100
SSlliidd ee 11 EI T : E - C ert SS : Un it 7 Ins tr u me n t S election EIT Safety Instrumentation E-Learning SAFETY INSTRUMENTED SYSTEMS & EMERGENCY SHUTDOWN SYSTEMS for Process Industries using IEC 61511 and IEC 61508 Unit 7: SIL Instrument Selection w w w . ei t. edu . a u Version for EQO26: 7 November 2012 Presented by Dave Macdonald, EIT Cape Town South Africa Contact E-mail: mac d o nd @ tel k om s a . n et

SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

Embed Size (px)

Citation preview

Page 1: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

SSlliiddee 11

EIT: E-Cert SS: Unit 7 Instrument Selection

EIT Safety Instrumentation E-Learning

SAFETY INSTRUMENTED SYSTEMS & EMERGENCY SHUTDOWN SYSTEMS

for Process Industries using IEC 61511 and IEC 61508

Unit 7: SIL Instrument Selection

www.eit.edu.au

Version for EQO26: 7 November 2012

Presented by Dave Macdonald, EIT Cape Town

South Africa

Contact E-mail: [email protected]

Page 2: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 2

Introduction to Chapter 7: Practical selection of sensors and actuators for safety duties

■ Impact on SIS Reliability,

■ Types of Sensors and Actuators

■ Failure modes and causes

■ Separation, redundancy, diversity, diagnostics

■ Device Selection Issues: What IEC 61511 requires + Common sense

■ Technologies: Safety certified instruments and fieldbus

Knowledge of t he r ules +

Exper ience…I f you can get it !

www.eit.edu.au

Page 3: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Key Points about Sensors and Actuators

Slide 3intelligent instruments

www.eit.edu.au

◆ Sensors and Actuators remain the most critical reliability items in an SIS

◆ Separation, diversity and redundancy are critical issues.

◆ Safety related instruments must have a proven record of performance.

IEC 61508 / 61511 have specific requirements

◆ Logic solver intelligence and communications power will help to

provide diagnostic capabilities to assist field device reliability

◆ Failure modes and common cause issues are potential problems for

Page 4: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 4

IEC 61511 and other guidance sources

■ Instrument practice for safety systems : well established■ ISA S 84.01 Appendix B….obsolete standard but still relevant.■ IEC 61511 specifics defined in clause 11.5 and 11.6 of part 1.■ Gruhn & Cheddie ISA Textbook; chapter 9

IEC 61511-1 Paragraph 11.5:

Requirements for selection of components and subsystems■ 11.5.2.1 Components and subsystems selected for use as part of a safety

instrumented system for SIL 1 to SIL 3 applications shall either be in accordance with IEC 61508-2 and IEC 61508-3, as appropriate, or else they shall be in accordance with 11.4 and 11.5.3 to 11.5.6, as appropriate

Certified compliant to IEC 61508

Fault tolerance

Prior usejustification

www.eit.edu.au

Page 5: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Sensors and Actuators Dominate Reliability Issues

Slide 5• PES logic solvers benefit from auto-diagnostics.

www.eit.edu.au

Typical Reliability Table

• The field devices taken together contribute 97% of the PFD for this example.• The PFD figures for the field devices are affected by environmental

conditions• and maintenance factors.

Table 7.1

Item Fail to Danger Rate

/ yr.

PFD avg(3 month proof test)

PFD avg% of total

Input sensor loop 0.05 0.006 32

SIL 3 Logic Solver PLC 0.0005 3

Output Actuator loop (Solenoid + valve)

0.1 0.0125 65

Totals 0.019 (SIL 1) 100

Page 6: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Bus connected safety certified instruments Foundation Field BusProfi-safeASI-Safety Bus

See Session 5

Slide 6

www.eit.edu.au

Page 7: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Advantages of Analog Transmitters Over Switches

Slide 7

www.eit.edu.au

• Good reliability and accuracy

• Signal present at all times…improved SFF

• Potential for diagnostics, easier to detect faults

• Possible to compare signal with other parameters

• Trending and alarming available

• Multiple set points

• Competitive pricing

• Rationalized spares

Page 8: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Potential Causes of Failures in Sensors

Slide 8

www.eit.edu.au

•Components of the instrument

•Process connection

•Fouling /corrosion/process fluids/clogging

•Wiring

•Environmental: Process/Climate/Electrical

•Specification/range/resolution.

