project: refinery expansion sil verification of safety … · -isa-s84.01 2. calculations &...

Client name

Rev.

27/01/2020

Date

First review

2

1

0

ApprovedPrepared Reviewed

Refinery Expansion

SIL Verification Report

JBAHT AHT

Description

Sample Project

Project: Refinery Expansion Rev.1 by JB

SIL verification of Safety Instrumented Functions

1

Client name



1. OBJETIVE & STANDARDS

The purpose of this report is the verification study of the Safety Instrumented Functions defined in the Process Hazardous

Analysis (PHA).

The recommendations of the following Standards have been taken into account:

-IEC 61508:2010

-IEC 61511:2016

-ISA-S84.01

2. CALCULATIONS & VERIFICATION

As calculation tool "SILcet 5.2" has been used

The following three requirements of the IEC 61511/61508 has been checked:

-Systematic Capability (SIL certification or proven in use/prior use justification).

-Architectural Constraints (minimum redundancy) based on the routes of the Standards.

-Compliance of the PFDavg/PFH according with the Standards.

3. PROJECT INFORMATION

Project name:

Project description:

Safety Requirement Specification reference: SRS-1200-01

4. GENERAL DATA

The following general parameters have been used.

Note 1: These values have been used only when there were no other values duly documented.

Parameter Sensor subsystem Logic Solver Actuator subsystem

Life Time (LT) 15 years 15 years 15 years

Operation mode Low demand Low demand Low demand

MTTRDD 48 hours 48 hours 48 hours

Beta factor 5% 2% 10%

Proof test coverage (Cpt) 90% 95% 70%

Test interval (TI) 1 year 4 years 1 year

Start-up time 24 hours 24 hours 24 hours

2

Client name



5. VOTING DEGRADATION OF TRANSMITTERS

The most common voting scenarios utilized in the SIS are: One out of One (1oo1), One out of Two (1oo2), Two out of

Two (2oo2), and Two out of Three (2oo3).

The following table shows the configuration of the transmitters and the behaviour of the PLC on a Dangerous Detected

Failure (DD). In this project the philosophy is to keep reliability high.

SIFs with unique voting schemes not defined by 1oo1, 1oo2, 2oo2, or 2oo3 are to be considered on a case-by-case basis.

1oo2 Process Trip

2oo3 High Over Range Yes Yes 1oo2 Process Trip

2oo3 Low Under Range Yes Yes

1oo1 Process Trip

2oo2 High Over Range Yes Yes 1oo1 Process Trip

2oo2 Low Under Range Yes Yes

1oo1 Process Trip

1oo2 High Under Range Yes No 1oo1 Process Trip

1oo2 Low Over Range Yes No

No Alarm --

1oo1 High Under Range Yes No Alarm --

1oo1 Low Over Range Yes

2nd failure

Architecture degradation

PLC software

Transmitter

setting

Out of range

diagnostic

Channel

Trip

1st failure

Process

TripLogic

3

Client name

Pr. AC SC SFF (1H) DC SFF (1H) DC

1 1 2 1H 87,0% 52,5%

2 2 2 1H 87,0% 52,5%

2 2 3 1H 81,1% 52,5%

2 2 3 61511 0,0% 0,0%

2 2 3 1H 91,4% 52,5%

2 2 2 1H 92,8% 52,5%

1 1 3 1H 84,2% 52,5%

3 2 3 1H 81,1% 57,8%

Possible changes to SIFs not achieving the target values: Pr: Probability of failure

AC: Architectural Constraints

SC: Systematic Capability

SFF: Safe Failure Fraction

DC: Diagnostic Coverage=DD/(DD+DU)

MTTFS in years: Mean Time To Fail Spuriously

RRF: Risk Reduction Factor

SIL & RRF targets are not achieved

MTTFS target is not achieved

Achieved

SIL ACTUATOR

Lowest value for

SENSORS


SUMMARY OF SIL VERIFICATION

TARGETSIF Tag

Ro

ute

M4-LT-1111-01

M4-LT-1212-01

M4-PT-2312-06

M4-PS-1112-10

ACHIEVED

SIL RRF PFDavg MTTFS

SIL-1

SIL RRF

SIL-1 20 56 1,79E-02 71

SIL-2 200 10

10

MTTFS

SIL-2 459 2,18E-03 44

SIL-2 200 10 SIL-2 459 2,18E-03 49

45

10 SIL-2 4285

SIL-2 130 10 SIL-1

SIL-2 200 10 SIL-2 239 4,19E-03 46

SIL-2 200 10 SIL-2 244 4,11E-03 28

No.

