leif mortensen, pa-4443-s-1, 2012-05-31 abb …€¦ · abb offshoredag 2012 800xa high integrity...
TRANSCRIPT
© ABB GroupJune 4, 2012 | Slide 1
ABB Offshoredag 2012800xA High Integrity – A Case Story
Leif Mortensen, PA-4443-S-1, 2012-05-31
© ABB GroupJune 4, 2012 | Slide 2
800xA High Integrity – A Case Story
Preem – short introductionPreem requirements to safety systems and suppliersImplementation of Functional Safety Management at PreemCase 1 : Preemraf GothenburgCase 2 : Preemraf Lysekil
Agenda
© ABB GroupJune 4, 2012 | Slide 3
Preemraff Sweden
Private owned companyTwo refineries, Lysekil and Gothenburg470 gasoline stations in SwedenLysekil
Refine 12 mill. ton crude per year600 employeesCurrent safety systems:
ABB SafeGuardEmerson Delta-VHoneywell
GothenburgRefine 6mill. ton crude per year300 employeesCurrent safety system Honeywell
© ABB GroupJune 4, 2012 | Slide 4
Preemraf – Case 1 Gothenburg Refinery
© ABB GroupJune 4, 2012 | Slide 5
800xA High Integrity – A Case Story
Preem – short introductionPreem requirements to safety systems and suppliersImplementation of Functional Safety Management at PreemCase 1 : Preemraf GothenburgCase 2 : Preemraf Lysekil
Agenda
© ABB GroupJune 4, 2012 | Slide 6
800xA High Integrity – A Case Story
Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instumented Functions According to Safety Integrity Level = 3Integrated and standardized solutions for hardware and software (OGP REUSE)Online upgrade, online software modification, online hardware extension. 6 years between site turn around.Price competitiveLocal presence and competencesSupplier should have responsive attitude to customer demands
Preem requirements to safety systems and suppliers
© ABB GroupJune 4, 2012 | Slide 7
USA
Inte
rnat
iona
lG
erm
any
UK
1995
IEC SC 65 IEC 61508
ISO 10418
DIN VDE 0801
DINVDE 19250
HSE PES
OHSA CFR1910.119
ISA dS84.01
API RP14C
1995Draft
1995Draft
1993
1991
1989
1987
1974
ANSI/ISAS84.01
1999
2005
IEC 61511 2003
19961992
1974
, Flix
boro
ugh
1976
, Sev
eso
1984
, Bho
pal
1986
, Che
rnob
le
1988
, Pip
er A
lpha
1989
, Pas
aden
a
PRESCRIPTIVE STANDARDS
PERFORMANCE STANDARDS
ANSI/ISAS84.00.01
(IEC 61511 Mod)
2004
Safety StandardsHistory and evolution
© ABB GroupJune 4, 2012 | Slide 8
Functional Safety is the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures and environmental changes.
IEC61508
Ed 2 released2010-4-15
Functional Safety StandardsIEC 61508 and IEC 61511
IEC 62061 : Machinery Sector
IEC60601Medical Devices
IEC 61513 :Nuclear SectorIEC 61511 :
Process Sector
IEC 61800
Adjustable Speed
Electric Power DrivesEN50128:Railways
EN50156:Furnaces
© ABB GroupJune 4, 2012 | Slide 9
Functional Safety StandardsRelations between IEC 61508 and IEC 61511
© ABB GroupJune 4, 2012 | Slide 10
800xA High Integrity – A Case Story
Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instrumented Functions According to Safety Integrity Level = 3Integrated and standardized solutions for hardwareand software (OGP REUSE)Online upgrade, online software modification, online hardware extension. 6 years between site turn around.Price competitiveLocal presence and competencesSupplier should have responsive attitude to customer demands
Preem requirements to safety systems and suppliers
© ABB GroupJune 4, 2012 | Slide 11
Safety Instrumented System – SISSafety Instrumented Function – SIF
• A Safety Instrumented System (SIS) is a collection of sensors, controllers and actuators.