•Response time

•Power supplies

•Intrinsic safety barriers

•Calibration/testing/ left on test/isolated.

Page 9: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Final Control Elements or Actuators

SISLogic

Electrical Drive Trip

Interlocks

M

Process Valve Trip

380 v ac power

Slide 9

www.eit.edu.au

SISLogic

Figure 7.4

Page 10: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 10

M

Safety Relay

K1Relay

K1 Time Delayed

Reset

Drive controller

Stop Category 1Safety Control Category 2

E-Stopcommand

www.eit.edu.au

Power

E-Stop operation with VSDlInverter Drive

Page 11: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 11

www.eit.edu.au

· Components of the actuator, positioner, mechanical failures of springs

Process connection/leaks. Mechanical distortion of pipes causing stress in valve

Valve internal faults due to : Fouling or corrosion by process fluids/jamming/sticking/leaking

Wiring to solenoids

Pneumatics/ venting

failures

Environmental. Physical impacts/fire/freezing or icing up.

Solenoid valves sticking or blocking

·

·

·

·

·

Potential Causes of Failures in Final Elements

Page 12: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

◆ Sensor contacts closed during normal operation

◆ Tx signals go to trip state upon failure (Normally < 4mA)

◆ Broken wire = trip

◆ Output contacts closed and energized for normal operation

◆ Final trip valves go to trip (safe) position on air failure

◆ Drives go to stop on trip or SIS signal failure

Slide 12

www.eit.edu.au

General Requirements for Fail-safe Operation

Page 13: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

For an instrument to qualify for SIL target

Prior Use Build to IEC 61508 HW & SW

Certify to IEC 61508

Smart tx

SIL 1 or 2

SIL 3 requires assessement and a safety manual

Apply IEC 61511limitations

Analog or switch

or

And PFD must satisfy SIL target

Slide 13

www.eit.edu.au

Page 14: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Sharing of Sensors with BPCS

Slide 14

www.eit.edu.au

Do not share sensors because it:

◆ Violates the principles of independence

◆ Creates a high level of common cause failure

◆ Does not create a separate layer of protection

◆ Does not provide secure maintenance

Page 15: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Boiler Steam Drum

LT 1

LIC

Feed water supply

LSL

SIS Logic Solver

Logic

Boiler Trip

1

Figure 7.5 Snap question: What is wrong with this safety trip design?

Snap question: Draw a better arrangementSlide 15

www.eit.edu.au

Page 16: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 16

Boiler Steam Drum

Figure 7.5 cont.Separate Sensors for Control and Trip: Acceptable

LT 1

Feed water supply

LIC1

SIS Logic Solver

Logic

Boiler Trip

LT2

LSL

www.eit.edu.au

Page 17: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 17

AND

FW Fails

OR

FW Fails LT-1 Fails high, LIC-1 causes low

level

0.2 / yr.

0.1 / yr.

PFD = 0.1/2 X 0.5= 0.025

Trip fails on demand from FW failure

PFD = 0.1/2 X 0.5= 0.025

0.2 / yr.

0.005 / yr.

0.1 / yr.

Fault Tree Analysis for Boiler Low Level Trip

Shared Sensor Separate Sensor

Boiler Damage Boiler Damage

www.eit.edu.au

OR

LT-1 Fails high-No

Trip LIC causes low

level

AND

Low level0.3 / yr.

LT-2 Fails high Trip fails on

demand

0.0075 / yr.Low level and NO TRIP

FW Fails and No Trip

0.105 / yr.Low level and NO TRIP

Figure 7.6

Page 18: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 18

www.eit.edu.au

Separation Rules: Field Sensors IEC 61511 part 2 : 11.2.4

•Sharing of sensor between SIS and BPCS only allowed if safety integrity targets can be met. This would require sensor diagnostics and is only likely to be possible for SIL 1

•Separate sensor is allowed to be copied to BPCS via isolator

•SIL 2, 3 and 4 normally require separate sensors with redundancy

•SIL 3 and 4 normally require separation and diverse redundancy

Page 19: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 19

www.eit.edu.au

Separation Rules: Final Elements IEC 61511 part 2 : 11.2.4

•A single valve may be used for both BPCS and SIS but is not recommended if valve failure places a demand on the SIS.

