innovave - wordpress.com · systems. (similar to ansi/isa s84.01) iec61511 - was published in 2003...

www.utm.my innova-ve●entrepreneurial●global 1


Safety Integrity Level (SIL) is defined as: ●  Relative level of risk-reduction provided by a safety function to

specify a target level of risk reduction. ●  SIL is a measurement of performance required for a Safety

Instrumented Function (SIF).

Standard ●  IEC61508 - generic standard for design, construction, and

operation of electrical/electronic/programmable electronic systems. (similar to ANSI/ISA S84.01)

●  IEC61511 - was published in 2003 to provide guidance to end-users on the application of Safety Instrumented Systems in the process industries.


SIL is a measure of safety system performance, in terms of probability of failure on demand (PFD).

Safety Integrity

Level (SIL)

Probability of Failure on Demand

Average Range (PFD Average)

Risk Reduction Availability (%)

1 10-1 to 10-2 10 to 100 90 to 99

2 10-2 to 10-3 100 to 1000 99 to 99.9

3 10-3 to 10-4 1000 to 10,000 99.9 to 99.99

4 Below 10-4 10,000 to 100,000

99.99 to 99.999


Event Likelihood Consequence

Catas-trophic

Major Severe Minor

Frequent SIL 4 SIL 3 SIL 3 SIL 2

Probable SIL 3 SIL 3 SIL 3 SIL 2

Occasional SIL 3 SIL 3 SIL 2 SIL 1

Remote SIL 3 SIL 2 SIL 2 SIL 1

Improbable SIL 3 SIL 2 SIL 1 SIL 1

Negligible / Not Credible

SIL 2 SIL 1 SIL 1 SIL 1


●  The required SIL level is determined independently for every safety function or safeguarding loop.

●  The realized SIL level of a loop, in contrast, is the actual SIL as it is realized in the field. It depends on: –  the transmitters used,

–  the configuration of the transmitters

–  barriers, isolators, fuses

–  the logic solver or Safety Instrumented System

–  the actuator(s): valves, valve positioners, circuit breakers, etc –  the configuration of the valves, for instance "single block" or

"double block & bleed"


Safety Integrated Levels (SILs) for emergency shutdown system: •  SIL1 (PFD = 10-1 to 10-2): implemented with a single sensor, a

single logic solver, a single final control element, and requires periodic proof testing

•  SIL2 (PFD = 10-2 to 10-3): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires periodic proof testing

•  SIL3 (PFD = 10-3 to 10-4): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires careful design and frequent validation test to achieve low PFD figures.


- -

- -

a 1

1 2

1 3

a 1

1 2

1 3

1 2

1 3

2 4

3 5

h 8

- -

a 1

W1 W2 W3

2 2 4

3 5

2 4

3 5

3 6

4 7

3 6

3 6

4 7

C 1

C 2

C 3

C 4

P 1 P 2 P 1 P 2

F 1

F 2

F 1 F 2

PFDavg= Ft/Fnp = Tolerable Frequency Process Demand Frequency

RISK REDUCTION FACTOR REQUIRED MATRIX

CONS

EQUE

NCE

4 10 10 1000 1000 TH

3 NR 10 100 1000 1000 2 NR NR 10 100 100

1 NR NR NR 10 10

1 2 3 4 5 FREQUENCY

Risk Matrix

Risk Graph


●  Calculate Initial Risk (or Inherent Risk) using risk analysis tools Inherent Risk = Threat X Vulnerability

●  Calculate the residual risk (risk after barriers) using techniques such as ETA, LOPA Residual Risk = Inherent Risk X Controlled Risk

●  Calculate the necessary risk reduction to reach an acceptable level –  Requires numerical expression of acceptable risk

Risk Reduction = Inherent RiskAcceptable Risk


Residual Risk = Inherent Risk – Effectiveness of Controls

Example

Likelihood (times per period)

Consequence $ Impact

Total $ per period

Inherent Risk 10 10,000 100,000

Effectiveness of control

80% 40%

Residual Risks

2 6,000 12,000

Both the likelihood can be mitigated by some selected control measures


Drive the consequence and/or frequency of potential incidents to an tolerable risk level

Intolerable Risk

Tolerable Risk

Risk = frequency * consequence


●  Incident Frequency = Initiating Cause Frequency ●  Consequence = Scenario Consequence

Initiating Cause Consequence

Unmitigated Risk

IS IT TOLERABLE? Compare unmitigated risk to risk tolerance. If unmitigated risk is greater than risk tolerance, independent protection layers are required


IPL1

PFD1

IPL2

PFD2

Mitigated Risk = reduced frequency * same consequence

IPL3

PFD3

Unmitigated Risk = frequency *

consequence

The frequency can be reduced by using better devices to achieve tolerable risks

Initiating Event

Failure

Failure

Failure

Success

Success

Success

Safe Outcome Safe Outcome Safe Outcome

Consequences exceeding criteria


PFD=0.1 PFD=0.1 PFD=0.01

Different Scenario Consequence Occurs

Unmitigated Risk

Initiating Event Frequency = 1/yr

Failure = 0.1

Failure = 0.1

Failure = 0.01

Success = 0.9

Success = 0.9

Success= 0.99

Frequency = 0.9/yr Safe Outcome Frequency = 0.09/yr Safe Outcome Frequency = 0.0099/yr Mitigated Release, tolerable outcome Frequency 0.0001/yr Consequences exceeding criteria

Mitigative Feature

Preventive

Feature

Preventive Feature

Mitigated Risk = reduced frequency * reduced

consequence


PFD=0.1 PFD=0.1 PFD=0.01

Different Scenario Consequence Occurs

Unmitigated Risk

Initiating Event Frequency = 1/yr

Failure = 0.1

Failure = 0.1

Failure = 0.01

Success = 0.9

Success = 0.9

Success= 0.99

Frequency = 0.9/yr Safe Outcome Frequency = 0.09/yr Safe Outcome Frequency = 0.0099/yr Mitigated Release, tolerable outcome Frequency 0.0001/yr Consequences exceeding criteria

Mitigative Feature

Preventive Feature

Preventive Feature

Mitigated Risk = reduced frequency * reduced

consequence


PROCESS DESIGN

PREVENTION Mechanical Protection system Alarms with operator corrective actions Safety Instrumented Control System

CONTROL & MONITORING Basic Process Control System Monitoring system (Alarms) Operator Supervision

MITIGATION Mechanical Mitigation System Safety Instrumented Control System Safety Instrumented Mitigation System Operator Supervision

PLANT EMERGENCY RESPONSE Evacuation Procedure

COMMUNITY EMERGENCY RESPONSE Emergency Broadcasting

WHAT ARE IPL?

•  Each layer is independent in terms of operation.

•  The failure of one layer does not affect the next

innovave - wordpress.com · systems. (similar to ansi/isa s84.01) iec61511 - was published in 2003...

Documents