SlideShare a Scribd company logo

lenner.pptx

Download as PPTX, PDF
S
SreekanthMylavarapu1

sss

Engineering
1 of 20
A VIEW OF APS ACIS FROM A FUNCTIONAL SAFETY ASSESSORS PERSPECTIVE erhtjhtyhy JOE LENNER Safety Systems Engineer Safety Interlocks Group Advanced Photon Source
A LITTLE ABOUT ME  My background – Over 25 years of industrial control experience • Machine design • Control design • Industrial communications systems • Last 11 years – Functional Safety – Safety communication protocols – Safety products – 5 years auditing functional safety systems • Wide variety of products and systems – 6 months with APS • First task was to evaluate original ACIS and the upgraded Linac Extension Area (LEA) ACIS from a IEC Functional Safety standards perspective 2 LEA
STARTING POINTS  Examined the original ACIS designs – Implemented since APS was started (1992) – Designed before the first functional safety standards released on a international level  The focus of the examination is on IEC 61508 – Safety Integrity Level (SIL) identifies the level of risk reduction – Focuses on: • Control of random faults • Control and avoidance of common cause faults • Avoidance of systematic faults – This standard provides a basis for analyzing systems. – The examination used this standard as if I was doing a TUV assessment for certification  Also looking at upgrade of LEA ACIS to newest safety control system – Recent design – Captures a great deal of the IEC 61508 requirements 3
ACIS FROM A STANDARDS PERSPECTIVE  Very strong safety program is in place – Hazards defined and analyzed – Solid safety designs, dual channel architectures dominate – Designs reviewed – Comprehensive testing before putting into operation. • Both hardware and software – Periodic proof/validation testing  There are some areas that would need to be addressed … – The suggestions are very typical of a system designed prior to the functional safety standards coming into broad use – The upgraded LEA ACIS design addresses a great deal of these observations 4
IDENTIFY THE SAFETY FUNCTIONS  Clearly identify the level of risk reduction needed. – Drives architecture selection – Drives component selection  Understanding the level of risk reduction allows for better allocation to different sub-systems  LEA ACIS design specification clearly identifies safety function and design goal – SIL identified 5 Input Sub-system Logic Sub-system Output Sub-system
ADDRESS THE REQUIREMENTS  Requirements tracking should be implemented. – Original ACIS specifications tend to be narrative in nature • Requirements can be hard to identify • Parent/child requirements are even harder to determine. – Track the requirements and tests • Did we test all? – Is our coverage sufficient – Both hardware and software • Did we test certain requirements several times? – Over testing – get the resource back to a productive task! – LEA ACIS tracks safety requirements – original ACIS does not • from design specification • to software implementation • to validation plan 6
EXTENDING THE ANALYSIS OF THE SAFETY FUNCTION  Analysis of the safety function often limited to the control system – Partially comes from the scope of the standard.  In reality the output element that removes the hazard needs to be part of the analysis – At least the analysis needs to consider further integration to allow for reliability margins for upstream and/or down stream elements 7 Input Sub-system Logic Sub-system Output Sub-system Safety Function 35% 15% 50%
SAFETY FUNCTIONS AND RELIABILITY  The risk reduction of a safety function is based on the reliability and the ability to control random faults  Terminology: – PFD – Probability of Failure on Demand – PFH – Probability of Failure per Hour  Functional safety standards define levels of risk reduction based on reliability – Roughly an order of magnitude reduction for each Safety Integrity Level (SIL) in IEC 61508 – SIL 1-4 (from least to greatest reduction), SIL 2 is about equivalent to driving to work in the morning.  The reliability information in 61508 was developed with a large input from industry reliability engineers. 8
FULLY ADDRESS THE RELIABILITY  We need to be consistent by doing the reliably calculations for all safety functions - find the PFD/PFH – Do we get the level of risk reduction needed? – Do we get the reliability we need in the time frame needed? • Keep the components in a predictable failure mode • Schedule maintenance and replacement  Benefits both the safety and the operational performance. – If the system is more reliable there is less pressure to find work arounds  Plan for component life and for component wear. – The equations for SIL estimation can be used to develop maintenance plans 9
