Successfully reported this slideshow.
Mike Boudreaux<br />DeltaV SIS Brand Manager<br />
Not all activities in life are safe…<br />
…and we have different levels of risk tolerance<br />
Occupational<br />safety<br />Personal<br />safety<br />Process <br />safety<br />Mechanical<br />Integrity<br />Structura...
Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />...
Bhopal, India, 1984<br />Texas City Refinery, USA, 2004<br />Chernobyl, Russia, 1986<br />Piper Alpha, UK, 1988<br />Why d...
“You can have a very good accident rate for ‘hard hat’ accidents but not for process ones.”<br />
“The fact that you’ve had 20 years without a catastrophic event is no guarantee that there won’t be one tomorrow.”<br />
Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />...
Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />SIS<br />IEC 61508<br />BPCS<br />PHA<br />...
For system designers<br />integrators and users<br />For product designers<br />and manufacturers<br />IEC61513 :<br />Nuc...
Source: http://www.wordle.net/show/wrdl/2276332/IEC_61511<br />
Workstation<br />Controller<br />Control element<br />Transmitter<br />
Logic solver<br />Transmitter<br />Final element<br />
SIF #1<br />SIF #2<br />
PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />TÜV<br />SIS<br />IEC 61508<br />BPCS<br />...
?<br />
Safety Lifecycle Management<br />
The IEC 61511 Safety lifecycle<br />
Safety Lifecycle Management<br />
Functional Safety Management<br />
<ul><li> Organization and responsibilities
 Competency management
 Documentation structure and control
 Configuration management
 Supplier assessment process</li></li></ul><li>Organization and Responsibilities<br />Safety Leadership Team<br />
CompetencyRequirements<br />
Activity / phase objectives<br />Safety Requirements Specification<br />Process Hazards Analysis<br />Safety Management Sy...
Verify<br />
Source: IEC 61511-1, Figure 12 – Software development lifecycle (the V-Model)<br />
Safety Life-cycle Structure and Planning<br />
Safety Lifecycle Planning<br />
Verification Planning<br />
Safety life-cycle structure<br />
?<br />
Analysis Phase<br />
Allocation of safety functions to protection layers<br />Hazard and risk <br />assessment<br />Source: IEC 61511-3, Figure...
Source: IEC 61511-3, Figure 2<br />
SIS<br />BPCS<br />Plant and<br />Emergency <br />Response<br />Emergency response layer<br />Containment, <br />Dike/Vess...
Likelihood<br />Increasing Risk<br />Inherent Risk of Process<br />Non-SIS Mitigating Safeguards<br />Baseline Risk<br />S...
As low as reasonably practicable (ALARP)<br />Intolerable Risk<br />10-3 / man-year (worker)<br />10-4 /year (public)<br /...
Government mandates for tolerable risk levels<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br />1...
Chemical industry benchmarks for tolerable risk<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br /...
Quantitative Risk Assessment<br />
Qualitative Risk Assessment<br />
Qualitative risk analysis – Safety layer matrix<br />
Source: Exida Safety and Critical Control Systems in Process and Machine Automation July 2007 <br />
Safety Requirement Specification<br />
?<br />
Implementation Phase<br />
Implementation Phase<br />
Implementation Phase<br />
Design and Engineering of theSafety Instrumented System<br />Iterate if requirements are not met.<br />
Technology selection<br />Sensors<br />Analog vs. discrete signal<br />Smart vs. conventional transmitter<br />Certified v...
SIS Application?<br />Certified<br />Prior-Use<br />Mfg proves<br />It’s safe<br />PFD<br />PFD<br />User proves<br />It’s...
Technology selection<br />Logic solver<br />Relays vs. PLC vs. Safety PLC<br />HART I/O vs. conventional analog<br />Centr...
Centralized Logic Solver<br /><ul><li>100’s of SIF’s in one box.
Good for large projects.
Single point of failure.</li></ul>Modular Logic Solver<br /><ul><li>Isolates SIF’s
Scalable for large & small projects
Eliminates single point of failure.</li></li></ul><li>Source: ARC Advisory Group<br />
Technology selection<br />Final element<br />Solenoid vs. DVC<br />Automated vs. manual diagnostics<br />Response time con...
SIL 2<br />PFD<br />Proof Test Interval (years)<br />
Architecture selection<br /><ul><li>Hardware fault tolerance (HFT) impacts performance
Safety integrity
Availability
SIL capability</li></li></ul><li>Valve 1<br />Valve 2<br />Valve 1<br />Valve 2<br />Valve<br />HFTs(MooN) = N – M<br />HF...
Proof test philosophy<br />Proof test frequency<br />5 yrs, 1 yr, 6 mos, 3 mos?<br />Online vs. offline proof testing.<br ...
Reliability evaluation<br />Confirm that performance meets specifications<br />Safety integrity (PFD)<br />Availability (M...
λD= 0.02 failures/yr<br />λS = 0.01 failures/yr<br />T = 1 year<br />1oo2<br />2oo3<br />1oo1<br />2oo2<br />
PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
Detailed design & build<br />Instrument design / specifications<br />Wiring drawings<br />Hardware design & build<br />Sof...
Factory Acceptance Testing (FAT)<br />
Installation, Commissioning and Validation<br />
Installation, commissioning, and Validation<br />Validation is the key difference between control and safety systems.<br />
?<br />
Operation Phase<br />
Operation and Maintenance Planning<br />
SFF = 93%<br />
Perform wiring <br />continuity test<br />Use smart features to test electronics and wiring continuity<br />Remove sensor ...
Upcoming SlideShare
Loading in …5
×

Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts

5,572 views

Published on

Published in: Technology

Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts

  1. 1. Mike Boudreaux<br />DeltaV SIS Brand Manager<br />
  2. 2. Not all activities in life are safe…<br />
  3. 3. …and we have different levels of risk tolerance<br />
  4. 4. Occupational<br />safety<br />Personal<br />safety<br />Process <br />safety<br />Mechanical<br />Integrity<br />Structural<br />Design<br />FallPrevention<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Ergonomics<br />Work<br />Schedules<br />Functional<br />Safety<br />Safety<br />Audits<br />Personal<br />Protective<br />Equipment<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Total <br />Recordables<br />Management<br />Of Change<br />
  5. 5. Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Safety<br />Audits<br />Functional<br />Safety<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Management<br />Of Change<br />
  6. 6. Bhopal, India, 1984<br />Texas City Refinery, USA, 2004<br />Chernobyl, Russia, 1986<br />Piper Alpha, UK, 1988<br />Why do accidents happen?<br />
  7. 7.
  8. 8.
  9. 9. “You can have a very good accident rate for ‘hard hat’ accidents but not for process ones.”<br />
  10. 10. “The fact that you’ve had 20 years without a catastrophic event is no guarantee that there won’t be one tomorrow.”<br />
  11. 11. Process safety<br />Mechanical<br />Integrity<br />Inherently<br />Safer<br />Design<br />Policies &<br />Procedures<br />Facility<br />Siting<br />Safety<br />Audits<br />Functional<br />Safety<br />Functional<br />Safety<br />Emergency<br />Response<br />Employee<br />Training<br />Risk<br />Assessment s<br />Management<br />Of Change<br />
  12. 12. Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />SIS<br />IEC 61508<br />BPCS<br />PHA<br />HAZOP<br />SIL<br />LOPA<br />SIF<br />
  13. 13.
  14. 14. For system designers<br />integrators and users<br />For product designers<br />and manufacturers<br />IEC61513 :<br />Nuclear Sector<br />IEC61508: All Industries<br />IEC62061: Machinery Sector<br />IEC61511: Process Industry Sector <br />
  15. 15.
  16. 16. Source: http://www.wordle.net/show/wrdl/2276332/IEC_61511<br />
  17. 17.
  18. 18. Workstation<br />Controller<br />Control element<br />Transmitter<br />
  19. 19. Logic solver<br />Transmitter<br />Final element<br />
  20. 20.
  21. 21. SIF #1<br />SIF #2<br />
  22. 22.
  23. 23.
  24. 24.
  25. 25. PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
  26. 26. Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
  27. 27. Functional safety<br />PFDavg<br />SRS<br />RRF<br />IEC 61511<br />FMEDA<br />TÜV<br />SIS<br />IEC 61508<br />BPCS<br />PHA<br />HAZOP<br />SIL<br />LOPA<br />SIF<br />
  28. 28. ?<br />
  29. 29. Safety Lifecycle Management<br />
  30. 30. The IEC 61511 Safety lifecycle<br />
  31. 31. Safety Lifecycle Management<br />
  32. 32. Functional Safety Management<br />
  33. 33.
  34. 34. <ul><li> Organization and responsibilities
  35. 35. Competency management
  36. 36. Documentation structure and control
  37. 37. Configuration management
  38. 38. Supplier assessment process</li></li></ul><li>Organization and Responsibilities<br />Safety Leadership Team<br />
  39. 39. CompetencyRequirements<br />
  40. 40.
  41. 41. Activity / phase objectives<br />Safety Requirements Specification<br />Process Hazards Analysis<br />Safety Management System<br />