1

3

6

10

2,33E-04 34

55 1,82E-02 32

SIL-1 2061

SIL-2 200 10

30

40

45

M5-FT-2312-30

M5-BE-82412-01

M5-TT-21022-01-PVST

M5-PT-2312-G-01

SIL-2 439 2,28E-03

4

Client name

SIF: M4-LT-1111-01

Arch. Constraints: Route 1H of IEC61508 with few exceptions

based on IEC 61511.

Factors for Maintenance Capability:

Cpt=1 TI=1

Out of range diagnostic: ON Sensor Fault: U.R. Channel Trip: No

LOGIC SOLVER

ESD-1

1oo1 1oo1

LT-1 1oo2D XV-1

Input Input Output Output

voting Safety PLC voting

group Model: Generic group

actuator SIL-1 1,72E-02 125

10 MTTFS (y) 71 other -- -- --

On High High Level (LT-1) [1oo1] in Tank 100-1111 close valve XV-1 [1oo1]

Rev.1 by JBProject: Refinery Expansion


Required Achieved Achieved Achieved PFDavg MTTFS (years)

SIL-1 SIL SIL-1 PFDavg SIL-1 sensor SIL-1 5,77E-04 836

20 RRF 56 Arch. C. SIL-1 logic solver SIL-3 1,65E-04 209

Route 1H PFDavg 1,79E-02 SC SIL-2

5

Client name



SIF: M4-LT-1111-01

Tags

Tags

Tags

act_part isolator -- 0 114 0 0 A 100,0%

act_part actuator -- 0 286 0 199 A 59,0%

act_part solenoid -- 0 516 0 188 A 73,3%

actuator XV-1 1oo1 0 916 0 829 A 52,5%

act_part valve -- 0 0 0 442 A 0,0%

logicsolver ESD-1 1oo2D 11617 129 3815 241 B 98,5%

sen_part process -- 0 0 0 0 A 0,0%

sen_part interface -- 29 0 143 45 A 79,4%

sensor LT-1 1oo1 53 84 377 77 B 87,0%

sen_part transmitter -- 24 84 234 32 B 91,4%

Subsystem Logic SD SU DD DU Type SFF

act_part solenoid --

act_part isolator --

act_part valve --

act_part actuator --

actuator XV-1 1oo1 73% 1,0 15 0 24

sen_part interface --

logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24

sen_part transmitter --

sen_part process --

Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)

sensor LT-1 1oo1 95% 1,0 15 48 24

1,72E-02 1 0 3 1 125

-- 3 -- --

-- 3 -- --

5,77E-04 3 0 2 1 836

-- 3 -- --

-- -- --

PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)Logic

act_part valve --

actuator XV-1 1oo1



act_part actuator

logicsolver ESD-1 1oo2D


sen_part process --

-- 2 -- --

1,65E-04 3 1 3 3 209

--


-- 3 -- --

-- 3 -- --

sensor LT-1 1oo1

Subsystem

6

Client name



SIF: M4-LT-1212-01


based on IEC 61511.


Cpt=1 TI=1

Out of range diagnostic: ON Sensor Fault: U.R. Channel Trip: No

LOGIC SOLVER

LT-1A ESD-1 XV-1A

Input 1oo2 1oo2 Output

1oo2D

Input Output

LT-1B voting Safety PLC voting XV-1B

Input group Model: Generic group Output

Route 1H PFDavg 2,18E-03 SC SIL-2 actuator SIL-2 1,98E-03 66

10 MTTFS (y) 44 other -- -- --

On High High Level (LT-1A/B) [1oo2] in Tank 100-1111 close valve XV-1A/B

[1oo2]