TYING IT ALL TOGETHER  APS does very well at providing a safe system – Limiting single points of failure – Multiple paths that lead to a safe state  Since the original design, and implementation of the original ACIS the external standards have been improved. – Track the requirements • Ensure that the safety functions and their child requirements are fully tested • Eliminate over/under testing – Reliability is a fundamental part of the functional safety standards now. • Does not just benefit safety, improves operations by fewer faults in the safety systems during operations!  Account for all the components in the safety function – The component that initiates the function to the component that removes the hazard • The final element may be mechanical, and out side of the control system! 10
QUESTIONS?
BACKUP
EXAMPLE OF SAFETY FUNCTION  Enclosure with entry gate – Gate to provide entry – Fencing provides protection around cell  Hazard – Dangerous motion via some kind of motor in enclosure  Risk assessment – Examination of exposure, ability to avoid hazard and consequence lead to a decision that the risk must be reduced. – SIL 3 is selected as the appropriate level of risk reduction.  Safety function: – If gate is open motion shall be inhibited – SIL 3 is required for active controls
PROPOSED CONTROLS DESIGN  Two channel monitoring of safety gate  Q1 & Q2 are switched off, when – B1 not actuated – B2 actuated From risk analysis: SIL 3 B1 CCF L B2 Q1 Q2 CCF PFHD_Pos = SIL CLPos = PFHD_Logic = SIL CLLogic = PFHD_Con = SIL CLCon = Q1 Q2 B2 See notes view for additional explanation on the following slides
DEVICE INFORMATION Logic Unit: from Manufacturer SIL CL 3, PFHD = 1.2 x 10-8 Position Switch: from Manufacturer SIL CL 3 when used with HFT = 1,  D = 1.4 x 10-8 (C = 1/h) Contactor: EN ISO 13849-1 (Tab. C.1) B10d = 2,000,000 Application specific: 1 demand per hour (opening of safety gate): C = 1/h
DESIGN OF SUBSYSTEMS Position switches with direct opening contacts homogenous redundancy:  D_Pos1 =  D_Pos2 =  D_Pos DC1 = DC2 = DCPos     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( 2 2 2 D D D D D T DC T DC PFH           TD = 1/C = 1h T = 20 years Q1 Q2 CCF Contactors K3 und K4: similar contactors, homogenous redundancy : K3 = K4 = contactor DC1 = DC2 = DCcontactor Subsystem architecture D from IEC 62061 (homogenous redundancy with diagnosis): B1 CCF B2
DESIGN OF SUBSYSTEMS SFF = ? • Proof of the required SFF through – the applied DC = 99 % and/or – the statement of SIL CL. • SIL CL 3 means, that the sensor can be used in application up to SIL 3 when used in an HFT = 1 structure, thus complies to SFF requirements.     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( _ 2 _ 2 _ 2 _ Pos D Pos D D Pos D Pos D T DC T DC PFH           DC = 99 % (fault detection with the logic unit) Common Cause Faults CCF:  = 5 % PFHD = ? B1 CCF B2
DESIGN OF SUBSYSTEMS contactor contactor D contactor S DC SFF    * _ _   Q1 Q2 CCF     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( _ 2 _ 2 _ 2 _ contactor D contactor D D contactor D contactors D T DC T DC PFH           DC = 99 % (Fault detection by monitoring of direct contacts) Common Cause Failures CCF:  = 5 % D = 0.1 x C / B10d B10d = 2,000,000 C = 1 / h D_Contactor = 0.1 x (1/ h) / 2,000,000 = 5 x 10-8 1/h For this calculation S_contactor, D_ contactor and  contactor is necessary. Alternative: Estimation via DC..
DESIGN OF SUBSYSTEMS Subsystem-Elements Fault detection by comparison in PLC Fault detection by monitoring of direct contacts Homogenous redundancy (similar devices)  1=  2 = ; DC1= DC2= DC PFHD = DC = 99 %  SFF = 99 % Common Cause Failures CCF:  = 5 %  SIL CL 3 DC = 99 %  SFF = 99 % CCF:  = 5 %  SIL CL 3 D_ Pos = 1.4 x 10-8 D_Contactor = 5 x 10-8 1/h     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( 2 2 2 D D D D T DC T DC          PFHD = 0.7 x 10-9 TD = 1 / C T = 20 years PFHD = 2.5 x 10-9 C = 1 / h C = 1 / h Q1 Q2 CCF B1 CCF B2
SAFETY FUNCTION OVERALL ANALYSIS B1 CCF L B2 Q1 Q2 CCF • SILCL: 3 • PFHD = 0.7 x 10-9 • SILCL: 3 • PFHD = 1.2 x 10-8 • SILCL: 3 • PFHD = 2.5 x 10-9 = SIL 3 = 1.5 x 10-8 + +  10-7 SIL 3 Safety Function • Two channel monitoring of safety gate • Q1 & Q2 are switched off, when • B1 not actuated • B2 actuated Q1 Q2 B2

