Post on 03-Apr-2018
7/28/2019 VUT 6.4.2006-2
1/49
VUT
6.4.2
006
1
Funkn bezpenost
elektrickch pstrojsouvisejcch s bezpenost
7/28/2019 VUT 6.4.2006-2
2/49
VUT
6.4.2
006
2
Funkn bezpenost
st celkov bezpenosti tkajc seEUC a systmu zen EUC zvisl nasprvnm fungovn E/E/EP systmsouvisejcch s bezpenost,systmech souvisejcch s bezpenostzaloench na jinch technickch
principech a vnjch prostedcch prosnen rizika
SN EN 61508-4
7/28/2019 VUT 6.4.2006-2
3/49
VUT
6.4.2
006
3
7/28/2019 VUT 6.4.2006-2
4/49
VUT
6.4.2
006
4
Mechanical Safety Action (if available)
Plant Shut-down
Wild Processparameter
High Control level
High Alarm level
Time
If Operator takes action
Certain Process
parameter value Low Control level
Normal behavior
DCS
Functionality
Process.
7/28/2019 VUT 6.4.2006-2
5/49
VUT
6.4.2
006
5
Mechanical Safety Action (if available)
Plant Shut-down
Wild Processparameter
High Control level
High Alarm level
ESD controlled
Trip level
Time
If Operator takes action
Certain Process
parameter value
Safety Instrumented
System Functionality
Low Control level
Normal behavior
DCS
Functionality
Safety System.
7/28/2019 VUT 6.4.2006-2
6/49
7/28/2019 VUT 6.4.2006-2
7/49
VUT
6.4.2
006
7
Safety Issues for End User / Operators
How do you demonstrate that your operations are safe?
How do you demonstrate that your equipment is safe?
How do you demonstrate that your safety and protectivesystems protect against your hazards?
You can answer these questions by demonstrating compliancewith Industry Safety Standards
IEC61508 - Functional safety ofelectrical/electronic/programmable electronic
safety-related systems
7/28/2019 VUT 6.4.2006-2
8/49
VUT
6.4.2
006
8
What is IEC61508?
An international standard relating to the Functional Safetyof electrical / electronic / programmable electronic safety
related systems
Mainly concerned with E/E/PE safety-related systemswhose failure could have an impact on the safety of
persons and/or the environment
Could also be used to specify any E/E/PE system usedfor the protection of equipment or product
It is an industry best practice standard to enable you to
reduce the risk of a hazardous event to a tolerable level
7/28/2019 VUT 6.4.2006-2
9/49
VUT
6.4.2
006
Technologies Concerned
E Electrical electro-mechanical / relays / interlocks
E Electronic
solid state electronics
PES Programmable Electronic Systems
Programmable Logic Controllers(PLCs);
Microprocessor based systems
Distributed Control Systems Other computer based devices
(smart sensors / transmitters /actuators)
7/28/2019 VUT 6.4.2006-2
10/49
VUT
6.4.2
006
Features
Generic Standard
Guidance on the use of E/E/PES
Comprehensive approach involving concepts of Safety Lifecycle andincludes all elements of the protective system
Risk-based approach leading to determination of Safety IntegrityLevels (S.I.Ls)
Considers the entire Safety Critical Loop
7/28/2019 VUT 6.4.2006-2
11/49
VUT
6.4.2
006
11
Generic and Application Sector Standards
IEC61511 :
Process Sector
Medical Sector
IEC61513 :
Nuclear Sector
IEC62061 :
Machinery Sector
7/28/2019 VUT 6.4.2006-2
12/49
VUT
6.4.2
006 IEC61511
Functional Safety
Safety instrumented systemsfor the
Process industry sector
7/28/2019 VUT 6.4.2006-2
13/49
VUT
6.4.2
006
13
IEC 61511
FUNCTIONAL SAFETY: SAFETY
INSTRUMENTED SYSTEMS FOR
THE PROCESS INDUSTRYSECTOR
7/28/2019 VUT 6.4.2006-2
14/49
VUT
6.4.2
006
14
Industries
Applies to a wide variety ofindustries across the processsector
Including:
Chemicals
Oil refining
Oil and gas production
Pulp and paper
Non-nuclear power
generation
Pharmaceuticals / Fine
Chemicals
7/28/2019 VUT 6.4.2006-2
15/49
VUT
6.4.2
006
15
Scope
Process (chemicals, oil & gas, paper, non-nuclear power generation)
End-to-end safety instrumented system (SIS) -
h/w, s/w, mgt. and human factors
Full safety lifecycle - specification, design,integration, operation, maintenance
Intended for integrators / users not for equipment designers / vendors
7/28/2019 VUT 6.4.2006-2
16/49
VUT
6.4.2
006
16
Structure
IEC 61511 Structure
Part 1Framework, definitions, system,hardware and software requirements.
