![Page 1: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/1.jpg)
Mike BoudreauxDeltaV SIS Brand Manager
![Page 2: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/2.jpg)
Not all activities in life are safe…
![Page 3: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/3.jpg)
…and we have different levels of risk tolerance
![Page 4: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/4.jpg)
FallPrevention
PersonalProtectiveEquipment
StructuralDesign
Ergonomics WorkSchedules
EmployeeTraining
MechanicalIntegrity
ManagementOf Change
Policies &Procedures
Process safety
Personalsafety
InherentlySafer
DesignFunctional
Safety
RiskAssessment s
FacilitySiting
Total Recordables
EmergencyResponse
SafetyAudits
Occupationalsafety
![Page 5: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/5.jpg)
Process safety
EmployeeTraining
MechanicalIntegrity
ManagementOf Change
Policies &Procedures
InherentlySafer
Design
FunctionalSafety
RiskAssessment s
FacilitySiting
EmergencyResponse
SafetyAudits
![Page 6: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/6.jpg)
Bhopal, India, 1984
Chernobyl, Russia, 1986
Piper Alpha, UK, 1988
Texas City Refinery, USA, 2004
Why do accidents happen?
![Page 7: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/7.jpg)
![Page 8: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/8.jpg)
![Page 9: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/9.jpg)
“You can have a very good accident rate for ‘hard hat’ accidents but not for process ones.”
![Page 10: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/10.jpg)
“The fact that you’ve had 20 years without a catastrophic event is no guarantee that there won’t be one tomorrow.”
![Page 11: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/11.jpg)
Process safety
EmployeeTraining
MechanicalIntegrity
ManagementOf Change
Policies &Procedures
InherentlySafer
Design
RiskAssessment s
FacilitySiting
EmergencyResponse
SafetyAudits
FunctionalSafety
FunctionalSafety
![Page 12: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/12.jpg)
Functional safety
IEC 61511
PFDavg
LOPA
RRF
SIS
HAZOP
SRS
PHA
IEC 61508
FMEDA
BPCS
SIL
SIF
![Page 14: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/14.jpg)
IEC61508: All Industries
IEC61511: Process Industry Sector
IEC62061: Machinery Sector
IEC61513 :Nuclear Sector
For product designersand manufacturers
For system designersintegrators and users
![Page 15: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/15.jpg)
![Page 16: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/16.jpg)
Source: http://www.wordle.net/show/wrdl/2276332/IEC_61511
![Page 18: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/18.jpg)
BPCS
• Basic Process Control System
• Also: DCS, PAS• PID Control• Discrete control• Sequencing• Batch automation• Dynamic
Control element
Transmitter
Controller
Workstation
![Page 19: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/19.jpg)
Final element
Transmitter
Logic solver
SIS
• Safety Instrumented System
• Emergency Shutdown (ESD)
• Burner Management System (BMS)
• Fire & Gas System (FGS)
![Page 20: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/20.jpg)
ICSS
BPCS SIS
![Page 21: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/21.jpg)
Safety function
Process conditions What to do SIL
SIF #1 High level Drive output 1 1SIF #2 High pressure Drive outputs 1 + 2 3
SIF #2
SIF #1
![Page 22: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/22.jpg)
PHA
• Identify hazards• Evaluate safeguards
SRS
• Define SIF’s• Define SIL for each SIF
Design
• Specify devices• Design architecture
Verify• Verify SIL meets SRS
![Page 23: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/23.jpg)
PHA
HAZOP
What If?
Checklist
FMEA
Fault Tree
Event Tree
LOPA
![Page 24: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/24.jpg)
SIL General description
4 Catastrophic community impact
3 Employee & community impact
2 Major Property and Production Impact; Possible Injury to Employee
1 Minor Property and Production Impact
![Page 25: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/25.jpg)
PFDSIF1 = PFDPT-101 + PFDlogic solver + PFDFV-101
SIF #1
FV-101
Logic solver
PT-101
![Page 26: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/26.jpg)
SIL PFDavg RRF
4 ≥10-5 to <10-4 >10,000 to ≤ 100,000
3 ≥10-4 to <10-3 >1000 to ≤ 10,000
2 ≥10-3 to <10-2 >100 to ≤ 1000
1 ≥10-2 to <10-1 >10 to ≤ 100
Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand
![Page 27: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/27.jpg)
Functional safety
IEC 61511
PFDavg
LOPA
RRF
SIS
HAZOP
SRS
PHA
IEC 61508
FMEDA
BPCS
SIL
SIF
TÜV
![Page 28: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/28.jpg)
?