Recommended

SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...Gaurav Singh Rajput
 
Why SIL3 (ENG)
Why SIL3 (ENG)Why SIL3 (ENG)
Why SIL3 (ENG)ie-net ingenieursvereniging vzw
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-eVo Quoc Hieu
 
Asco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideAsco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideMiller Energy, Inc.
 
Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptFunctional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptssuserba01d94
 
6- Writing a SRS-Dec-2016
6- Writing a SRS-Dec-20166- Writing a SRS-Dec-2016
6- Writing a SRS-Dec-2016Shivendra Kapoor
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 

Recommended

SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...Gaurav Singh Rajput
 
Why SIL3 (ENG)
Why SIL3 (ENG)Why SIL3 (ENG)
Why SIL3 (ENG)ie-net ingenieursvereniging vzw
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-eVo Quoc Hieu
 
Asco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideAsco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideMiller Energy, Inc.
 
Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptFunctional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptssuserba01d94
 
6- Writing a SRS-Dec-2016
6- Writing a SRS-Dec-20166- Writing a SRS-Dec-2016
6- Writing a SRS-Dec-2016Shivendra Kapoor
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)hazmat4
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Arrelic
 
CI_SCS_Intro
CI_SCS_IntroCI_SCS_Intro
CI_SCS_IntroPeter Darveau P. Eng., LSS, MBA, CCNA Security
 
Safety instrumented systems
Safety instrumented systemsSafety instrumented systems
Safety instrumented systemsMowaten Masry
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentationDavide Enrico Arnoldi
 
t51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdft51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdfhadjijkarim
 
Sil 1 (1)1
Sil 1 (1)1Sil 1 (1)1
Sil 1 (1)1Affan Sadiq MIChemE CEng
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machineryie-net ingenieursvereniging vzw
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationie-net ingenieursvereniging vzw
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationVo Quoc Hieu
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryLloyd's Register Energy
 
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...Parker Hannifin Corporation
 
Functional_Safety_.pptx
Functional_Safety_.pptxFunctional_Safety_.pptx
Functional_Safety_.pptxakashshukla549027
 
Plant Operation System
Plant Operation SystemPlant Operation System
Plant Operation Systempenso-logo-existo
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1dnunez1984
 
Safety of machinery
Safety of machinerySafety of machinery
Safety of machineryVo Quoc Hieu
 
Understanding sil
Understanding silUnderstanding sil
Understanding silrajesh kumar ramaswamy
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaVo Quoc Hieu
 
