1Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

1

TÜV Rheinland International Symposium in ChinaFunctional Safety in Industrial ApplicationsOctober 18 – 19, 2011 in Shanghai – China

SIL Review of Diesel Engine Shutdown Systems

for

Underground Coal Mines

2Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

22

SIL Review

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

SIL Review - Definition:

“Risk assessment studies directed at checking and verifying that the safeguards provided by the exist ing trip and alarm systems are valid and sufficient for the hazards of the process.”

David Macdonald , MCD Technologies, South Africa “SIL Review: A Practical Methodology for Risk Assessment in Process Plants”

3Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

3

Domain

-Underground coal mining environment

-Diesel engine vehicles

-Vehicle types:-Load, Haul & Dump vehicles (LHD)-Longwall chock carriers-Graders

-Scope-Old machines 4 yearly inspections - Code D, Safety Integrity Review-New machines design and development phase

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

4Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

4

Fire / Explosion Hazard

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

5Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

5

Typical Protection Strategy

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

6Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

6

Key Standards

AS 3584.2-2008 Diesel engine systems for underground coal minesPart 2: Explosion protected

Objective: To promote the safety of explosion-protecteddiesel engine systems that are used underground in coal mines.

AS/NZS 4871.6 – 2007 Electrical equipment for coal mines, for use underg round –Diesel powered machinery and ancillary equipment

Objective: To set out the requirements for design, construction and testing of electrical systems associated with diesel powered machines for use in underground coal mines.

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

7Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

7

AS 3584.2-2008 – DES Definition

A diesel engine that is designed, manufactured and maintained so it will not propagate or generate flame or sparks, which couldinitiate an explosion of the surrounding atmosphere.

The DES includes:

a) Inlet systems and inlet flame trapb) Exhaust systems and exhaust flame trapc) Combustion chamberd) Cooling systemse) Starting systemsf) Shutdown and protection systemsg) Other ancillary equipment attached to or driven by the

engine including electrical systems that start the engine orare associated with the engine operation or engine control.

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

8Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

8

Functional Safety

AS 3584.2-2008 Diesel engine systems for underground coal minesPart 2: Explosion protected

“The Engine system shall be assessed and validated against the relevant category or safety integrity level in accordance with AS 4024.1501, AS 4024.1502, AS 62061 or other similar standards.”

AS 4024.1 – Safety of Machinery

IEC / AS 62061 – Safety of machinery – Functional safety of safety-related E/E/PE control systems

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

9Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

9

Appropriate standard??

Moura Mine Disasters - 1975-1994Moura, QLD, Australia36 fatalities

Pike River Mine Disaster - Nov 2010New Zealand29 fatalities

whereas IEC / AS 62061 suggests worst case single fatalities….

Not very appropriate for Fire / Explosion type of low likelihood, high severity hazards with potential for multiple fatalities.

…lead us to embrace IEC 61511 (IEC 61508).

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

10Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

10

The 61508 Safety Lifecycle

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

11Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

11

AS 3584.2:2008 – Safety Requirements

Compliance to this standard implies a limited time safe operation in atmospheres containing up to 1% methane, including:

1.the control of surface temperature, to avert ignition of coal dust that could settle on a hot surface.

2.containment or elimination of flames and sparks that could ignite flammable gases and dust that may be present (as in underground coal mines).

3.address inadvertent short-term exposure to high methane levels and any consequent abnormal combustion.

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

12Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

12

Development of SRCF

SRCF = Safety Related Control Function

SRCF #1In the event of rise in surface temperature beyond theset-point, the logic solver / component(s) shuts down the diesel engine.

SRCF #2In the event of drop in water level in the scrubber or rise in exhaustgas temperature beyond the set-point, the logic solver / component(s)shuts down the diesel engine.

SRCF #3In the event of rise in methane levels above the set-point, the logicsolver / component(s) shuts down the diesel engine.

