IEC 61511 introduction

7,060 views

Published on

Very brief introduction to the IEC 61511

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,060
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
704
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

IEC 61511 introduction

  1. 1. Copyright exida Asia Pacific © 2013 Singapore +65 6222 5160 Shanghai +86 21 5171 7250 Hong Kong +852 2633 7727 Germany +49 89 4900 0547 USA +1 215 453 1720 Switzerland +41 22 364 14 34 Canada +1 403 475 1943 United Kingdom +44 2476 456 195 Netherlands +31 318 414 505 Australia / NZL +64 3 472 7707 Mexico +52 55 5611 9858 South Africa +27 31 267 1564 Exida Contacts Functional Safety - IEC 61511 Introduction New Plymouth, 11 April 2013 Koen Leekens +65 977 9547
  2. 2. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Today’s Objective Introduce the Concept and Basic Principles of IEC 61511
  3. 3. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Safety is Only as Strong as its Weakest Link exida
  4. 4. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida History Founded in 1999 by experts from Manufacturers, End Users, Engineering Companies and TÜV Product Services “Independent provider of Tools, Services and Training supporting Customers with Compliance and Certification to any Standards for Functional Safety, Cyber Security and Alarm Management” Rainer Faller Former Head of TÜV Product Services Chairman German IEC 61508 Global Intervener ISO 26262 / IEC 61508 Author of several Safety Books Author of IEC 61508 parts Dr. William Goble Former Director Moore Industries Developed FMEDA Technique (PhD) Author of several Safety Books Author of several Reliability Books
  5. 5. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What we do EXPERTISE SCOPE Tools Training Consultancy Certification INDUSTRIES Process Energy Machine Automotive End Users Manufacturer Engineering Integrators CUSTOMERS Functional Safety Alarm Management Cyber Security Reliability
  6. 6. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida Tools – Process Industry
  7. 7. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida Services and Training – Process Industry Functional Safety Management Set-up Functional Safety Assessment PHA SIL Determination SRS Development SIL Verification Alarm Philosophy – Rationalization Cyber Security Assessments Training Programs
  8. 8. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Global Functional Safety Certification Consultant 3rd Party Accredited Certification Body Developer FMEDA Technique Mechanical Failure Database Electrical & Electronic Failure Database Instrument & Equipment Failure Database Development Field Failure Database Methodology Global Active Participation in IEC – ISO Workgroups Functional Safety Engineering Tools exida Industry Contributions
  9. 9. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida Library exida publishes analysis techniques for functional safety exida authors ISA best- sellers for automation safety and reliability exida authors industry data handbook on equipment failure data www.exida.com
  10. 10. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida Customers (extract from 2000+)
  11. 11. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Functional Safety:
  12. 12. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What do accidents teach us? Buncefield 2005 Bhopal 1984 Flixborough1974 Seveso 1976
  13. 13. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Primary Cause of Failures? Specification Changes after Commission Operation and Maintenance Design and Implementation Installation and Commission
  14. 14. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Primary Cause of Failures? Specification Changes after Commission Operation and Maintenance Design and Implementation Installation and Commission Source Health, Safety & Environmental Agency The majority of accidents are: … Preventable if a systematic Risk-Based Approach is adopted… More than 80% of Failures Before Startup
  15. 15. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Device Manufacturers - Sector Specific Not Available Which Standard? IEC 61513 Nuclear IEC 61511 Process Industry IEC 61508 Functional Safety for E/E/PES Safety Related Systems ISO 26262 Road Vehicles End Users - Systems Integrators IEC 62061 Machinery
  16. 16. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Relationship IEC 61508 – IEC 61511 Manufacturers and Suppliers of Devices IEC 61508 Safety Instrumented System designers, Integrators and users IEC 61511 Process Sector Safety Instrumented System Standards
  17. 17. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com RANDOM Failures IEC 61511 – Protection Against: SYSTEMATIC Failures Random Failures? Systematic Failures?
  18. 18. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Random Failures: “Usually a permanent failure due to a system component loss of functionality – hardware related What are…?
  19. 19. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Systematic Failures: “Usually due to a design fault, wrong specification,not fit for purpose , error in software program, ... What are…?
  20. 20. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Question? Is Redundancy sufficient protection against SYSTEMATIC FAILURES?
