topic myth functional safety implies having a sil … safety.pdf · myth –functional safety...
TRANSCRIPT
DNV GL Who are we?
Only by connecting the details can we impact the bigger picture
▪ We classify, certify, verify and test against regulatory requirements,
rules, standards and recommended practices
▪ We develop new rules, standards and recommended practices
▪ We qualify new technologies and operational concepts
▪ We give expert advice
Functional Safety – IntroductionFamily Tree
IEC 61508
General Application
IEC 61511
Process
IEC 61513
Nuclear
IEC 62061
ISO13849
Machinery
Def Stan00-56
Military
EN 50126
50128
50129
Rail
ISO26262
Automotive
Relationship between IEC 61511 and IEC 61508
PROCESS SECTOR
SAFETY
INSTRUMENTED
SYSTEM STANDARD
Manufacturers and
Suppliers of
Devices
IEC 61508
Safety
Instrumented
System Designers,
Integrators and
Users
IEC 61511
O&M
System Design
Software Development
Testing
SIL Verification
Safety Requirements
SIL Determination
Hazard and Risk Assessment
Installation
Commissioning
Validation
Functional Safety Lifecycle
O & M
O&M
SIL Verification
Safety Requirements
SIL Determination
Hazard and Risk Assessment
Installation
Commissioning
Validation
Functional Safety Lifecycle
SolutionA device should not be user-approved until sufficient experience has been gained in a
similar operating environment that you know how it works, how it fails, how frequently it fails, how to detect its failure, and how to
correct the failure.
SolutionThe user of a product must feel confident
that they understand the required frequency of inspection, maintenance, and proof
testing to maintain its mechanical integrity in an “as good as new” condition.
Pitfall
Assumption in certification inconsistent with operating profiles and physical Environment (Proven in use, failure mechanism, proof test
interval etc.,)
Pitfall
Deterioration in performance of SIFs through the life of the facility
Myth # 1: “Using SIL Certified equipment/components ensures a safe system”
Solution
MTBF also need to be considered in development of the SRS.
Pitfall
Frequent interruption in process due to detection of failure.
Myth # 2: “Failure Detection is more important than Failure Prevention”
SolutionRegular Inspection (Proactive/ Condition based Maintenance)
to identify and correct incipient issues and degraded
conditions.Preventive Maintenance to
reduce failure rates.
Pitfall
Proof Test do not prevent the system from failure.
Pitfall
Identifies failures but not the cause.
Solution
Root Cause Analysis-
Detailed analysis of detection of failures to prevent future failures.
Myth # 3: “Proof Test suffices to ensure Mechanical Integrity”
SolutionProactive/ Condition based Maintenance to identify and correct incipient issues and
degraded conditions.Preventive Maintenance
Pitfall
100% of all dangerous failures are not detected. Tests only a
portion of Dangerous Undetected failures.
.
Pitfall
Functionality of SIS components other than valve is not checked.
SolutionProof Testing as per
System design.
Myth # 4: “Partial Testing is Good enough”
SolutionA user approval process should be established to examine evidence of
suitability of devices for the application and operating environment.
SolutionDevelop and implement a software
lifecycle.
PitfallMany are not field proven
and some are not demonstrating the robustness necessary to survive a process
plant environment.
Pitfall
Software lacks the necessary attention.
Myth # 5:“A Vendor can determine whether a Safe System meets the IEC Requirements”
SolutionReliability and availability aspects
needs to be considered in developing the SRS.
Pitfall
Fail-safe design implies poor reliability and adversely affects the availability of
the plant.
Myth # 6: “Fail-Safe design of SIS is an Optimal design”
In our experience
corporate
standards backed
up a project
specific overall
Functional Safety
Management Plan
(FSMP) is the
answer
Clearly defineinputs and
outputs from each phase.
Assign responsibility
Describetechniques
and measures
Is a‘Live’ document
FSMP
How to avoid it – Effective safety planning!
Safety Planning
Verification & Approval
Verification & Approval
Phase 3 Specify the SIS
Independent FSA-1
Phase 4 Design the SIS
Phase 1 Hazard & Risk Assessment
Phase 2 Allocate Safety Functions
Verification & Approval
Verification & Approval
Independent FSA-2
Phase 5 Install and Commission the SISVerification & Approval
Independent FSA-3
Introduce the Hazards
Phase 6 Operate and Maintain the SIS
Verification & Approval
Independent FSA-4
Functional
Safety
Management
System
Project Functional
Safety Plan
Competency
Supplier Conformity
Management Review
Stages of Typical Functional Safety Assessments
▪
▪
▪
▪
Review of Hardware Architecture
Review of Software Development
Review of SIL Achievement
Review of Test Results
Stage 2Assessment: SIS Design and Engineering
▪
▪
▪
Review of installation
Review of commissioning procedures
Review of validation results
Stage 3 Assessment: Installation Commissioning Verification
▪
▪
▪
Review of Hazard and risk assessment
Review of SIL Allocation
Review of Safety Requirements Specification
Stage 1 Assessment: upto SRS development
▪
▪
Review of Operation and Maintenance after a period of operation
Review of proof testing, fault and demand rate recording and system performance
Stage 4 Assessment: Operation and Maintenance
Functional Safety Management – The key to success
Safety Planning
Roles and Responsibilities
Demonstration of Competency
Verification
SAFER, SMARTER, GREENER
www.dnvgl.com
Thank you.
Arunkumar – Manager Safety & Risk
P Lakshmi Narayana – Sr. Consultant Safety & Risk