![Page 29: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/29.jpg)
Safety Lifecycle Management
![Page 30: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/30.jpg)
The IEC 61511 Safety lifecycle
![Page 31: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/31.jpg)
Safety Lifecycle Management
![Page 32: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/32.jpg)
Functional Safety Management
![Page 33: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/33.jpg)
Safety Management
System
Organization and resources
Risk evaluation and risk management
Planning
Implementation and Monitoring
Assessment, auditing, and revisions
Configuration Management
![Page 34: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/34.jpg)
Safety Management
System
Quality Management
System
• Organization and responsibilities• Competency management• Documentation structure and control• Configuration management• Supplier assessment process
![Page 35: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/35.jpg)
Organization and Responsibilities• Responsible for functional safety
policies and procedures
• Responsible for ensuring of policies and procedures are implemented by organization
Safety Management
Team• Responsible for functional
safety management on projectsProject Leadership
• Competent personnel doing work on SISSafety Roles
Safety Leadership
Team
![Page 36: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/36.jpg)
Safety Role
Safety Activities
Mgmt. & Leadership
skills
Experience
Knowledge & Training
CompetencyRequirements
![Page 37: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/37.jpg)
![Page 38: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/38.jpg)
• Activity / phaseVerification
• Installed and commissioned SISValidation
• Overall process riskAssessment
• Procedures, policies and processesAudit
Safety Management
System
Safety Requirements Specification
Activity / phase
objectives
Process Hazards Analysis
![Page 39: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/39.jpg)
Verify
![Page 40: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/40.jpg)
Source: IEC 61511-1, Figure 12 – Software development lifecycle (the V-Model)
![Page 41: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/41.jpg)
Functional safety
assessment
Hazard and risk assessment is carried out
PHA recommendations are implemented.
Design change procedures are in place and implemented
Recommendations from the previous assessment are resolved
SIS is properly validated against the SRS.
Procedures are in place for the Operate phase.
Employees are trained.
Future assessment plans are in place.
![Page 42: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/42.jpg)
Safety Life-cycle Structure and Planning
![Page 43: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/43.jpg)
Safety Lifecycle Planning
Ensure safety
Criteria
Techniques Measures
Procedures
![Page 44: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/44.jpg)
Verification Planning
Who?• Responsible parties• Levels of independence
What?
• Verification activities• Items to be verified• Information to be verified against
When?• At which points verification will occur
How?
• Procedures, measures, techniques to be used• Non-conformance management• Tools and supporting analysis
![Page 45: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/45.jpg)
Safety life-cycle structure
![Page 46: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/46.jpg)
?
![Page 47: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/47.jpg)
Analysis Phase
![Page 48: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/48.jpg)
![Page 49: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/49.jpg)
Hazard and risk assessment
Allocation of safety functions to protection layers
Source: IEC 61511-3, Figure 4 – Risk and safety integrity concepts
![Page 50: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/50.jpg)
Source: IEC 61511-3, Figure 2
![Page 51: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/51.jpg)
Containment, Dike/Vessel Passive protection layer
Emergency response layerPlant andEmergency Response
OperatorIntervention
Process control layer
Fire and GasSystem Active protection layer
Prevent
Mitigate
Process control layer
SISEmergencyShutdownSystem
Safety layer
ProcessValue Normal behavior
Trip level alarm
Operator intervention
Process alarm
Emergency shutdown
BPCS
Incident
![Page 52: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/52.jpg)
Unacceptable Risk Region
Negligible Risk Region
ALARP Risk Region
Increasin
g RiskInherent Risk of Process
Consequence
Likelihood
SIL3Overall Risk
SIL2SIL1
SIS Risk Reduction
Overall Risk
Baseline Risk
Non-SIS Preventative Safeguards
Non-SIS Mitigating Safeguards
Overall Risk
![Page 53: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/53.jpg)
As low as reasonably practicable (ALARP)
10-3 / man-year (worker)
10-5 / man-year (worker)
10-4 /year (public)
Intolerable Risk
Negligible Risk
ALARP or Tolerable Risk Region
10-6 /year (public)
![Page 54: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/54.jpg)
Government mandates for tolerable risk levels
10-2 10-3 10-4 10-5 10-6 10-7 10-8
Australia (NSW) -
Hong Kong -
Netherlands -
United Kingdom -
10-9
The United States does not set tolerable risk levels, or offer guidelines.