• It executes one or more Safety Instrumented Functions (SIFs) that are implemented for a common purpose.
Safety Instrumented System with multiple SIF’s
Controller
Level Switch
Solenoid
Pump
SIF A
SIF B
SIF C
SIF D
SIL is applicable for a LOOP
© ABB GroupJune 4, 2012 | Slide 12
System 800xA HI – Integrated SafetyCustomer value of integration – available today
Plant-wide Sequence of Events
Same operations interface and engineering
Centralized Historian and Data Archiving
Centralized Historian and Data Archiving
Common, integrated asset management
strategy
Common system therefore reduced
spare parts, training etc…Process control
and safety in the same HI controller Centralized
Historian and Data Archiving
Process control and safety running in
separate controllers
© ABB GroupJune 4, 2012 | Slide 13
Certificates 800xA High Integrity – Meets Industry Standards
AC800M HI Controller – SIL 1-3 / CAT PLe 1-4
certified
S800 Safety I/O (AI, DI, DO) – SIL 1-3 / CAT PLe
1-4 certified
I/O Communication – SIL 1-3 / CAT PLe 1-4
certified
Standard I/O and communication modules –
certified interference-free* (*Listed in safety manual)
© ABB GroupJune 4, 2012 | Slide 14
800xA High Integrity – A Case Story
Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instrumented Functions According to Safety Integrity Level = 3Integrated and standardized solutions for hardware and software (OGP REUSE)Online upgrade, online software modification, online hardware extension. 6 years between site turn around.Price competitiveLocal presence and competencesSupplier should have responsive attitude to customer demands
Preem requirements to safety systems and suppliers
© ABB GroupJune 4, 2012 | Slide 15
OGP REUSE Solutions
Typical solutions originating from the North Sea O&G experience with almost a decade of refinement throughout number of customer projects and installationsBuilding blocks for application engineers enabling them to “tailor” applications by using ready and well proven swmodules and featuresOGP REUSE includes functionality and features widely applicable in OGP customer projects
Libraries of Control Module Types (CMT)Features for Engineering and Operational efficiencyCustomizable Workplace and Graphical templates
Typical solutions for efficient engineering and operation
© ABB GroupJune 4, 2012 | Slide 16
OGP REUSE Solutions
The Control Module types are grouped in libraries according to the main functionality.
Signal: Analog Input, Analog Input with voting, Analog Input for Fire and Gas, Digital Input, Digital Output etc. Final Elements: Valve (On/Off), Valve (Choke) PID Control, Motor Control, Circuit Breaker etc. Fire and Gas: Fire Area, Fire Overview, HVAC, Deluge, Watermist etc. Function elements: Latching, Totilizer, Function XY etc. Common logic elements: Add, AND, OR, Ton, etc.
There are 25+ “device” and function objects
Control Module Libraries
© ABB GroupJune 4, 2012 | Slide 17
OGP REUSE Solutions
Library name Description Examples
REUSEcommon Common small Types for Logic and Data type conversions
AND, OR, SPLIT, KS, HSO, MSO
REUSEElectroLib Electro Types for interfacing Circuit Breakers and Motors
SBC_CB, SBC_IB, SBE_IM
REUSEfg Fire & Gas Types as Area, Watermist and Deluge
AREA, BLOCKING, HVAC, DELUGE, MA_FG, MB_FG
REUSEfgCommonLib Common Fire & Gas Types such as OR2_ISW and VOTE2_ISW
OR2_ISW VOTE2_ISW
REUSEflowelmentlib Flow Types as Valve and Motor SBV, SBE, SBC_F, SBC_I, SBE_VSD,
REUSEFuncElmentLib Function Types for Shutdown Level and Calculation
LB, YA, FL, HM, QA
REUSEsignallib Main Signal Types for Analog and Digital Input/Output
MA, MB, CA, CS, MAV, MA_SI, OA
REUSESystemStatusLib Type for presenting the System status
SystemStatusAC800
Types of libraries
Type of Libraries
© ABB GroupJune 4, 2012 | Slide 18
Detailed Displays
1. GDSGroup Display Status
Maintenance Displays
4. Display TemplatesPCS, ESD, PSD
F&G
3. Trip & Interlock Display
Navigation
2. Operator Workplace
OGP REUSE SolutionsEngineering and Operational Efficiency
ProcessSFWA B H
Left screen Right screen
Overview DisplaysPCS, ESD, PSD, F&G
© ABB GroupJune 4, 2012 | Slide 19© ABB GroupJune 4, 2012 | Slide 19
OGP REUSE SolutionsErgonomic Display Templates
