מצגת שהוצגה על ידי ד"ר אלכס כהן ואיליה גמר המתארת את תהליך ההסמכה של ברזי הבונים ל SIL שבוצע על ידי הזמט בשנת 2021

1. SIL for Valves & Valve automation -
Standards, Implications & Products
1
By: Dr. Alexander (Alex) Cohen, PhD. CFSP - Hazmat LTD
Iliya Gammer – HABONIM’s Quality Assurance Manager
23 June 2021

2. Our Panelists
2
Dr. Alex Cohen
PhD. Certified Functional Safety
Professional (CFSP)
Iliya Gammer
Quality Assurance
Manager, Habonim

3. Functional Safety
as per IEC61508 and IEC61511
Alexander (Alex) Cohen, PhD. CFSP*
Hazmat LTD 2021
*Certified Functional Safety Professional
3

4. Functional Safety
Part of the overall safety relating to the equipment under control (EUC)
and the EUC control system that depends on the correct functioning of
the (electrical/electronic/programmable electronic) safety-related
systems and other risk reduction measures (IEC61508:4 2010)
In other words, functional safety focuses on the ability of a given safety
function to provide the necessary protection when required.
This safety function must be effective, available and reliable as
determined by the safety integrity level (SIL) allocated to it.
IEC61508 Functional safety of electrical/electronic/programmable electronic safety-related systems
IEC61511 Functional safety - Safety instrumented systems for the process industry sector
4

5. Success rate
99.99-99.999%
99.9-99.99%
99-99.9%
90-99%
DEMAND MODE OF OPERATION
Safety integrity
level (SIL)
Target average
probability of failure on demand
4 10-5
to < 10-4
3 10-4
to < 10-3
2 10-3
to < 10-2
1 10-2
to < 10-1
CONTINUOUS MODE OF OPERATION
Safety integrity
level (SIL)
Target frequency of dangerous
Failures to perform the SIF (per hour)
4 10-9
to < 10-8
3 10-8
to < 10-7
2 10-7
to < 10-6
1 10-6
to < 10-5
From IEC 61511
Targets for safety systems
5

6. SIL
ALLOCATION
SIL
DESIGN
SIL
DETERMINATION

7. IEC 61511 suggestion on semi quantitative RA: Risk factor approach
7
SIL ALLOCATION

8. FREQUENCY CODES:
[0] Very remote 1:10,000 years
[1] Not expected 1:1,000 years
[2] Low - once in facility life 1:100 years
[3] Medium - few times in facility life 1:10 years
[4] High - more than once a year
SIL ALLOCATION Risk Evaluation
8

9. Always apply the rules of a valid PL
and
Split safeguards (as per IEC61511):
For SIL1, SIL2 (demand mode) safety functions,
HFT may be 0 For SIL2 (continuous) and SIL3
functions, HFT  1 (e.g. 1oo2, or 2oo3)
For SIL4 functions, HFT  2
*HFT: Hardware fault tolerance
IEC 61511 suggestion on semi quantitative RA:
SIL values are additive, and therefore:
The risk reduction factor RRF provides the
number of SILs to be used …
During the HAZOP RRF must be reduced to
TR (tolerable risk)
SIL ALLOCATION Risk Factors
9

10. Initial SIL target
Existing safeguard with
RRF=1 reduce the
residual risk to SIL=2
New PLs to reduce the
residual risk to ‘tolerable’
HAZOP Entry (demo)
Node 1: Transfer of reactant #1 from the daily tank to
reactor R1234 by air operated diaphragm pump P1234
SIL ALLOCATION
10

11. Flame controller of a burner
flame detector – logic solver – fuel shut off
Steam high temperature trim
temperature transmitter – PLC – shut off valve
SIL DESIGN
11

12. A. Coleman Chem. Eng. Jan, 2011
*BPCS could be done
from “operational”
PLC as well
Two layers flow control
function with a trip
SIL DESIGN
12

13. SIL DESIGN Key elements
• Adequate failure rates of each
element (SIL claim)
• Adequate hardware fault
tolerance (HFT)
• Logic and redundancy
• Diagnostic coverage
• Proof
• Control of systematic failure
13

14. SIL DESIGN Key elements
14
Adequate failure rates of each element (SIL claim)

15. Taken from:
Functional Safety Assessment and Safety Integrity Level (SIL)
determination of: HABONIM, Compact TM Pneumatic Actuators,
Hazmat LTD, January 2021
SIL DESIGN
15

16. For SIL1, SIL2 (demand mode) safety functions, HFT may be 0
For SIL2 (continuous) and SIL3 functions, HFT  1 (e.g., 1oo2, or 2oo3)
For SIL4 functions, HFT  2
*If cannot be programmed by user, HFT may be reduced. See IEC 61511
Key elements
SIL DESIGN
Adequate hardware fault tolerance (HFT)
16