![Page 55: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/55.jpg)
Chemical industry benchmarks for tolerable risk
10-2 10-3 10-4 10-5 10-6 10-7 10-8
Company I -
Company II -
Company III -
Small companies -
10-9
Large, multinational chemical companies tend to set levels consistent with international mandates
Smaller companies tend to operate in wider ranges and implicitly, at higher levels of risk
![Page 56: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/56.jpg)
PHA
HAZOP
What If?
Checklist
FMEA
Fault Tree
Event Tree
LOPA
![Page 57: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/57.jpg)
Item Deviation Causes Consequences Safeguards Action
Vessel High level Failure of BPCS
High pressure Operator
High pressure 1) High level2) External
fire
Release to environment
1) Alarm operator, protection layer
2) Deluge system
Evaluate conditions for release to environment
Low / no flow Failure of BPCS
No consequence of interest
Reverse flow No consequence of interest
![Page 58: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/58.jpg)
Quantitative Risk AssessmentWeaknesses• Time consuming• Resource intensive• Complex, difficult to use• Can produce same results via
qualitative analysis
Strengths• More rigorous• Least conservative• Good for complex scenarios• Better quantification of
incremental protection layers
![Page 59: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/59.jpg)
Qualitative Risk AssessmentWeaknesses• High subjectivity• Inconsistent results• Hard to document rationale• Not much resolution between
protection layers
Strengths• Easy to use• Good for subjective
consequence assessment• Good for screening and
categorizing hazards• Team approach provides better
evaluations
![Page 60: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/60.jpg)
Qualitative risk analysis – Safety layer matrix
Consequence Severity
Category SIL Requirement
Extensive 3 3 3* 1 2 3 1 1
Serious 1 2 3 1 2
Minor 1 2 1
Consequence Frequency Category
Low
Med
High
Low
Med
High
Low
Med
High
1 2 3
Number of non-SIS Protection Layers
![Page 61: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/61.jpg)
SIL 151%
SIL 232%
SIL 38%
SIL 41%
No SIL8%
Process Industry I/O by Safety Integrity Level
Source: Exida Safety and Critical Control Systems in Process and Machine Automation July 2007
![Page 62: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/62.jpg)
Safety Requirement Specification
![Page 63: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/63.jpg)
?
![Page 64: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/64.jpg)
Implementation Phase
![Page 65: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/65.jpg)
Implementation Phase
![Page 66: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/66.jpg)
Implementation Phase
![Page 67: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/67.jpg)
Design and Engineering of theSafety Instrumented System
Select technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Iterate if requirements are not met.
![Page 68: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/68.jpg)
Technology selectionSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Sensors– Analog vs. discrete signal– Smart vs. conventional transmitter– Certified vs. proven-in-use
![Page 69: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/69.jpg)
Pressure50%
Tem-perature
13%
Flow8%
Level8%
Fire and Gas21%
Sensor Sales by Measurement Type
![Page 70: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/70.jpg)
Point switch
Direct wired
4-20 mA
HART
Smart
![Page 71: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/71.jpg)
PFD
PFD
PFD
User provesIt’s safe
SIS Application?