  42. 42. Verify<br />
  43. 43. Source: IEC 61511-1, Figure 12 – Software development lifecycle (the V-Model)<br />
  44. 44.
  45. 45. Safety Life-cycle Structure and Planning<br />
  46. 46. Safety Lifecycle Planning<br />
  47. 47. Verification Planning<br />
  48. 48. Safety life-cycle structure<br />
  49. 49. ?<br />
  50. 50. Analysis Phase<br />
  51. 51.
  52. 52. Allocation of safety functions to protection layers<br />Hazard and risk <br />assessment<br />Source: IEC 61511-3, Figure 4 – Risk and safety integrity concepts<br />
  53. 53. Source: IEC 61511-3, Figure 2<br />
  54. 54. SIS<br />BPCS<br />Plant and<br />Emergency <br />Response<br />Emergency response layer<br />Containment, <br />Dike/Vessel<br />Passive protection layer<br />Mitigate<br />Fire and Gas<br />System<br />Active protection layer<br />Incident<br />Emergency<br />Shutdown<br />System<br />Safety layer<br />Emergency<br /> shutdown<br />Trip level alarm<br />Prevent<br />Process control layer<br />Operator<br />Intervention<br />Operator <br /> intervention<br />Process alarm<br />Process control layer<br />Process<br />Value<br />Normal behavior<br />
  55. 55. Likelihood<br />Increasing Risk<br />Inherent Risk of Process<br />Non-SIS Mitigating Safeguards<br />Baseline Risk<br />SIS Risk Reduction<br />Overall Risk<br />SIL1<br />Non-SIS Preventative Safeguards<br />SIL2<br />ALARP Risk Region<br />Unacceptable Risk Region<br />SIL3<br />Overall Risk<br />Overall Risk<br />Negligible Risk Region<br />Consequence<br />
  56. 56. As low as reasonably practicable (ALARP)<br />Intolerable Risk<br />10-3 / man-year (worker)<br />10-4 /year (public)<br />ALARP or Tolerable Risk Region<br />10-5 / man-year (worker)<br />10-6 /year (public)<br />Negligible Risk<br />
  57. 57. Government mandates for tolerable risk levels<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br />10-9<br />Australia (NSW) -<br />Hong Kong -<br />Netherlands -<br />United Kingdom -<br />The United States does not set tolerable risk levels, or offer guidelines.<br />
  58. 58. Chemical industry benchmarks for tolerable risk<br />10-2<br />10-3<br />10-4<br />10-5<br />10-6<br />10-7<br />10-8<br />10-9<br />Company I -<br />Company II -<br />Company III -<br />Small companies -<br />Large, multinational chemical companies tend to set levels consistent with international mandates<br />Smaller companies tend to operate in wider ranges and implicitly, at higher levels of risk<br />
  59. 59.
  60. 60.
  61. 61. Quantitative Risk Assessment<br />
  62. 62. Qualitative Risk Assessment<br />
  63. 63. Qualitative risk analysis – Safety layer matrix<br />
  64. 64. Source: Exida Safety and Critical Control Systems in Process and Machine Automation July 2007 <br />
  65. 65. Safety Requirement Specification<br />
  66. 66. ?<br />
  67. 67. Implementation Phase<br />
  68. 68. Implementation Phase<br />
  69. 69. Implementation Phase<br />
  70. 70. Design and Engineering of theSafety Instrumented System<br />Iterate if requirements are not met.<br />
  71. 71. Technology selection<br />Sensors<br />Analog vs. discrete signal<br />Smart vs. conventional transmitter<br />Certified vs. proven-in-use<br />
  72. 72.
  73. 73.
  74. 74. SIS Application?<br />Certified<br />Prior-Use<br />Mfg proves<br />It’s safe<br />PFD<br />PFD<br />User proves<br />It’s safe<br />PFD<br />User proves<br />It’s safe<br />