  21. 21. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com RANDOM Failures IEC 61508 – Protect Against: SYSTEMATIC Failures HOW? HOW?
  22. 22. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com RANDOM Failures IEC 61508 – Protect Against: SYSTEMATIC Failures Probabilistic Performance Based Design HOW?
  23. 23. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com PROBABILISTIC BASED DESIGN
  24. 24. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com RANDOM Failures IEC 61508 – Protect Against: SYSTEMATIC Failures Probabilistic Performance Based Design HOW?
  25. 25. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com RANDOM Failures IEC 61508 – Protect Against: SYSTEMATIC Failures Probabilistic Performance Based Design Detailed Engineering Process
  26. 26. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Key Aspects of IEC 61508/61511 Safety Integrity Levels (SIL) – Reliable Hardware with predictable failure rates to protect against Random Failures (Physical) Safety Lifecycle – Safety Management with controlled and systematic processes to protect against Systematic Failures (Design)
  27. 27. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle
  28. 28. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Management and Planning Analysis Phase Realization Phase Operate and Maintain
  29. 29. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Management and Planning
  30. 30. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Industry Competency Program www.cfse.org
  31. 31. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Analysis Phase
  32. 32. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com SRS Always Required? Do I Need A SIS in My Plant?
  33. 33. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com IEC 61511/61508 are Risk Based “Is it worth going for the Cheese?”
  34. 34. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Risk: Consequence x Likelihood. Accounts for both the consequense and the likelihood portion of the risk
  35. 35. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Analyze Process Risk (Inherent Risk) Tolerable Level of Risk Risk Risk Analysis (defined by Customer per application) High Low
  36. 36. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Analyze Process Risk (Inherent Risk) Tolerable Level of Risk Risk Risk Analysis (defined by Customer per application) Define Tolerable Risk High Low
  37. 37. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Tolerable Risk: The level of risk that society will accept – Who is being exposed to risk?  Individuals  Society  Environment – What is the nature of the risk?  Fatality / Injury  Permanent / Temporary Damage  Financial Loss MoralLegal Financial
  38. 38. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? ALARP: As Low As Reasonably Practicable
  39. 39. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Tolerable Risk Sample – Statistics UK Activity Probability per person per year Travel Air 2 x 10 -6 Train 3 x 10 –6 Bus 2 x 10 -4 Car 2 x 10 –4 M otorcycle 2 x 10 -2 O ccupation Chemical Industry 5 x 10 –5 M anufacturing Shipping 9 x 10 –4 Coal M ining 2 x 10 –4 Agriculture Boxing Voluntary Rock climbing 1.4 x 10 –4 –3
  40. 40. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Analyze Process Risk (Inherent Risk) Tolerable Level of Risk Risk Risk Analysis (defined by Customer per application) Analyze Actual RISK High Low
  41. 41. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Design Changes Calculated Process Risk (Inherent Risk) Tolerable Level of Risk Risk Risk Analysis (defined by Customer per application) High Low
  42. 42. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Design Changes Other Risk Reduction Calculated Process Risk (Inherent Risk) Tolerable Level of Risk Risk Risk Analysis (defined by Customer per application) Analyze other Layers of Protection High Low
  43. 43. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Calculated Process Risk (Inherent Risk) Tolerable Level of Risk Risk Bring Risk below Tolerable Risk Analysis (defined by Customer per application) Design Changes Other Risk Reduction High Low
  44. 44. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Calculated Process Risk (Inherent Risk) Tolerable Level of Risk Risk SIL is measure for Risk Reduction Risk Analysis (defined by Customer per application) Design Changes Other Risk Reduction High Low
  45. 45. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Risk Reduction Factor (RRF) and SIL High Risk Low Risk 1/RRF = PFD
  46. 46. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Risk Reduction Factor (RRF) and SIL 1/RRF = PFD
  47. 47. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Risk Reduction Factor (RRF) and SIL
  48. 48. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Safety Requirements Specification • Target SIL • Functional Description of Each SIF • Response Time • Bypass Requirement ... ( IEC 61511-1 clause 10)
  49. 49. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Realization Phase
  50. 50. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com SIF Design The SIL achieved is the minimum of: 1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH) 2. SILAC : Hardware Fault Tolerance 3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