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

13Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

13

Fire / Explosion hazard

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

14Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

14

SIL Review of individual safety functions

Failure to detect surface

over-temperature

Failure to contain / eliminate

sparks / flames

Failure to detect presence of

Methane (CH4)

SRCF #1

SRCF #2

SRCF #3

SIL = ?

SIL = ?

SIL = ?

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

15Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

15Shakti Corp Pty Ltd, NSW, AustraliaKeerthy Mysore

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

15Shakti Corp Pty Ltd, NSW - AustraliaKeerthy Mysore

SRCF #1 Over Temperature Shutdown

λD = 0.376 x 10-5 per hour

for i

llust

ratio

n only

16Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

16

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

16

SRCF #2 Scrubber H 2O Shutdown

λD = 0.520 x 10-6 per hour

for i

llust

ratio

n only

17Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

17Shakti Corp Pty Ltd, NSW, AustraliaKeerthy Mysore

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

17Shakti Corp Pty Ltd, NSW - AustraliaKeerthy Mysore

SRCF #3 Methane shutdown

λD = 0.166 x 10-3 per hour

for i

llust

ratio

n only

18Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

18

Total system failure rate

Mines Department

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

19Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

19Shakti Corp Pty Ltd, NSW, AustraliaKeerthy Mysore

19Shakti Corp Pty Ltd, NSW - AustraliaKeerthy Mysore

Fire / Explosion hazard

Context

DES

Safety Lifecycle

SIL Allocation

Case studies

Fault Tree

Analysis

Concerns &

Conclusions

λD = 0.376 x 10-5 per hour λD = 0.520 x 10-6 per hour

λD = 0.166 x 10-3 per hour

�mathematicallydue to MOEs

20Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

20

MOE – Multiple Occurring Events

Context

DES

Safety Lifecycle

SIL Allocation

Case studies

Fault Tree

Analysis

Concerns &

Conclusions

SRCF #3 SRCF #2

21Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

21

Sensitivity Analysis

� Barlow-Proschan measure of cut importance provides contribution of each cut set to the Top Event Frequency

� Alternative to complex fault trees with MOEs which render the overall system fault tree almost impossible at times.

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

22Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

22Shakti Corp Pty Ltd, NSW, AustraliaKeerthy Mysore

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

22Shakti Corp Pty Ltd, NSW - AustraliaKeerthy Mysore

λD = 0.355 x 10-6 per hourwithout CCFTop Undesired Event

for i

llust

ratio

n only

23Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

23

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

λD = 0.532 x 10-5 per hourwith CCF(SIL 1: PFH ≥ 10-6 to < 10 -5)

Top Undesired Event

24Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

24

Concerns & Conclusions

� Earlier machines in the Mining sector were predominantly traditional electrical and pneumatic systems

� Currently - Increasing usage of PES (programmable electronic systems) in the Mining Industry

� The next challenges:

� Addressing software integrity issues� Addressing Functional Safety Management issues

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

25Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

25

Concerns & Conclusions

� Where we are?

� Hardware Reliability� Currently no clear SIL targets from the Department but

we are able to compare hardware reliabilities with SIL rated systems

� The Goal – SIL Domain

� Hardware Integrity� PES & Software Integrity� Functional Safety Management

� We expect to be following the IEC 62061 approach including software block analysis…

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

26Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

26

Acknowledgements

� David Macdonald, MCD Technologies, South Africa

� David Smith, Technis, U.K

� Valley Longwall International, NSW, Australia

� Sandvik Mining & Construction, NSW, Australia

� Industrea Mining Equipment, NSW, Australia

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

27Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

2727

Dedication to Murphy

Capt. Edward A. Murphy

“If anything can go wrong, it will!”

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments

28Shakti Corp Pty Ltd. - AustraliaKeerthy Mysore

2828

Corollary to Murphy‘s Law

If there is a possibility of several things

going wrong, the one that will cause the

most damage will be the one to go wrong!

Context

DES

Safety Lifecycle

Safety

Functions

Fault Tree

Analysis

Concerns &

Conclusions

Acknowledge-

ments