sis overview

50

Click here to load reader

Upload: alex-acosta-lara

Post on 24-Aug-2014

169 views

Category:

Documents


5 download

TRANSCRIPT

Page 1: SIS Overview

Overview of

Process Safety Management&

Safety Instrumented Systems(Protective System)

Page 2: SIS Overview

Purpose of Presentation

Define – “Process Safety Management”Define – “Safety Instrumented System” Review Regulation / Standards /

References for “Safety Instrumented Systems”

Examine Methods of Selection and Design of “Safety Instrumented Systems”

Provide Examples of “Safety Instrumented Systems”

Page 3: SIS Overview

Process Safety Management (PSM) Program:

A management methodology which is aimed at preventing the occurrence, or minimize the consequences, of catastrophic releases of toxic or explosive materials.

Reference for Establishing Policies and Procedures for this presentation:USA 29CFR1910.119

API RP750NOM-028 Mexico

AIChE/CCPS Text Books

Page 4: SIS Overview

Process Safety Management

Employee Participation

Process SafetyInformation

Process Hazard

Analysis

Operating Procedures

Contractors

Training

Pre-StartupSafety Review

Mechanical Integrity

Hot WorkPermits

Management of Change

Incident Investigation

EmergencyPlanning and

ResponseCompliance

Audits

Trade Secrets

Page 5: SIS Overview

Process Hazards Analysis (PHA) A PHA should be performed for all facilities which could

potentially have a substantial release of dangerous materials. The purpose of the PHA’s is to minimize the likelihood of such

an occurrence by identifying, evaluating, and controlling the events that could cause a release.

Risk Assessment (Is Risk Acceptable?) Severity of Hazard Likelihood of Occurrence Protection Layers

Page 6: SIS Overview

Hazard

Concept of Protection LayersUsing a Process Hazards Analysis Methodology, all

potential process Hazards are identified.

Page 7: SIS Overview

Hazard

1

1 - Physical

Once a hazard has been identified, the availableprotection layers are evaluated using Risk Assessment Methodologies.

Page 8: SIS Overview

Hazard

1

1 - Physical

2

2 - Human

Page 9: SIS Overview

Hazard

1

1 - Physical

2

2 - Human

3

3- BPCS

Page 10: SIS Overview

Hazard

1

1 - Physical

2

2 - Human

3

3- BPCS

4

4 - Mitigation

Page 11: SIS Overview

Hazard

1

1 - Physical

2

2 - Human

3

3- BPCS

4

4 - Mitigation

5

5 - SIS

SIS – “Safety Instrumented Systems”

Page 12: SIS Overview

Is a Safety Interlock Needed?

If so, how Good does it need to be?

How do we know if it’s Good Enough?

What is a Safety Instrumented System (SIS) and associated Safety Instrumented Functions (SIF)?

(In the past an SIS has been referred to as an Emergency Shutdown System (ESD) – Example HL Area ESD System)

A SIS is an instrumented protective system that consists of an instrument component, group of instrument components, or instrument system that reduces process risk by preventing or mitigating the consequences of a process hazard.

A SIF is an instrumented protective system within a SIS that reduces process risk for a specific process hazardous cause.

Page 13: SIS Overview

SDV103

SEPARATORSEPARATOR

HH22OO

FromFromWellsWells

OilOil

PT103

I

FC

LSHH109 I

FC

LAHH109

FC

LT108

I

LALL108

FC

SDV109

SDV108

Z5103

ZI103

O

CO

C

40%

30%

SDV103

I Symbol for SIS (Protective System)

Example of SISPAHH

103

SIS has (3) Safety Instrumented Functions (SIF)• PAHH-103• LALL-108• LAHH-109

Page 14: SIS Overview

The SIS and Associated SIF Consist of:

Sensor & connection to process

PT

Sensor Wiring System

Logic Solver

SDV109

Represents a single SIF within a SIS

SD

Final Control Device & all associated actuation

components

Interface with Process Control System or Human Machine Interface (HMI)

Final Control Wiring System

Logic Solver – Typically shared for multiple SIFs

Page 15: SIS Overview

Regulations That Address SIS (Protective Systems)

USA -OSHA – “CFR 29 -1910.119”: “Process Safety Management Regulation” U.K. – HSE – “Health & Safety Executive” NORWAY – “NOR”

These Regulations have common requirement for Safety Systems – They shall be designed in accordance with generally accepted good engineering practices established by recognized codes and standards.