7

Client name



SIF: M4-LT-1212-01

Tags

Tags

Tags

100,0%

0 0 A 0,0%

29 0 143 45 A 79,4%

11804 133 3920 247 B 98,5%

--

-- 3 -- --

-- 3 -- --

--

-- 2 -- --

1,70E-04 3 1 3 3 204

sen_part process --



-- 3 --

-- --

actuator XV-1 1oo2

act_part valve --


1,98E-03 2 1 3 2 66

-- 3 -- --

--




3 --


sensor LT-1 1oo2 95% 1,0 15 5% 48 24


sen_part process --




actuator XV-1 1oo2 73% 1,0 15 10% 0 24


SD SU


Subsystem Logic

sensor LT-1 1oo2

act_part valve --



sensor LT-1 1oo2


53 84

24 84

0 0

actuator XV-1 1oo2 0 916 0 829 A 52,5%

act_part valve --


0 0 0 442 A 0,0%

0 286 0 199 A 59,0%



0 516 0 188 A 73,3%

0 114 0 0 A

PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)

2,90E-05 4 1 2 2 429

--

DD DU Type SFF

377 77 B 87,0%

234 32 B 91,4%

sen_part process --

Subsystem Logic

8

Client name



SIF: M4-PT-2312-06


based on IEC 61511.


Cpt=1 TI=1

Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes

PT-6A

Input LOGIC SOLVER

ESD-1 XV-6A

2oo3 1oo2 Output

PT-6B 1oo2D

Input Input Output

voting Safety PLC voting XV-6B

group Model: Generic group Output

PT-6C

Input



On High High Pressure (PT-6A/B/C) [2oo3] in Vessel 100-2312 close valves

XV-6A/B [1oo2]




10 MTTFS (y) 49 other -- -- --

9

Client name



SIF: M4-PT-2312-06

Tags

Tags

Tags

-- --

Subsystem Logic


sen_part seal -- -- 3

act_part valve --


1,73E-04 3 1 3 3 201

actuator XV-6 1oo2 1,95E-03 2 1 3 2 66

-- 3 -- --

-- 3 -- --



-- 3 -- --

sensor PT-6 2oo3 94% 1,0 15 5% 48 24


sen_part seal --


XV-6 1oo2 73% 1,0 15 10% 48 24

act_part valve --

PT-6

-- 3 -- --




actuator


sen_part seal -- 0 0 0 46 A 0,0%


actuator XV-6 1oo2 0 916 0 829 A 52,5%

act_part valve -- 0 0 0 442 A 0,0%



act_part isolator -- 0 114 0 0 A 100,0%

HFT SC SIL (arch) MTTFS (y)PFDavg SIL (pfd)

5,25E-05 4 1 3 2 3.866

0 87 B 81,1%

-- 3 -- --




sensor 2oo3 279 94

sensor PT-6 2oo3

10

Client name



SIF: M4-PS-1112-10


based on IEC 61511.


Cpt=1 TI=1

LOGIC SOLVER

ESD-1 XV-6A

1oo1 1oo2 Output

PSHH-6 1oo2D

Input Input Output

voting Safety PLC voting XV-6B

group Model: Generic group Output

On High High Pressure [1oo1] in Vessel close valves XV-6A/B [1oo2]

200 RRF 239 Arch. C. SIL-2 logic solver SIL-3

IEC61511 PFDavg 4,19E-03 SC SIL-3 actuator SIL-2 1,95E-03 66

10 MTTFS (y) 46 other -- -- --



1,07E-04 190

11

Client name



SIF: M4-PS-1112-10

Tags

Tags

Tags

Logic

sen_part process --

sen_part switch -- -- 3 -- --

Subsystem




actuator XV-6 1oo2


act_part valve --


sensor PSHH-6 1oo1 90% 1,0 15 24

sen_part switch --

sen_part process --


--

actuator XV-6 1oo2 73% 1,0 15 10% 24

-- 3 -- --

-- 3 -- --

sensor PSHH-6 1oo1 0 128 0 203 A 0,0%

act_part valve --

act_part actuator

-- 0 128 0 203 A 0,0%


sen_part switch


actuator XV-6 1oo2 0 916 0 829 A 0,0%

act_part valve -- 0 0 0 442 A 0,0%

A 0,0%



1,95E-03 2 1 3

HFT SC

3 66

-- 3 -- --

-- 3 -- --

sensor PSHH-6 1oo1

act_part solenoid

SIL (arch) MTTFS (y)

2,13E-03 2 0 3 2 892

-- -- --

1,07E-04 3 1 3 3 190

PFDavg SIL (pfd)

Subsystem Logic SD SU DD DU Type DC

--


act_part isolator -- 0 114 0 0

12

Client name



SIF: M5-FT-2312-30


based on IEC 61511.


