simply reliable: process safety from endress+hauser · 2015. 11. 3. · simply reliable: process...
TRANSCRIPT
-
08/08/2014
Products Solutions Services
Simply reliable: Process safety from Endress+Hauser
Safety by choice, not by chance: Functional Safety
Slide 1 Ngo
-
08/08/2014
Hai-Thuy Ngo
Industry Manager Oil & Gas
Oil & Gas industry
Slide 2 Ngo
-
08/08/2014
Oil & Gas industry
Global responsibility for Oil & Gas
• Visited countries for Oil & Gas business
Slide 3 Ngo
-
08/08/2014
Since 2005 working for Endress+Hauser
• Hai-Thuy Ngo
Oil & Gas industry
Slide 4 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
4 day functional safety training (April 2013)
• TUV: functional safety for safety instrument system professionals (IEC61511) conducted by Risknowlogy
• Including 4 hour exam.
Slide 5 Ngo
-
08/08/2014
Table of contents
Simply reliable: Process safety from Endress+ Hauser
• Functional Safety• Safety by choice – not by chance• Failures in electronics and software• Safety and availability• The safety life cycle• Conclusion
Slide 6 Ngo
-
08/08/2014
Where did this here happen?
Simply reliable: Process safety from Endress+ Hauser
NgoSlide 7
Buncefield incident UK 2005
-
08/08/2014
Safety systems protect you.
Simply reliable: Process safety from Endress+ Hauser
NgoSlide 8
-
08/08/2014
Recent incidents in the Oil & Gas industryFuture: Safety by choice, not by chance
• Deep Water Horizon offshore platform• Set up a 20 billion USD relief
fund• 11 people killed
• Buncefield incident• estimated total costs exceeding
£1 billion (~1.5 billion USD)• five companies were fined a total
of £9.5 million
• Let us help you to make your facility a little bit safer.
Simply reliable: Process safety from Endress+ Hauser
Slide 9 Ngo
-
Products Solutions Services
08/08/2014
Functional Safety
SIL requirement is only one piece to achieve a IEC61511 compliant safety instrument system
Slide 10 Ngo
-
08/08/2014
What is functional safety?
• A safety instrumented system is 100%functionally safe if all random,common cause and systematic failuresdo not lead to malfunctioning of thesafety system and do not result in• Injury or death of humans• Spills to the environment• Loss of equipment or production
• 100% functional safety does not exist,but risk reduction SIL 1, 2, 3 or 4 does.
Simply reliable: Process safety from Endress+ Hauser
Slide 13 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Risk reduction to tolerable level
• Freedom of unacceptable risks (ISO/IEC guide 51) There is always a remaining minimum risk
Slide 14 Ngo
-
08/08/2014
Risk assessment is country/customer specific
Simply reliable: Process safety from Endress+ Hauser
Slide 15 Ngo
-
08/08/2014
Risk graph to determine SILSimply reliable: Process safety from Endress+ Hauser
/ Occupancy
Slide 16 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
IEC 61511: Functional Safety Management by end-user
• Organization, Quality management, Safety plan• Lifecycle Management• Hazard identification and analysis• Risk analysis• Definition of the safety requirements specifications • Design and Engineering of the safety instrumented system• Definition of responsibilities and competencies• Measures for Software development („V-Model“)• Management, Documentation, Verification, Assessment • Audits, Validation• Operation and maintenance
• Periodic proof tests• Fault monitoring of Safety Instrumented Systems
• Modification management
Slide 17 Ngo
-
08/08/2014
Management of Functional Safety and Functional Safety Assessment and Auditing
Safety Lifecycle Structure and Planning
VerificationHazard and Risk assessment
Source: DIN EN 61511-1 – Fig. 8
Allocation of Safety Functions to Protection Layers (Quantification)
Design and Engineering of the Safety Instrumented System
Design and Development of other Means of Risk Reduction
Safety Requirements Specifications for the Safety Instrumented System
Installation, Commissioning and Validation
