Topic

MYTH – FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT

Presented by :

Arunkumar A

DNV GL Who are we?

Only by connecting the details can we impact the bigger picture

▪ We classify, certify, verify and test against regulatory requirements,

rules, standards and recommended practices

▪ We develop new rules, standards and recommended practices

▪ We qualify new technologies and operational concepts

▪ We give expert advice

Functional Safety – IntroductionFamily Tree

IEC 61508

General Application

IEC 61511

Process

IEC 61513

Nuclear

IEC 62061

ISO13849

Machinery

Def Stan00-56

Military

EN 50126

50128

50129

Rail

ISO26262

Automotive

Relationship between IEC 61511 and IEC 61508

PROCESS SECTOR

SAFETY

INSTRUMENTED

SYSTEM STANDARD

Manufacturers and

Suppliers of

Devices

IEC 61508

Safety

Instrumented

System Designers,

Integrators and

Users

IEC 61511

O&M

System Design

Software Development

Testing

SIL Verification

Safety Requirements

SIL Determination

Hazard and Risk Assessment

Installation

Commissioning

Validation

Functional Safety Lifecycle

O & M

O&M

SIL Verification

Safety Requirements

SIL Determination

Hazard and Risk Assessment

Installation

Commissioning

Validation

Functional Safety Lifecycle

SolutionA device should not be user-approved until sufficient experience has been gained in a

similar operating environment that you know how it works, how it fails, how frequently it fails, how to detect its failure, and how to

correct the failure.

SolutionThe user of a product must feel confident

that they understand the required frequency of inspection, maintenance, and proof

testing to maintain its mechanical integrity in an “as good as new” condition.

Pitfall

Assumption in certification inconsistent with operating profiles and physical Environment (Proven in use, failure mechanism, proof test

interval etc.,)

Pitfall

Deterioration in performance of SIFs through the life of the facility

Myth # 1: “Using SIL Certified equipment/components ensures a safe system”

Solution

MTBF also need to be considered in development of the SRS.

Pitfall

Frequent interruption in process due to detection of failure.

Myth # 2: “Failure Detection is more important than Failure Prevention”

SolutionRegular Inspection (Proactive/ Condition based Maintenance)

to identify and correct incipient issues and degraded

conditions.Preventive Maintenance to

reduce failure rates.

Pitfall

Proof Test do not prevent the system from failure.

Pitfall

Identifies failures but not the cause.

Solution

Root Cause Analysis-

Detailed analysis of detection of failures to prevent future failures.

Myth # 3: “Proof Test suffices to ensure Mechanical Integrity”

SolutionProactive/ Condition based Maintenance to identify and correct incipient issues and

degraded conditions.Preventive Maintenance

Pitfall

100% of all dangerous failures are not detected. Tests only a

portion of Dangerous Undetected failures.

.

Pitfall

Functionality of SIS components other than valve is not checked.

SolutionProof Testing as per

System design.

Myth # 4: “Partial Testing is Good enough”

SolutionA user approval process should be established to examine evidence of

suitability of devices for the application and operating environment.

SolutionDevelop and implement a software

lifecycle.

PitfallMany are not field proven

and some are not demonstrating the robustness necessary to survive a process

plant environment.

Pitfall

Software lacks the necessary attention.

Myth # 5:“A Vendor can determine whether a Safe System meets the IEC Requirements”

SolutionReliability and availability aspects

needs to be considered in developing the SRS.

Pitfall

Fail-safe design implies poor reliability and adversely affects the availability of

the plant.

Myth # 6: “Fail-Safe design of SIS is an Optimal design”

In our experience

corporate

standards backed

up a project

specific overall

Functional Safety

Management Plan

(FSMP) is the

answer

Clearly defineinputs and

outputs from each phase.

Assign responsibility

Describetechniques

and measures

Is a‘Live’ document

FSMP

How to avoid it – Effective safety planning!

Safety Planning

Verification & Approval

Verification & Approval

Phase 3 Specify the SIS

Independent FSA-1

Phase 4 Design the SIS

Phase 1 Hazard & Risk Assessment

Phase 2 Allocate Safety Functions

Verification & Approval

Verification & Approval

Independent FSA-2

Phase 5 Install and Commission the SISVerification & Approval

Independent FSA-3

Introduce the Hazards

Phase 6 Operate and Maintain the SIS

Verification & Approval

Independent FSA-4

Functional

Safety

Management

System

Project Functional

Safety Plan

Competency

Supplier Conformity

Management Review

Stages of Typical Functional Safety Assessments

▪

▪

▪

▪

Review of Hardware Architecture

Review of Software Development

Review of SIL Achievement

Review of Test Results

Stage 2Assessment: SIS Design and Engineering

▪

▪

▪

Review of installation

Review of commissioning procedures

Review of validation results

Stage 3 Assessment: Installation Commissioning Verification

▪

▪

▪

Review of Hazard and risk assessment

Review of SIL Allocation

Review of Safety Requirements Specification

Stage 1 Assessment: upto SRS development

▪

▪

Review of Operation and Maintenance after a period of operation

Review of proof testing, fault and demand rate recording and system performance

Stage 4 Assessment: Operation and Maintenance

Functional Safety Management – The key to success

Safety Planning

Roles and Responsibilities

Demonstration of Competency

Verification

SAFER, SMARTER, GREENER

www.dnvgl.com

Thank you.

Arunkumar – Manager Safety & Risk

arunkumar.arunachalam@dnvgl.com

P Lakshmi Narayana – Sr. Consultant Safety & Risk

lakshmi-narayana.pitchandi@dnvgl.com