houston isa october, 2015 dan poston p.e. instrument...
Post on 28-Apr-2018
222 Views
Preview:
TRANSCRIPT
Houston ISA October, 2015
Dan Poston P.E.
Instrument & Controls Consulting Engineer, Lyondellbasell
Dan Poston, PE, TÜV FS Eng Safety Instrumented Systems Engineer
Global Engineering Services (GES)
Tel. +1 281.862.5637
Cell +1 713.502.9435
Daniel.Poston@lyb.com
Dan.poston@yahoo.com Cell 713-430-6280
27 years’ experience in instrumentation, analytical systems, safety instrumented and basic process control systems. My current assignment is an Instrument, Electrical, and Controls Manager for the largest ethylene production facility expansion project. Hold a Masters and Bachelor degree in Electrical Engineering from Purdue University. His advanced academic studies include control systems, probabilistic methods, and microwave engineering.
A little about myself
Safety Moment
Typical Safety Instrumented Function (SIF)
Machinery Protective Function
API 670 Machinery Protection Systems
API Requirements 5th Edition
SIL Verification ◦ Reliability data
◦ API Recommendations
3
5
Trip Valve
Process
A/I Module
Safety PLC
D/O Module
DCS
SIS BPCS
Machinery Protective Function
Mitigation against Mechanical damage and production losses
Mitigation against Safety Hazards
Safety Requirements Specification (SRS)– Defines the performance criteria needed to place the machine in a safe state to mitigate a specific hazard.
Safety Integrity Level (SIL) Verification validates that the Machinery Protection System (MPS) satisfies the SIL requirements as defined in the SRS.
6
Governor/Surge Control
OSD ◦ Turbine Overspeed
ESD/SIS ◦ Low Lube Oil Pressure ◦ Low lube Oil Level ◦ Other Process conditions
Condition Monitoring System ◦ Turbine thrust ◦ Compressor thrust ◦ Axial displacement ◦ Bearing temperature
7
8
Vibration / Oil Press / Temp / Level
Sensor & Extension Cables
Sensors
Signal Cables
Signal Conditioners
(where required)
Relays
Power Supplies Display / Indicators
Inputs / Outputs Signal
Conditioning Alarms
Shutdown Logic Processing
Governor and Surge Control
Sensor & Extension Cables
Sensors
Signal Cables
Signal Conditioners
(where required)
Relays
Power Supplies Display / Indicators
Inputs / Outputs Signal
Conditioning Alarms
Shutdown Logic Processing
Overspeed Detection
Sensor & Extension Cables
Sensors
Signal Cables
Signal Conditioners
(where required)
Relays
Power Supplies Display / Indicators
Inputs / Outputs Signal
Conditioning Alarms
Shutdown Logic Processing
Final Element Shutdown Element (Solenoids, actuators, valves, etc.)
Shutdown System (ESD) Relays
Other Inputs Speed
Control Element
Relays
“API publications are published to facilitate the broad availability of proven, sound engineering and operating practices. These publications are not intended to obviate the need for applying sound engineering judgment regarding when and where these publications should be utilized. The formulation and publication of API publications is not intended in any way to inhibit anyone from using any other practices.”
The 5th edition references IEC61508 ◦ section 4.11.1
If specified, the requirements of Safety Instrumented Systems (SIS) shall apply to some or all of the machinery protection system.
The machinery protection system supplier(s) shall provide the reliability/performance documentation to allow the SIS supplier to determine the safety integrity level for the SIS.
SIS requirements are specified by IEC 61508.
11
Purchaser 4.11.1 ◦ Perform risk assessment for the unit, including
machinery
◦ Assign SIL for each machine protection function
◦ Include in RFQ for supplier to comply w/ assigned SIL
Supplier 4.11.1 ◦ Provide failure rate, FMEDA data for SIL
determination
Supplier 4.11.2 ◦ Support SIL verification activity
12
Supplier 4.17 ◦ Advise if any component is designed for a finite life
Sec. 6.1.7.1 ◦ Three separate passive magnetic speed sensors for OSD
Sec. 8.4.3.6 ◦ The electronic overspeed detection system design shall conform to
standards IEC61508, IEC61511, IEC62061(Machine Protection), or ISO13849 (Machine Protection).
Sec. 8.4.4 ◦ Maximum allowable rotor speed shall be determined (Annex O). System
response times (sensor, solver, relays, solenoid, valve, piping system delays, etc..) are needed to determine the max rotor speed.
13
12.4.11 Every component of the shutdown function
shall have the ability to be tested while the equipment is in operation. With the exception of the Trip valve.
12.3.3 Electro-hydraulic Solenoid Valves ◦ Shall be de-energized to shutdown
No other device between the SOV and the trip valve
◦ Shall have facilities to allow on-line testing
◦ The most common cause for an electro-hydraulic valve is silting of the spool.
