VUT Funkční bezpečnost elektrických přístrojů souvisejících s bezpečností
VUT Funkční bezpečnost Část celkové bezpečnosti týkající se EUC a systému řízení EUC závislá na správném fungování E/E/EP systémů souvisejících s bezpečností, systémech souvisejících s bezpečností založených na jiných technických principech a vnějších prostředcích pro snížení rizika ČSN EN
VUT
4 Mechanical Safety Action (if available) Plant Shut-down Wild Process parameter High Control level High Alarm level Time If Operator takes action Certain Process parameter value Low Control level Normal behavior DCS Functionality Process.
VUT Mechanical Safety Action (if available) Plant Shut-down Wild Process parameter High Control level High Alarm level ESD controlled Trip level Time If Operator takes action Certain Process parameter value Safety Instrumented System Functionality Low Control level Normal behavior DCS Functionality Safety System.
VUT Have You Been Asked This? “How can you demonstrate that you are safe?” ‘Regulator’
VUT Safety Issues for End User / Operators How do you demonstrate that your operations are ‘safe’? How do you demonstrate that your equipment is ‘safe’? How do you demonstrate that your safety and protective systems protect against your hazards? You can answer these questions by demonstrating compliance with Industry Safety Standards IEC Functional safety of electrical/electronic/programmable electronic safety-related systems
VUT What is IEC61508? An international standard relating to the Functional Safety of electrical / electronic / programmable electronic safety related systems –Mainly concerned with E/E/PE safety-related systems whose failure could have an impact on the safety of persons and/or the environment –Could also be used to specify any E/E/PE system used for the protection of equipment or product It is an industry best practice standard to enable you to reduce the risk of a hazardous event to a tolerable level
VUT Technologies Concerned EElectrical electro-mechanical / relays / interlocks E Electronic solid state electronics PES Programmable Electronic Systems Programmable Logic Controllers (PLC’s); Microprocessor based systems Distributed Control Systems Other computer based devices (“smart” sensors / transmitters / actuators)
VUT Features Generic Standard Guidance on the use of E/E/PES Comprehensive approach involving concepts of Safety Lifecycle and includes all elements of the protective system Risk-based approach leading to determination of Safety Integrity Levels (S.I.Ls) Considers the entire Safety Critical Loop
VUT Generic and Application Sector Standards IEC61508 IEC61511 : Process Sector Medical Sector IEC61513 : Nuclear Sector IEC62061 : Machinery Sector
VUT IEC61511 Functional Safety Safety instrumented systems for the Process industry sector
VUT IEC “FUNCTIONAL SAFETY: SAFETY INSTRUMENTED SYSTEMS FOR THE PROCESS INDUSTRY SECTOR”
VUT Industries Applies to a wide variety of industries across the process sector Including: Chemicals Oil refining Oil and gas production Pulp and paper Non-nuclear power generation Pharmaceuticals / Fine Chemicals
VUT Scope Process (chemicals, oil & gas, paper, non- nuclear power generation) End-to-end safety instrumented system (SIS) - h/w, s/w, mgt. and human factors Full safety lifecycle - specification, design, integration, operation, maintenance Intended for integrators / users –not for equipment designers / vendors
VUT Structure IEC – Structure Part 1 – “Framework, definitions, system, hardware and software requirements”. Part 2 – “Guidelines for the application of IEC ”. Part 3 – “Guidance for the determination of safety integrity levels”. Normative Informative
VUT IEC TITLE - “Functional Safety – Safety Instrumented Systems for the Process Industry sector” This international Standard gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system, so that it can be confidently entrusted to place and/or maintain the process in a safe state. This standard has been developed as a process sector implementation of IEC
VUT Relationship IEC & IEC 61508
VUT Relationship IEC & IEC 61508
VUT Similarities (IEC IEC 61511) Whole safety lifecycle –Concept, Hazard & Risk Analysis and Design –through operation & maintenance to eventual decommissioning Safety requirements specification Safety integrity levels (SIL 1 to 4) End-to-end system –(Sensor via Logic to Actuator) Hardware reliability analysis (PFD) Management of functional safety Architectural constraints (fault tolerance)
VUT Key Differences IEC (IEC 61508) Terminology –Process (EUC) –Basic Process Control System (EUC Control system) –Safety Instrumented System (E/E/PE S-R-S) –Safety Instrumented Function (Safety function) Presentation –less rigorous than IEC –more guidance (especially in Parts 2 & 3)
VUT Overall Installation & Commissioning 11 2 External Risk Reduction Facilities Overall Scope Definition Realisation 1 Concept 3Hazard Risk Analysis 4Overall Safety Requirements Safety Related Systems: E / E / PES 12 Realisation Overall Planning Safety Related Systems: Other Technology Realisation 10 Overall Installation & Commissioning Planning Overall Validation Planning Overall Operation & Maintenance Planning Safety Requirements Allocation5 Back to appropriate Overall Safety Lifecycle Phase Decommissioning 13Overall Safety Validation Overall Operation & Maintenance14 Overall Modification & Retrofit Overall Safety Lifecycle in IEC 61508
VUT IEC ownership of phases PRE-DESIGN (Phases 1 to 5) OPERATION (Phases 14 to 16) DESIGN AND INSTALLATION (Phases 6 to 13) End user / operator Engineering Contractors / Equipment Supplier
VUT Pre-Design : Phases : Concept 2 : Overall Scope Definition 3 : Hazard Risk Analysis 4 : Overall Safety Requirements 5 : Safety Requirements Allocation Can you demonstrate that you have identified all your hazards? Can you demonstrate that you are using adequate and correct methods of hazard protection?