Operation and Maintenance
Modification
Decommissioning
Overall Safety Life-Cycle acc. IEC 61511
Simply reliable: Process safety from Endress+ Hauser
Slide 18 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Layers of protection
Plant emergency response Emergency response layer
Embankment Passive protection layer
Relief valve, rupture disk, F+G system
Active protection layer
Safety instrumented system EmergencyShutdown
Isolated protection layerTrip level alarm
Alarm & operator intervention “Wild” process
Process control layer
Basic process control system or DCS
Normal process
Process control layer
Plant and process design Inherent safe plant design
Miti
gatio
nPr
even
tion
Slide 19 Ngo
-
08/08/2014
Risk Reduction by Safety Instrumented Systems
Process
Communicatione.g. 4…20 mA
Communicatione.g. 4…20 mA
Actuator
Safety Instrumented System (SIS)Logic unit
Sensor
Simply reliable: Process safety from Endress+ Hauser
Process interface
Process interface
ResidualRisk
Slide 20 Ngo
-
08/08/2014
Sensor35%
Actuator50%
Controller15%
PFDavg - Integration of the complete loop Simply reliable: Process safety from Endress+ Hauser
SIL 1: ≥10-2…
-
08/08/2014
Safety Integrity Levels (SIL)
SIL PFD avg Safety Availability Risk Reduction1 0.1-0.01 0.9-0.99 10-1002 0.01-0.001 0.99-0.999 100-10003 0.001-0.0001 0.999-0.9999 1000-100004 0.0001-0.00001 0.9999-0.99999 10000-100000
Simply reliable: Process safety from Endress+ Hauser
PFDavgAverage probability of failure of a safety function working in low demand mode of operation
Slide 22 Ngo
Liquiphant is SIL3 capable
-
08/08/2014
Two regulations: One common target
Simply reliable: Process safety from Endress+ Hauser
Common Target - Plant Safety!
Supplier and manufacturers
System integrator/
Operator/User
SafetyRegulations
2. Application standard Implementation for Process
industries
1. Generic standardValid for all relevant sectors
IEC 61508 IEC 61511ISA 84.01
Slide 23 Ngo
-
08/08/2014
Separation of process instrumentation and safety instrumentation according IEC 61511
Product 2
PI LI TI
Product
FT
Product 1
Process instrument.
Basic ProcessControl System
(BPCS)LS
PI
Safety Functions
Safety related system
Safety Instrumented System (SIS)
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
11.2.10 of IEC 61511 part 1
NgoSlide 25
• 11.2.10 A device used to perform part of a safety instrumented function shall not be used for basic process control purposes, where a failure of that device results in a failure of the basic process control function which causes a demand on the safety instrumented function, unless an analysis has been carried out to confirm that the overall risk is acceptable.
• However API2350 and Buncefield report are asking for strict separation of safety function and inventory monitoring.
-
Products Solutions Services
08/08/2014
Safety by choice – not by chance
Slide 26 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Something to think about…
• Analysis of 34 incidents, based on 56 causes identifiedSource: HSE - UK
Slide 27 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Proper instrument selection – your safety fundament
THE tool for instrument selection : APPLICATOR (www.endress.com/applicator)
Slide 28 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Proper instrument selection by industry applications
Complete basket for your application!
Slide 29 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Applicator: A detailed view on application conditions
Slide 30 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Applicator: Corrosion warning and database
Make a proper choice right from the beginning.
Slide 31 Ngo
-
08/08/2014
Safety by choice not by chance
• We find the best method that serves your application in a best way• We have best materials and most robust concepts to ensure reliability
and availability
Simply reliable: Process safety from Endress+ Hauser
We want your plant to run safely and efficiently!