Mechanical overspeed device. 1 IPL
Electronic overspeed added assign SIL1 or 2? Needs to meet IEC61511 requirement
Electronic overspeed a Logic solver
15
16
Overspeed Detection
Sensor & Extension Cables
Sensors
Signal Cables
Signal Conditioners
(where required)
Relays
Power Supplies Display / Indicators
Inputs / Outputs Signal
Conditioning Alarms
Shutdown Logic Processing
Final Element Shutdown Element (Solenoids, actuators, valves, etc.)
17
Probe #1
Probe #2
Probe #3
Protech or Turbosentry
R1
R2
R3
Shutdown Alarm
2oo3 Voter
ESD/SIS
Hydraulic Trip Header Drain
Trip Valve
Steam
Governor Valve
Governor
To Steam Turbine
Need SIL2 SIF for safety mitigation
Turn-around frequency 1/5yrs.
Steam trip valve is existing
2oo2 voted Solenoids for high reliability
19
Probe #1
Probe #2
Probe #3
Protech GII
R1
R2
R3
2oo3 Voter
ESD/SIS
Hydraulic Trip Header Drain
Trip Valve
Steam
To Steam Turbine
R1
R2
Redundant 2oo2
20
21
TUV Rheinland SIL3 Certified
API670/API612/API611 Compliant
Has a 2oo3 voter output
Considered Turbosentry ◦ Not a SIL certified device
◦ Requires specific wiring to meet SIL2 hardware requirements. Otherwise SIL1
22
23
Subsystem l lS lD lDD lDU b-Factor bD-Factor SFF
Block A/B/C
Power Supply 2.5E-06 2.0E-06 5.6E-07 5.0E-07 5.6E-08
Control Logic 1.3E-05 1.1E-05 1.9E-06 1.7E-06 1.8E-07
Output 1.1E-06 8.9E-07 2.3E-07 2.3E-07 2.3E-09
Sum 1.69E-05 1.42E-05 2.71E-06 2.47E-06 2.38E-07 0.99
Block D
Voter 1.3E-06 1.1E-06 2.5E-07 2.5E-07 2.5E-09
Sum 1.32E-06 1.07E-06 2.48E-07 2.46E-07 2.48E-09 1.00
Common Cause fractions 2.00% 2.00%
Diagnostic test interval TD/h 1
MTTR = 0
From Invensys QRA ◦ The Quadvoter Hydraulic Trip Block arrangement.
Failure rate = 5 FITS
From Parker Lab Data ◦ Failure rate of each Solenoid < 0 FITS
Exida Generic SOV ◦ Failure Data = 590 FITS
24
No Vendor reliability Data
No user Reliability Data
Other Sources
◦ NURG/CR-6928- Hydraulic Operated Valve
PFDavg=1.51e-3
Average Demands per year = 4.2
Failure Data = 723 FITS > 1/160 yrs.
◦ Kenexis -Trip and throttle Valve
Failure Data = 2280 FITS > 1/50 yrs.
◦ Exida – Generic Globe Valve
Failure Data = 1270 FITS > 1/90 yrs.
◦ Exida – Generic Hydraulic Ball Valve
Failure Data = 1430 FITS > 1/80 yrs.
25
+ +
=
Missing failure rate data for Valve
Options ◦ Torture the equations to get the answer we want?
◦ Change test frequencies?
◦ Uses a different generic valve with lower failure rates?
◦ Perform FMEDA on the valve?
Failure rate from FMEDA study ◦ 614 FITS
◦ Partial test coverage (PVST) = 40%
Generic Globe valve and actuator ◦ 1270 FITS
◦ Partial Test coverage = 70 %
Sec. 8.4.4 ◦ Maximum allowable rotor speed shall be determined (Annex O). System
response times (sensor, solver, relays, solenoid, valve, piping system delays, etc..) are needed to determine the max rotor speed.
Owners need to use Good Engineering Judgment in the design of the Turbine Overspeed Detection system
Suppliers need to be prepared to provide the information needed in order to determine if the performance criteria is achieved
Apply the consensus standards as needed (IEC/ISA) Take advantage of documented best practices (API/ISA) Its not just the responsibility of the Rotating Equipment
engineer. I&C discipline needs to be involved Consider the data sources for the failure rate data The response time needs to be defined for all SIF’s Testing frequency is more than just satisfying the
PFDavg requirements Start early in the design process
• All information (“Information”) contained herein is provided without compensation and is intended to be general in nature. You should not rely on it in making any decision. LyondellBasell accepts no responsibility for results obtained by the application of this Information, and disclaims liability for all damages, including without limitation, direct, indirect, incidental, consequential, special, exemplary or punitive damages, alleged to have been caused by or in connection with the use of this Information.
• LyondellBasell disclaims all warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, that might arise in connection with this information.
Disclaimer
top related