VUT Design & Implementation : Phases Overall Planning 6 : Overall Operations and Maintenance Planning 7: Overall Validation Planning 8: Overall Installation & Commissioning Planning 9 : Safety Related Systems : E/E/PES 12 : Overall Installation & Commissioning 13 : Overall Safety Validation 10 : Safety Related Systems : Other Technology 11 : External Risk Reduction Facilities How do you ensure competencies for all these activities? Can you demonstrate that you pass the necessary information into these activities? Can you demonstrate that all necessary information has been passed to you from these activities?
VUT Operation : Phases : Overall Operations and Maintenance 15 : Overall Modification and Retrofit 16 : Decommissioning Can you demonstrate that you maintain / test / analyse your protective systems correctly? Can you demonstrate that you are in control of your modification process?
VUT Supply Chain IEC IEC Requirement Specification Commissioning and Use End User System Designer – Integrator Sub-system Designer Component Manufacturer
VUT Risk
VUT What is Risk? The probable rate of occurrence of a hazard causing harm AND the degree of severity of the harm – Qualitatively - Words – Quantitatively - Figures
VUT Risk cannot be justified except in extraordinary circumstances Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement gained Necessary to maintain assurance that risk remains at this level Unacceptable region Broadly acceptable region Negligible risk (No need for detailed working to demonstrate ALARP) The ALARP or Tolerability region As the risk is reduced the less, proportionately, it is necessary to spend to reduce it further. The concept of diminishing proportion is shown by the triangle. (Risk is undertaken only if a benefit is desired) Levels of Risk and ALARP (As Low As Reasonably Practicable)
VUT
VUT Risk reduction: General concepts Increasing risk Risk to meet Level of Safety Plant Under Control risk Necessary minimum risk reduction Actual risk reduction Risk reduction achieved by all protective systems & External Risk Reduction Facilities Actual risk remaining Partial risk covered by E/E/PES protective systems Partial risk covered by Other Technology safety-related systems Partial risk covered by External Risk Reduction Facilities
VUT SENSORACTUATORPROGRAMMABLE ELECTRONICS Equipment (plant) Under Control (EUC) PE SRS Extent of Safety Related System
VUT What is a Safety Related System (SRS) ? Any system that implements safety functions necessary to achieve a safe state for the “Equipment Under Control”, or to maintain it in a safe state. Examples
VUT Hazard Identification and Risk Analysis A typical Methodology for Hazard Identification and Risk Analysis (by the end user) Hazard studies and HAZOPs Evaluate possible consequences Establish tolerable frequencies vs ALARP Build event chain Estimate demand rates Define protection required Specify required SIL
VUT “ Failure categories” in IEC A = Random Hardware Failures OR B = Systematic Failures specification; systematic hardware; software; maintenance; all failures that are not random A B
VUT Safety Integrity Level SIL
VUT Risk and Determination of Safety Integrity Levels Basic Design Unacceptable No Protection SIL 4 SIL 3 SIL 2 SIL 1 Increasing Severity Increasing Likelihood
VUT Risk Reduction Requirements Safety Integrity Level Risk Reduction – 1, ,000 – 10, ,000 – 100,000
VUT Reliability, Failure Rate and Availability at each level SIL 1 SIL 2 SIL 3 SIL 4 ReliabilityProbability of failure on demand Trip Unavailable (per year) 90% - 99%0.1 to to 87.6hrs 99% %0.01 to to 8.76hrs 99.9% % to hrs to 52.6 mins 99.99% % to mins to 5.3 mins
VUT Protective System Technology Standard components, single channel or twin non-diverse channels SIL 1 Standard components, 1 out of 2 or 2 out of 3, possible need for some diversity. Allowance for common-cause failures needed SIL 2 Multiple channel with diversity on sensing and actuation. Common-cause failures a major consideration. Should rarely be required in Process Industry SIL 3 Specialist design. Should never be required in the Process Industry SIL 4
VUT Determined to achieve the correct SIL level...
VUT Various methods available: Qualitative risk graph Calibrated risk graph (methodology only – not definitive) Layer Of Protection Analysis (LOPA) Hazardous event severity Matrix Quantified Risk Analysis (QRA) Which one to use? Develop your own? SIL assessment
VUT Calculation of PFD AVG 35% of PFD Avg SE 15% of PFD Avg LS 50% of PFD Avg FE Distribution of the Failure Measures 35 %Sensors + 15 %Logic solver + 50 % Final elements
VUT % 15% 50% PFD-figures for a HIMA system, example
VUT RC/AK according DIN V VDE SIL according IEC Risk Graph acc. DIN V VDE 19250
VUT Concept of layers of protection acc. IEC LOPA
VUT Hazardous event severity Matrix
VUT Funkční bezpečnost Část celkové bezpečnosti týkající se EUC a systému řízení EUC závislá na správném fungování E/E/EP systémů souvisejících s bezpečností, systémech souvisejících s bezpečností založených na jiných technických principech a vnějších prostředcích pro snížení rizika