Safety measures should not unnecessarily impair operations
Slide 32 Ngo
-
Products Solutions Services
08/08/2014
Safety and availability
The value of redundant architectures in SIS
Slide 33 Ngo
-
08/08/2014
Single Channel System
Sensor Logic Actor System
SIL 2 3 2 ≤2
PFDav 0,3x10-2 0,05x10-2 0,4x10-2 0,705 x 10-2
Example: single channel overfill prevention
SIL 2PFDav= 0,35x10-2
SIL 3PFDav=0,05x10-2 SIL 2
PFDav=0,4x10-2
ActuatorLogicSensor
System= SIL 2
Simply reliable: Process safety from Endress+ Hauser
PFDS+PFDL+PFDA < 10-SILsystem SILS , SILL , SILA ≥ SILsystemDesign rules
Slide 34 Ngo
-
08/08/2014
Architecture of Multi-Channel Systems
Simply reliable: Process safety from Endress+ Hauser
Safety
Availability1oo1 2oo2 3oo3
1oo2
1oo3
2oo3
4oo4
1oo4
Fundamental Safety Parameters• PFDav• HFT• SFFfor the complete system must be evaluated (e.g. Markov Model)
Slide 35 Ngo
Which multi-channel system is safer than
2oo3?
-
08/08/2014
Approximation formula (Source: VDI/VDE 2180, Sheet 4)
Simply reliable: Process safety from Endress+ Hauser
DU = „dangerous undetected“, = Common cause Factor, T1 = Time interval for proof testing [h] (1 Jahr = 8.760 h)
Options of Circuit Approximation formula for PFDav
1oo1
1oo2
1oo3
1oo4
2oo2
2oo3
2oo4
23
12
121
TTPFD DUDUoo
21
11TPFD DUoo
122 TPFD DUoo
2
12132
TTPFD DUDUoo
24
13
131
TTPFD DUDUoo
2
13142
TTPFD DUDUoo
25
14
141
TTPFD DUDUoo
This is simplified. Use MARKOV method to calculate
the PFD more accurate.
Slide 36 Ngo
-
08/08/2014
Subsystem ActuatorSubsystem Logic UnitSubsystem Sensor
Sensor 1 Interface 1
Sensor 2 Interface 2
Sensor 3 Interface 3
2oo3
ControlModule 1
ControlModule 2
1oo2
Actu. 1Interface 4
Actu. 2Interface 5
2oo2
lDU = 500 FIT (per line)b=10%, T1=1 year, SFF=
lDU = 50 FIT (per Module) b=2%, T1=1 year, SFF=
lDU = 1200 FIT (per line) b=10%, T1=1 year, SFF=
Formula for für 2oo3 Formula for für 1oo2 Formula for für 2oo2
PFDav (S) = 2,4 × 10-4 PFDav (LE) = 4,4 × 10-6 PFDav (A) = 1,1 × 10-2
Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) = 1,3 × 10-2 SIL 1
Target: SIL 2
Target not achieved! What to do?FIT = Failures In Time, 1 FIT = 10-9 1/h
Complex calculation example(1)
-
08/08/2014
Action 1: Reduce Proof-Test Intervall from 1 year to ½ year Additional Cost!
Subsystem ActuatorSubsystem Logic UnitSubsystem Sensor
Sensor 1 Interface 1
Sensor 2 Interface 2
Sensor 3 Interface 3
2oo3
ControlModule 1
ControlModule 2
1oo2
Actu. 1Interface 4
Actu. 2Interface 5
2oo2
lDU = 500 FIT (per line)b=10%, T1=½ year, SFF=
lDU = 50 FIT (per Module) b=2%, T1=½ year, SFF=
lDU = 1200 FIT (per line) b=10%, T1=½ year, SFF=
Formula for 2oo3 Formula for 1oo2 Formula for 2oo2
PFDav (S) = 1,1 × 10-4 PFDav (LE) = 2,2 × 10-6 PFDav (A) = 5,5 × 10-3
Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) = 5,6 × 10-3 SIL 2
Complex calculation example(2)
-
08/08/2014
Action 2: more redundancy (here: Actuator) additional costs!