•Normally shared valve can only be used if: Diagnostic coverage and reaction time are sufficient to meet

safety integrity requirements

• Recommendations for a single valve application

•SIL 2 and SIL 3 normally require identical or diverse separation. Diversity not always desireble

Page 20: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Slide 20

Arrangement for Tripping of Shared Control Valve: SIL 1

SIS

BPCS

FY

FV

A/S

Check hazard demands due to valve

Positioner

Solenoid valve direct acting,

direct mounted. De-

energise to vent actuator.

www.eit.edu.au

Figure 7.7

Page 21: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7

SIS BPCS

Instrument SelectFioingure

7.8

Slide 21Check hazard demands due to valve

www.eit.edu.au

Diverse Separation of Control and Shutdown Valves SIL 2 and SIL 3

A/S

FY

Page 22: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Sensor Diagnostics

Slide 22

www.eit.edu.au

♦Do not confuse with proof testing

♦Compare trip transmitter value with related variables. Not often practicable

♦Use safety transmitters… if available

♦Use Smart transmitters with diagnostic alarm…but see next

Page 23: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Valve Diagnostics

Slide 23

www.eit.edu.au

Assurance that a trip valve will respond correctly when needed

• Freedom of movement, full travel

• Correct venting of actuator

• Correct rate of response

• Absence of sticking

• Trip signals and solenoid all working

Page 24: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Methods for Valve Diagnostics

Slide 24

www.eit.edu.au

• On–line trip testing

• Discrepancy alarm

• Position feedback – response testing

• Partial closure testing – manual or automatic

• Smart positioners – certified safety positioner

Page 25: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

IEC Architectural Constraints as per IEC 61508

Slide 25

www.eit.edu.au

◆IEC 61508 places an upper limit on the SIL that can be claimed for any safety function on the basis of the fault tolerance of the subsystems that it uses.

♦Limit is a function of♦the hw fault tolerance♦the safe failure fraction♦the degree of confidence in the behaviour under fault conditions

Details in IEC 61508 part 2

Page 26: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

IEC 61508 Classification of Equipment

Slide 26

www.eit.edu.au

◆IEC Defines two types of equipment for use in Safety Systems:

♦Type A: Simple Devices: Non PES. E.g Limit switch, level float switch, analogue circuits.

♦Type B: Complex Devices: Including PES. E.G Smart transmitters. Digital communications, processor based systems.

Fault tolerance rating of B is less than A except under certain conditions

Page 27: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

IEC 61511-1 Table 6: Minimum hardware fault tolerance of sensors, final elements and non PES logic

SIL Minimum HW Fault Tolerance 1

0

2 1

3 2

4 Special requirements: See IEC 61508

The following summarized conditions apply for SIL 1,2 and 3 :

Increase FT by 1 if instrument does not have fail safe characteristics Decrease FT by 1 if instrument meets 4 conditions.

•Predominately fail safe•Prior Use ( Proven in use)•Limited device adjustment (process parameters only)•Password protected

Slide 27Alternatively tables 2 and 3 of IEC 61508 may be applied with an assessment

www.eit.edu.au

Page 28: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Example for Level Switch: Extract from device’s safety manual

Slide 28

www.eit.edu.au

Page 31: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Redundancy Options

Slide 31

www.eit.edu.au

Table 7.4

Sensor or Actuator Configuration.

Selection

1oo1 Use if both PFD and FT and nuisance trip targets are met.

1oo2 2 Sensors installed, 1 required to trip. PFD value improved, nuisance trip rate doubled.

2oo3 3 Sensors installed, 2 required to trip. PFD improved over 1oo1, nuisance trip rate dramatically reduced.