Part 2Guidelines for the application ofIEC 61511-1.
Part 3Guidance for the determination ofsafety integrity levels.
Normative
Informative
7/28/2019 VUT 6.4.2006-2
17/49
VUT
6.4.2
006
17
IEC 61511
TITLE - Functional Safety Safety Instrumented
Systems for the Process Industry sector
This international Standard gives requirements for
the specification, design, installation, operation and
maintenance of a safety instrumented system, so
that it can be confidently entrusted to place and/or
maintain the process in a safe state.
This standard has been developed as a processsector implementation of IEC 61508.
7/28/2019 VUT 6.4.2006-2
18/49
VUT
6.4.2
006
Relationship IEC 61511 & IEC 61508
7/28/2019 VUT 6.4.2006-2
19/49
VUT
6.4.2
006
Relationship IEC 61511 & IEC 61508
7/28/2019 VUT 6.4.2006-2
20/49
VUT
6.4.2
006
20
Similarities (IEC 61508 - IEC 61511)
Whole safety lifecycle Concept, Hazard & Risk Analysis and Design
through operation & maintenance to eventualdecommissioning
Safety requirements specification Safety integrity levels (SIL 1 to 4)
End-to-end system
(Sensor via Logic to Actuator)
Hardware reliability analysis (PFD)
Management of functional safety
Architectural constraints (fault tolerance)
7/28/2019 VUT 6.4.2006-2
21/49
VUT
6.4.2
006
21
Key Differences IEC 61511 (IEC 61508)
Terminology Process (EUC)
Basic Process Control System (EUC Controlsystem)
Safety Instrumented System (E/E/PE S-R-S) Safety Instrumented Function (Safety function)
Presentation
less rigorous than IEC 61508
more guidance (especially in Parts 2 & 3)
7/28/2019 VUT 6.4.2006-2
22/49
VUT
6.4.2
006
22
Overall Installation
& Commissioning
11
2
External Risk
ReductionFacilities
Overall Scope Definition
Realisation
1 Concept
3 Hazard Risk Analysis
4 Overall Safety Requirements
Safety Related
Systems:E / E / PES
12
Realisation
Overall Planning
Safety Related
Systems:
Other
Technology
Realisation
10
Overall
Installation &
CommissioningPlanning
Overall
Validation
Planning
Overall
Operation &
MaintenancePlanning
8
9
76
Safety Requirements Allocation5
Back to appropriate
Overall Safety Lifecycle
Phase
15
16 Decommissioning
13 Overall Safety Validation
Overall Operation & Maintenance14 Overall Modification & Retrofit
Overall Safety Lifecycle in IEC 61508
7/28/2019 VUT 6.4.2006-2
23/49
VUT
6.4.2
006
23
IEC 61508 - ownership of phases
PRE-DESIGN
(Phases 1 to 5)
OPERATION
(Phases 14 to 16)
DESIGN AND
INSTALLATION
(Phases 6 to 13)
End user / operator
End user / operator
Engineering Contractors/ Equipment
Supplier
7/28/2019 VUT 6.4.2006-2
24/49
VUT
6.4.2
006
24
Pre-Design : Phases 1 - 5
1 : Concept
2 : Overall Scope
Definition
3 : Hazard Risk
Analysis
4 : Overall Safety
Requirements
5 : Safety
Requirements
Allocation
Can you demonstrate that
you have identified all
your hazards?
Can you demonstrate that
you are using adequateand correct methods of
hazard protection?
7/28/2019 VUT 6.4.2006-2
25/49
VUT
6.4.2
006
25
Design & Implementation : Phases 6 - 13
Overall Planning
6 : Overall Operations and
Maintenance Planning
7: Overall Validation
Planning
8: Overall Installation &
Commissioning Planning
9 : Safety
Related
Systems :E/E/PES
12 : Overall Installation &
Commissioning
13 : Overall
Safety Validation
10 : Safety
Related
Systems :
OtherTechnology
11 : External
Risk
ReductionFacilities
How do you ensure
competencies for all these
activities?
Can you demonstrate that you
pass the necessary information
into these activities?
Can you demonstrate that all
necessary information has been
passed to you from these activities?