Subsystem ActuatorSubsystem Logic UnitSubsystem Sensor
Sensor 1 Interface 1
Sensor 2 Interface 2
Sensor 3 Interface 3
2oo3
ControlModule 1
ControlModule 2
1oo2 2oo2
lDU = 500 FIT (per line)b=10%, T1=1 year, SFF=
lDU = 50 FIT (per Module) b=2%, T1=1 year, SFF=
lDU = 1200 FIT (per line) b=10%, T1=1 year, SFF=
Formula for 2oo3 Formula for für 1oo2 Formula for 1oo2/2oo2
PFDav (S) = 2,4 × 10-4 PFDav (LE) = 4,4 × 10-6 PFDav (A) ≈ 1,2 × 10-3
SIL 2
Actu. 3Interface 6
Actu. 4Interface 71oo2
Actu. 1Interface 4
Actu. 2Interface 51oo2
Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) ≈ 1,5 × 10-3
Complex calculation example(3)
Slide 39 Ngo
-
08/08/2014
Subsystem ActuatorSubsystem Logic UnitSubsystem Sensor
Sensor 1 Interface 1
Sensor 2 Interface 2
Sensor 3 Interface 3
2oo3
ControlModule 1
ControlModule 2
1oo2
Actu. 1Interface 4
Actu. 2Interface 5
2oo2
lDU = 500 FIT (per line)b=10%, T1=1 year, SFF=
lDU = 50 FIT (per Module) b=2%, T1=1 year, SFF=
lDU = 800 FIT (per line)b=10%, T1=1 year, SFF=
Formula for 2oo3 Formula for 1oo2 Formula for 2oo2
PFDav (S) = 2,4 × 10-4 PFDav (LE) = 4,4 × 10-6 PFDav (A) = 7,4 × 10-3
Result: PFDav (System) = PFDav (S) + PFDav (LE) + PFDav (A) = 7,6 × 10-3 SIL 2
Action: Correct selection of components from the beginning (here: Actuator)
Complex calculation example(4)
-
08/08/2014
Safety data sheet on www.endress.com/sil
Safety in the process industry
Jana Kurzawa / Hai-Thuy NgoSlide 41
-
08/08/2014
One example of a Multi-Channel SystemSimply reliable: Process safety from Endress+ Hauser
Pressurizedprocess
Overpressure protection
Subsystem Sensor
Sensor 1
Sensor 2
Sensor 3
2oo3
Subsystem Logic Unit
PLC
Subsystem Actuator
Actuator 1
Actuator 2
2oo2
Slide 42 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Homogeneous Redundancy(same instruments)
Redundancy: Homogeneous or diverse?
Advantage of homogeneous system• Control of random faults• Simple stock management,
commissioning, maintenance …Note: Systematic Integrity
(e.g. Software) can not be enhanced!
Advantage of diverse system
• Control of random and systematicfaults (device + process)
• systematic integrity can beenhanced
+z.B. 1oo2 SIL 3?
SIL 2 SIL 2
Diverse Redundancy(different instruments)
SIL 2 SIL 2
+z.B. 1oo2 SIL 3
Endress + Hauser offers multiple instruments which
are SIL2/3 capable. You reach SIL 3 even in
homogeneous redundancy.
SIL 3
Slide 43 Ngo
-
08/08/2014
Homogeneous Redundancy: SIL2 + SIL2 = SIL3?
Safety Integrity Level (SIL) / Functional Safety Theory
PMP41Hardware: SIL2Software: SIL2
PMP41Hardware: SIL2Software: SIL2
+ = SIL2
+ = SIL3FMG60
Hardware: SIL2Software: SIL3
FMG60Hardware: SIL2Software: SIL3
SD P
MP4
1SD
FM
G60
Slide 44 Dept. GT / Thomas Fritz
-
08/08/2014
Diverse Redundancy: SIL2 + SIL2 = SIL3?
Safety Integrity Level (SIL) / Functional Safety Theory
PMP71Hardware: SIL2Software: SIL3
PMP41Hardware: SIL2Software: SIL2
+ = SIL3
= SIL3PMD75
Hardware: SIL2Software: SIL3
FMR51Hardware: SIL2Software: SIL3
+
SD P
MP7
1SD
PM
D75
SD P
MP4
1SD
FM
R51
Slide 45 Dept. GT / Thomas Fritz
-
Products Solutions Services
08/08/2014
Failures in electronics and software
Failure mode and effect analysis
Slide 46 Ngo
-
08/08/2014
Failure Mode and Effect Analysis (FMEA)Simply reliable: Process safety from Endress+ Hauser
Component failure modes• Short circuit• Interruption• Drift
Additionally: FMEA of mechanical Components (z. B. Sensor)
Example:
Failure mode effect on safety function?
