Plaats hier uw logo

Application of IEC 61508 and IEC 61511 in the Norwegian

Petroleum Industry

Lars BodsbergResearch Director

SINTEF, Trondheim, Norway

lars.bodsberg@sintef.nohttp://www.sintef.no/

30 November 2005Delft, the Netherlands

Plaats hier uw logo

This is SINTEFThe Foundation for Scientific and Industrial Research

at the Norwegian Institute of Technology

The vision:Technology for a better society

Business concept:SINTEF sell research-based knowledge and related services to Norwegian and international clients.

Social perspective:SINTEF wishes to contribute to the creation of value and to a society in healthy sustainable development.

Locations:SINTEF has 1700 employees, mainly 350 situated in Oslo and 1350 in Trondheim.

Plaats hier uw logo

© Norsk Hydro

Plaats hier uw logo

Widespread use in the Norwegian Petroleum Industry

• The International standard IEC 61508: Functional safety of electrical/-electronic/programmable electronic (E/E/PE) safety-related systems“(7 parts)– Generic standard

• The International standard IEC 61511: Functional safety – Safetyinstrumented systems for the process industry sector (3 parts)– Sector specific standard

The Petroleum Safety Authority Norway recommends the use of IEC 61508 and 61511

Plaats hier uw logo

Development of Safety System Requirements

Isolate and depressurize vessel

9999 out of 10000times

EUC Hazard

Risk

EUCrisk

Overpressure

Tolerablerisk

Safety requirements&

Safety Integrity Level

E/E/PES

OtherSafety-relatedsystems

Externalfacilities

Not part ofIEC 61508

Allocation

R

Design, etc

Req.

h/w s/w

Plaats hier uw logo

IEC 61508 Implications on Risk and Reliability Analyses

• The IEC 61508 standard sets out a risk-based approach for deciding the Safety Integrity Level (SIL) for systems performingsafety functions– On-going R&D to improve Quantitative Risk Analyses (QRA) in

Norway.

• The IEC 61508 standard requires evaluation of reliability performance of the safety instrumented systems– The PDS method – Reliability Assessment of Safety Instrumented

Systems

Safety Integrity: “Probability of performing required safety functions”

Plaats hier uw logo

QRA

FGD/ESD SYSTEMPSD SYSTEMPC SYSTEM

Normalequipmentcondition

Stableprocess

Accidentexternal to

process

Processupset

(transient)

Leak(Process

equipmentfailure)

Fire orexplosion Pollution

Failure ofcontrol or

safety system

Mechanicaldegradation

Mistake bypersonnel

Function

Implementation(Example) CONTROL

S PSL GD

FD

FDMM

Loss ofproduction

Personnelinjury

Facilitydamage

PSV FSV

NORMALOPERATIONALSITUATION

HAZARD ACCIDENT CONSEQUENCE

Equipment Processfunction

Platform Extent of shut-down action

Production

Detectableconditon

SHUTDOWNCMMS

CM:Condition Monitoring, S:Process sensor, PSV:Pressure relief, PSL:Pressure switch low, FSV:Check valve, GD:Gas detector, FD:Fire Detector, M:Manual

SELF-ACTING

Plaats hier uw logo

IEC 61508 Implications on Risk Analyses

• Traditional offshore quantitative risk analyses (QRA):– Starts with assuming that a HC leak has happened– Frequency of HC leaks from historical data -

causes of HC leak not modelled– Safety systems often not explicitly modelled

• Risk analyses needs adaptation and development

Plaats hier uw logo

Guideline for use of IEC 61508 and IEC 61511

• Joint industry project between operators and the various suppliers of services and equipment (PDS forum)

• The Norwegian Oil Industry Association (OLF) provided financial support

• Guideline published at: www.itk.ntnu.no/sil

Plaats hier uw logo

Guideline Objective• Adapt and simplify the application of the IEC 61508 and IEC

61511• Guidance on

– Design – Operation and maintenance – Modification– Mangement activities to ensure that functional safety requirements

are met.• Provide minimum SIL levels• Provide approach for reliability quantification of safety integrity

Guideline for the use of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry

Plaats hier uw logo

PDSPDS is the Norwegian acronym for

"Reliability and availability of computer based safety systems"

• SINTEF has developed a method for quantifying the reliability/availability of instrumented safety system, called the PDS method

• The method is continuously updated

• Regular meetings in the PDS Forum.

The PDS Forum's vision is to become the

Norwegian centre of force for development of

safety systems within the petroleum industry.

http://pds.sintef.no/

Plaats hier uw logo

PDS Forum ParticipantsOil companies:• BP Amoco Norge AS • TotalFinaElf Exploration Norge AS • Norsk Hydro ASA • Shell • Statoil • ConocoPhillips• Eni Norge

Consultants / Engineeringcompanies:

• Aker Kvaerner Engineering & Technology Oil

• Det Norske Veritas • NEMKO• Safetec Nordic AS • Scandpower Risk Management

AS

Vendor companies: • ABB • FMC Kongsberg Subsea• Honeywell• Invensys Triconex• Kongsberg Simrad• SAAS System AS • Siemens • Simrad Optronics ASA

Governmental bodies:• The Petroleum Safety Authority

Norway (Observer)• The Directorate for Civil Protection

and Emergency Planning (Observer)

Plaats hier uw logo

www.sydvest.com

Plaats hier uw logo

ReliabilitySafety Maintenancez

t

OREDA® = Offshore Reliability Data

http://www.sintef.no/static/tl/projects/oreda/

Plaats hier uw logo

Balance betweenProduction and Protection

Reason (1998)

Protection

Production

Plaats hier uw logo

Safety vs. Life Cycle Cost

Acceptance criteria

0.006

0.005

0.004

0.003

0.002

0.001

100 200 300 400 500

LCC in 1 000 Norwegian kroner

Probability of failure on demand

Primary Investment

Operation and maintenance cost

Unavailability cost of trip

2oo2 voting

1oo1 voting

2oo3 voting1oo2 voting

Plaats hier uw logo

Summary

• IEC 61508 gives a good framework– Risk based approach is difficult

• The Norwegian Offshore Guideline– Simplifies the use of IEC 61508– Give a common safety level– Preserve good design