safety integrity level (sil)

Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis

Layer of Protection Analysis (LOPA)in determining

Safety Integrity Level (SIL)Part 1 - Introduction

Heru Wandira

PT. AT Solusi

7 Oktober 2014

HW LOPA


Daftar Isi

1 Background

2 Overview

3 Hazard & Risk

4 IEC 61508 & 61511IEC 61508IEC 61511IEC 61508 & 61511 RelationshipRelationship of SIF & other

5 Risk AnalyisisRA in SISLOPAThe Concept of LOPAEvaluation of LOPA

HW LOPA


Background

Figure: Safety life Cycle [1]

HW LOPA


Overview

Safety Integrity Level (SIL) determined by target Probability ofFailure on Demand (PFD) set on demand mode or dangerousfailure rate (continuous mode) set by :

Process RiskTolerable Riskother mean of protection

One of the popular risk analysis in determining SILs level isusing Layer Of Protection Analysis (LOPA). LOPA isquantitative method for determining risk hazard in industriallevel published in 1993 by CCPS

HW LOPA


Hazard & Risk in Industry

Figure: Protection Layers for Hazard & Risk in Industry [2]

HW LOPA

Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisIEC 61508 IEC 61511 IEC 61508 & 61511 Relationship Relationship of SIF & other

IEC 61508 Functional Safety of E/E/PE safety-relatedsystems

Figure: Functionality of IEC 61508[2]

Functional Safety Of Electri-cal/Electronic/ ProgrammableElectronic Safety-RelatedSystems

HW LOPA


IEC 61511 - Functional Safety - SIS for ProcessIndustry

Figure: Functionality of IEC 61511 [2]

Functional Safety - Safety Instru-mented Systems For The Pro-cess Industry Sector

Part 1 : Framework,definitions, system,hardware and softwarerequirementsPart 2 : Guidelines For TheApplication Of IEC 61511-1Part 3 : Guidance For TheDetermination Of TheRequired Safety IntegrityLevels

HW LOPA


Relationship between IEC 61511 & 61508

Figure: Relationship between IEC 61511 & 61508

HW LOPA


Relationship between SIFs and other Functions

Figure: Relationship between SIFs and other Functions

HW LOPA

Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref

Risk Analysys in determining SIL

Suggested methods in IEC 61508 & 61511 for calculate targetSIL value of SIF :

Qualitative : Risk matriks, and Risk GraphQuantitative : LOPA, Failure Mode, and Effect Analysis(FMEA) or MARKOV modelling

HW LOPA


Layer Of Protection Analysis (LOPA) - Overview

LOPA is a quantitative tool which is readily applied after the Pro-cess Hazard Analysis (PHA) on determinig SILs level. The con-cept of LOPA published by CCPS, and proposed in IEC 61511standard

Guidelines for Safe Automation of Chemical Process(CCPS, 1993)IEC 61511-3 Annex F : Provides An Overview Of A MethodUsing A Layer Of Protection Analysis (LOPA) Approach ToSelect The Required SIL

HW LOPA


Layers of Protections

Figure: Layers of protection to lower the frequency of a specificaccident scenario [5]

HW LOPA


The Concept of LOPA

LOPA is used to identify multiple Independent Protection Layers(IPLs) that mitigate a potential hazard [3].

Figure: The concept of LOPA [2]

HW LOPA


The Concept of LOPA

Independent Protection Layers (IPLs) are devices, systems, oractions that are capable of preventing a scenario from develo-ping into an undesired consequence. All these layers are inde-pendent from one another so that any failure of the layer will notaffect the functioning of the other layers [3].Each company that chooses to use LOPA needs its own speci-fic procedure. The Procedure must include tables for initiatingcause likelihoods and PFDs for various types of IPLs [3]. TheLOPA procedure must have clear rules with which to evaluatesafeguards to determine if they qualify as IPLs.

HW LOPA


Team composition and training of LOPA facilitators

LOPA team composition and training that company should al-so establish had the minimum requirements. The team shouldconsist of the [3]:

Operator with experience operating the process underconsiderationEngineer with experience in the processManufacturing managementProcess control engineerInstrument / Electrical maintenance person withexperience in the process under considerationRisk analysis (LOPA) specialist

HW LOPA


LOPA processThe LOPA process consist 6 steps :

1 Identify the consequence to screenthe scenarios

2 Select an accident scenario3 Identify the initiating cause of the

scenario and determine the initiatingcause frequency (event per year)

4 Identify the IPL and estimate thePFD of each IPL

5 Estimate the risk of the scenario bymathematically combining theconsequence, initiating event andIPL data

6 Evaluate the risk and giverecommendations

HW LOPA


Benefits of LOPA

LOPA advantages[3] :Simple risk assessment tools with less time and resourcesthan for a QRA but more rigorous than HAZOPIt facilitate the determination for more precisecause-consequence pairsIt identifies operations, practices, system and processesthat do not have adequate safeguards and help in decidingthe PLs required on the most critical safety systemsIt avoids the generalities of the safety layer matrix methodby including its own calibrationEven though more time-consuming than Risk graph, itallow a better understanding of the safety system in thefunctional safety of the overall designIt requires much less work than FTAProvide due credit to all PLs and helps in estimating thespecific risk level of the unit or equipment

HW LOPA


Benefits of LOPA

It removes subjectivity while providing clarity andconsistency to risk assessment and helps to compare riskbased on a common ground if it is used throughout a plantIt is useful for making risk-based decision during stageslike design, management of change, etcProvide due credit to all PLs and helps in estimating thespecific risk level of the unit or equipmentIt removes subjectivity while providing clarity andconsistency to risk assessment and helps to compare riskbased on a common ground if it is used throughout a plant

HW LOPA


Benefits of LOPA

Limitation of using LOPA[3] :It is not intended to be a hazard identification toolCriteria for risk tolerance must be established for LOPAexercise before process startsLOPA offers flexibility to the user in the areas of selectingIPLs and PFDs, this brings in subjectivity in theassessment process and depends on the expertise of theuserLOPA is a simplified approach and should not be applied toall scenarios.LOPA analysis tends to drive initiating cause likelihoods tohigher levels than actual field experience

HW LOPA


Daftar Pustaka

IEC 61508 - 1998 Functional Safety Of Electrical/Electronic/Programmable Electronic Safety-Related Systems

IEC 61511 - 2003 Functional safety Safety instrumentedsystems for the process industry sector

B. R. Hanniken, Applicability of Layer of Protection Analysisto determine Safety Integrity Levels in the ProcessIndustry, NTNU, Norwegia : 2007

ANSI ISA S84.01 - 1996 Application of Safety InstrumentedSystems for the Process Industries

D. A. Crowl, Chemical Process Safety : Fundamental withApplications 2nd Edition, Prentice Hall, New Jersey : 2001

HW LOPA

BackgroundOverviewHazard & RiskIEC 61508 & 61511IEC 61508IEC 61511IEC 61508 & 61511 RelationshipRelationship of SIF & other

Risk AnalyisisRA in SISLOPAThe Concept of LOPAEvaluation of LOPA

safety integrity level (sil)

Documents

risk hazard

risk analyisishazard

risk analyisisiec

functionality of iec

theapplication of iec

risk analyisisbackgroundfigure

risk graphquantitative

risk matriks