Download - Pk6022 Sis Terms
1
NTNU, September 2007RAMS
SISandSIStechnology
MaryAnnLundteigen([email protected])
Updated Sept 2011
2
NTNU, September 2007
ValvePressure transmitters
Logic solver(PLC)
Control room
Safetyinstrumentedsystem(SIS)
3
NTNU, September 2007
Safetyinstrumentedsystem(SIS)
ASISisasafetysystemthatincludesatleastone electrical,electronic,orprogrammableelectronic(E/E/PE)component.
ASISisusedtoperformoneormoresafetyinstrumentedfunctions.
ASISisoftensplitintothreesubsystems:Sensors/inputs,logicsolvers,andfinalelements/actuatingdevices.
AlsocalledE/E/PEsafety‐relatedsystem
4
NTNU, September 2007
ValvePressure transmitters
Logic solver(PLC)
Control room
Safetyinstrumented function(SIF)
5
NTNU, September 2007
Safetyinstrumentedfunction(SIF)
ASIFisasafetyfunctionthatisperformedbytheSIS.
ASIFisusedtoreduceriskbelowthestatedacceptancecriteria.
6
NTNU, September 2007
Equipmentundercontrol(EUC)
Equipmentundercontrol(EUC):Equipment,machinery,apparatusorplantusedformanufacturing,process,transportation,medicalorotheractivities.
Inourcontext:• AnEUCisassociatedwithsomehazardsorthreats.• EUCintheprocessindustrymaybeaprocesssection
InNorwegianPetroleumindustry(throughtheOLF070),wedistinguishbetween:• Thoseprotectedbyglobalsafetyfunctions• Thoseprotectedbylocalsafetyfunctions
7
NTNU, September 2007
Functionalsafety
Functionalsafety:partoftheoverallsafetyrelatingtotheEUCandtheEUCcontrolsystemthatdependsonthecorrectfunctioningoftheE/E/PEsafety‐relatedsystemsandotherriskreductionmeasures(IEC61508).
• RelatestotheabilitytoprotectvulnerableobjectsfromdamageinrelationtoanEUC.
• ReliesontheabilityofaSIS(andothersafetybarriers)tobringtheEUCtoasafestate,undernormalsituationsand foreseeablefaultsituations.
8
NTNU, September 2007
Example– functionalsafety
EUC:ThecarTobeprotected:Thedriver,thepassengers
9
NTNU, September 2007
Equipmentundercontrol(EUC)
10
NTNU, September 2007
Equipmentundercontrol(EUC)
11
NTNU, September 2007
EUC riskandriskreduction
12
NTNU, September 2007
Riskreductionpractices– processindustryLayersofprotection:Theselinesorlayersservetoeitherpreventaninitiatingevent(suchaslossofcoolingoroverchargingofamaterialtoareactor,forexample)fromdevelopingintoanincident(typicallyareleaseofadangeroussubstance),ortomitigatetheconsequencesofanincidentonceitoccurs
Layers of protection
Seee.g.,http://www.hse.gov.uk/research/misc/vectra300‐2017‐r02.pdf
13
NTNU, September 2007
Riskreductionpractices– processindustry
Layersofprotection– keyrequirements(IEC61511‐3):Specificity:AnIPLisdesignedsolelytopreventortomitigatetheconsequencesofonepotentiallyhazardousevent(forexample,arunawayreaction,releaseoftoxicmaterial,alossofcontainment,orafire).Multiplecausesmayleadtothesamehazardousevent;and,therefore,multipleeventscenariosmayinitiateactionofoneIPL;Independence:AnIPLisindependentoftheotherprotectionlayersassociatedwiththeidentifieddanger.
Dependability:Itcanbecountedontodowhatitwasdesignedtodo.Bothrandomandsystematicfailuresmodesareaddressedinthedesign.
Auditability:Itisdesignedtofacilitateregularvalidationoftheprotectivefunctions.Prooftestingandmaintenanceofthesafetysystemisnecessary.
Riskreductionofminimum10(oravailabilitygreaterthan0.9)
14
NTNU, September 2007
Riskreductionpractices
Defenseindepth(nuclearindustry):Defenseindepthconsistsinahierarchicaldeploymentofdifferentlevelsofequipmentandproceduresinordertomaintaintheeffectivenessofphysicalbarriersplacedbetweenradioactive materialsandworkers,thepublicortheenvironment,innormaloperation,anticipatedoperationaloccurrencesand,forsomebarriers,inaccidentsattheplant.(http://www‐pub.iaea.org/MTCD/publications/PDF/Pub1013e_web.pdf )
Keystrategies:• Conservativedesign• Controlofoperation• Engineeredsafetyfeatures• (Some)additionalfeatures:
• Proceduresforhandlingmultiplefailures
• Accidentpreventionstrategies
• Emergencypreparedness• Diversity
Analysisof defense indepth:http://pbadupws.nrc.gov/docs/ML0718/ML071860536.pdf
15
NTNU, September 2007
Defense indepth ‐ levels
http://www‐pub.iaea.org/MTCD/publications/PDF/Pub1013e_web.pdf
16
NTNU, September 2007
Riskreductionpractices
Riskreductionprincipleswithmachinerysystems
17
NTNU, September 2007
Riskreductionpractices
Riskreductionprincipleswithmachinerysystems
18
NTNU, September 2007
Modeofoperation(IEC61508)
Low demand mode:where the safety function is only performed on demand, in order totransfer the EUC into a specified safe state, and where the frequency of demands is no greater than one per year
High demand mode:where the safety function is only performed on demand, in order totransfer the EUC into a specified safe state, and where the frequency of demands is greater than one per year
Continuous mode: where the safety function retains the EUC in a safe state as part of normal operation
3
19
NTNU, September 2007
Modeofoperation(IEC61511)
(On) demand mode:where a specified action (for example, closing of a valve) is taken in response to process conditions or other demands. In the event of a dangerous failure of the safety instrumented function a potential hazard only occurs in the event of a failure in the process or the BPCS
Continuous (or high demand) mode:where in the event of a dangerous failure of the safety instrumented function a potential hazard will occur without further failure unless action is taken to prevent it.
Low demand if:1 demand per
year1 2 3 4 5
3
20
NTNU, September 2007
Modeofoperation– whyimportant?
On demand: The failure is likely to have been corrected before the demand. The probability that an accident occurs in the presence of a SIS failure is PFD.
SIS failed
Test Test Test Test Test
demand
SIS ok
Test Test Test Test Test
demands
SIS ok
SIS failed
High/continuous demand: Less likely that the failure is revealed and corrected before the next demand, and the accident frequency is more or less the SIS failure frequency
21
NTNU, September 2007
Modeofoperation
System Low D HighDEmergencyshutdown(ESD/NAS) xFire andgasdetection(F&G/B&G) xProcessshutdown(PSD/PAS) x* x*HighIntegrityPressureProtectionSystem(HIPPS) xSignallingsystemforrailway xAutomaticsafeloadindicator (crane) xAirbagsystem(car) xAnti‐lockbrakingsystem(ABS) xIsolationofwell(Workover intervention) x* x*
*Mode may differ for different installations