Page 32: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Common Cause Failures in Sensors

Slide 32

www.eit.edu.au

♦Wrong specification

♦Hardware or circuit design errors

♦Environmental stress

♦Shared process connections

♦Wrong maintenance procedures

♦Incorrect calibrators

Page 33: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Comments on Redundancy in Sensors

Be careful to analyze for common

cause faultse.g Try to avoid this

PT 1B

PT 1A

SIS

Figure 7.10

Slide 33

www.eit.edu.au

Page 34: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Comments on Diverse Redundancy in Sensors

Where measurement is the problem use diverse redundancy.e.g. Steam or Ammonia

overpressure protection

TT 01

PT 01

SIS

Figure 7.11

Slide 34

www.eit.edu.au

Page 35: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Requirements for Device to be “Proven–in-use”

• Evidence that the instrument is suitable for SIS

• Consider manufacturer’s QA systems

• PES devices need extra validation

• Performance record in a similar profile

• Adequate documentation

• Volume of experience, > 1 yr exposure per case.

Collect t he r ecor ds of ever y maint enance

event per inst r ument .

Slide 35

www.eit.edu.au

Page 36: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

The approved safety instrument list

• Each instrument that is suitable for SIS

• Update and monitor the list regularly

• Add instruments only when the data is adequate

• Remove instruments from the list when they let you down

Key j obf or

maint enance t eam

• Adequate details: Include the process applicationSlide 36

www.eit.edu.au

Page 37: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Additional requirements for smart transmitters and actuators:

Details in IEC 61511 11.5.4 for devices with “Fixed Programming Languages”

(FPLs) Extra for SIL 3

•Formal assessment…low probability of failure in planned application.

• Appropriate standards used in build

• Consider manufacturer’s QA systems

• Must have a safety manual Slide 37

www.eit.edu.au

Page 38: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Hart Transmitter With Diagnostic Input

Smart Transmitter

4-20 mA + FSK Data

AI

Hart Interface

Status AlarmDI

SIS Logic Solver

Hand Held Programmer

Slide 38FSK = Frequency Shift Keyed

www.eit.edu.au

Figure 7.12

Page 40: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Benefits of a Safety Certified Transmitter:

Slide 40

www.eit.edu.au

• Internal diagnostics with high coverage factor

• Very low PFDavg values. Saves on proof testing etc.

• Certified for single use in SIL 2 (instead of dual channel)

• Certified for dual redundant use in SIL 3 (instead of 1oo3)

• End user verification is simplified

Page 41: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Importance of the Safety Manual

Slide 41

www.eit.edu.au

The safety manual presents all the essential information and set up conditions that must be followed to allow the instrument to be validated for any given application.

The manual also supplies the failure rates summary and expected PFDavg

Compliance to safety manual requirements must be demonstrated in the validation phase.

See examples of safety manuals and FMEDA reports

Page 42: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Importance of the Safety Certificate

Slide 42

www.eit.edu.au

The safety certificate is issued by the testing body to clearly define what products have been tested and what standards and limitations have been applied in the evaluation.

The safety certificate is an essential document for the validation

phase. See examples of Safety Certificates: 3051C and Rex Radar

Testing Authorities include : TUV RheinlandExida.comAny recognized testing body that can show competency in the SIS field.

Note : Exida specializes in certifying instruments claiming “prior use” qualification. Reports supply SFF and failure rate data with declaration of fault tolerance requirements relevant to IEC 61511. See examples.

Page 43: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT: E-Cert SS: Unit 7 Instrument Selection

Field Devices Summary

Slide 43

www.eit.edu.au

Instruments must be well proven for safety with an assessment report or Certified SIL capable to IEC 61508.

• Intelligent instruments treated as PES

• Separation, Redundancy, Diversity, Diagnostics

• Diagnostic Coverage via Smarts or Logic Solver

• Bus technology established and growing.