Slide 47 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Failure Mode and Effect Analysis (FMEA)
tot = su +sd + du + dd (+λ not relevant)
MTBF = 1/tot
First step:• determine safety path (e.g. 4…20 mA output)• determine accuracy under fault condition ( e.g. ± 2 %)
Different failure modes:
PFD
Probability of failure modes
Detected faults Undetected faults
Safe faults lsd lsuDangerous faults ldd ldu
Slide 48 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Absolute number of failures are more important than SFF
sd + su + dd tot
SFF=
Safe Failure Fraction (SFF)(in %)
SFF 95 % Internal diagnostics improves SFF
SFF 85 %
Slide 49 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Accuracy under fault condition
• With continuous overfill prevention instrument, you have to reduce the maximum level by the fault condition tolerance
• With Liquiphant you can fill up safely until the specified level. You can use the complete specified capacity of your tank.
No tolerance required
+/- 2 % +/-2%, +/- 5%, ???
Competitor
No fault condition tolerance for the
vibronic fork
Slide 50 Ngo
-
08/08/2014
Safety in the process industry
Proof test coverage: Quantity is important!!!
Jana Kurzawa / Hai-Thuy NgoSlide 51
• Proof test coverage is a measure of how many undetected dangerous failures are detected by the proof test.
• Which instrument gives you better safety?
Instrument A Instrument BProof Test Coverage
90% 50%
Dangerous Undetected Failures
40 FIT 2 FIT
Failures remaining unrevealed after proof test
4 FIT 1 FIT
-
08/08/2014
Safety in the process industry
Proof test coverage: Quantity is important!!!
Jana Kurzawa / Hai-Thuy NgoSlide 52
• Proof test coverage is a measure of how many undetected dangerous failures are detected by the proof test.
• Which instrument gives you better safety?
Instrument A Instrument BProof Test Coverage
90% 50%
Dangerous Undetected Failures
40 FIT 2 FIT
Failures remaining unrevealed after proof test
4 FIT 1 FIT
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Proof test coverage: : Quantity is important!!!
NgoSlide 53
Instrument A Instrument BDangerous failures 100 FIT 100 FITλDD 10 FIT 90 FITλDU 90 FIT 10 FITPTC 80% 80%λDU converted to λDD 72 FIT 8 FIT
Never detected λDU 18 FIT 2 FIT
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Proof test coverage: : Quantity is important!!!
NgoSlide 54
Instrument A Instrument BDangerous failures 100 FIT 100 FITλDD 10 FIT 90 FITλDU 90 FIT 10 FITPTC 80% 80%λDU converted to λDD 72 FIT 8 FIT
Never detected λDU 18 FIT 2 FIT
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Level of Concerns (LOC) according API2350 4th Edition
Critical high (CH)
Automatic overfill prevention system (AOPS); Level may be equal to HH
High-high tank (HH) LAHHMaximum working (MW)
Slide 55 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Maximum filling height for LAHH with radar
Critical high (CH)
Automatic overfill prevention system (AOPS); Level may be equal to HH
High-high tank (HH) LAHHMaximum working (MW)
E.g. 98 %
Better tank capacity utilization with point level sensor.
