Download - 6.1.11 Webinar Presentation
-
8/14/2019 6.1.11 Webinar Presentation
1/45
idae Copyright Exida Consulting LLC [email protected] / 267-261-1500
1
Applying IEC 61511 to
Industrial Turbines
Chris OBrien
-
8/14/2019 6.1.11 Webinar Presentation
2/45
idae
Chris OBrien
2Copyright exida 2011
Chris O'Brien is a Partner with Exida Consulting. He has
over 20 years experience in the design, manufacturing and
marketing of process automation, reserve power systems,
and safety related equipment. He focuses on supportingnew and existing customers with their implementation of
the IEC 61508 and IEC 61511 functional safety standards
as well as reliability analysis for mechanical devices.
He was formerly Vice President of the Power Systems
Business Unit of C&D Technologies, a business that
specialized in the design and implementation of high
reliability back up power systems. Prior to that, he was
with Moore Products/Siemens Energy and Automation
where he held several positions including General
Manager of the Instrumentation Division.
Chris is the author of Final Elements and the IEC 61508and IEC 61511 Functional Safety Standards and has been
awarded 5 patents, including a patent of the industry's first
safety rated pressure transmitter. He has a Bachelors of
Mechanical Engineering from Villanova University.
-
8/14/2019 6.1.11 Webinar Presentation
3/45
idae
Topics1. The Application of IEC 61511 to
Industrial Turbines2. Demonstrating compliance with
regulations
3. Strategies for effective implementationof IEC 61511
4. Questions
3Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
4/45
idae
Application of IEC 61511 to
Turbine Applications
There has been some discussion as to
whether turbines should be treated undermachinery or process safety standards
For hazards such as crushing or burning machinery
safeguarding standards should be applied For hazards such as explosion or overspeed
process safety standards (IEC 61511) should be
applied
4Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
5/45
idae
API 670 Machinery Protection
SystemsA new revision of API 670 is in development and is expected to be
released in late 2011 or early 2012. Key provisions of the new
standard include:
API 670 will reference the IEC standards for functional safety (IEC
61508, IEC 61511, and IEC 62061)
Tolerable Risk is a function of operating company and local
legislation.
SIL Targeting is a function of tolerable risk, equipment, and site
specific considerations.
API 670 has a major focus on testing and diagnostics (automatic
diagnostics for everything from the sensor through the trip block,proof testing on the final element). Speed of response is part of
the test requirements.
5Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
6/45
idae 6Copyright Exida Consulting LLC [email protected] / 267-261-1500
Forces Influencing SIL Adoption
Turbine
ProtectionSystems
National Standards
andRegulation
Application
Standards
Customer
Expectations
Competitive
Offering
-
8/14/2019 6.1.11 Webinar Presentation
7/45
idae 7Copyright Exida Consulting LLC [email protected] / 267-261-1500
Industrial SIL DriversIndustrial
North
America
South
AmericaEurope Asia ROW
National Regulations ++ + +++ + +
Application Standards ++ + +++ + +
CustomerExpectations
+++ + +++ ++ ++
Competitive Offering +++ + +++ ++ ++
- Not Required
+ Occasional Requirement
++ Typical Requirement
+++ Extensive Requirement
-
8/14/2019 6.1.11 Webinar Presentation
8/45
idae 8Copyright Exida Consulting LLC [email protected] / 267-261-1500
Power Market SIL DriversPower Market
North
America
South
AmericaEurope Asia ROW
National Regulations + - ++(+) - +
Application Standards + - ++(+) - +
CustomerExpectations
+ + +++ + +
Competitive Offering ++ + +++ + +
- Not Required
+ Occasional Requirement
++ Typical Requirement
+++ Extensive Requirement
-
8/14/2019 6.1.11 Webinar Presentation
9/45
idae 9Copyright Exida Consulting LLC [email protected] / 267-261-1500
Power Market SIL DriversPower Market
North
America
South
AmericaEurope Asia ROW
National Regulations + - ++(+) - +
Application Standards + - ++(+) - +
CustomerExpectations
+ + +++ + +
Competitive Offering ++ + +++ + +
- Not Required
+ Occasional Requirement
++ Typical Requirement
+++ Extensive Requirement
-
8/14/2019 6.1.11 Webinar Presentation
10/45
idae
Demonstrating Compliance
10Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
11/45
idae 11Copyright Exida Consulting LLC [email protected] / 267-261-1500
Why is There a Need for a Standard? To provide a safer working environment
for people, that is to save lives. To protect investments in plant and
equipment and insure continuous
operations, that is to save money.