Page 44: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

Slide 44

EIT EQO26: Unit 8 Reliability Analysis

EIT Safety Instrumentation E-Learning

SAFETY INSTRUMENTED SYSTEMS & EMERGENCY SHUTDOWN SYSTEMS

for Process Industries using IEC 61511 and IEC 61508

Unit 8: Reliability Analysis

www.eit.edu.au

Slide 44

Version for EQO26: 7 November 2012

Presented by Dave Macdonald, EIT Cape Town

South Africa

Contact E-mail: [email protected]

Page 45: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

The task of measuring or evaluating the SIS design for its overall safety integrity

• Reasons and objectives

• Resolving the SIS into reliability block diagrams

• Identification of formulae

• Trial calculation examples

• Calculation software tools

www.eit.edu.au

Slide 45

Introduction to Chapter 8: Reliability Analysis of the SIS

Page 46: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

IEC 61511 requires reliability analysis be done for each SIF to show that SIL target and RRF can be achieved. Why?

www.eit.edu.au

Slide 46

• Because it tells everyone what RRF can be expected from each individual safety function.

• It confirms the basis of the design and the chosen proof test interval

• Compares the calculated RRF for your design with the target to show you can achieve the target.

• To predict the accident rate: H events/yr = Demand Rate (D) x PFDavg or H = D/ RRF

Page 47: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Terminology

www.eit.edu.au

Slide 47

RRF Risk Reduction Factor ( e.g. 200)

SIL Safety Integrity Level ( depends on RRF) (SIL Tables)

D Demand rate on Safety Function. ( How often the SIF is demanded to respond to a hazard condition)

H Hazardous event rate ( also called accident rate )( e.g. 0.1/yr = 1 in 10 years)

PFDavg Average probability of failure on demand of the SIF

Page 48: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Terminology

www.eit.edu.au

Slide 48

MTTFd Mean time to fail dangerously ( = 1/Zd)

MTTFs Mean time to fail safe (or spurious) ( = 1/Zs)

MTTRd Mean time to detect and repair a dangerous fault

Ti Time interval between proof tests

Zdd Failure rate for dangerous detectable faults

Zdu Failure rate for dangerous undetectable faults (requires proof testing)

Zsd Safe revealed failure rate ( causes spurious trip or loss of affected safety channel)

Page 49: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Risk Reduction Factor and PFDavg

www.eit.edu.au

Slide 49

(PFDavg = average probability of failure on demand,)

PFDavg is a function of:

1. Failure rate per hour for undetected faults : Ldu

2. Test interval: Ti

3. Redundancy (1oo1, 1oo2, 2oo3, etc)

Compare PFDavg with the target PFDavg for the SIL range we need.

RRF =

1

PFDavg

Page 50: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

1 Because it can tell you the accident event rate H = Demand Rate x PFDavg

2 Because it helps you decide the SIL of your design PFDavg defines the SIL range for the design

(in terms of resistance to random hardware failures

Snap Question: Why is PFD so useful to know?

www.eit.edu.au

Slide 50

Page 51: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

occurs

Operating but not protected

Mission time

State of Process

Operating safely

Hazardous condition occurs (Demand)

Reportableaccident

1 yr 2 yr

Failure scenario for an Untested SIF

Unrevealed Dangerous fault occurs

www.eit.edu.au

Slide 51

Page 52: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Sta

te o

f P

roce

ss

Operating safely

Operating but not protected

Hazardous condition Occurs (Demand)

Accidentprevented

Proof test reveals fault

Fault repaired

Low Demand Mode: Proof Tested SIF repaired before demand

Unrevealed Dangerous fault occurs

Proof test

Mission time0.5 yr 1 yr

www.eit.edu.au

Slide 52

Page 53: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Sta

te o

f P

roce

ss

Operating safely

Operating but notprotected

Demand occursbefore next

proof test

Failure (to respond) on Demand

Low Demand Mode: Proof tested SIF but failure on demand

Unrevealed Dangerous fault occurs

Reportable accident occurs

Proof test

Mission time0.5 yr 1 yr

www.eit.edu.au

Slide 53

Page 54: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

State of Process

Detectable Dangerous fault occurs

Operating safelyDiagnostic

test reveals fault

Proof test forundetected

faults

Diagnostic + Proof Tested SIF

Accident prevented

PFDavg = MTTD&R x Fail danger rate

Fault detected & repaired

Mission timeDiagnostic test typically100

wwtwim.eeits./

eddauy.au

1 yr 2 yr

Slide 54

Page 55: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Low Demand Mode versus High Demand Mode

• Low demand mode applies when the demand on the SIS is equal to or less than once per year. ( IEC 61511) . Alternatively no more than two demands per proof test interval.