Cpt=1 TI=1


[FG] XV-30

1oo2 Output

FT-30A

Input LOGIC SOLVER Output

ESD-1 voting [FG] XV-31

2oo3 2oo2 group Output

FT-30B 1oo2D

Input Input Output

voting Safety PLC Group [NG] XV-32

group Model: Generic 1oo2 Output

FT-30C

Input Output

voting [NG] XV-33

group Output


10

SIL-2 logic solver SIL-3 1,78E-04 197

-- --

On Low Low Air Combustion Flow (FT-30A/B/C) [2oo3] in Incinerator 100-

2312 closes Fuel Gas Valves (1oo2 XV-30/31) & Natural Gas Valves (1oo2

XV-32/33) [2oo2 of FG & NG]

MTTFS (y) 28 other --




200 RRF 244 Arch. C.

13

Client name



SIF: M5-FT-2312-30

Tags

Tags

Tags

197

actuator [FG] XV-30/31 1oo2

actuator [NG] XV-32/33 1oo2

1,95E-03 2 1 3 2 66

1,95E-03 2 1 3 2 66


sensor FT-30 2oo3 90% 1,0 15 5% 48 24


sen_part process --

actuator [FG] XV-30/31 1oo2 73% 1,0 15 10% 48 24


actuator [NG] XV-32/33 1oo2


--

MTTFS (y)

2,54E-05 4 1 3 3

sensor FT-30 2oo3 258 84 0 32 B 91,4%


actuator [FG] XV-30/31 1oo2 0 916 0 829 A 52,5%

actuator [NG] XV-32/33 1oo2 0 916 0 829 A 52,5%


logicsolver ESD-1 1oo2D 1,78E-04

FT-30 2oo3

3 1 3 3

-- --

-- --

73% 1,0 15 10% 48 24

Subsystem Logic

sensor

sen_part process --

4.176

-- 3


PFDavg SIL (pfd) HFT SC SIL (arch)


14

Client name



Groups: [Fuel-Gas] XV-30/31 & [N.Gas] XV-32/33

Tags

Tags

Tags

act_part driver -- -- 3 -- --

act_part actuator -- -- 3 -- --

act_part solenoid -- -- 3 -- --

actuator [NG] XV-32/33 1oo2 1,95E-03 2 1 3 2 66

act_part valve -- -- 3 -- --




actuator [FG] XV-30/31 1oo2 1,95E-03 2 1 3 2 66


Subsystem Logic PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)


act_part driver --

act_part valve --


actuator [NG] XV-32/33 1oo2 73% 1,0 15 10% 48 24


act_part driver --

act_part valve --



actuator [FG] XV-30/31 1oo2 73% 1,0 15 10% 48 24

act_part driver -- 0 114 0 0 A 100,0%



actuator [NG] XV-32/33 1oo2 0 916 0 829 A 52,5%

act_part valve -- 0 0 0 442 A 0,0%

0 516 0 188 A 73,3%

act_part driver -- 0 114 0 0 A 100,0%


actuator [FG] XV-30/31 1oo2 0 916 0 829 A 52,5%

act_part valve -- 0 0 0 442 A 0,0%



15

Client name



SIF: M5-BE-82412-01


based on IEC 61511.