To demonstrate compliance with
regulatory requirements, that is to avoidfines.
-
8/14/2019 6.1.11 Webinar Presentation
12/45
idae
How Could A Standard Help? Documents industry best practice
Provides consistency across organizations
OEMs
Integrators
End Users
EPCs
Less likely to miss a key step if you are
following a step by step method
Common, or known mistakes are explicitly
addressed
12Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
13/45
idae
Functional Safety Lifecycle
Hazard
Identification
Risk
Analysis
& SIL
Selection
Safety
Requirements
SIL
VerificationSIL
Sustain
What can gowrong ?
(PHA/HAZOP)
How bad can
it be ?
(LOPA)
What needs to
be done ?
How to keep it
safe ?
How reliable
is it ?
-
8/14/2019 6.1.11 Webinar Presentation
14/45
idae Copyrightexida.com14
Safety Lifecycle IEC 61511
Management
of Functional
Safety
and
Functional
Safety
Assessment
Clause 5
Safety
Lifecycle
Structure
and
Planning
Clause 6.2
Al locate Safety Function to Protection
Layers [Clause 9]
Verification
Clause 7
&
Clause 12.7
Analysis
Realisation
Operatio
n
SIS Safety Requirements Specification
[Clauses 10 & 12]
Process Hazard & Risk Analysis
[Clause 8]
SIS Design and Engineering
[Clauses 11 & 12]
SIS Installation & Commissioning
[Clause 14]
SIS Operation & Maintenance
[Clause 16]
SIS Safety Validation
[Clause 15]
SIS Modification
[Clause 17]
SIS Decommissioning
[Clause 18]
FEED
Concept
SIS FAT
[Clause 13]
Design &
Build
Test
Install
Manage
Validate
Proof
Test
-
8/14/2019 6.1.11 Webinar Presentation
15/45
idae 15Copyright Exida Consulting LLC [email protected] / 267-261-1500
Safety Integri tyLevel
SIL 4
SIL 3
SIL 2
SIL 1
Safety Integrity Level
Used THREE ways:
To establish risk reductionrequirements
To set probabilistic limits
for hardware randomfailure
To establish engineering
procedures to preventsystematic design errors
-
8/14/2019 6.1.11 Webinar Presentation
16/45
idae
Implications of IEC 61511 Use of an appropriate SIL determination methodology
Use of a high-integrity automated safety system as the
means of protecting against a hazard
Intentionally separating both physically and electrically
the safety system from basic process control
Completion of periodic proof testing in accordance withprocedures established during the protection systems
design
Documented proof that regularly scheduled protection
system reviews were conducted per applicableregulatory and standards requirements
16Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
17/45
idae 17Copyright Exida Consulting LLC [email protected] / 267-261-1500
Compliance RequirementsSIL Capabili ty
Probability of FailureArchitectural Constraints
Compliance
-
8/14/2019 6.1.11 Webinar Presentation
18/45
idae 18Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
Meeting RequirementsSIL Capabilit y
Probability of FailureArchi tect ural Const raints
Strength Methodology
SIL Capabil ityStrength againstsystematic failure
Certification or Provenin Use Analysis
Probability of FailureStrength against
random failurePFD Calculation
Architecture
Constraints
Strength against
undetected failures
SFF
Redundancy
-
8/14/2019 6.1.11 Webinar Presentation
19/45
idae
IEC 61511Type
Certification
19
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
20/45
idae
Effective Implementation Benchmark Study
Gap Resolution Plan Develop Project Functional Safety
Management Plan
System Design
Implementation
Operation and Maintenance
20
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
21/45
idae
Benchmark Study Focus Safety Management
Safety Lifecycle
Risk Assessment
SIL Selection
Safety Requirements
Specification Safety Instrumented
System Design
Safety Integrity LevelVerification