• Low demand calculations use PFDavg.• Hazard event rate H = D x PFDavg

• High demand mode applies when the demand on the SIS is more than once per year. ( IEC 61511) . Alternatively more than two demands per proof test interval.

• High demand mode calculations use PFH probability of dangerous failure per hour.

• Hazard event rate H = PFH

(High demand also known as continuous mode)

www.eit.edu.au

Slide 55

Page 56: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Low Demand Mode Application

Pressure relief trip (SIS)

Pressure surge once per

year (D)

Accident occurs if dangerous fault

undetected before the surge occurs

www.eit.edu.au

Slide 56

Accident rate H = D x PFDavg

Provided Test interval is shorter than 1 year or diagnostics detect faults quickly

Example: If PFDavg = 0.05 and D= 1 : H = 0.05/yr

Page 57: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

High demand Mode Application

Electronic Braking

Controls (SIS)

Brake applied 100 times per

day

Accident occurs as soon as brake

circuit fails

www.eit.edu.au

Slide 57

Accident rate = Probability of failure/hr of the EBC

= Failure rate per hour of the SIS

Example: If PFH = 0.0001/hr H = 0.0001/hr of

service If machine used for 5000 hrs /yr accident rate

= 0.5/yr.

Page 58: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Design Iteration for Target PFD in Low Demand Mode

Set Target PFD

Evaluate Solution PFD Revise Design

No

Yes

Proceed to Detail

Design

Acceptable

SRS defines the Risk Reduction Factor

PFD = 1/RRF

Calculated PFD < Target PFD?

www.eit.edu.au

Slide 58

Page 59: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Elements and terms in the SIS model

(SIS)Hazard

Demand Rate D H

Protective System

Hazard Event Rate

PFD avg. = H/D = 1/(Risk Reduction Factor)

SIL3

SIL2

SIL1

Sensor Logic ActuatorD H

PFD1 PFD2 PFD3

Overall PFD = PFD1 + PFD2 + PFD3

www.eit.edu.au

Slide 59

Page 60: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Single Channel Basic calculation of PFD

How is this formula obtained ?

Zdu

If the fail to danger rate is Zd and proof test interval is Ti

www.eit.edu.au

Slide 60

PFDavg = Zdu x Ti/2

(failure rate/yr x mean time to detect )

Example Fail to danger rate = 0.05 per year, Ti = 1 year

PFDavg = 0.05 x ½ = 0.025.

( SIL 1)

Page 61: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Hazard Rate v Demand Rate showing low and high demand modes

D x T<< 1

Accident Rate H = PFH of SIS

Continuous mode

Demand rate D

Hazard

Event Rate H

H = Ld

D x T> 1

Accident Rate H = Fail rate Zd

H = Ld ( 1–e -DTi / 2)

www.eit.edu.au

Slide 61

Demand mode

Accident Rate H = Demand Rate (D) x PFD avg of SIS

Page 62: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Effect of Manual Proof Testing …. leading to average probability of failure on demand:

Time t

p(t) Probability ofbeing failed when demand occurs.

1

0

p(t) = Ld .t

Ti 2Ti

PFDavg

= Ld .Ti/ 2

Proof test action

Average value

www.eit.edu.au

Slide 62

Page 63: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Failure Modes

Overt Failures

Spurious Trip

Rate λS =

1/MTBFsp

Loss of Production

Detectable by Self

Diagnostics

Undetectable except by

manual proof testing

Trips plant unless 2oo3 or 2oo2 voting

Covert Failures

Dangerous Failure

Rate λD = 1/MTTFD

λD

λDUλDD

ZDU = (1 –C)

ZD

www.eit.edu.au

Slide 63

ZDD = C

ZD

λS + λDD

C= Coverage

Page 64: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis Example: Find the Safe and Dangerous Failure Modes

SIS H igh Level T rip

Logic Solver

LT 1

PSV

LC 1

I/P

FC

Fluid Feed

FC

LT 2

AS

www.eit.edu.au

Slide 64

Assume out of range detection provided (forcing a trip)Fail Modes/yr Device Lsp Ldu Ldd

