Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts

5,794 views

Published on

Published in: Technology

Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts

  1. 1. Mike Boudreaux<br />DeltaV SIS Brand Manager<br />
  2. 2. Not all activities in life are safe…<br />
  3. 3. …and we have different levels of risk tolerance<br />
  4. 4. Occupational<br />safety<br />Personal<br />safety<br />Process <br />safety<br />Mechanical<br />Integrity<br />Structural<br />Design<br />FallPrevention<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Ergonomics<br />Work<br />Schedules<br />Functional<br />Safety<br />Safety<br />Audits<br />Personal<br />Protective<br />Equipment<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Total <br />Recordables<br />Management<br />Of Change<br />
  5. 5. Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Safety<br />Audits<br />Functional<br />Safety<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Management<br />Of Change<br />
  6. 6. Bhopal, India, 1984<br />Texas City Refinery, USA, 2004<br />Chernobyl, Russia, 1986<br />Piper Alpha, UK, 1988<br />Why do accidents happen?<br />
  7. 7.
  8. 8.
  9. 9. “You can have a very good accident rate for ‘hard hat’ accidents but not for process ones.”<br />
  10. 10. “The fact that you’ve had 20 years without a catastrophic event is no guarantee that there won’t be one tomorrow.”<br />
  11. 11. Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Safety<br />Audits<br />Functional<br />Safety<br />Functional<br />Safety<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Management<br />Of Change<br />
  12. 12. Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />SIS<br />IEC 61508<br />BPCS<br />PHA<br />HAZOP<br />SIL<br />LOPA<br />SIF<br />
  13. 13.
  14. 14. For system designers<br />integrators and users<br />For product designers<br />and manufacturers<br />IEC61513 :<br />Nuclear Sector<br />IEC61508: All Industries<br />IEC62061: Machinery Sector<br />IEC61511: Process Industry Sector <br />
  15. 15.
  16. 16. Source: http://www.wordle.net/show/wrdl/2276332/IEC_61511<br />
  17. 17.
  18. 18. Workstation<br />Controller<br />Control element<br />Transmitter<br />
  19. 19. Logic solver<br />Transmitter<br />Final element<br />
  20. 20.
  21. 21. SIF #1<br />SIF #2<br />
  22. 22.
  23. 23.
  24. 24.
  25. 25. PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
  26. 26. Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
  27. 27. Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />TÜV<br />SIS<br />IEC 61508<br />BPCS<br />PHA<br />HAZOP<br />SIL<br />LOPA<br />SIF<br />
  28. 28. ?<br />
  29. 29. Safety Lifecycle Management<br />
  30. 30. The IEC 61511 Safety lifecycle<br />
  31. 31. Safety Lifecycle Management<br />
  32. 32. Functional Safety Management<br />
  33. 33.
  34. 34. <ul><li> Organization and responsibilities
  35. 35. Competency management
  36. 36. Documentation structure and control
  37. 37. Configuration management
  38. 38. Supplier assessment process</li></li></ul><li>Organization and Responsibilities<br />Safety Leadership Team<br />
  39. 39. CompetencyRequirements<br />
  40. 40.
  41. 41. Activity / phase objectives<br />Safety Requirements Specification<br />Process Hazards Analysis<br />Safety Management System<br />
  42. 42. Verify<br />
  43. 43. Source: IEC 61511-1, Figure 12 – Software development lifecycle (the V-Model)<br />
  44. 44.
  45. 45. Safety Life-cycle Structure and Planning<br />
  46. 46. Safety Lifecycle Planning<br />
  47. 47. Verification Planning<br />
  48. 48. Safety life-cycle structure<br />
  49. 49. ?<br />
  50. 50. Analysis Phase<br />
  51. 51.
  52. 52. Allocation of safety functions to protection layers<br />Hazard and risk <br />assessment<br />Source: IEC 61511-3, Figure 4 – Risk and safety integrity concepts<br />
  53. 53. Source: IEC 61511-3, Figure 2<br />
  54. 54. SIS<br />BPCS<br />Plant and<br />Emergency <br />Response<br />Emergency response layer<br />Containment, <br />Dike/Vessel<br />Passive protection layer<br />Mitigate<br />Fire and Gas<br />System<br />Active protection layer<br />Incident<br />Emergency<br />Shutdown<br />System<br />Safety layer<br />Emergency<br /> shutdown<br />Trip level alarm<br />Prevent<br />Process control layer<br />Operator<br />Intervention<br />Operator <br /> intervention<br />Process alarm<br />Process control layer<br />Process<br />Value<br />Normal behavior<br />
  55. 55. Likelihood<br />Increasing Risk<br />Inherent Risk of Process<br />Non-SIS Mitigating Safeguards<br />Baseline Risk<br />SIS Risk Reduction<br />Overall Risk<br />SIL1<br />Non-SIS Preventative Safeguards<br />SIL2<br />ALARP Risk Region<br />Unacceptable Risk Region<br />SIL3<br />Overall Risk<br />Overall Risk<br />Negligible Risk Region<br />Consequence<br />
  56. 56. As low as reasonably practicable (ALARP)<br />Intolerable Risk<br />10-3 / man-year (worker)<br />10-4 /year (public)<br />ALARP or Tolerable Risk Region<br />10-5 / man-year (worker)<br />10-6 /year (public)<br />Negligible Risk<br />