SIS Software Design
SIS Software Verification
SIS Factory Acceptance
Test SIS Installation and
Commissioning
SIS Validation SIS Operation and
Maintenance
SIS Modification and
Decommissioning
SIS Documentation
21
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
22/45
idae
Sample Benchmark Study
22
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
23/45
idae
Typical Gaps No Structured Process
No Agreed Upon Tolerable Risk
Poor Communication Across Organizations
Missing or Incomplete Documentation
Non SIL Rated Equipment Not Including All Components
Unrealistic Modeling Assumptions
Incorrectly Modeled Shared Equipment
23
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
24/45
idae
Establish
a Process
24
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
SafetyLifecycleActivityGeneral
SafetyManagementSafetyLifecycleActivity
Assessment Documentation Assessment Documentation Assessment Documentation Assessment Documentation
RiskAssessment Exida OEM TBD OEM Exida OEM Exida EPCSILSelection Exida OEM TBD OEM Exida OEM Exida EPC
SafetyRequirementSpecification(SRS) Exida OEM TBD OEM Exida OEM Exida EPC
SISDesign Exida OEM TBD OEM Exida OEM Exida EPCSILVerification Exida OEM TBD OEM Exida OEM Exida EPC
SISSoftwareSRS Exida OEM TBD OEM Exida OEM Exida EPCSISSoftwareVerification Exida OEM TBD OEM Exida OEM Exida EPC
SISFactoryAssessmentTest(FAT) Exida OEM TBD OEM Exida OEM Exida EPC
InstallationandCommissioning Exida OEM TBD OEM Exida OEM Exida EPCValidation/SiteAcceptanceTest
(SAT) Exida OEM TBD OEM Exida OEM Exida EPC
UnitFunctional SafetyAssessment Exida OEM TBD OEM Exida OEM Exida EPCOperationandMaintenance Planning/SISDocumentation
SAT/SITVerificationSiteFunctional SafetyAssessment
Comercial DeliveryofPlantOperations andMaintenance
Modification
Decommissioning
PlantOwner
PlantOwner
PlantPlantOwner
Exida PlantLevel
Exida PlantLevel
OEM
PlantOwner
PlantPlantOwner
PlantPlantOwner
PlantPlant
Owner
Components
GasTurbine SteamTurnine HRSG BOP
-
8/14/2019 6.1.11 Webinar Presentation
25/45
idae
SIS Project V-Model
25Copyright exida.com LLC 2001-2011
SoftwareConfiguration
HardwareBuild
ConceptualDesign
SafetyRequirementsSpecification
HardwareDetailed
Design
SoftwareDetailedDesign
SiteAcceptance
Testing
SoftwareInternalTesting
HardwareInternal
Testing
FactoryAcceptance
Testing
InternalIntegrated
Testing
VALIDATION
V
V
V
V
V
V
VV
V
-
8/14/2019 6.1.11 Webinar Presentation
26/45
idae Copyrightexida.com26
Functional Safety Documents Functional Safety Management Plan
Detail top level requirements, i.e. description of competency, independence
Address all phases of the safety lifecycle
Clear description of handoffs betweens phases and groups Appendixes to contain information that is needed throughout a project
Definitions
SIL levels
Group Procedure
Process description for relevant phase
Inputs required
Outputs delivered
Project Plan
Tracking document for each project Who, what, when, where, how
Sign-offs
-
8/14/2019 6.1.11 Webinar Presentation
27/45
idae 27
FSM Plan
FSM Required?
Analysis
Design
Operation
and Maintenance
FSM Required?
Analysis
HAZOP
SRS
Group Procedures Project Plan
-
8/14/2019 6.1.11 Webinar Presentation
28/45
idae 28Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
Non SIL Rated Equipment
IEC 61508 Applies to Automatic Protection
Systems (M)/E/E/PE
In every case, the standard appl ies to the entire E/E/PE safety-related system(for example from sensor, through control logic and communication systems, to
final actuator, including any crit ical actions of a human operator). For safety
funct ions to be effectively specified and implemented, it is essential to consider
the system as a whole.