Dimmed ScreenLess bright colors when everything is Normal state
Secures operator attention during alarm situation
© ABB GroupJune 4, 2012 | Slide 20
OGP REUSE Solutions
Alarm Handling, Application GuidelineAC 800M Application Guideline Library Programming GuidelineProcess Displays Guideline
Guidelines
© ABB GroupJune 4, 2012 | Slide 21
OGP REUSE Solutions
NORSOK Standards:SCD System Control Diagram (I-005) – extends the IEC 61804 control applications levelsSAS Safety and Automation Systems (I-002)
Bringing this concept further to become an IEC standard (standardization committee 65B)
EEMUA 191:2007 Alarm Systems, a Guide to Design, Management and Procurement YA-711 Principals for Alarm System Design by the Norwegian Petroleum DirectorateSafety Compliance to
IEC61508IEC61511
API 14C1 for Process safety in Gulf of Mexico operations
1 Registration required for access
Compliance to standards and Best Practices
© ABB GroupJune 4, 2012 | Slide 22
What is the scope of TÜV Certification?800xA High Integrity – ABB Safety Certificates
Product Safety Certificate
Development Department Safety Certificate
ABB A/SCertificate
© ABB GroupJune 4, 2012 | Slide 23
800xA High Integrity – A Case Story
Preem – short introductionPreem requirements to safety systems and suppliersImplementation of Functional Safety Management at PreemCase 1 : Preemraf GothenburgCase 2 : Preemraf Lysekil
Agenda
© ABB GroupJune 4, 2012 | Slide 24
FSM has management attentionPreem has started a project to implement FSM into their organization. Preem have today procedures, standards, routines, instructions etc. that in some cases fulfill FSM, but in most of the cases they need to be rewritten or created.Top of Safety Life Cycle is implemented, due to handling as a project, and involvement of relatively few peopleChallenge is bottom of Safety Life Cycle, requires involvement of more people and a “complex” organization
Functional Safety ManagementPreem
© ABB GroupJune 4, 2012 | Slide 25
IEC 61511 Safety Lifecycle
End user / operator
End user / operator
Engineering /Equipment Supplier
Identify hazards,specify requirements
Operate,maintain & modify
Configure to requirements
Analysis phase 1-2
Operation phase 6 - 8
Phases Activities Responsibilities
Design & InstallationCommissioningPhase 3-5
Phase 9-11 , responsible - ALL
© ABB GroupJune 4, 2012 | Slide 26
SIL Risk Graph (Qualitative)
Scenario and Case Number Scenario
Description LOPA Target Initiating Event Enabling
Factor Independent Protection Layers Protection Gap Notes
Factor Factor Process Design
BPCS Control Action
Operator responds to alarms and
written procedures
SIS Function
A SIS
Function B
Pressure Relief Device
Other safety related
protection systems
Target is 0 or less
Safety Analysis 0 Business Analysis 0
Safety Analysis 0 Business Analysis 0
Layers of Protection Analysis (LOPA)
Hazardous Event Severity Matrix
Fault Tree Analysis (Quantitative)
Risk Assessment Options - Examples
© ABB GroupJune 4, 2012 | Slide 27
IEC 61511 Safety Lifecycle
End user / operator
End user / operator
Engineering /Equipment Supplier
Identify hazards,specify requirements
Operate,maintain & modify
Configure to requirements
Analysis phase 1-2
Operation phase 6 - 8
Phases Activities Responsibilities
Design & InstallationCommissioningPhase 3-5
Phase 9-11 , responsible - ALL
© ABB GroupJune 4, 2012 | Slide 28
Safety Requirement Specification (SRS)For every loop
The SRS contains two types of requirements
Functional RequirementsDescription of the functions of the SIFHow it should work
Integrity RequirementsThe risk reduction and reliability requirementsHow well it should work
Solenoid
© ABB GroupJune 4, 2012 | Slide 29© ABB Group June 4, 2012 | Slide 29
Safety Requirement Specification Communication
© ABB GroupJune 4, 2012 | Slide 30
Safety Instrumented System - SIS
Purpose of Safety Instrumented System Reduce the risk that a process may become hazardous to a tolerable levelThe SIS does this by decreasing the frequency of unwanted accidents
SIS senses hazardous conditions and then takes action
SIS moves the process to a safer state, preventing an unwanted accident from occurring.