E2E.pptx
E2E.pptxE2E.pptx
E2E.pptxSreekanthMylavarapu1
 
AuxCnv.ppsx
AuxCnv.ppsxAuxCnv.ppsx
AuxCnv.ppsxSreekanthMylavarapu1
 

More Related Content

Similar to lenner.pptx

Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)hazmat4
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Arrelic
 
Safety instrumented systems
Safety instrumented systemsSafety instrumented systems
Safety instrumented systemsMowaten Masry
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
t51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdft51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdfhadjijkarim
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationVo Quoc Hieu
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryLloyd's Register Energy
 
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...Parker Hannifin Corporation
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1dnunez1984
 
Safety of machinery
Safety of machinerySafety of machinery
Safety of machineryVo Quoc Hieu
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaVo Quoc Hieu
 

Similar to lenner.pptx (20)

Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)Sil for-valves-valve-automation-standards-implications-products- final (002)
Sil for-valves-valve-automation-standards-implications-products- final (002)
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights
 
CI_SCS_Intro
CI_SCS_IntroCI_SCS_Intro
CI_SCS_Intro
 
Safety instrumented systems
Safety instrumented systemsSafety instrumented systems
Safety instrumented systems
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
 
t51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdft51_process-safety-solution-best-meets-your-needs.pdf
t51_process-safety-solution-best-meets-your-needs.pdf
 
Sil 1 (1)1
Sil 1 (1)1Sil 1 (1)1
Sil 1 (1)1
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machinery
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
 
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
 
Functional_Safety_.pptx
Functional_Safety_.pptxFunctional_Safety_.pptx
Functional_Safety_.pptx
 
Plant Operation System
Plant Operation SystemPlant Operation System
Plant Operation System
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1
 
Safety of machinery
Safety of machinerySafety of machinery
Safety of machinery
 
Understanding sil
Understanding silUnderstanding sil
Understanding sil
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
 

More from SreekanthMylavarapu1

Line switch and Charge switch control.ppsx
Line switch and Charge switch control.ppsxLine switch and Charge switch control.ppsx
Line switch and Charge switch control.ppsxSreekanthMylavarapu1
 
polymer presentation _10092012 Rev 2.pptx
polymer presentation _10092012 Rev 2.pptxpolymer presentation _10092012 Rev 2.pptx
polymer presentation _10092012 Rev 2.pptxSreekanthMylavarapu1
 
chemical_process_risk_analysis_using_layer_of_protection_v2.ppt
chemical_process_risk_analysis_using_layer_of_protection_v2.pptchemical_process_risk_analysis_using_layer_of_protection_v2.ppt
chemical_process_risk_analysis_using_layer_of_protection_v2.pptSreekanthMylavarapu1
 
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptx
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptxCGZ52qF5TAueGeExyhhO_PPT_VILT.pptx
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptxSreekanthMylavarapu1
 
117787798-Fire-Protection-Systems.ppt
117787798-Fire-Protection-Systems.ppt117787798-Fire-Protection-Systems.ppt
117787798-Fire-Protection-Systems.pptSreekanthMylavarapu1
 

More from SreekanthMylavarapu1 (16)

E2E.pptx
E2E.pptxE2E.pptx
E2E.pptx
 
AuxCnv.ppsx
AuxCnv.ppsxAuxCnv.ppsx
AuxCnv.ppsx
 
FQC control.ppsx
FQC control.ppsxFQC control.ppsx
FQC control.ppsx
 
Inverter Control.ppsx
Inverter Control.ppsxInverter Control.ppsx
Inverter Control.ppsx
 
Line switch and Charge switch control.ppsx
Line switch and Charge switch control.ppsxLine switch and Charge switch control.ppsx
Line switch and Charge switch control.ppsx
 
TRC.ppsx
TRC.ppsxTRC.ppsx
TRC.ppsx
 
polymer presentation _10092012 Rev 2.pptx
polymer presentation _10092012 Rev 2.pptxpolymer presentation _10092012 Rev 2.pptx
polymer presentation _10092012 Rev 2.pptx
 