Provides measures of protection against
random hardware failures and systematic
design failures
Per IEC 61511 all equipment must be
assessed per IEC 61508 or justified
based on proven in use
-
8/14/2019 6.1.11 Webinar Presentation
29/45
idae
Proven in Use Requirements
29Copyright Exida Consulting LLC [email protected] / 267-261-1500
Places the burden on
the equipment user
Difficult to collectstatistically meaningful
data
Requires formalfunctional safety
assessment for SIL 3
applications user
performing IEC 61508
assessment on
equipment
-
8/14/2019 6.1.11 Webinar Presentation
30/45
idae
Not Including All Components
30
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
31/45
idae
Overview of SIL 3 Turbine Solutions
31
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
Marketed
SIL RatingSensors PLC Trip Block/Final Element
MFG 1 SIL 3 Up to 2oo3 SIL 3 Certified Not Addressed
MFG 2 SIL 3 Up to 2oo3 SIL 3 Certified Not Addressed
MFG 3 SIL 3 Up to 2oo3 SIL 3 Certified Not Addressed
MFG 4 SIL 3 Redundant 1oo2 Not specified2oo3 Trip Block, FE not
addressed
MFG 5 SIL 3 Up to 2oo3 Not specified
2oo3 Trip Block, Showing 2oo3
FE, but 1 valve is the control
valve
MFG 6 SIL 3 Up to 2oo3 SIL 3 Certified2oo3 Trip Block, FE not
addressed
MFG 7 SIL 3 Up to 2oo3 SIL 3 Certified Not Addressed
-
8/14/2019 6.1.11 Webinar Presentation
32/45
idae
Unrealistic Modeling Assumptions
Modeling higher coverage than
achievable:
100% for valves
Neglecting to account for mission time
Neglecting to account for Beta (commoncause)
32
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
33/45
idae
Optimistic Proof Test Coverage
33
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
34/45
idae
Summary of Calculation Errors
34
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
Proof Test Coverage 100% 70%
DU 1250 FITS 1250 FITSMission Time 20 years 20 years
PFDAVG 5.44E-03 3.57E-02
Risk Reduction Factor 184 28
-
8/14/2019 6.1.11 Webinar Presentation
35/45
idae
Methods for Modeling Shared Components Method 1: Take no credit for valve redundancy
Models SIS as SISIND (1oo1 architecture)
Result is very conservative and may lead to costly redesign
Method 2: Assume shared component provides full redundancy Models SIS as SISSHARED (1oo2 architecture)
Result can be dangerously optimistic
Method 3: Assume shared component provides partial redundancy
Models SIS performance as weighted average of performances of 1oo1 and
1oo2 architectures In considering initiating event frequency, double counts failure of shared
component
Result is realistic but conservative
Method 4: Assume shared component provides partial redundancy
Same as Method 3 except:
In considering initiating event frequency, counts failure of shared component
only once
Result is realistic but less conservative than Method 3
Slide 35
-
8/14/2019 6.1.11 Webinar Presentation
36/45
idae
Steam Turbine Instrumentation
Slide 36
Steam turbine shown instrumented with control loop and safety loop. The safety loop can
de-energize both the shutdown valve and control valve.
-
8/14/2019 6.1.11 Webinar Presentation
37/45
idae
SISIND
and SISSHARED
Boundaries
Slide 37
Identification of components
that are only util ized by the
safety loop (SISIND
) and the
components that are shared
with the control loop
(SISSHARED).
SISIND functions like 1oo1
architecture
SISSHARED functions
like 1oo2 architecture
-
8/14/2019 6.1.11 Webinar Presentation
38/45
idae
Method 3: System Event Tree
Slide 38
Initiating Event SIS PFDAVG
Intermediate Event
Frequency Outcome Frequency
Total IE Frequency SIS PFDAVG(1oo2)
1.0E-01 * 7.69E-03 = 7.69E-04 = 1.475E-03
year year year
Branch 1
+
BPCS A/CV Failure SIS PFDAVG(1oo1)
2.0E-02 * 3.53E-02 = 7.06E-04
year year Branch 2
-
8/14/2019 6.1.11 Webinar Presentation
39/45
idae
RRF Results from Various
Methods
Slide 39
0
100
200
0.01 0.02 0.03 0.04
Risk
Reduction
Factor
SharedComponentFailureRate(failures/year)
Method1
Method2
Method3
Method4
-
8/14/2019 6.1.11 Webinar Presentation
40/45
idae
System Design
Select SIL certified equipment when possible
Make provisions for automatic testing
Diagnostic
Proof Testing
Consider the impact of turbine refurbishment
on mission time
Are valves rebuilt?
Use a tools that correctly models all variables
40
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
SIL V ifi ti T l
-
8/14/2019 6.1.11 Webinar Presentation
41/45
idae
Specify Mission Time
Specify Startup Time
Specify Demand Mode
Comments
SIL Verification Tool
41
-
8/14/2019 6.1.11 Webinar Presentation
42/45
idae
SIL Verification Tool
42
-
8/14/2019 6.1.11 Webinar Presentation
43/45
idae
Implementation
Ensure all parties clearly understand
their roles and responsibilities
Examples Does the system integrator have a software
specification and validation plan
Is the safety PLC physically configured per theOEMs requirements for the given SIL level
Is the delivered PLC code exactly the same as
the FAT code
Perform Pre-startup Functional Safety
Assessment
43
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
44/45
idae
Operation and Maintenance
Control access to safety PLC
configuration
Perform and document all required tests
Confirm rebuilds occur as planned
Identify and correct any systemiccomponent issues
44
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
-
8/14/2019 6.1.11 Webinar Presentation
45/45
idae
Questions
45
Copyright Exida Consulting LLC 2011
[email protected] / 267-261-1500
Global Network of Expertise