Page 16: SIS Overview

Standards & References for SIS (Protective Systems)

IEC 61508 – “Functional Safety: Electrical / Electronic /Programmable Electronic Safety Related Systems”

IEC 61511 – “Functional Safety: Safety Instrumented Systems for the Process Industry Sector”

ANSI/ISA S84.01 - “Application of Safety Instrumented Systems for the Process Industries”

Page 17: SIS Overview

IEC –61511

Industry specific standard for the Process Sector Current Status: Published in 2002 (With exception of Part 2 – Pending) For USA – IEC 61511 shall replace ANSI-ISA-S84.01 with 2003 issue Standard has been been widely accepted throughout the world Standard has three (3) Parts and covers:

Selection Methodologies For Determining Need and Classification of SISClassification of SISDesign Requirements for SIS (Hardware / Software)Installation / Commissioning / Maintenance of SISManagement of Change (MOC) of SIS

Page 18: SIS Overview

Using this reference we now have some definitive methods for making good engineering decisions for the selection

and design of Safety Instrumented Systems.

This is important for ensuring:•Maximum safety for our processing units •Compliance with Regulations.

Page 19: SIS Overview

Life Cycle Chart: Activities involved in the development and implementation of an SIS

Page 20: SIS Overview

Application to New or Existing Process

Modified SIS Life Cycle

Refinery defines evaluation requirements for new and existing facilities.

Page 21: SIS Overview

Perform PHA

Modified SIS Life Cycle

Application to New or Existing Process Identify Hazardous Consequences, Causes, and Safeguards

This is accomplished through Process Hazards Analysis studies:

HAZOPS

Checklists

What-Ifs

During PHA it is now common to “Risk Rank” PHA issues based on “Severity and Probability of Occurrence”

Page 22: SIS Overview

Perform PHA

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

Modified SIS Life Cycle

Application to New or Existing Process

Risk Assessment is performed to determine:

•Severity of Hazardous Consequences

•Likelihood of Occurrence

•Adequacy of Safeguards

•Requirements for SIS/SIF

Page 23: SIS Overview

Risk Assessment Methodologies for SIL Selection:

•IEC-61511 (Part 3) Methods•Risk Matrix Methodology •Chart Methodology•Fault-tree Analysis•Layer of Protection Analysis (LOPA)

Detailed training on Risk Assessment Methodologies are

beyond this presentation.

Page 24: SIS Overview

Perform PHA

SISRequired

Modified SIS Life Cycle

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

From Risk Assessment it is determined if additional protection in the form of an SIS/SIF is required or is being used for risk reduction.

This evaluation is done for all identified Hazardous Consequences and their associated causes.

SIS Determination and Design should be accomplished only by individuals trained in the use of IEC-61511.

Page 25: SIS Overview

Determine SIL Required

Modified SIS Life Cycle

Perform PHA

SISRequired

No

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

IEC-61511 Defines Levels of Integrity for SIFs:Safety Integrity Level (SIL)

•The higher the integrity level the more risk reduction is obtained from the SIF.

•The required SIL is dependent upon the needed risk reduction as determined by the Risk Assessment.

•The SIL values and risk reducing values are defined with IEC-61511.

•The SIF SIL is measured by its calculated Probability of Failure upon Demand (PFD).

•In addition, the SIF shall also meet Refinery established requirements for Spurious Trip Rate (STR).

Yes

Page 26: SIS Overview

From IEC61511:Safety Integrity Level: (PFD = 1 – Availability)

Level Safety Availability PFD 1 0.9 to 0.99 10E(-1) to 10E(-2)

2 0.99 to 0.999 10E(-2) to 10E(-3)

3 0.999 to 0.9999 10E(-3) to 10E(-4)

4 0.9999 to 0.99999 10E(-4) to 10E(-5)

Spurious Trip Rate Requirements: (STR = Years between Spurious Trips)

Refinery Choice based on safety and economics

Page 27: SIS Overview

Develop Safety Requirement Spec

Modified SIS Life Cycle

Determine SIL Required

Perform PHA

SISRequired

No

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

Yes

•A Safety Requirement Specification (SRS) is required for the SIS and all associated SIFs.

•An SRS shall define:

•All functional requirements for each SIF

•All “Integrity” requirements for each SIF

Page 28: SIS Overview

General Design Criteria for SIS/SIFs:

Specific requirements are defined in IEC-61511.