© ABB GroupJune 4, 2012 | Slide 31
The amount of risk reduction that a SIS can provide is represented by its
Safety Integrity Level (SIL)
which is defined as a range of Probability of Failure on Demand (PFD), Safe Failure Fraction (SFF)Avoidance of Systematic Failures
Safety Instrumented System - SIS
© ABB GroupJune 4, 2012 | Slide 32
AC800M High Integrity Redundant Controller Configuration
SM811 BC810 PM865
Optical Modulebus
RCU LinkCEX bus
Redundant I/OTB 840
© ABB GroupJune 4, 2012 | Slide 33
Engineering ResponsibilitiesCompetence
Architectural Design to meet target SIL requirementsPFD Calculations using appropriate reliability data for the desired loop configurationSIL capabilitySIS Design
Hardware and Software IntegrationVerification and ValidationFunctional Safety Assessments
Information on operation and maintenance requirements - Building on Manufacturers supplied dataInstructions for testingInstallation and commissioning Functional Safety Management for Design and Built activities
Source: IEC 61511
© ABB GroupJune 4, 2012 | Slide 34
IEC 61511 Safety Lifecycle
End user / operator
End user / operator
Engineering /Equipment Supplier
Identify hazards,specify requirements
Operate,maintain & modify
Configure to requirements
Analysis phase 1-2
Operation phase 6 - 8
Phases Activities Responsibilities
Design & InstallationCommissioningPhase 3-5
Phase 9-11 , responsible - ALL
© ABB GroupJune 4, 2012 | Slide 35
Activities
FATSIS Installation and commissioningSIS Safety Validation. SATSIS Operation and MaintenanceSIS modificationSIS decommissioningInformation and documentation required
© ABB GroupJune 4, 2012 | Slide 36
Documentation
Why should safety be documented ?We work in lifecycle phases, we need to pass on information to different engineering disciplinesWe need traceabilityWe need up to date information / version control
What is documentation ?Anything we can store and which can be properly identified
© ABB GroupJune 4, 2012 | Slide 37
Typical Documentation
Hazop reportsSafety Requirement SpecificationFunctional Design Specification/Safety Analysis ReportSafety plan/ Safety Lifecycle Management PlanTest documents (Specifications & Records)Competence (Role descriptions & Competence requirements for each role)SIL Compliance report / SIL verification report
© ABB GroupJune 4, 2012 | Slide 38
Competence requirement and roles in a safety project
The competence of people involved in safety projects is normative according to the IEC61511
CompetenceRole descriptionsCompetence requirements for each role
EducationTrainingExperience
If not in-house, use consultants and mentoring
Example of safety roles in a projectFunctional Safety ManagerSafety Lead EngineerSafety Assessor
© ABB GroupJune 4, 2012 | Slide 39
800xA High Integrity – A Case Story
Preem – short introductionPreem requirements to safety systems and suppliersImplementation of Functional Safety Management at PreemCase 1 : Preemraf GothenburgCase 2 : Preemraf Lysekil
Agenda
© ABB GroupJune 4, 2012 | Slide 40
Preemraf – Case 1
Application: Modernization of the oil refinery’s safety system - ESDExchange of obsolete Honeywell FSC safety systemSince this is to be done during turn around (every 6 years) or regenerating stop (every third year part of site stop), this is a long term project.
