pk6022 sis terms

1

NTNU, September 2007RAMS

SISandSIStechnology

MaryAnnLundteigen(mary.a.lundteigen@ntnu.no)

Updated Sept 2011

2

NTNU, September 2007

ValvePressure transmitters

Logic solver(PLC)

Control room

Safetyinstrumentedsystem(SIS)

3

NTNU, September 2007

Safetyinstrumentedsystem(SIS)

ASISisasafetysystemthatincludesatleastone electrical,electronic,orprogrammableelectronic(E/E/PE)component.

ASISisusedtoperformoneormoresafetyinstrumentedfunctions.

ASISisoftensplitintothreesubsystems:Sensors/inputs,logicsolvers,andfinalelements/actuatingdevices.

AlsocalledE/E/PEsafety‐relatedsystem

4

NTNU, September 2007

ValvePressure transmitters

Logic solver(PLC)

Control room

Safetyinstrumented function(SIF)

5

NTNU, September 2007

Safetyinstrumentedfunction(SIF)

ASIFisasafetyfunctionthatisperformedbytheSIS.

ASIFisusedtoreduceriskbelowthestatedacceptancecriteria.

6

NTNU, September 2007

Equipmentundercontrol(EUC)

Equipmentundercontrol(EUC):Equipment,machinery,apparatusorplantusedformanufacturing,process,transportation,medicalorotheractivities.

Inourcontext:• AnEUCisassociatedwithsomehazardsorthreats.• EUCintheprocessindustrymaybeaprocesssection

InNorwegianPetroleumindustry(throughtheOLF070),wedistinguishbetween:• Thoseprotectedbyglobalsafetyfunctions• Thoseprotectedbylocalsafetyfunctions

7

NTNU, September 2007

Functionalsafety

Functionalsafety:partoftheoverallsafetyrelatingtotheEUCandtheEUCcontrolsystemthatdependsonthecorrectfunctioningoftheE/E/PEsafety‐relatedsystemsandotherriskreductionmeasures(IEC61508).

• RelatestotheabilitytoprotectvulnerableobjectsfromdamageinrelationtoanEUC.

• ReliesontheabilityofaSIS(andothersafetybarriers)tobringtheEUCtoasafestate,undernormalsituationsand foreseeablefaultsituations.

8

NTNU, September 2007

Example– functionalsafety

EUC:ThecarTobeprotected:Thedriver,thepassengers

9

NTNU, September 2007

Equipmentundercontrol(EUC)

10

NTNU, September 2007

Equipmentundercontrol(EUC)

11

NTNU, September 2007

EUC riskandriskreduction

12

NTNU, September 2007

Riskreductionpractices– processindustryLayersofprotection:Theselinesorlayersservetoeitherpreventaninitiatingevent(suchaslossofcoolingoroverchargingofamaterialtoareactor,forexample)fromdevelopingintoanincident(typicallyareleaseofadangeroussubstance),ortomitigatetheconsequencesofanincidentonceitoccurs

Layers of protection

Seee.g.,http://www.hse.gov.uk/research/misc/vectra300‐2017‐r02.pdf

13

NTNU, September 2007

Riskreductionpractices– processindustry

Layersofprotection– keyrequirements(IEC61511‐3):Specificity:AnIPLisdesignedsolelytopreventortomitigatetheconsequencesofonepotentiallyhazardousevent(forexample,arunawayreaction,releaseoftoxicmaterial,alossofcontainment,orafire).Multiplecausesmayleadtothesamehazardousevent;and,therefore,multipleeventscenariosmayinitiateactionofoneIPL;Independence:AnIPLisindependentoftheotherprotectionlayersassociatedwiththeidentifieddanger.

Dependability:Itcanbecountedontodowhatitwasdesignedtodo.Bothrandomandsystematicfailuresmodesareaddressedinthedesign.

Auditability:Itisdesignedtofacilitateregularvalidationoftheprotectivefunctions.Prooftestingandmaintenanceofthesafetysystemisnecessary.

Riskreductionofminimum10(oravailabilitygreaterthan0.9)

14

NTNU, September 2007

Riskreductionpractices

Defenseindepth(nuclearindustry):Defenseindepthconsistsinahierarchicaldeploymentofdifferentlevelsofequipmentandproceduresinordertomaintaintheeffectivenessofphysicalbarriersplacedbetweenradioactive materialsandworkers,thepublicortheenvironment,innormaloperation,anticipatedoperationaloccurrencesand,forsomebarriers,inaccidentsattheplant.(http://www‐pub.iaea.org/MTCD/publications/PDF/Pub1013e_web.pdf )

Keystrategies:• Conservativedesign• Controlofoperation• Engineeredsafetyfeatures• (Some)additionalfeatures:

• Proceduresforhandlingmultiplefailures

• Accidentpreventionstrategies

• Emergencypreparedness• Diversity

Analysisof defense indepth:http://pbadupws.nrc.gov/docs/ML0718/ML071860536.pdf

15

NTNU, September 2007

Defense indepth ‐ levels

http://www‐pub.iaea.org/MTCD/publications/PDF/Pub1013e_web.pdf

16

NTNU, September 2007

Riskreductionpractices

Riskreductionprincipleswithmachinerysystems

17

NTNU, September 2007

Riskreductionpractices

Riskreductionprincipleswithmachinerysystems

18

NTNU, September 2007

Modeofoperation(IEC61508)

Low demand mode:where the safety function is only performed on demand, in order totransfer the EUC into a specified safe state, and where the frequency of demands is no greater than one per year

High demand mode:where the safety function is only performed on demand, in order totransfer the EUC into a specified safe state, and where the frequency of demands is greater than one per year

Continuous mode: where the safety function retains the EUC in a safe state as part of normal operation

3

19

NTNU, September 2007

Modeofoperation(IEC61511)

(On) demand mode:where a specified action (for example, closing of a valve) is taken in response to process conditions or other demands. In the event of a dangerous failure of the safety instrumented function a potential hazard only occurs in the event of a failure in the process or the BPCS

Continuous (or high demand) mode:where in the event of a dangerous failure of the safety instrumented function a potential hazard will occur without further failure unless action is taken to prevent it.

Low demand if:1 demand per

year1 2 3 4 5

3

20

NTNU, September 2007

Modeofoperation– whyimportant?

On demand: The failure is likely to have been corrected before the demand. The probability that an accident occurs in the presence of a SIS failure is PFD.

SIS failed

Test Test Test Test Test

demand

SIS ok

Test Test Test Test Test

demands

SIS ok

SIS failed

High/continuous demand: Less likely that the failure is revealed and corrected before the next demand, and the accident frequency is more or less the SIS failure frequency

21

NTNU, September 2007

Modeofoperation

System Low D HighDEmergencyshutdown(ESD/NAS) xFire andgasdetection(F&G/B&G) xProcessshutdown(PSD/PAS) x* x*HighIntegrityPressureProtectionSystem(HIPPS) xSignallingsystemforrailway xAutomaticsafeloadindicator (crane) xAirbagsystem(car) xAnti‐lockbrakingsystem(ABS) xIsolationofwell(Workover intervention) x* x*

*Mode may differ for different installations