Complete System must meet required PFD & MTBF (Spurious)SeparationComponent SelectionsSystem ConfigurationReduce or Eliminate Common Cause FailuresEliminate “Systematic” errorsUse proper interlock By-Passing DesignDiagnostic Coverage

Page 29: SIS Overview

Complete System must meet required PFD & STR

Sensors Process Connections (Impulse Lines) Transmitters Input Wiring I/O System Logic Solver (Hardware & Software) Output Wiring Final Control Devices Other Components

Page 30: SIS Overview

Separation of Safety Interlock System:

•Must be independent from Basic Process Control System(BPCS)•Must be protected from contamination from Human Machine

Interface (HMI) components•Must be housed in a separate enclosure•Must be well labeled and marked as a “Safety Instrumented System”

Page 31: SIS Overview

System Configuration

• Redundancy Can Improve MTBF (Fail to Danger) - PFD• Redundancy Can Reduce MTBF (Fail to Safety) - MTBF

(Spurious)• Hot Standby and 2oo3 Logic Systems Improves both

Reliability and Availability

Redundancy and Hot Standby must be evaluated for all components of the Safety Instrumented System.

Page 32: SIS Overview

Common Cause Failures (CCF)Power SuppliesAir SupplyCablingEnvironmental ConditionsMany others

Page 33: SIS Overview

Eliminate Systematic Errors

DiversityFATSATThird Party Review

Page 34: SIS Overview

Interlock By-Passing

Key Lock SwitchesAlarm when bypassedSpecial Operating Procedures when bypassed

Page 35: SIS Overview

Improve SIL with increased Diagnostic Coverage:Diagnostic Coverage: Ratio of detectable faults (found

through testing) to total possible faults.

Continuous Diagnostics (Logic Solver, Field Devices, Wiring)

Component InspectionsComponent TestingTransmitters vs. SwitchesNew Technologies for Field Equipment

Page 36: SIS Overview

New Technologies for Field Equipment

On Line Testing CapabilitiesAsset Management SystemsEquipment Reliability / Availability ReportingField Bus - Caution

Page 37: SIS Overview

Conceptual SISDesign

Modified SIS Life Cycle

Develop Safety Requirement Spec

Determine SIL Required

Perform PHA

SISRequired

No

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

Yes

Initial conceptual design for each SIF and the SIS shall be accomplished based on the applicable SRSs.

Specific design requirements assigned SIL are defined within IEC –61511.

Page 38: SIS Overview

MeetSpecs.

No

Conceptual SISDesign

Modified SIS Life Cycle

Conceptual SISDesign

Develop Safety Requirement Spec

Determine SIL Required

Perform PHA

SISRequired

No

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

Yes

Validation of SIS/SIF

Design must be validated to demonstrate that:

•All function specification are met

•All integrity specification are met

Page 39: SIS Overview

SIS/SIF ValidationFunctional (As defined by SRS and in accordance with IEC 161511):

•Checklist to ensure that all functional requirements are met such as:•Sensor Inputs•Logic Solver Requirement•Final Control Device•Safe State for all components•S/D Logic•Manual S/D•Bypassing•Reset•Special Startup Requirements•Human Machine Interface (HMI) – Typically via DCS

Page 40: SIS Overview

SIS/SIF ValidationIntegrity Requirements(As defined by SRS and in accordance with IEC-61511):

•System Architecture•To Improve PFD and/or STR, redundancy may be required in system components

•System Test Interval•The testing interval for SIFs will effect the PFD of the system and must be within an acceptable period for process operations

•Equipment Selection •Failure Rate in dangerous mode•Facility Experience with equipment

•Diagnostic Coverage•Component Self Testing and failure detection capabilities

• PFD & STR Calculations•Simplified Equation in accordance with ANSI/ISA S84.01/TR.84.02

Page 41: SIS Overview

PFD & STR Validation:

Sensor & connection to process

PT

Sensor Wiring System

Logic Solver

SDV109

SD

Final Control Device & all associated actuation

components

Interface with Process Control System or Human Machine Interface (HMI)

Final Control Wiring System

Logic Solver – Typically shared for multiple SIFs

PSiPFDLiAiSiSIF PFDPFDPFDPFD

SFPSiLiAiSiSIF STRSTRSTRSTRSTR

Page 42: SIS Overview

Methods for Validation of SIL (PFD Calculations)Methods for Validation of SIL (PFD Calculations)

]TIx[PFD DUavg

2 ]TIx[ D

F 2

SystematicFailures

DU = undetected dangerous failure rateD

F = Dangerous systematic failure rate

]TIx[PFD DUavg

3)(

22 ]TIx[ D

F 2

SystematicFailures

]TIxx[ DU

2

Common Cause Failure

xMTTRxTI]x[ DDDU

Multiple failuresduring repair

DD = detected dangerous failure rate Note: For short repair time MTTR is insignificant