Automation from ABB: System 800xA 5.1-based safety solution comprised of two (2) AC 800M HI controllers (PM 865) in redundant configuration. Safety assessed solution that meets SIL 3
Preem designRisk evaluation not performedBased on generic safety functionsApplication to be based on SIL2
FSM planImplement FSM /SLC in to operations, maintenance and project organization.
Gothenburg Refinery
© ABB GroupJune 4, 2012 | Slide 41
Preemraf – Case 1
Project set-upHardware delivery – ABB SwedenIEC61508 and IEC61511 compliance of hardware and software – ABB Denmark
Gothenburg Refinery
© ABB GroupJune 4, 2012 | Slide 42
Preemraf – Case 1 Gothenburg Refinery
© ABB GroupJune 4, 2012 | Slide 43
AC800M High Integrity Redundant Controller Configuration
SM811 BC810 PM865
Optical Modulebus
RCU LinkCEX bus
Redundant I/OTB 840
© ABB GroupJune 4, 2012 | Slide 44
Preemraf – Case 1 Gothenburg Refinery
© ABB GroupJune 4, 2012 | Slide 45
800xA High Integrity – A Case Story
Preem – short introductionPreem requirements to safety systems and suppliersImplementation of Functional Safety Management at PreemCase 1 : Preemraf GothenburgCase 2 : Preemraf Lysekil
Agenda
© ABB GroupJune 4, 2012 | Slide 46
Preemraf – Case 2
Application: Modernization of the oil refinery’s safety system for Gas burning Oven - ESD
Exchange of obsolete ABB safety solutionReplace non SIL equipment to fulfill SIL classificationReplace MP200 controllers (13pcs “interlock controllers”), with safety systemMove non SIL signals to DCS system and SIL classified signals that today is installed in DCS is to be moved to safety system.
Automation from ABB: System 800xA 5.1-based safety solution comprised of one (1) AC 800M HI controllers (PM 865) in redundant configuration. Safety assessed solution that meets SIL 3
Preem design specificationRisk evaluation and SIL classification of existing units performedDefined Safety Functions for Non SIL, SIL1 and SIL2 functionsImplement FSM /SLC in to operations, maintenance and project organization.Preem is using exSILentia as SIL classification software and Risk Matrix for SIL classifications. In case of a high SIL level on a SIF, SIL3 or in some cases SIL2, LOPA (Layers of Protection Analysis) is used on the specific SIF.
Lysekil Refinery
© ABB GroupJune 4, 2012 | Slide 47
Preemraf – Case 2
Project set-upHardware delivery – ABB SwedenIEC61508 and IEC61511 compliance of hardware and software – ABB Denmark
Lysekil Refinery
© ABB GroupJune 4, 2012 | Slide 48
Preemraf – Case 2Lysekil Refinery
© ABB GroupJune 4, 2012 | Slide 49
AC800M High Integrity Redundant Controller Configuration
SM811 BC810 PM865
Optical Modulebus
RCU LinkCEX bus
Redundant I/OTB 840
© ABB GroupJune 4, 2012 | Slide 50
Functional Safety Management – Why ?Jan/Feb– 20 of April 21:49 - 2010
© ABB GroupJune 4, 2012 | Slide 51
Installed Systems Review
•SIL assessment•Benchmarking
IEC61508/IEC61511 Compliance
•Compliance Management•FSMS
SIL Determination•Analysis•TRAC
•Training•Mentoring
Alarm Management•Benchmarking •EEMUA 191
•Training•Support
Total Safety Offering
Proof Testing Support•TRAMs
•Proof test period•Maintenance
•Lifecycle Support
SIS Systems•TUV Certified
•Flexible and Scalable•System 800xA
Field Instrumentation•SIL rated
•Instrumentation•Actuators
© ABB GroupJune 4, 2012 | Slide 52