Butene-1 Plant_.ppt
Butene-1 Plant_.pptButene-1 Plant_.ppt
Butene-1 Plant_.ppt
 
Fundamental of fire.pptx
Fundamental of fire.pptxFundamental of fire.pptx
Fundamental of fire.pptx
 
116805771-Gas-Turbine.ppt
116805771-Gas-Turbine.ppt116805771-Gas-Turbine.ppt
116805771-Gas-Turbine.ppt
 
chemical_process_risk_analysis_using_layer_of_protection_v2.ppt
chemical_process_risk_analysis_using_layer_of_protection_v2.pptchemical_process_risk_analysis_using_layer_of_protection_v2.ppt
chemical_process_risk_analysis_using_layer_of_protection_v2.ppt
 
293749024-Reliability-Growth.ppt
293749024-Reliability-Growth.ppt293749024-Reliability-Growth.ppt
293749024-Reliability-Growth.ppt
 
letter_writing_models (1).pptx
letter_writing_models (1).pptxletter_writing_models (1).pptx
letter_writing_models (1).pptx
 
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptx
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptxCGZ52qF5TAueGeExyhhO_PPT_VILT.pptx
CGZ52qF5TAueGeExyhhO_PPT_VILT.pptx
 
117787798-Fire-Protection-Systems.ppt
117787798-Fire-Protection-Systems.ppt117787798-Fire-Protection-Systems.ppt
117787798-Fire-Protection-Systems.ppt
 
36809944-Gas-Turbine-Control.ppt
36809944-Gas-Turbine-Control.ppt36809944-Gas-Turbine-Control.ppt
36809944-Gas-Turbine-Control.ppt
 

Recently uploaded

Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 

Recently uploaded (20)

Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 

lenner.pptx

  • 1. A VIEW OF APS ACIS FROM A FUNCTIONAL SAFETY ASSESSORS PERSPECTIVE erhtjhtyhy JOE LENNER Safety Systems Engineer Safety Interlocks Group Advanced Photon Source
  • 2. A LITTLE ABOUT ME  My background – Over 25 years of industrial control experience • Machine design • Control design • Industrial communications systems • Last 11 years – Functional Safety – Safety communication protocols – Safety products – 5 years auditing functional safety systems • Wide variety of products and systems – 6 months with APS • First task was to evaluate original ACIS and the upgraded Linac Extension Area (LEA) ACIS from a IEC Functional Safety standards perspective 2 LEA
  • 3. STARTING POINTS  Examined the original ACIS designs – Implemented since APS was started (1992) – Designed before the first functional safety standards released on a international level  The focus of the examination is on IEC 61508 – Safety Integrity Level (SIL) identifies the level of risk reduction – Focuses on: • Control of random faults • Control and avoidance of common cause faults • Avoidance of systematic faults – This standard provides a basis for analyzing systems. – The examination used this standard as if I was doing a TUV assessment for certification  Also looking at upgrade of LEA ACIS to newest safety control system – Recent design – Captures a great deal of the IEC 61508 requirements 3
  • 4. ACIS FROM A STANDARDS PERSPECTIVE  Very strong safety program is in place – Hazards defined and analyzed – Solid safety designs, dual channel architectures dominate – Designs reviewed – Comprehensive testing before putting into operation. • Both hardware and software – Periodic proof/validation testing  There are some areas that would need to be addressed … – The suggestions are very typical of a system designed prior to the functional safety standards coming into broad use – The upgraded LEA ACIS design addresses a great deal of these observations 4
  • 5. IDENTIFY THE SAFETY FUNCTIONS  Clearly identify the level of risk reduction needed. – Drives architecture selection – Drives component selection  Understanding the level of risk reduction allows for better allocation to different sub-systems  LEA ACIS design specification clearly identifies safety function and design goal – SIL identified 5 Input Sub-system Logic Sub-system Output Sub-system
  • 6. ADDRESS THE REQUIREMENTS  Requirements tracking should be implemented. – Original ACIS specifications tend to be narrative in nature • Requirements can be hard to identify • Parent/child requirements are even harder to determine. – Track the requirements and tests • Did we test all? – Is our coverage sufficient – Both hardware and software • Did we test certain requirements several times? – Over testing – get the resource back to a productive task! – LEA ACIS tracks safety requirements – original ACIS does not • from design specification • to software implementation • to validation plan 6
  • 7. EXTENDING THE ANALYSIS OF THE SAFETY FUNCTION  Analysis of the safety function often limited to the control system – Partially comes from the scope of the standard.  In reality the output element that removes the hazard needs to be part of the analysis – At least the analysis needs to consider further integration to allow for reliability margins for upstream and/or down stream elements 7 Input Sub-system Logic Sub-system Output Sub-system Safety Function 35% 15% 50%
  • 8. SAFETY FUNCTIONS AND RELIABILITY  The risk reduction of a safety function is based on the reliability and the ability to control random faults  Terminology: – PFD – Probability of Failure on Demand – PFH – Probability of Failure per Hour  Functional safety standards define levels of risk reduction based on reliability – Roughly an order of magnitude reduction for each Safety Integrity Level (SIL) in IEC 61508 – SIL 1-4 (from least to greatest reduction), SIL 2 is about equivalent to driving to work in the morning.  The reliability information in 61508 was developed with a large input from industry reliability engineers. 8
  • 9. FULLY ADDRESS THE RELIABILITY  We need to be consistent by doing the reliably calculations for all safety functions - find the PFD/PFH – Do we get the level of risk reduction needed? – Do we get the reliability we need in the time frame needed? • Keep the components in a predictable failure mode • Schedule maintenance and replacement  Benefits both the safety and the operational performance. – If the system is more reliable there is less pressure to find work arounds  Plan for component life and for component wear. – The equations for SIL estimation can be used to develop maintenance plans 9