e.g. 2% fault tolerance
Slide 56 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Maximum filling height for LAHH with Liquiphant
Critical high (CH)
Automatic overfill prevention system (AOPS); Level may be equal to HH
High-high tank (HH) LAHHMaximum working (MW)
100 %
Slide 57 Ngo
-
Products Solutions Services
08/08/2014
The safety life cycle
Maintain your safety at the highest level
Slide 58 Ngo
-
08/08/2014
Probability of a failure on demand - PFDSimply reliable: Process safety from Endress+ Hauser
SIL 4SIL 3SIL 2
SIL 1
Operation time
PFD
Ti Ti
Example: Safety component with low demand frequency (~1/a)PFD du t (t
-
08/08/2014
Partial Proof Testing (PTC < 100%)Functional Safety in the Process Industry
PFD
Ti operation time t
SIL 1
SIL 2
SIL 3
LT
PFDav
PFDav ≈ ½ λdu x Ti x PTC + ½ λdu x LT x (1-PTC)
PTC= Proof test coverage (1=100 %)Ti = Test interval LT= life time
PTC < 100 %
Single channel system 1oo1
Slide 60 Klotz-Engmann
-
08/08/2014
Partial Proof Testing + Full Proof TestFunctional Safety in the Process Industry
PFD
Ti operation time t
SIL 1
SIL 2
SIL 3
LT
PFDav
PFDav ≈ ½ λdu x Ti x PTC + ½ λdu x Tj x (1-PTC)
PTC= Proof Test Coverage (1=100 %)Ti = Test interval (
-
08/08/2014
ASFM - Fuel for thought
Easy and convenient proof test on the tank
NgoSlide 62
4% of all devices, which are proof tested, get damaged during re-installation !!!According to a study of Akzo Chemical customer in Rotterdam.Of course, this does not happen in the Oil & Gas industry …
-
08/08/2014
Total Proof test coverage according to IEC 61508
Total coverage(DC+PTC)
FTL80/81/85+ FTL825
Wet test 99%(Procedure IA MAX/MIN)
Simulation(in situ testing!)
97 %(Procedure IB) Via test button
Max
Min
Simply reliable: Process safety from Endress+ Hauser
Smart proof testing procedures reduce effort, increase safety and minimize shut down times.
Slide 63 Ngo
-
08/08/2014
New: Liquiphant Fail Safe FTL 8x
Simply reliable: Process safety from Endress+ Hauser
Liquiphant FailSafe FTL80/81/85Nivotester FTL825
4..20mA +LIVE-Signal
SIL3 MIN/MAX
4..20mA +LIVE-Signal Optional
Liquiphant FailSafeFTL80/81/85
PLC
Safety function • 4…20 mA output with life signal (every 3
seconds self checking procedure)
• SIL 3 capable in single device
• min/max safety function
• proof test simulation with push-button
• proof test interval can be extended up to 12 years !
Slide 64 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Proof testing without dismounting the device
Not necessary to interrupt or manipulate the production process for partial proof test.
Recommendedproof test interval
12 years 3 years 2 years
Slide 65 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Sensortestbox+ Adapter
Sensor test (MID/Coriolis)
Simu-BoxSimulation ofsensor signal
FieldcheckCurrent outputFreq./puls outputService
Partial proof test with Fieldcheck
Proof test coverage via verification: 90 %
Slide 66 Ngo
-
Products Solutions Services
08/08/2014
Ensuring mechanical integrity
Robust principles and materials
Slide 67 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Vibronic level switches: 300.000 pieces/year
• Measuring Principle
• Liquiphant in practice
• Liquiphipant in safety
• Oil detection in pipes/sump pits Leakage detection presentation
Click the blue box
Slide 68 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Welded gastight feedthrough(second line of defense)
Sealing concept in Liquiphant Failsafe
• Helium leakage test• Pressure test (approx. 80 bar)• sealed after test with sealing pin,
welded in and verified by radiographic test
Slide 69 Ngo
-
08/08/2014
Manual overfill protection system (MOPS)
Simply reliable: Process safety from Endress+ Hauser
Slide 70 Ngo
-
08/08/2014
Automatic overfill protection system (AOPS)
Simply reliable: Process safety from Endress+ Hauser
Slide 71 Ngo
-
08/08/2014
Assessed by external third party safety consultant
• Complete standardized engineered solutions by Endress+Hauser• Time saving• Cost saving• Reliable safety system• Reduced documentation efforts• Proven in use
Simply reliable: Process safety from Endress+ Hauser
Slide 72 Ngo
-
08/08/2014
Clear and detailed alarm notification and remedy info
• Digital proof-testing avoids staff in dangerous areas (e.g. on the tank)
• SIL3 vibronic fork is a fail safe device and reliable
• Independence and diversity of safety loop and inventory control loop offers the most reliable safety system.
