-4 10.99

6b Xmtr (1oo2) Safety PLC(2oo3)

Valve(1oo2)

24months

2 1.95 x 10-3 11.14

Note: Based upon the need to meet SIL 2 options 1a, 1b, 3a, 3b, and 4a have been eliminatedfrom further analysis since they could not reach SIL 2.

Step 3: Calculate Lifecycle Costs

To calculate the Lifecycle Costs several additional pieces of information are required. Forthis sample problem, the following data was utilized:


• Operating Costs were assumed to be $500 / year plus cost of functional testing.• Functional Testing = 2 people for 8 hours @ $70/hr plus cost of 8 hours lost

production

Table 4 – SIS Lifecycle Cost Analysis Summary - $10,000 Nuisance Trip Cost

Case FunctionalTest

ProcurementCosts

OperatingCosts

Cost ofSystemFailure

LifecycleCost

2a 12 months $26,000 $11,620 $10,000 $167,2512b 24 months $26,000 $6,060 $10,000 $112,8423c 12 months $34,100 $11,620 $10,000 $166,1683d 24 months $34,100 $6,060 $10,000 $111,9244b 24 months $67,600 $6,060 $10,000 $172,1515a 12 months $82,600 $11,620 $10,000 $213,7285b 24 months $82,600 $6,060 $10,000 $159,4576a 12 months $107,600 $11,620 $10,000 $238,1306b 24 months $107,600 $6,060 $10,000 $183,892

Table 5 – SIS Lifecycle Cost Analysis Summary - $150,000 Nuisance Trip Cost

Case FunctionalTest

ProcurementCosts

OperatingCosts

Cost ofSystemFailure

LifecycleCost

2a 12 months $26,000 $151,620 $150,000 $1,924,4902b 24 months $26,000 $76,060 $150,000 $1,184,4963c 12 months $34,100 $151,620 $150,000 $1,794,8423d 24 months $34,100 $76,060 $150,000 $1,057,3274b 24 months $67,600 $76,060 $150,000 $1,491,7375a 12 months $82,600 $151,620 $150,000 $1,829,2475b 24 months $82,600 $76,060 $150,000 $1,091,3266a 12 months $107,600 $151,620 $150,000 $1,845,2706b 24 months $107,600 $76,060 $150,000 $1,107,843

The above two tables underscore how the cost of a nuisance trip can dominate the overall costof ownership. In Table 4 with a nuisance trip cost being assumed to be $10,000, the best SISarchitecture consists of redundant pressure transmitters, current switches and valves testedevery 24 months. In Table 5 with a nuisance trip cost being assumed to be $150,000, the bestSIS architecture consists of redundant pressure transmitters, 1oo2D Safety PLC and 1oo2Shutoff Valves tested every 24 months. Note depending upon actual costs utilized, the resultswill vary and different SIS architectures may prove to be “best” for your project.


Step 4: Calculate Benefit-to-cost Ratio

To calculate the Benefit-to-Cost ratio several additional pieces of information are requiredand typically are available as a result of completing the SIL Selection process. For thissample problem, the following data was utilized:

FNo-SIS = 1 / 50 years (from SIL Selection Risk Ranking process)FSIS = Calculated based upon (PFDavg x FNo-SIS)EVNo-SIS = Evaluate $1,000,000 or $12,000,000 eventsEVSIS = Evaluate $1,000,000 or $12,000,000 eventsCostSIS = Varies per architecture consideredCostNT = Evaluate $10,000 and $150,000 events

Note: To underscore importance of costs in overall analysis, two different event costs wereevaluated as well as two different cost of a nuisance trip.

Table 6 – SIS Benefit-to-Cost Ratio Analysis Summary - $10,000 Nuisance Trip Cost

Case

Cost SIS(per yr)

Cost NT EV No SIS EV SIS FNo SIS PFDavg FSIS

NuisanceTrip Rate

(Yrs)

Cost NT(per yr)

B-CRatio

2a $11,150 $10,000 $1,000,000 $1,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 1,462 1.792b $7,523 $10,000 $1,000,000 $1,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 1,441 2.653c $11,078 $10,000 $1,000,000 $1,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 989 0.953d $7,462 $10,000 $1,000,000 $1,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 977 1.144b $11,477 $10,000 $1,000,000 $1,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 2,353 0.935a $14,249 $10,000 $1,000,000 $1,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 941 0.825b $10,630 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 927 0.976a $15,875 $10,000 $1,000,000 $1,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 910 0.776b $12,259 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 898 0.90