7/28/2019 VUT 6.4.2006-2
26/49
VUT
6.4.2
006
26
Operation : Phases 14 - 16
14 : Overall
Operations and
Maintenance
15 : OverallModification and
Retrofit
16 : Decommissioning
Can you demonstrate thatyou maintain / test /
analyse your protective
systems correctly?
Can you demonstratethat you are in control
of your modification
process?
7/28/2019 VUT 6.4.2006-2
27/49
VUT
6.4.2
006
27
Supply Chain
IEC6
1511
IEC6
150
8
Requirement
SpecificationCommissioning
and Use
End User
System DesignerIntegrator
Sub-system
Designer
Component
Manufacturer
7/28/2019 VUT 6.4.2006-2
28/49
VUT
6.4.2
006
Risk
7/28/2019 VUT 6.4.2006-2
29/49
VUT
6.4.2
006
29
What is Risk?
The probable rate of occurrence of a hazardcausing harm
AND
the degree of severity of the harm
Qualitatively - Words
Quantitatively - Figures
7/28/2019 VUT 6.4.2006-2
30/49
VUT
6.4.2
006
Risk cannot be justified
except in extraordinary
circumstances
Tolerable only if risk reduction
is impracticable or if its cost is
grossly disproportionate to the
improvement gained
Necessary to maintain
assurance that risk
remains at this level
Unacceptable
region
Broadly acceptable
region
Negligible risk
(No need for detailed working
to demonstrate ALARP)
The ALARP or
Tolerability region
As the risk is reduced the less,
proportionately, it is necessary to
spend to reduce it further. The
concept of diminishing proportion
is shown by the triangle.
(Risk is undertaken only
if a benefit is desired)
Levels of Risk and ALARP(As Low As Reasonably Practicable)
7/28/2019 VUT 6.4.2006-2
31/49
VUT
6.4.2
006
31
7/28/2019 VUT 6.4.2006-2
32/49
VUT
6.4.2
006
32
Risk reduction: General concepts
Increasingrisk
Risk to meet
Level of SafetyPlant Under
Control risk
Necessary minimum risk reduction
Actual risk reduction
Risk reduction achieved by all protective systems &
External Risk Reduction Facilities
Actual risk
remaining
Partial risk covered
by E/E/PESprotective systems
Partial risk covered
by Other Technologysafety-related systems
Partial risk covered
by External Risk
Reduction Facilities
7/28/2019 VUT 6.4.2006-2
33/49
VUT
6.4.2
006
33
SENSOR ACTUATORPROGRAMMABLEELECTRONICS
Equipment(plant)
UnderControl (EUC)
PE
SRS
Extent of Safety Related System
7/28/2019 VUT 6.4.2006-2
34/49
VUT
6.4.2
006
What is a Safety Related System (SRS) ?
Any system thatimplements safety
functions necessary to
achieve a safe state for
the Equipment UnderControl, or to maintain itin a safe state.
Examples
7/28/2019 VUT 6.4.2006-2
35/49
VUT
6.4.2
006
Hazard Identification and Risk Analysis
A typical Methodology for Hazard Identification and Risk
Analysis
(by the end user)
Hazard studies and HAZOPs Evaluate possible consequences Establish tolerable frequencies vs ALARP Build event chain Estimate demand rates Define protection required
Specify required SIL
7/28/2019 VUT 6.4.2006-2
36/49
VUT
6.4.2
006
Failure categories in IEC 61508
A = Random HardwareFailuresOR
B = Systematic Failures
specification;
systematic hardware;
software;
maintenance;
all failures that are not random
AB
7/28/2019 VUT 6.4.2006-2
37/49
VUT
6.4.2
006
Safety Integrity Level SIL
SAFETY
INTEGRITY
LEVEL
(SIL)
LOW DEMAND MODEOF OPERATION
(Probability of failure
to perform its
designed function on
demand)
CONTINUOUS/HIGHDEMAND MODE OF
OPERATION
(Probability of one
dangerous failure per
hour)
4 >= 10-5
up to < 10-4
>= 10-9
up to < 10-8
h-1
3 >= 10-4
up to < 10-3
>= 10-8
up to < 10-7
h-1
2 >= 10-3
up to < 10-2
>= 10-7
up to < 10-6
h-1
1 >= 10-2
up to < 10-1
>= 10-6
up to < 10-5
h-1
PFD PFH
Probability ofFailure on
Demand
Probability ofFailure per
Hour
Ri k d D t i ti f S f t I t it
