FUNCTIONAL SAFETY EVALUATION of SIS and APPLICATIONS

Transcription

1 TÜV Rheinland International Symposium in China Functional Safety in Industrial Applications October 18 19, 2011 in Shanghai China FUNCTIONAL SAFETY EVALUATION of SIS and APPLICATIONS 1

2 FUNCTIONAL SAFETY EVALUATION of SIS and APPLICATION 1 Introduction 2 The extend and application situation abroad 3 Promoting and application situation in China 4 functional safety research in SIPAI 5 functional safety Assessment 6 Application Practice 7 Summary 2

3 Introduction Automation technology trends : digitizing, intelligenizing, and networking large-scale, high safety, high openness, high flexibility a trend ---- Tightness in three parts. 1)Instrumentation and application become tighter, which help to provide customized solution for different object. 2) Instrumentation and operation management system become tighter, which can optimize industry chain to form a management and control integration system; 3) Instrumentation and improving economic benefits become tighter. Companies achieve economic benefits by using process optimizing software and advanced control arithmetic 3

4 Safety is the eternal theme of industrial production the main risk in industrial field: fire, explosion environmental pollution, poisoning, ambustion, electric shock, noise, suffocation, toppling from the heights and so on mechanical harm How to ensure safety when equipment get into failure? ----functional safety can protect equipment from risk 4

5 Risk reduction----multi-layer protection How to reduce the risk? Community Emergency Response Plant Emergency Response Physical Protection (Dikes) Physical Protection (Relief Devices) Safety Instrumented System Alarms, Operator Intervention Basic Process Control Process 5

6 SIS are widely used in safety system to achieve functional safety. to the risk which caused by unintended failure of SIS itself How can we evaluate the probability of risk which caused by SIS? - make the assessment of functional safety of SIS. 6

7 The extend and application situation abroad Some countries in Europe and North America have already brought functional safety technology into regulation. World famous companies (such as Shell, Dow, Mobil, Singapore Petroleum ) have gained achievement by using standards; 2000, Petronas required new project to use IEC 61508/61511 standards, and assess in service equipments; 2001, Shell published related mandatory application regulations inside company; Some famous company like BASF, Linda set SIS assessment as premise of equipment start-up. 7

8 Promoting and application situation in China Since 1999, Tracking IEC standard, and map out series functional safety related recommended occupation standards and national standards. And the technology has already extended and applied in petrification engineering project by popularization and extension. 2004, the government started up dangerous chemistry producing, using, storage, transporting company safety certification regulation. Define the assessment regulations which based upon life cycle (Establish assessment, acceptance assessment, Status quo assessment), SIS has became one of important safety assessment methods in hazardous and harmful factors in process industry. 8

9 Promoting and application situation in China(cont.) 2009 June, State Administration of Safety Work established the safety control Strategy for first 15 key supervision danger chemical industry technologies (such as phosgene and phosgenation technology, hydrogenation technology, polymerization technology), ---defined the functional safety requirements (no SIL requirements), this is the milestone of China government in mandatory promoting SIS application and supervision.(2010 year-end finished rectification) After the publication of GB/T20438:2006, GB/T :2007, GB/T<Petrochemical Industry Safety Instrument System Design Specification>will be published in And then elevator, medical apparatus and instruments, nuclear power plants are also formulating related GB standards. 9

10 Problems Accidents occur a lot. Research indicates that, loss of safety instrument systems or defects are the main causes of invocating process industry accidents. The fundamental reason is : lack of consciousness, not allinclusive in knowledge, no manual for operation, lay particular stress on analyze and implementation, ignore verification and validation, blindness, voluntary, and ignore in service management. For example, in a city, 26 of the investigated 100 devices do not have SIS or interlock protection.. 10

11 Functional Safety Research in SIPAI Instrumentation (SIPAI). National Quality Supervision and Inspection Center for Products of Process Automation Instrumentation. Reliability Technology center of Instrumentation of the Machinery Industry. We have 30 years experience in reliability researching, with the basis of project, accumulate 6 years functional safety technology, Published (functional safety Basis) and other monographs. Convene work shop with SIEMENS for many times. 2007, become the only technology institute with functional safety assessment capability in China. 11

12 Functional Safety Research in SIPAI(cont.) Formed necessary SIL assessment reliability database, certificated products SIL database. With the capability of products/ system SIL calculation, FSM assessment, in service SIS checking capability. Certification products: pressure transmitter, valve, safety barrier, isolator, actuator, vibration transmitter etc.. 12

13 Functional Safety Assessment 1) The objective of functional safety assessment investigate and decide which level of functional safety can E/E/PE safety related system meet. 2) Standard and specification of functional safety assessment. IEC 61508; and standards in related area such as IEC ) The objective of functional safety assessment All staffs, life cycle activities, information related to equipment and equipment itself. 4) Method for functional safety Assessment Products developed according to IEC and proven in use. 13

14 Functional Safety Assessment (cont.) 5) The content of functional safety assessment: 1 functional safety management. To ensure the effectiveness of necessary functional safety management activities. 2 Determine the SIL. Whether SIS or safety instrument meet the required SIL (Hardware and Software) 3Special environment compliance testing. Performance and environment compliance (Climate, EMC and so on ) 6) functional safety assessment point and frequency 7) functional safety assessment plan 14