  • 10. TYING IT ALL TOGETHER  APS does very well at providing a safe system – Limiting single points of failure – Multiple paths that lead to a safe state  Since the original design, and implementation of the original ACIS the external standards have been improved. – Track the requirements • Ensure that the safety functions and their child requirements are fully tested • Eliminate over/under testing – Reliability is a fundamental part of the functional safety standards now. • Does not just benefit safety, improves operations by fewer faults in the safety systems during operations!  Account for all the components in the safety function – The component that initiates the function to the component that removes the hazard • The final element may be mechanical, and out side of the control system! 10
  • 13. EXAMPLE OF SAFETY FUNCTION  Enclosure with entry gate – Gate to provide entry – Fencing provides protection around cell  Hazard – Dangerous motion via some kind of motor in enclosure  Risk assessment – Examination of exposure, ability to avoid hazard and consequence lead to a decision that the risk must be reduced. – SIL 3 is selected as the appropriate level of risk reduction.  Safety function: – If gate is open motion shall be inhibited – SIL 3 is required for active controls
  • 14. PROPOSED CONTROLS DESIGN  Two channel monitoring of safety gate  Q1 & Q2 are switched off, when – B1 not actuated – B2 actuated From risk analysis: SIL 3 B1 CCF L B2 Q1 Q2 CCF PFHD_Pos = SIL CLPos = PFHD_Logic = SIL CLLogic = PFHD_Con = SIL CLCon = Q1 Q2 B2 See notes view for additional explanation on the following slides
  • 15. DEVICE INFORMATION Logic Unit: from Manufacturer SIL CL 3, PFHD = 1.2 x 10-8 Position Switch: from Manufacturer SIL CL 3 when used with HFT = 1,  D = 1.4 x 10-8 (C = 1/h) Contactor: EN ISO 13849-1 (Tab. C.1) B10d = 2,000,000 Application specific: 1 demand per hour (opening of safety gate): C = 1/h
  • 16. DESIGN OF SUBSYSTEMS Position switches with direct opening contacts homogenous redundancy:  D_Pos1 =  D_Pos2 =  D_Pos DC1 = DC2 = DCPos     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( 2 2 2 D D D D D T DC T DC PFH           TD = 1/C = 1h T = 20 years Q1 Q2 CCF Contactors K3 und K4: similar contactors, homogenous redundancy : K3 = K4 = contactor DC1 = DC2 = DCcontactor Subsystem architecture D from IEC 62061 (homogenous redundancy with diagnosis): B1 CCF B2
  • 17. DESIGN OF SUBSYSTEMS SFF = ? • Proof of the required SFF through – the applied DC = 99 % and/or – the statement of SIL CL. • SIL CL 3 means, that the sensor can be used in application up to SIL 3 when used in an HFT = 1 structure, thus complies to SFF requirements.     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( _ 2 _ 2 _ 2 _ Pos D Pos D D Pos D Pos D T DC T DC PFH           DC = 99 % (fault detection with the logic unit) Common Cause Faults CCF:  = 5 % PFHD = ? B1 CCF B2
  • 18. DESIGN OF SUBSYSTEMS contactor contactor D contactor S DC SFF    * _ _   Q1 Q2 CCF     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( _ 2 _ 2 _ 2 _ contactor D contactor D D contactor D contactors D T DC T DC PFH           DC = 99 % (Fault detection by monitoring of direct contacts) Common Cause Failures CCF:  = 5 % D = 0.1 x C / B10d B10d = 2,000,000 C = 1 / h D_Contactor = 0.1 x (1/ h) / 2,000,000 = 5 x 10-8 1/h For this calculation S_contactor, D_ contactor and  contactor is necessary. Alternative: Estimation via DC..
  • 19. DESIGN OF SUBSYSTEMS Subsystem-Elements Fault detection by comparison in PLC Fault detection by monitoring of direct contacts Homogenous redundancy (similar devices)  1=  2 = ; DC1= DC2= DC PFHD = DC = 99 %  SFF = 99 % Common Cause Failures CCF:  = 5 %  SIL CL 3 DC = 99 %  SFF = 99 % CCF:  = 5 %  SIL CL 3 D_ Pos = 1.4 x 10-8 D_Contactor = 5 x 10-8 1/h     2 1 * * 2 * 2 * ) * 2 2 ( * 2 * ) * 2 ( * * ) 1 ( 2 2 2 D D D D T DC T DC          PFHD = 0.7 x 10-9 TD = 1 / C T = 20 years PFHD = 2.5 x 10-9 C = 1 / h C = 1 / h Q1 Q2 CCF B1 CCF B2
  • 20. SAFETY FUNCTION OVERALL ANALYSIS B1 CCF L B2 Q1 Q2 CCF • SILCL: 3 • PFHD = 0.7 x 10-9 • SILCL: 3 • PFHD = 1.2 x 10-8 • SILCL: 3 • PFHD = 2.5 x 10-9 = SIL 3 = 1.5 x 10-8 + +  10-7 SIL 3 Safety Function • Two channel monitoring of safety gate • Q1 & Q2 are switched off, when • B1 not actuated • B2 actuated Q1 Q2 B2

Editor's Notes

  1. The process of developing safety functions starts from the hazard identification/risk assessment. In a step wise fashion the following steps should happen: Identify the hazards Quantify the risk associated with the hazard Safety functions identified for hazard/risk Reduce the risk by applying constructive measures (guards, process change, …) Re-quantify the risk to see if it is reduced sufficiently Apply active controls (safety related control systems) Re-quantify the risk to see if it is reduced sufficiently Apply administrative controls (signage, PPE, …) Re-quantify the risk to see if it is reduced sufficiently This process is repeated for each safety function In this example the safety function is simple, stop motion if gate is open.
  2. 48
  3. 48
  4. 48
  5. 48
  6. 48
  7. 48
  8. 48