• Easy digital proof testing process motivates the operator to perform the proof test
Simply reliable: Process safety from Endress+ Hauser
Slide 73 Ngo
-
08/08/2014
Most comprehensive SIL portfolio
• Complete range of SIL devices: pressure, temperature, level, pH, flow including system components
• www.endress.com/SIL
Simply reliable: Process safety from Endress+ Hauser
Slide 74 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Conformity assessment acc. IEC 61508
Endress+Hauser:SIL 2 : Independent 3rd party assessment + Manufacturer DeclarationSIL 3: Independent 3rd party assessment + certificate
Third party certificate not required for SIL2, but Endress + Hauser create and publish it.
SIL Minimum degree ofindependence (IEC61508)
SIL 1 Independent Person
SIL 2 Independent department
SIL 3 Independent organisation
SIL 4 Independent organisation
Slide 75 Ngo
-
08/08/2014
TÜV Certified Functional Safety ManagementSimply reliable: Process safety from Endress+ Hauser
Slide 76 Ngo
-
Products Solutions Services
08/08/2014
Conclusion
Endress + Hauser: State of the art technology and solutions for your process safety
Slide 77 Ngo
-
08/08/2014
Improve safety with state of art technology - Liquiphant
Simply reliable: Process safety from Endress+ Hauser
Explosion and fire at Buncefield Oil Storage Depot - Five companies to face prosecution
http://www.buncefieldinvestigation.gov.uk/press/b08002.htm
Failed !!!
Slide 78 Ngo
-
08/08/2014
Level measurement in Oil & Gas
Furthermore, Safety Integrity Level
Slide 79 Ngo
-
08/08/2014
Simply reliable: Process safety from Endress+ Hauser
Need of record on site and a different location
Slide 80 Ngo
-
08/08/2014
Proof test documentation with W@M
Simply reliable: Process safety from Endress+ Hauser
• Your 24/7 life cycle management platform:
• All safety manuals, technical information and certificates and proof testing reports available at your fingertip
• Upload of Data to W@M
• The spare-part recommendations for the specific device, which you have installed on site.
Slide 81 Ngo
-
08/08/2014
Instrument Task Overview e.g. Proof testingSimply reliable: Process safety from Endress+ Hauser
Indication of the status of the task (e.g. planned, overdue, warn etc.) Upload of attachment e.g.
proof test reports
Testing Interval
Slide 82 Ngo
-
08/08/2014
Summary
• Installing just a SIL device is not enough to comply to IEC61511• Endress + Hauser offers an instrumentation portfolio for hazardous
areas and safety applications which is second to none.• Robust measuring principles and material ensure reliability in
harshest processes• Smart concepts to improve mechanical integrity are simulated,
implemented and tested in order keep your process safe under any circumstances
• Hard- and software developed according IEC61508 and high diagnostic coverage reduce dangerous, undetected failures to a minimum and help to extent proof test interval
• Redundancy improves safety and availability• Smart proof test procedures significantly safe cost• Document your safety life cycle with W@M
Simply reliable: Process safety from Endress+ Hauser
Slide 83 Ngo
-
08/08/2014
And never forget…
Liquiphant FailSafe: THE safety switch for highest demands.
Simply reliable: Process safety from Endress+ Hauser
A unique device:SIL 3 and 12 years proof test interval.
Highest safety at minimum effort!
Slide 84 Ngo
-
08/08/2014
Complete SIL instrumentation portfolio up to SIL3
Simply reliable: Process safety from Endress+ Hauser
NgoSlide 85
-
08/08/2014
That’s it … relax now… it was not that difficult :-D
Simply reliable: Process safety from Endress+ Hauser
Slide 86 Ngo