Certified Prior-Use
Mfg provesIt’s safe
User provesIt’s safe
![Page 72: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/72.jpg)
Technology selectionSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Logic solver– Relays vs. PLC vs. Safety PLC– HART I/O vs. conventional analog– Centralized vs. modular– Integrated vs. Standalone
![Page 73: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/73.jpg)
![Page 74: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/74.jpg)
Relays & Switches
General Purpose PLC
Safety PLC
Smart Logic Solver
![Page 75: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/75.jpg)
![Page 76: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/76.jpg)
1oo2
2oo3
2oo2 1oo2D
2oo4
Safety PLC(SIS Logic Solver)
Centralized Logic Solver– 100’s of SIF’s in one box.– Good for large projects.– Single point of failure.
Modular Logic Solver– Isolates SIF’s– Scalable for large & small
projects– Eliminates single point of
failure.
![Page 77: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/77.jpg)
Source: ARC Advisory Group
![Page 78: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/78.jpg)
Technology selectionSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Final element– Solenoid vs. DVC– Automated vs. manual diagnostics– Response time considerations
![Page 79: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/79.jpg)
Solenoid
Valve controller
Smart valve controller
Safety valve controller
Smart safety valve controller
![Page 80: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/80.jpg)
SIL 2
Proof Test Interval (years)
PFD
![Page 81: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/81.jpg)
Architecture selectionSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Hardware fault tolerance (HFT) impacts performance– Safety integrity– Availability– SIL capability
![Page 82: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/82.jpg)
Architecture (MooN) 1oo1 2oo2 1oo2
Valve count (N) 1 2 2
Number to trip (M) 1 2 1
Safety HFT 0 0 1
Availability HFT 0 1 0
Valve
HFTs(MooN) = N – MHFTa(MooN) = M – 1
Valve 1
Valve 2
Valve 2Valve 1
![Page 83: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/83.jpg)
Dangerous undetected
failures
Dangerous detected
Safe detected
Safe un-detected
![Page 84: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/84.jpg)
Device Type SFF HFTs = 0 HFTs = 1
Type A
<60% SIL1 SIL2
60% to < 90% SIL2 SIL3
90% to < 99% SIL3 SIL4
≥ 99% SIL3 SIL4
Type B
<60% Not allowed SIL1
60% to < 90% SIL1 SIL2
90% to < 99% SIL2 SIL3
≥ 99% SIL3 SIL4
![Page 85: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/85.jpg)
Proof test philosophySelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Proof test frequency– 5 yrs, 1 yr, 6 mos, 3 mos?
Online vs. offline proof testing. Turnaround schedule? Total SIF proof test or proof test
components on different intervals?
![Page 86: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/86.jpg)
Reliability evaluationSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design
Confirm that performance meets specifications– Safety integrity (PFD)– Availability (MTTFs)– Response time
![Page 87: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/87.jpg)
Architecture Average Probability of Failure on Demand
(PFDAVG)
Spurious Trip Rate (STR)
1oo1 λD T / 2 λS
1oo2 (λDT)2 / 3 2λS
2oo2 λDT2λS
2
( 3λS + 2/T )
2oo3 (λDT)2 6λS2
( 5λS + 2/T )
![Page 88: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/88.jpg)
10 100 1,000 10,00010
100
1,000
10,000
100,000
Availability (MTTFs - years)
Ris
k R
educ
tion
(1/P
FDav
g - y
ears
)
1oo2
1oo1
2oo3
2oo2
λD = 0.02 failures/yrλS = 0.01 failures/yrT = 1 year
![Page 89: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/89.jpg)
PFDSIF1 = PFDPT-101 + PFDlogic solver + PFDFV-101
SIF #1
FV-101
Logic solver
PT-101
![Page 90: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/90.jpg)
SIL PFDavg RRF
4 ≥10-5 to <10-4 >10,000 to ≤ 100,000
3 ≥10-4 to <10-3 >1000 to ≤ 10,000
2 ≥10-3 to <10-2 >100 to ≤ 1000
1 ≥10-2 to <10-1 >10 to ≤ 100
Source: IEC 61511-1, Table 3 – Safety Integrity Levels: probability of failure on demand
![Page 91: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/91.jpg)
Detailed design & buildSelect
technology
Select architecture
Determine test philosophy
Reliability evaluation
Detailed design & build
Instrument design / specifications Wiring drawings Hardware design & build Software design & implementation BPCS / SIS integration Factory acceptance testing
![Page 92: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/92.jpg)
Factory Acceptance Testing (FAT)Black box functionality tests
Performance tests
Environmental tests
Interface testing
Degraded mode tests
Exception testing
![Page 93: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/93.jpg)
Installation, Commissioning and Validation
![Page 94: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/94.jpg)
• Validate, through inspection and testing, that SIS achieves requirements stated in the SRS
Validation
• Commission the SIS so that it is ready for final system validation.