  51. 51. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Probability of Failure on Demand The SIL achieved is the minimum of: 1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH) 2. SILAC : Hardware Fault Tolerance 3. SILCAP:Capability to prevent Systematic Failures (SILCAP) PFDsensor + PFDmux + PFDinput + PFDmp + PFDOutput + PFDrelay + PFDfe + PDFprocess-connection
  52. 52. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com S SD SU SAFE DETECTED SAFE UNDETECTED DANGEROUS UNDETECTED DANGEROUS DETECTED D DD DU 60% 40% Divide each failure rate into specific failure modes IEC 61508-6 Method
  53. 53. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Fail Danger: A failure that prevents the safety function from performing Fail Safe: Anything that is not Fail Danger . NOTE: Definitions refer to single channel architectures.
  54. 54. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com SIF Design The SIL achieved is the minimum of: 1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH) 2. SILAC : Hardware Fault Tolerance 3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
  55. 55. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function Architecture Hardware Fault Tolerance 1oo1 0 1oo1D 0 1oo2 1 2oo2 0 2oo3 1 2oo2D 0 1oo2D 1 1oo3 2
  56. 56. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function Architecture Hardware Fault Tolerance 1oo1 0 1oo1D 0 1oo2 1 2oo2 0 2oo3 1 2oo2D 0 1oo2D 1 1oo3 2
  57. 57. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Safe Failure Fraction: A measurement of the likelihood of getting a dangerous failure that is NOT detected by automatic self diagnositcs . NOTE: Definitions refer to single channel architectures.
  58. 58. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com IEC 61508 Safe Failure Fraction SFF = SD + SU + DD SD + SU + DD + DU = 1 - DU Total
  59. 59. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Example FMEDA 3051S
  60. 60. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Example 3051S Hardware Fault Tolerance: The quantity of failures that can be tolerated while maintaining the safety function Architecture Hardware Fault Tolerance 1oo1 0 1oo1D 0 1oo2 1 2oo2 0 2oo3 1 2oo2D 0 1oo2D 1 1oo3 2
  61. 61. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com SIF Design The SIL achieved is the minimum of: 1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH) 2. SILAC : Hardware Fault Tolerance 3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
  62. 62. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Certified versus Proven in Use Certificate by Independent Assessor Justification by User
  63. 63. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Product Certification Functional safety certification for devices is accomplished per IEC 61508 Products are certified to a Safety Integrity Level (SIL) The result is typically a certificate and a certification report SIL Certification Vendor showed sufficient protection against Random and Systematic Failures
  64. 64. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Example… The SIL achieved is the minimum of: 1. SILPFD: SIL2 2. SILAC : SIL1 3. SILCAP: SIL3 The SIL level for this Safety Instrumented Function (SIF) is: ???
  65. 65. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Example The SIL achieved is the minimum of: 1. SILPFD: SIL2 2. SILAC : SIL1 3. SILCAP: SIL3 The SIL level for this Safety Instrumented Function (SIF) is: SIL1
  66. 66. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Realization Phase
  67. 67. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle Operate and Maintain
  68. 68. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com What is…? Proof Testing: A manually initiated test designed to detect failure of any part of a SF. Different proof test procedures can have different levels of effectiveness. No practical proof test will detect all failures
  69. 69. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com The IEC 61511 Safety Lifecycle
  70. 70. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com “Disabled” Safety is not SAFE! www.securityincidents.org revents Safety Shutdown opriate Control on system used Microsoft Excel on a PC orkstation also had Norton anti-virus are prevented the proper communications stem. A safety shutdown that should have Incident with “Certified” Boiler Anti-Virus Software Prevents Safety Shutdown Source www.securityincidents.org
  71. 71. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com “Disabled” Safety is not SAFE! www.securityincidents.org revents Safety Shutdown opriate Control on system used Microsoft Excel on a PC orkstation also had Norton anti-virus are prevented the proper communications stem. A safety shutdown that should have Explosion of “Certified” Boiler Anti-Virus Software Prevents Safety Shutdown Source www.securityincidents.org Advanced Technology introduces new THREATS?
  72. 72. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com exida Functional Integrity Certification™ Functional Integrity Certification™ Functional Safety Certification ™ + Functional Security Certification ™ “Integrity is doing the right thing, even if nobody is watching.” (Anonymous)
  73. 73. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Safety is Only as Strong as its Weakest Link exida
  74. 74. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com Thank You

×