15 Safety Instrument Assessment (example) For pressure transmitter, functional safety assessment should get involved at the beginning of development the step as follows: Step 1 : Check the functional safety management of manufactory, Ensure required SIL according to system management. ----Determine management and technical activities in every phase of life cycle. ----Determine responsibility of people, department, organization for different activities of every phases during the life cycle ----Establish required functional safety management system documentation.. 15

16 Safety Instrument Assessment (cont.) Sep 2: calculation of random hardware failure rate and SFF and check of method in use. --The hardware safety integrity level depends on PFH or PFD and SFF -- Reliability prediction and FMEDA method for electric adaptation & amplify part When a type B subsystem, 1oo1 structure, SIL2 required SFF is 90%. First time analyzed, the SFF was only 61%, Result feedback to company,improve the design. Again analyses, FMEDA result of Improved design : λ SU λ SD λ DU λ DD SFF 82.2 FITs FITs 152.2FITs 90.75% 16

17 Safety Instrument Assessment (cont.) ----For sensor part, collected field data and FMEDA method when a type A subsystem, for 1oo1 structure, SIL2 required SFF is 60%. The whole running time is hours. totally 16 times failure occurred. FMEDA of sensor part λ SU λ SD λ DU λ DD SFF 49.4FITs FITs 172.8FITs 69.22% 17

18 Safety Instrument Assessment (cont.) Failure classification of pressure transmitter λ SU λ SD λ DU λ DD SFF FITs FITs 325 FITs 78.8% Probability failure in demand - PFDavg T1= 6Months T1 = 1Year T1 = 2 Year Conclusion For random hardware failure, according to IEC table 2, when T1 2 years(17520h), The pressure transmitter under 1oo1 structure could meet SIL2 requirements. 18

19 Safety Instrument Assessment (cont.) Step 3: SIL assessment for software part --As we all know, the failure of software is system failure, so, during the software safety life cycle, technology and method should be used to avoid system failure. --We followed the examine of activities during different phases of software safety life cycle --check and test of method mentioned for embedded software during the software safety life cycle, meet the SIL2 requirements. Step 4: Do the test according to testing schedule --supply performance test report and type test report (including environment test, EMC test, Electrical safety test, enclosure protection test and so on) Step 5: Issue assessment report and certification 19

20 SIL Assessment for SIS SIS hardware SIL assessment as follows: 1 According to instrument safety function and safety instrument structure determined by SRS 2 According to SIS s MTTR, proof test interval, operation mode, diagnose test interval determined by SRS 3 Determine constitute and configuration of SIS 4 Give out reliability block diagram of SIS 5 Collect safety instrument function functional safety data of SIS 6 According to reliability block diagram and structure constrain, determine the permitted highest SIL level of this structure constrain. 7 Calculate the PFD of every subsystem, plus them and get the system PFD. 8 According to structure constrain and PFDavg, SIF s SIL level, determine whether fulfill the requirements of SRS. 20

21 The example SIF is: when acetylene gas holder pressure 3051CGa,3051CGb,3051CGc are higher than HH value, 2003 vote, trigger interlock. At the same time, close shut-off valve 3271A, 3271B of air suction gas holder. Required SIL of SIF is SIL CGa MTL HE00-0AB BF01-0AB0 MTL A CPU 3051CGb MTL HE00-0AB0 AS417-4H 3051CGc MTL HE00-0AB BF01-0AB0 MTL B Figure 1:Safety instrument system 21

22 The example 1) Get the safety instrument data Name Pressure transmitter Safety barrier with analog input Safety barrier with switching output Input module Model 3051CG MTL5042 MTL HE00-0AB0 Description λdu=37fit,sff=93.1% λdu=16fit,sff=92.5% λdu=0fit,sff=100% SIL3, PFDavg= ,T1=10year Output module CPU Global valve 326-2BF01-0AB0 F-capable CPU 3271 SIL3, PFDavg= ,T1 =10 year SIL3, PFDavg= ,T1 = 10 year SIL3, λdu=519.6fit 22

23 The example 2) Reliability block diagram:brief 3)Calculated on the basis of condition 1 MTTR: pressure transmitter is 8 hours, valve is 48 hours. 2 Proof test interval T1: 1year 3 β=10% 4 Operate mode is low demand model. 4)Structural Constraint and calculation result Sensor SIL3 PFDavg = Logic element SIL 3 PFDavg = Final element SIL 3 PFDavg = The SIF s PFDavsys for this SIS is , Safety integrate level:sil3 23

24 Summary Digitization, networking, intelligence automated technology can afford industrial detection, controlling, optimizing, dispatching, management, decision-making, to achieve high efficiency production. How to meet the requirements of safety control become more and more important for society. DCS control system and SIS s integrity application is an important method in reducing risk in process industry, they can meet the requirements of high safety. Data shows that, almost all industry accidents are related to safety instrument system; A SIS could be the nagual of industry safety only if it can satisfy all requirements of functions, technologies and management during the whole life cycle. 24

25 Summary (Cont.) China has a expert team related to SIS analysis, realizations and applications. They are capable to assess SIS functional safety assess, and to support the extensions and applications. China has combined safety assessment regulations which based upon life cycle safety, to perform mandatory supervision with SIS in petrification and other highly dangerous industry. SIS surely have broadness marketing. Based on more knowledge popularization, technology extension, regulation perfection, institution improving, capability promoting, SIS could perform more actions on process industry safety, even in scientific development and safe development of China economic. 25