Commissioning
• Install the SIS according to specifications and drawings
Installation
Installation, commissioning, and Validation
Validation is the key difference between control and safety
systems.
![Page 95: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/95.jpg)
?
![Page 96: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/96.jpg)
Operation Phase
![Page 97: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/97.jpg)
![Page 98: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/98.jpg)
Operation and Maintenance Planning
Who?• Responsible parties• Competence and training
What?
• Routine and abnormal operation activities• Proof testing and repair maintenance activities• Recording of events and performance
When?
• Proof testing frequencies• On process demand• On failure of SIS
How?
• Procedures, measures, techniques to be used• Non-conformance management• Tools and supporting analysis
![Page 99: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/99.jpg)
Procedures and training
Operation
Bypasses
Proof testing
Inspection
Performance monitoring
Maintenance and repair
Modification
![Page 100: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/100.jpg)
• Reveals dangerous faults undetected by diagnostics
• Entire SIS tested: sensors, logic solver, final element
• Frequency determined during SIF design.
Proof Testing
• Ensures no unauthorized changes or deterioration of equipment
Inspection
![Page 101: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/101.jpg)
Tests and Inspections Documentation
Description of tasks performed
Dates performed
Name of person(s) involved
Identifier of system (loop, tag, SIF name)
Results (“as-found” and “as-left”)
![Page 102: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/102.jpg)
Fail Dangerous Unde-tected
7%
Fail Dangerous De-tected66%
Fail Safe Unde-tected27%
Proof testing uncovers DU failures
SFF = 93%
![Page 103: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/103.jpg)
Safely test the SIF using actual process
variables
Test sensors in-situ by other means
Perform wiring continuity test
Remove sensor and test on bench
Sensor testing options
Use smart features to test electronics
and wiring continuity
![Page 104: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/104.jpg)
Example – Rosemount 3051S Proof Test
Proof Test 1:Analog output Loop TestSatisfies proof test requirementCoverage > 50% of DU failures
Proof Test 2:2 point sensor calibration checkCoverage > 95% of DU failures
Note – user to determine impulse piping proof test
![Page 105: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/105.jpg)
Valve Testing Options
Offline• Total Stroke
• Process is down
Online• Total stroke
• By-pass in service• Component test
• Solenoid valve• Partial stroke
![Page 106: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/106.jpg)
Conventional testing methods
• Process unprotected during testing• SIF not returned to normal after
testing• Risk of spurious trip• Manually initiated in field• Manpower intensive• Subject to error
![Page 107: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/107.jpg)
SIL 2
Proof Test Interval (years)
PFD
![Page 108: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/108.jpg)
Source: Instrument Engineers’ Handbook, Table 6.10e – Dangerous Failures, Failure Modes, and Test Strategy
Failures Failure Modes Partial Stroke
Full Stroke
Valve packing is seized Fails to close X X
Valve packing is tight Slow to move X X
Actuator air line crimped Slow to move X X
Actuator air line blocked Fails to close X X
Valve stem sticks Fails to close X X
Valve seat is scarred Fails to seal off X
Seat contains debris Fails to seal off X
Seat plugged Fails to seal off X
![Page 109: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/109.jpg)
Modification
Documentation
• Description• Reason• Hazards• Impact on SIS• Approvals• Competency mgmt.• Tests / verification• Configuration history
![Page 110: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/110.jpg)
![Page 111: Safety Lifecycle Management - Emerson Exchange 2010 - Meet the Experts](https://reader036.vdocument.in/reader036/viewer/2022081412/5412b6cf8d7f72084e8b46b1/html5/thumbnails/111.jpg)
?