7/28/2019 VUT 6.4.2006-2
38/49
VUT
6.4.2
006
38
Risk and Determination of Safety Integrity
Levels
Basic
Design
Unacceptable
No
ProtectionIncrea
sing
Severity
Increasing Likelihood
7/28/2019 VUT 6.4.2006-2
39/49
VUT
6.4.2
006
39
Risk Reduction Requirements
Safety IntegrityLevel
Risk Reduction
1 10-100
2 100 1,000
3 1,000 10,000
4 10,000 100,000
Reliability Failure Rate and Availability at each level
7/28/2019 VUT 6.4.2006-2
40/49
VUT
6.4.2
006
40
Reliability, Failure Rate and Availability at each level
SIL 1
SIL 2
SIL 3
SIL 4
Reliability Probability of
failure on
demand
Trip Unavailable
(per year)
90% - 99% 0.1 to 0.01 876 to 87.6hrs
99% - 99.9% 0.01 to 0.001 87.6 to 8.76hrs
99.9% -
99.99%
0.001 to 0.0001 8.76hrs to 52.6
mins
99.99% -
99.999
%
0.0001 to 0.00001 52.6 mins to 5.3
mins
7/28/2019 VUT 6.4.2006-2
41/49
VUT
6.4.2
006
41
Protective System Technology
Standard components, single channel or twinnon-diverse channelsSIL 1
Standard components, 1 out of 2 or 2 out of 3,
possible need for some diversity. Allowance forcommon-cause failures needed
SIL 2
Multiple channel with diversity on sensing and
actuation. Common-cause failures a major
consideration. Should rarely be required in
Process Industry
SIL 3
Specialist design. Should never be required in
the Process IndustrySIL 4
7/28/2019 VUT 6.4.2006-2
42/49
VUT
6.4.2
006
Determined to achieve the correct SIL level...
7/28/2019 VUT 6.4.2006-2
43/49
VUT
6.4.2
006
Various methods available:
Qualitative risk graph Calibrated risk graph (methodology only
not definitive)
Layer Of Protection Analysis (LOPA)
Hazardous event severity Matrix Quantified Risk Analysis (QRA)
Which one to use? Develop your own?
SIL assessment
7/28/2019 VUT 6.4.2006-2
44/49
VUT
6.4.2
006
Calculation of PFDAVG
35% of PFDAvg SE 15% of PFDAvg LS50% of PFDAvg FE
Distribution of the Failure Measures
35 % Sensors + 15 % Logic solver + 50 % Final elements
PFD fi f HIMA t l
7/28/2019 VUT 6.4.2006-2
45/49
VUT
6.4.2
006
35 % 15% 50%
PFD-figures for a HIMA system, example
7/28/2019 VUT 6.4.2006-2
46/49
VUT
6.4.2
006
RC/AK according DIN V VDE 19250
SIL according IEC 61508
consequence
risk
parameter
minorinjury
no influence
to the environment
possibility
of avoiding
hazardousevents
frequency
& exposure
time
probability of the
unwanted occurrence
very slightrelativelyhigh slight
dead of 1 personrare
frequent
periodic influence
to the environment
dead to
several people
permanent influence
to the environment
disaster
rare
frequent
possible
not
possible
possible
not
possible
requirement
classes
RC or AK
Safety Integrity
Levels (SIL)
IEC 61508
Risk Graph acc. DIN V VDE 19250
C f l f i IEC 61511
7/28/2019 VUT 6.4.2006-2
47/49
VUT
6.4.2
006
Concept of layers of protection acc. IEC 61511
PROCESS
CONTROL and MONITORING
Basic process control systems
Monitoring systems (process alarms)
Operator supervision
PREVENTION
Mechanical protection systemProcess alarms with operator corrective action
Safety instrumented control systems
Safety instrumented prevention systems
MITIGATION
Mechanical mitigation systems
Safety instrumented control systems
Operator supervision
PLANT EMERGENCY RESPONSE
Evacuation procedures
COMMUNITY EMERGENCY RESPONSE
Emergency broadcastingLOPA
Hazardous event severity Matrix
7/28/2019 VUT 6.4.2006-2
48/49
VUT
6.4.2
006
Hazardous event severity Matrix
7/28/2019 VUT 6.4.2006-2
49/49
VUT
6.4.2
006
Funkn bezpenost
st celkov bezpenosti tkajc seEUC a systmu zen EUC zvisl nasprvnm fungovn E/E/EP systm
souvisejcch s bezpenost,systmech souvisejcch s bezpenostzaloench na jinch technickch
principech a vnjch prostedcch prosnen rizika