  75. 75. Technology selection<br />Logic solver<br />Relays vs. PLC vs. Safety PLC<br />HART I/O vs. conventional analog<br />Centralized vs. modular<br />Integrated vs. Standalone<br />
  76. 76.
  77. 77.
  78. 78.
  79. 79. Centralized Logic Solver<br /><ul><li>100’s of SIF’s in one box.
  80. 80. Good for large projects.
  81. 81. Single point of failure.</li></ul>Modular Logic Solver<br /><ul><li>Isolates SIF’s
  82. 82. Scalable for large & small projects
  83. 83. Eliminates single point of failure.</li></li></ul><li>Source: ARC Advisory Group<br />
  84. 84. Technology selection<br />Final element<br />Solenoid vs. DVC<br />Automated vs. manual diagnostics<br />Response time considerations<br />
  85. 85.
  86. 86. SIL 2<br />PFD<br />Proof Test Interval (years)<br />
  87. 87. Architecture selection<br /><ul><li>Hardware fault tolerance (HFT) impacts performance
  88. 88. Safety integrity
  89. 89. Availability
  90. 90. SIL capability</li></li></ul><li>Valve 1<br />Valve 2<br />Valve 1<br />Valve 2<br />Valve<br />HFTs(MooN) = N – M<br />HFTa(MooN) = M – 1<br />
  91. 91.
  92. 92.
  93. 93. Proof test philosophy<br />Proof test frequency<br />5 yrs, 1 yr, 6 mos, 3 mos?<br />Online vs. offline proof testing.<br />Turnaround schedule?<br />Total SIF proof test or proof test components on different intervals?<br />
  94. 94. Reliability evaluation<br />Confirm that performance meets specifications<br />Safety integrity (PFD)<br />Availability (MTTFs)<br />Response time<br />
  95. 95.
  96. 96. λD= 0.02 failures/yr<br />λS = 0.01 failures/yr<br />T = 1 year<br />1oo2<br />2oo3<br />1oo1<br />2oo2<br />
  97. 97. PFDSIF1 = PFDPT-101 +PFDlogicsolver+ PFDFV-101<br />Logic solver<br />SIF #1<br />PT-101<br />FV-101<br />
  98. 98. Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand<br />
  99. 99. Detailed design & build<br />Instrument design / specifications<br />Wiring drawings<br />Hardware design & build<br />Software design & implementation<br />BPCS / SIS integration<br />Factory acceptance testing<br />
  100. 100. Factory Acceptance Testing (FAT)<br />
  101. 101. Installation, Commissioning and Validation<br />
  102. 102. Installation, commissioning, and Validation<br />Validation is the key difference between control and safety systems.<br />
  103. 103. ?<br />
  104. 104. Operation Phase<br />
  105. 105.
  106. 106. Operation and Maintenance Planning<br />
  107. 107.
  108. 108.
  109. 109.
  110. 110. SFF = 93%<br />
  111. 111. Perform wiring <br />continuity test<br />Use smart features to test electronics and wiring continuity<br />Remove sensor and test on bench<br />Test sensors in-situ by other means <br />Safely test the SIF using actual process variables<br />Sensor testing options<br />
  112. 112. Example – Rosemount 3051S Proof Test<br />Proof Test 1:<br />Analog output Loop Test<br />Satisfies proof test requirement<br />Coverage > 50% of DU failures<br />Proof Test 2:<br />2 point sensor calibration check<br />Coverage > 95% of DU failures<br />Note – user to determine impulse piping proof test<br />
  113. 113. Valve Testing Options<br />
  114. 114.
  115. 115. SIL 2<br />PFD<br />Proof Test Interval (years)<br />
  116. 116. Source: Instrument Engineers’ Handbook, Table 6.10e – Dangerous Failures, Failure Modes, and Test Strategy<br />
  117. 117. Modification<br />
  118. 118.
  119. 119. ?<br />

×