Bottom Blocked : 0.1 . Top leaks 0.2 LE connection

Runs low: 0.05. Runs high : 0.02 LT electronics

Breaks: 0.01 Shorts across LT: 0.1 Cable

Lost power: 0.02 Power

Totals for sensor sub system:

Page 65: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

Overt Failures

Spurious Trip

Rate λS =

1/MTBFsp

Loss of Production

Detectable by Self

Diagnostics

Detectable by manual proof

testing

Trips plant unless 2oo3 or 2oo2 voting

Covert Failures

Dangerous Failure

Rate λD = 1/MTTFD

λD

ZDU = (1 –C) ZD

λS + λDD

C= Coverage

λDD= C λD

PFD1 = λDD x (MTTR) PFD2 = λDU x (Ti/2)

EIT EQO26: Unit 8 Reliability Analysis 1oo1 SIS Formulae

Single Channel SIS Fail Rates

www.eit.edu.au

Slide 65

SP Trip Rate = λs + λDD

Page 66: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Single Channel SIS Fail Rates

Overt Failures

Spurious Trip

Rate λS =

1/MTBFsp

Loss of Production

Detectable by Self

Diagnostics

Detectable by manual proof

testing

Trips plant unless 2oo3 or 2oo2 voting

Covert Failures

Dangerous Failure

Rate λD = 1/MTTFD

λD

ZDU = (1 –C) ZD

C= Coverage

λDD= C λD

SP Trip Rate = 2 ( λs + λDD)

1oo2 SIS Formulae

PFD2 =((λD U .Ti)2)/3PFD1 =2(λDD)2( MTTR)2

www.eit.edu.au

Slide 66

Page 67: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Single Channel SIS Fail Rates

Overt Failures

Spurious Trip

Rate λS =

1/MTBFsp

Loss of Production

Detectable by Self

Diagnostics

Detectable by manual proof

testing

Trips plant unless 2oo3 or 2oo2 voting

Covert Failures

Dangerous Failure

Rateλ = 1/MTTF

λD

D D

ZDU = (1 –C) ZD

λS + λDD

C= Coverage

λDD= C λD

Formula sets

Formula set 2in Fig 8.6

Formula set 3in Fig 8.6

Formula set 1in Fig 8.6

www.eit.edu.au

Slide 67

Page 68: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Overt Failures

Spurious Trip

Rate λs =

1/MTBFsp By Self Diagnostics

By Manual Proof testing

λs1oo1

2λs1oo2

2(λs)2(MTTR)2oo2

λD U (Ti/2)λD D (MTTR)

((λD U .Ti)2)/32(λDD)2( MTTR)2

λD U .Ti2 λD D (MTTR)

6(λD D)2 (MTTR)22oo3 6(λs)2(MTTR)

Detectable

Spurious trip rate PFD due to diagnostics(if detected but not tripped)

Multi-channel Formula Sets for PFD and λs (excludingcommon mode failures )

Covert Failures

Dangerous Failure

Rate λd = 1/MTTF

PFD due to proof test

Detectable

Formula set 1 Formula set 2 Formula set 3

λD D = DC. λD λD U = (1-DC) λD

Voting

((λD U .Ti)2)

Figure 8.6

www.eit.edu.au

Slide 68

Page 69: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

www.eit.edu.au Slide 69

EIT EQO26: Unit 8 Reliability Analysis

Sources of Reliability Data

http://www.sintef.no/Projectweb/PDS-Main-Page/PDS-Handbooks/

Sintef: http://www.sintefbok.no/Product.aspx?sectionId=65&productId=559&categoryId=10

Also see: Reliability Handbook1. exida.com

2. Manufacturers’ Safety manuals for specific SIL certified instruments

3. Faradip 3 Database4. exida.com: Safety Automation

Equipment List ..Functional Safety Assessment Reports http://www.exida.com/index.php/resour ces/sael/

Page 70: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Dual Channel Basic calculation of PFDNote: Zdd omitted for clarity

www.eit.edu.au

Slide 70

Zdu

Zd

u

If the fail to danger rate is Zdu and proof test interval is Ti.