  57. 57. Government mandates for tolerable risk levels<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br />10-9<br />Australia (NSW) -<br />Hong Kong -<br />Netherlands -<br />United Kingdom -<br />The United States does not set tolerable risk levels, or offer guidelines.<br />
  58. 58. Chemical industry benchmarks for tolerable risk<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br />10-9<br />Company I -<br />Company II -<br />Company III -<br />Small companies -<br />Large, multinational chemical companies tend to set levels consistent with international mandates<br />Smaller companies tend to operate in wider ranges and implicitly, at higher levels of risk<br />
  59. 59.
  60. 60.
  61. 61. Quantitative Risk Assessment<br />
  62. 62. Qualitative Risk Assessment<br />
  63. 63. Qualitative risk analysis – Safety layer matrix<br />
  64. 64. Source: Exida Safety and Critical Control Systems in Process and Machine Automation July 2007 <br />
  65. 65. Safety Requirement Specification<br />
  66. 66. ?<br />
  67. 67. Implementation Phase<br />
  68. 68. Implementation Phase<br />
  69. 69. Implementation Phase<br />
  70. 70. Design and Engineering of theSafety Instrumented System<br />Iterate if requirements are not met.<br />
  71. 71. Technology selection<br />Sensors<br />Analog vs. discrete signal<br />Smart vs. conventional transmitter<br />Certified vs. proven-in-use<br />
  72. 72.
  73. 73.
  74. 74. SIS Application?<br />Certified<br />Prior-Use<br />Mfg proves<br />It’s safe<br />PFD<br />PFD<br />User proves<br />It’s safe<br />PFD<br />User proves<br />It’s safe<br />
  75. 75. Technology selection<br />Logic solver<br />Relays vs. PLC vs. Safety PLC<br />HART I/O vs. conventional analog<br />Centralized vs. modular<br />Integrated vs. Standalone<br />
  76. 76.
  77. 77.
  78. 78.
  79. 79. Centralized Logic Solver<br /><ul><li>100’s of SIF’s in one box.
  80. 80. Good for large projects.
  81. 81. Single point of failure.</li></ul>Modular Logic Solver<br /><ul><li>Isolates SIF’s
  82. 82. Scalable for large & small projects
  83. 83. Eliminates single point of failure.</li></li></ul><li>Source: ARC Advisory Group<br />
  84. 84. Technology selection<br />Final element<br />Solenoid vs. DVC<br />Automated vs. manual diagnostics<br />Response time considerations<br />
  85. 85.
  86. 86. SIL 2<br />PFD<br />Proof Test Interval (years)<br />
  87. 87. Architecture selection<br /><ul><li>Hardware fault tolerance (HFT) impacts performance
  88. 88. Safety integrity
  89. 89. Availability
  90. 90. SIL capability</li></li></ul><li>Valve 1<br />Valve 2<br />Valve 1<br />Valve 2<br />Valve<br />HFTs(MooN) = N – M<br />HFTa(MooN) = M – 1<br />
  91. 91.
  92. 92.
  93. 93. Proof test philosophy<br />Proof test frequency<br />5 yrs, 1 yr, 6 mos, 3 mos?<br />Online vs. offline proof testing.<br />Turnaround schedule?<br />Total SIF proof test or proof test components on different intervals?<br />
  94. 94. Reliability evaluation<br />Confirm that performance meets specifications<br />Safety integrity (PFD)<br />Availability (MTTFs)<br />Response time<br />
  95. 95.
  96. 96. λD= 0.02 failures/yr<br />λS = 0.01 failures/yr<br />T = 1 year<br />1oo2<br />2oo3<br />1oo1<br />2oo2<br />
  97. 97. PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
  98. 98. Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
  99. 99. Detailed design & build<br />Instrument design / specifications<br />Wiring drawings<br />Hardware design & build<br />Software design & implementation<br />BPCS / SIS integration<br />Factory acceptance testing<br />
  100. 100. Factory Acceptance Testing (FAT)<br />
  101. 101. Installation, Commissioning and Validation<br />
  102. 102. Installation, commissioning, and Validation<br />Validation is the key difference between control and safety systems.<br />
  103. 103. ?<br />
  104. 104. Operation Phase<br />
  105. 105.
  106. 106. Operation and Maintenance Planning<br />
  107. 107.
  108. 108.
  109. 109.
  110. 110. SFF = 93%<br />
  111. 111. Perform wiring <br />continuity test<br />Use smart features to test electronics and wiring continuity<br />Remove sensor and test on bench<br />Test sensors in-situ by other means <br />Safely test the SIF using actual process variables<br />Sensor testing options<br />
  112. 112. Example – Rosemount 3051S Proof Test<br />Proof Test 1:<br />Analog output Loop Test<br />Satisfies proof test requirement<br />Coverage > 50% of DU failures<br />Proof Test 2:<br />2 point sensor calibration check<br />Coverage > 95% of DU failures<br />Note – user to determine impulse piping proof test<br />
  113. 113. Valve Testing Options<br />
  114. 114.
  115. 115. SIL 2<br />PFD<br />Proof Test Interval (years)<br />
  116. 116. Source: Instrument Engineers’ Handbook, Table 6.10e – Dangerous Failures, Failure Modes, and Test Strategy<br />
  117. 117. Modification<br />
  118. 118.
  119. 119. ?<br />

×