Cpt=1 TI=1


BE-40A BE-40M 8oo24

BE-40B BE-40N LOGIC SOLVER

BE-40C BE-40O Input ESD-1 XV-40A

BE-40D BE-40P voting 1oo2 Output

BE-40E BE-40Q group 1oo2D

BE-40F BE-40R Output

BE-40G BE-40S Safety PLC voting XV-40B

BE-40H BE-40T Model: Generic group Output

BE-40I BE-40U

BE-40J BE-40V

BE-40K BE-40W

BE-40L BE-40X


10 MTTFS (y) 45 other -- -- --

If flame is lost in 8 or more flame detectors (BE-40A/…/X) [8oo24] close

Fuel-Gas Valves XV-40A/B





16

Client name



SIF: M5-BE-82412-01

Tags

Tags

Tags

act_part driver -- 0 114 0 0 A 100,0%



actuator XV-40 1oo2 0 916 0 829 A 52,5%

act_part valve -- 0 0 0 442 A 0,0%


sensor BE-40 8oo24 877 67 0 73 B 92,8%



act_part driver --

act_part valve --


actuator XV-40 1oo2 73% 1,0 15 10% 48 24



sensor BE-40 8oo24 64% 1,0 15 5% 48 24




actuator XV-40 1oo2 1,95E-03 2 1 3 2 66


logicsolver ESD-1 1oo2D 2,32E-04 3 1 3 3 153

2.419


sensor BE-40 8oo24 9,66E-05 4 16 2 4

17

Client name



SIF: M5-TT-21022-01-PVST


based on IEC 61511.


Cpt=1 TI=1


XV-43

1oo2 Output

TT-43A 2oo10

TT-43B LOGIC SOLVER Output

TT-43C Input ESD-1 voting XV-44

TT-43D voting 2oo2 group Output

TT-43E group 1oo2D

TT-43F Output

TT-43G Safety PLC Group 1oo1

TT-43H Model: Generic XV-45

TT-43I Output Output

TT-43J voting

group


10 MTTFS (y) 32 other -- -- --

On High Temperature in Bed 1 of Reactor TT-43A/…/J (2oo10) open valves

XV-43/44 (1oo2) and close valve XV-45 (1oo1) [2oo2 with 2 groups]




18

Client name



SIF: M5-TT-21022-01-PVST

Tags

Tags

Tags


act_part driver -- 0 114 0 0 A 100,0%

act_part valve -- 0 0 0 442 A 0,0%


actuator XV-43/44 1oo2 0 962 0 665 A 59,1%

actuator XV-45 1oo1 0 916 0 829 A 52,5%



sensor TT-43 2oo10 2356 34 0 448 B 84,2%


act_part driver --




actuator XV-45 1oo1 73% 1,0 15 48 24

act_part valve --

actuator XV-43/44 1oo2 90% 1,0 15 10% 48 24



sen_part process --


sensor TT-43 2oo10 98% 1,0 15 5% 48 24





actuator XV-43/44 1oo2 7,30E-04 3 1 3 2 62

actuator XV-45 1oo1 1,72E-02 1 0 3 1 125

logicsolver ESD-1 1oo2D 1,94E-04 3 1 3 3 180

665

sen_part transmitter -- -- 3 -- --

sen_part process -- -- 3 -- --

sensor TT-43 2oo10 1,31E-04 3 8 3 4


19

Client name



SIF: M5-PT-2312-G-01


based on IEC 61511.


Cpt=1 TI=1


XV-6A

1oo2 Output

PT-6A

Input LOGIC SOLVER Output

voting XV-6B

2oo3 1oo2 group Output

PT-6B 1oo2D

Input Input Output

voting Safety PLC Group 1oo1

group Model: Generic Pump-61

PT-6C Output Output

Input voting

group



20 RRF 4.285 Arch. C. SIL-2 logic solver SIL-3 1,75E-04 199

On High High Pressure (PT-6A/B/C) [2oo3] close valves XV-6A/B [1oo2] OR

stop Pump 61.