]TIx[PFD DUavg

22)( ]TIx[ D

F 2

SystematicFailures

]TIxx[ DU

2

Common Cause Failure

xMTTRxTI]x[ DDDU 3

Multiple failuresduring repair

Note: For short repair time MTTR is insignificant

1oo1

1oo2

2oo3

Page 43: SIS Overview

Methods for Validation of prevention of Spurious ShutdownsMethods for Validation of prevention of Spurious ShutdownsMTTF Spurious CalculationsMTTF Spurious Calculations

][STR S ][ S

F

SystematicFailures

S = Spurious trip rate for each componentS

F = Safe systematic failure rate for each component

DD = Dangerous detected failure rate for each component

][ DD

Detected Failure rate

][STR DDS )(2 ][ S

F

SystematicFailures

][ SDD )(

Detected Failure rate

xMTTR][STR DDSS )(6 ][ S

F

SystematicFailures

][ SDD )(

Detected Failure rate

1oo1

1oo2

2oo3

Page 44: SIS Overview

Yes

Perform DetailSIS Design

Modified SIS Life Cycle

MeetSpecs.

No

Conceptual SISDesign

Conceptual SISDesign

Develop Safety Requirement Spec

Determine SIL Required

Perform PHA

SISRequired

No

Application to New or Existing Process

Risk AnalysisEvaluate Consequences,

Causes & Safeguards

Yes

Once SIS/SIFs have been Validated, detailed design can be performed.

IEC 61511 provide design requirements and acceptable practices.

Page 45: SIS Overview

MeetSpecs.

YesNo

New or Existing Process

Perform PHA

Risk AnalysisEvaluate Consequences

& Safeguards

SISRequired

Yes

No

Determine SIL Required

Develop Safety Requirement Spec

Conceptual SISDesign

Perform DetailSIS Design

SIS Installation andCommissioning

Modified SIS Life Cycle

SIS/SIF Verification

•Prior to installation (if applicable) SIS/SIFs shall be Factory Accepted Testing (FAT) in accordance with procedures defined in IEC 61511.

•IEC-61511 provides installation requirements and acceptable procedures.

•After installation the SIS/SIF shall be subject to Site Acceptance Testing in accordance with procedures defined IEC 61511.

Page 46: SIS Overview

Establish Operations & Maintenance Proc.

Modified SIS Life Cycle

MeetSpecs.

YesNo

New or Existing Process

Perform PHA

Risk AnalysisEvaluate Consequences

& Safeguards

SISRequired

Yes

No

Determine SIL Required

Develop Safety Requirement Spec

Conceptual SISDesign

Perform DetailSIS Design

SIS Installation andCommissioning

•New or revision to operating procedures shall be developed for detailing the affects of the SIS/SIFs on facility operation.

•New or revision to maintenance procedures shall be developed for detailing:

•Routine maintenance of SIS/SIFs

•Periodic “proof testing” procedures based on Test Interval established with SRS integrity requirements.

Page 47: SIS Overview

Establish Operations & Maintenance Proc.

Pre-Startup Safety Review (PSSR)

Modified SIS Life Cycle

MeetSpecs.

YesNo

New or Existing Process

Perform PHA

Risk AnalysisEvaluate Consequences

& Safeguards

SISRequired

Yes

No

Determine SIL Required

Develop Safety Requirement Spec

Conceptual SISDesign

Perform DetailSIS Design

SIS Installation andCommissioning

•A Pre-Start Up Safety Review in accordance with Refinery PSM requirements shall be accomplished prior to SIS/SIFs startup.

Page 48: SIS Overview

Operations, Testing, and Maintenance

Modified SIS Life Cycle

Establish Operations & Maintenance Proc.

Pre-Startup Safety Review (PSSR)

MeetSpecs.

YesNo

New or Existing Process

Perform PHA

Risk AnalysisEvaluate Consequences

& Safeguards

SISRequired

Yes

No

Determine SIL Required

Develop Safety Requirement Spec

Conceptual SISDesign

Perform DetailSIS Design

SIS Installation andCommissioning

The SIS/SIFs shall be operated and maintained (including periodic “proof testing” in accordance with IEC-61511.

Page 49: SIS Overview

Modified SIS Life Cycle

Modify orDecommission

SISDecommissioning

Operations, Testing, and Maintenance

Establish Operations & Maintenance Proc.

Pre-Startup Safety Review (PSSR)

MeetSpecs.

YesNo

New or Existing Process

Perform PHA

Risk AnalysisEvaluate Consequences

& Safeguards

SISRequired

Yes

No

Determine SIL Required

Develop Safety Requirement Spec

Conceptual SISDesign

Perform DetailSIS Design

SIS Installation andCommissioning

Page 50: SIS Overview