SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
POWID_2016_AMN_R3
1. 59th
Annual ISA Power Industry Division Symposium
27-30 June 2016, Charlotte, North Carolina
11
Andrew Nack
anack@argoturbo.com
ATC Nuclear
777 Emory Valley Road
Oak Ridge, TN 37830
Applying IEC 61508 at the
Component Level for Nuclear
Power Plants
2. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
2
Author Biography- Andrew Nack
• Senior Instrumentation and Controls Engineer
• ATC Nuclear in Oak Ridge, TN
• 10 Years of Experience
• Technical lead for evaluations of digital commercial components for
use in nuclear safety applications
• IEEE NPEC Subcommittee 6 (Safety Systems) Member
• EPRI EMC Working Group Member
• MS in Computer Engineering (University of Tennessee)
• BS in Electrical Engineering (University of Missouri)
• Professional Engineer Licensed in Tennessee
• Enjoys spending time with wife and kids, boating, running, playing
basketball, and watching Netflix
3. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
3
Outline
• IEC 61508- “Functional Safety of Electrical/Electronic/
Programmable Electronic Safety-related Systems”
• Process Industry
• Commercial Nuclear Power Industry
• Reliability
• Correctness
• Conclusion
4. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
IEC 61508
IEC 61508 “Functional Safety of Electrical/Electronic/
Programmable Electronic Safety-related Systems”
(Non-industry specific)
– Part 1- general requirements
– Part 2- system and hardware requirements
– Part 3- software requirements
– Part 4- definitions and abbreviations
– Part 5- examples of determination of SILs
– Part 6- guidelines for Parts 2 and 3
– Part 7- overview of techniques and measures
4
5. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
IEC 61508
IEC 61508 (Non-industry specific)
– Safety Integrity Levels: 1, 2, 3, or 4
– Sample Implementation:
5
6. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
IEC 61508
6
SIL
Classification Design Integrity
7. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Process Industry
• Chemicals
• Oil Refineries
• Oil and Gas Production
• Pulp and Paper
• Non-nuclear Power Production
7
8. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Process Industry
• Relatively low level of regulation
• Early adoption of IEC 61508 and ISA 84
• Large customer base for manufacturers
• Powerful force to impact how manufacturers do business
8
9. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Commercial Nuclear Power Industry
• IEEE Nuclear Safety Standards
– United States
– Asian Pacific Countries
• IEC Nuclear I&C Safety Standards
– European Union
9
10. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Commercial Nuclear Power Industry
• Relatively high regulation
• Represents a small customer base to manufacturers
• Currently only limited utilization of IEC 61508 certified
equipment
• Struggling with the incorporation of digital equipment into
safety systems and components (i.e. embedded digital
devices)
10
11. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Ensuring Safety Systems Perform
Safety Functions
• Reliability
– Probability of random failure
– Increased by measures taken to defense against random
hardware failures
• Correctness
– Preventing systematic faults
– No design errors
11
12. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Reliability
• Single failure criterion (Nuclear, IEEE & IEC) vs
probabilistic reliability analysis (Process, IEC 61508)
• Different at the system level but compatible at the
component level
12
13. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Correctness
• Lifecycle processes and designing techniques
• Built-in safety features
• Design analysis and verification & validation
• Hazard analysis
GOOD CONSISTENCY AND POSITIVE FACTORS FOR
COMMERCIAL GRADE DEDICATION
13
14. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Correctness
• Common cause failure prevention
– Diversity and defense in-depth (Nuclear, IEEE & IEC) vs
general guidance (Process, IEC 61508)
• Environmental qualification
– Some applications exceed typical qualification levels
SOME CONFLICTS BUT NOT FATAL
14
15. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Conclusion
15
Category
Significance of
Differences at the
System Level
Significance of
Differences at the
Component Level
Reliability (Defense against Random
Hardware Failures)
High Low
Correctness (Preventing Systematic Faults)
•Lifecycle Processes
•Built-in Design Safety Features
•Design Analysis, Verification, and
Validation
•Hazard Analysis
•Common Cause Failure Prevention
•Environmental Qualification
Low
Low
Low
Low
High
High
Low
Low
Low
Low
Low
High
16. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Conclusion
• IEC 61508 certified equipment fit into nuclear
requirements at the individual component level
• IEC 61508 (SIL 2 or higher) certified components are
excellent candidates for Commercial Grade Dedication
16
17. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Examples of Implementation
• UK Nuclear Industry- The EMPHASIS Tool
– Based on IEC 61508
– Already in use and has manufacturers engaged
• IEC 62671- “Selection and Use of Industrial Digital
Devices of Limited Functionality”
– Part of international nuclear I&C framework
– Acknowledges SIL certification to IEC 61508 as being a
positive factor
17
18. 59th
Annual ISA POWID Symposium, 27-30 June 2016, Charlotte, North Carolina
Questions
18