10 MTTFS (y) 34 other -- -- --

20

Client name



SIF: M5-PT-2312-G-01

Tags

Tags

Tags

act_part [1oo1] Pump 61 -- 0 1050 0 606 A 63,4%

actuator 1oo2 (see CF-A) 1oo2 A 57,8%

act_part [1oo2] XV-6A/B -- 0 916 0 829 A 52,5%

logicsolver 1oo2D 11991 137 4025 253 B 98,5%


sen_part seal -- 0 0 0 46 A 0,0%


sensor PT-6 2oo3 279 94 0 87 B 81,1%

act_part [1oo2] XV-6A/B -- 73% 1,0 15 10% 48 24

act_part [1oo1] Pump 61 -- 95% 1,0 15 48 24

actuator 1oo2 (see CF-A) 1oo2

sen_part seal --

logicsolver 1oo2D 99% 4,0 15 2% 48 24

sensor PT-6 2oo3 94% 1,0 15 5% 48 24



act_part [1oo1] Pump 61 -- -- 3 -- --

actuator 1oo2 (see CF-A) 1oo2 5,52E-06 4 1 3 2 41

act_part [1oo2] XV-6A/B -- -- 3 -- --

5,25E-05 4 1 3 2 3.866

sen_part transmitter -- -- 3 -- --

sen_part seal -- -- 3 -- --


sensor PT-6 2oo3

logicsolver 1oo2D 1,75E-04 3 1 3 3 199

21

Client name



SIF tag: CF-A

Subsystem: actuator

Group 1 XV-6

Group 2 Pump-61

Group 3

Group 4

Group 5

Combined

Achieved :

Tags

Tags

Tags

1oo2 0 1050 0 829

1oo2 0% 0% 0 0

Logic SD SU DD DU

1oo2 5,52E-06 41 1 15

Logic Cpt Beta MTTRdd Startup

actuator Pump-61 1oo1 4,50E-03 109 1 15

1oo2 Final Element used in SIF with tag M5-PT-2312-G-01

-- [1oo2] of XV-6A/B [1oo2] & Pump-61 [1oo1]1oo1

Logic PFDavg MTTFS

1oo2 5,52E-06 41

Subsystem

actuator

actuator

actuator

XV-6 1oo2 73% 10% 48 24

Pump-61 1oo1 95% 0% 48 24

Combined

Subsystem

actuator

actuator

Combined

Subsystem

SIL-4

Logic PFDavg MTTFS (y) TI (y) LT (y)

XV-6 1oo2 1,98E-03 66 1 15

XV-6 1oo2 0 916 0 829

Pump-61 1oo1 0 1050 0 606

Combined

22

Description Vendor Fail-High Fail-LowFail-

DetectedSD SU DD DU Type SC

DEVICES OF SENSOR SUBSYSTEM

3051 Pressure Transmitter (Coplanar Absolute) Emerson 29 28 222 0 94 0 41 B 3

3051 Pressure Transmitter (Coplanar Differential) Emerson 24 27 207 0 84 0 32 B 3

YTA710 Temperature Transmitter Yokogawa 65 65 626 0 34 0 48 B 3

1199 Remote Seal, High Trip, normal service Rosemount 0 0 0 0 0 0 46 A 3

Generic clean process connection 0 0 0 0 0 0 0 A

IS Isolator AI/AI P+F 28,5 143 0 0 0 0 45 A 2

Generic RTD 2/3 wires 600 1000 0 0 0 0 400 A 3

Absolute Pressure Switch series M, B, A, D, PC, PX Ettore Cella 0 0 0 0 128 0 203 A 3

X2200 Flame Detector, 4-20 mA output Det-Tronics 10 121 746 0 67 0 73 B 2

DEVICES OF FINAL ELEMENTS

Floating Ball Valve, C series, Full Stroke, Clean Service Mogas 0 0 0 442 A 3

Actuator VL series, spring cylinder, Air-to-Retract Flowserve 0 286 0 199 A 3

Solenoid series 327, De-energize to trip ASCO 0 516 0 188 A 3

DO interface, Solenoid Driver P+F 0 114 0 0 A 3

MODULES OF GENERIC SIL-3 PLC

CPU 7430 75 2370 125 B 3

Power Supply 2250 0 250 0 B 3

AI module 990 10 900 100 B 3

AI channel 48 3 48 3 B 3

DI module 570 30 380 20 B 3

DI channel 124 7 67 4 B 3

DO module - output low 760 40 190 10 B 3

DO channel - output low 139 1 57 3 B 3

DO module - output high 760 40 190 10 B 3

DO channel - output high 277 3 114 6 B 3

FAILURE RATES (FITS)

Project: Refinery Expansion

SIL VERIFICATION - LIST OF PRODUCTS

Rev.1 by JB

23

project: refinery expansion sil verification of safety … · -isa-s84.01 2. calculations &...

Documents