17. Key elements
SIL DESIGN
logic and redundancy
17

18. Diagnostic coverage. Fraction of dangerous failures detected by automatic on-line
diagnostic tests. The fraction of dangerous failures is computed by using the
dangerous failure rates associated with the detected dangerous failures divided by
the total rate of dangerous failures
Proof test. Periodic test performed to detect dangerous hidden failures in a safety-
related system so that, if necessary, a repair can restore the system to an “as new”
condition or as close as practical to this condition.
Note: during proof test the safety system may be partly or completely unavailable
From IEC61508:4 2010
Key elements
SIL DESIGN
Diagnostic coverage (DC) | Proof test
18

19. For example:
Environment (temperature variations, corrosive atmosphere)
Trip condition (may not be similar to working conditions)
Human factors and more …
Key elements
SIL DESIGN
Control of systematic failure

20. HABONIM
SIL Certifications
Process
20

21. Habonim’s Certification process
21
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting Pneumatic
• Mounting Kits
• Internally
Product Range to
be processed

22. Habonim’s Certification process
22
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally
Product Range to
be processed
• Based on engineering
design according to
ANSI B 16.34.
• Internally
Calculation Data I

23. Habonim’s Certification process
23
Product Range to
be processed
• Based on
engineering
design according
to ANSI B 16.34.
• Internally
Calculation
Data I
• Data of historical performance of
Habonim’s products in relation to
the number of failures.
• Internally
Calculation
Data II
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally

24. Habonim’s Certification process
24
Product Range to
be processed
• Based on
engineering
design according
to ANSI B 16.34.
• Internally
Calculation
Data I
• Data of historical
performance of
Habonim’s
products in
relation to the
number of failures.
• Internally
Calculation
Data II
• On each critical part in the system
• Diagnosis and practice by
• Independent third-party notifying
body
FMEA
calculations
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally

25. Habonim’s Certification process
25
Product Range to
be processed
• Based on
engineering
design according
to ANSI B 16.34.
• Internally
Calculation
Data I
• Data of historical
performance of
Habonim’s
products in
relation to the
number of failures.
• Internally
Calculation
Data II
• On each critical
part in the system
• Diagnosis and
practice by
• Independent third-
party notifying
body
FMEA
calculations
• Meet threshold level of
SIL2 and SIL3 (for
some)
• Independent third-
party notifying body
Verification
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally

26. Verification
26

27. Functional Safety Assessment & SIL - determination report
27

28. Functional Safety Assessment & SIL - determination report
28

29. Functional Safety Assessment & SIL - determination report
29

30. Functional Safety Assessment & SIL - determination report
30

31. Habonim’s Certification process
31
Product Range to
be processed
• Based on
engineering
design according
to ANSI B 16.34.
• Internally
Calculation
Data I
• Data of historical
performance of
Habonim’s
products in
relation to the
number of failures.
• Internally
Calculation
Data II
• On each critical
part in the system
• Diagnosis and
practice by
• Independent third-
party notifying
body
FMEA
calculations
• Meet threshold
level of SIL2 and
SIL3 (for some)
• Independent third-
party notifying
body
Verification
• Independent
third-party
notifying body
Certificates
Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally

32. Valves
• Side Entry
• Floating Ball
• 1 piece
• 2 piece
• 3 piece
• Trunnion
Mounted Ball
• 2 piece
• 3 piece
• Top Entry
Actuators
• Spring Pneumatic
• Double Acting
Pneumatic
• Mounting Kits
• Internally
Habonim’s Certification process
32
Product Range to
be processed
• Based on
engineering
design according
to ANSI B 16.34.
• Internally
Calculation
Data I
• Data of historical
performance of
Habonim’s
products in
relation to the
number of failures.
• Internally
Calculation
Data II
• On each critical
part in the system
• Diagnosis and
practice by
• Independent third-
party notifying
body
FMEA
calculations
• Meet threshold
level of SIL2 and
SIL3 (for some)
• Independent third-
party notifying
body
Verification
• Independent
third-party
notifying body
Certificates

33. HABONIM
SIL Certifications
Product Coverage
33

34. SIL Product coverage
34

35. SIL Product coverage
35
Floating
Ball Valve Trunnion
Ball Valve Top Entry
Ball Valve
Pneumatic Actuators

36. SIL
Product coverage
36

37. Sample Case study
37

38. LNG Terminal – CEMEX Poland
38

39. LNG Terminal – CEMEX Poland
39

40. LNG Terminal – CEMEX Poland
40

41. 41

42. Thank You!