Table 7 – SIS Benefit-to-Cost Ratio Analysis Summary - $150,000 Nuisance Trip Cost

CaseCost

SIS (peryr)

CostNT

EV No SIS EV SIS FNo SIS PFDavg FSIS

NuisanceTrip Rate

(Yrs)

Cost NT(per yr)

B-CRatio

2a $128,299 $150,000 $12,000,000 $12,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 21,930 0.862b $78,966 $150,000 $12,000,000 $12,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 21,614 1.043c $119,656 $150,000 $12,000,000 $12,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 14,837 0.893d $70,488 $150,000 $12,000,000 $12,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 14,648 1.094b $99,449 $150,000 $12,000,000 $12,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 35,294 0.965a $121,950 $150,000 $12,000,000 $12,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 14,111 0.885b $72,755 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 13,902 1.086a $123,018 $150,000 $12,000,000 $12,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 13,649 0.886b $73,856 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 13,465 1.07

As can be seen by the above Benefit-to-Cost numbers, not all architectures represent a soundfinancial investment.

CONCLUSION

Based upon the scenarios evaluated it is readily apparent that one cannot simply stop atcompleting a SIL calculation to determine if the required SIL has been achieved. Fourteen(14) different SIS architectures were reviewed and of these designs only nine (9) met therequired SIL requirements. Upon further review, only two SIS architectures were clearly the“best” in that they minimized cost of ownership, as well as, had a Benefit-to-Cost Ratio > 1.0.These SIS architectures were as follows:

Table 8 – Final SIS Analysis Summary

Case SIS Architecture NuisanceTrip

Event Cost LifecycleCost

B-C Ratio Savings

3d Xmtr (1oo2)Current Switch(1oo2)Valve (1oo2)

$10,000 $1,000,000 $111,924 1.14 $126,206

5b Xmtr (1oo2)Safety PLC(1oo2D)Valve (1oo2)

$150,000 $12,000,000 $1,091,326 1.08 $833,164


In summary, in today’s competitive business environment sound financial justification of aproject must be performed during the Safety Instrumented System conceptual design process.This should include a Lifecycle Cost Analysis as well as a Benefit-to-Cost Ratio Analysis.Based upon the scenarios reviewed, significant savings could be realized by selecting the“best” architecture.

DISCLAIMER

Although it is believed that the information in this paper is factual, no warranty orrepresentation, expressed or implied, is made with respect to any or all of the content thereof,and no legal responsibility is assumed therefore. The examples shown are simply forillustration, and, as such, do not necessarily represent any company’s guidelines. The readershould use data, methodology, formulas, and guidelines that are appropriate for their ownparticular situation.

REFERENCES

1. ANSI/ISA S84.01-1996, Application of Safety Instrumented Systems for the ProcessIndustries, The Instrumentation, Systems, and Automation Society, Research TrianglePark, NC, 1996.

2. IEC 61508, Functional Safety of Electrical/Electronic/Programmable Safety-relatedSystems, Part 1-7,Geneva: International Electrotechnical Commission, 1998.

3. IEC 61511, Functional Safety: Safety Instrumented Systems for the Process IndustrySector, Parts 1-3, Geneva: International Electrotechnical Commission, 2003.

4. Dieter, G. E., Engineering Design A Materials and Processing Approach, McGraw-Hill,1983

5. Goble, W.M., Control Systems Safety Evaluation & Reliability, 2nd Edition, ISA, 1998

6. Barringer, H. P, Life Cycle Cost and Good Practices, NPRA Maintenance Conference,1998

7. Marszal, E & Scharpf, E, Safety Integrity Level Selection – Systematic Methods IncludingLayer of Projection Analysis, 2002, ISA, Research Triangle Park, NC


ABBREVIATIONS AND DEFINITIONS

1oo1 1-out-of-11oo1D 1-out-of-1 D (D for extensive self-diagnostics)1oo2 1-out-of-21oo2D 1-out-of-2 D (D for extensive self-diagnostics)2oo3 2-out-of-3IEC International Electrotechnical CommissionMTTFS Mean Time To Fail SpuriousNPV Net Present ValueFV Future ValuePFDavg Average Probability of Failure on DemandPLC Programmable Logic ControllerRRF Risk Reduction FactorSIF Safety Instrumented FunctionSIL Safety Integrity LevelSIS Safety Instrumented System


how to select a safety plc

Documents