PFDavg = (Zdu xTi)2 /3

Example: If fail to danger rate = 0.05 per year, Ti = 1 year

PFDavg = (0.05 x 1)2 / 3 = 0.00083 ( SIL 3)

But this ignores common cause and is unrealistic

Page 71: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis Beta Factor: Common Cause Failures in redundant SIS channels

Unit Failures

(1-β) λd

(1-β) λd

(1-β) λd

Common Cause Failures

β λd

Example:2oo3 sensor with common cause failures

www.eit.edu.au

Slide 71

Page 73: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Dual Channel Basic calculation of PFD inc Common Cause 5%Note: Zdd omitted for clarity

www.eit.edu.au

Slide 73

(1-β) λdu

If the fail to danger rate is Zd and proof test interval is Ti.

PFDavg = ((1-β) λdu xTi)2 /3 + β λdu xTi/2Example Fail to danger rate = 0.05 per year, Ti = 1

yearBeta = 5%

PFDavg = (0.95 x 0.05 x 1)2 / 3

+ (0.05 x 0.05 x ½) = 0.002 ( SIL 2)

β λdu(1-β) λdu

Page 74: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

2oo3 Channel Basic calculation of PFD inc Common Cause 5%

(1-β) λd

(1-β) λd

If the fail to danger rate is Zd and proof test interval is Ti.

PFDavg = ((1-β) λdu xTi)2 + β λdu xTi/2

Example Fail to danger rate = 0.05 per year, Ti = 1 year

Beta = 5%

PFDavg = (0.95 x 0.05 x 1)2 + (0.05 x 0.05 x ½) = 0.0035 ( SIL 2)

β λd(1-β) λd

www.eit.edu.au

Slide 74

Page 76: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Calculation Table for PFDavg

Worked example for 1oo1

Formula for calculating PFDavg for 1oo1

PFDavg = (LDU xTi/2) + (LDD x MTTR)

Failures per year

www.eit.edu.au

Slide 76

Parameter Value Notes

LDU 0.0500 Dangerous undetected failure rate for one channel

LDD 0.1000 Dangerous detected failure rate for one channel

Ti in yrs 1.0000 Proof test interval

MTTR in yrs 0.0027 Mean time to detect and repair a detectable fault

(LDU xTi/2) 2.50E-02 Undetected portion

(LDD x MTTR) 2.74E-04 Detected portion

PFD for 1oo1 subsystem 2.53E-02 SIL Table: SIL 1

Page 77: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Calculation Table for PFDavg

Worked example for 1oo1

Formula for calculating PFDavg for 1oo1

PFDavg = (LDU xTi/2) + (LDD x MTTR)

Failures per hour

www.eit.edu.au

Slide 77

Parameter Value Notes

LDU 5.71E-06 Dangerous undetected failure rate for one channel

LDD 1.14 E-05 Dangerous detected failure rate for one channel

Ti in hrs 8760 Proof test interval

MTTR in hrs 24 Mean time to detect and repair a detectable fault

(LDU xTi/2) 2.50E-02 Undetected portion

(LDD x MTTR) 2.74E-04 Detected portion

PFD for 1oo1 subsystem 2.53E-02 SIL Table: SIL 1

Page 78: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Formatted Calculation Table for PFDavg

Worked example for 1oo2

(1-β) λd

Formula for calculating PFDavg for 1oo2

PFDavg = (1/3)*((1-þ)LDU xTi)2 + 2((1-þ)LDD x MTTR)2

+þ(LDU xTi/2)+þ(LDD)x MTTR

www.eit.edu.au

Slide 78

Failures per year

β λd(1-β) λd

Safecalc: LD = 1.71% safe =0 C=66%

Parameter Value Notes

LDU 5.71E-06 Dangerous undetected failure rate for one channel

LDD 1.14 E-05 Dangerous detected failure rate for one channel

þ 0.1000 Common cause factor for dangerous and safe failures

Ti in hrs 8760 Proof test interval

MTTR in hrs 24 Mean time to detect and repair a detectable fault

(1/3)*((1-þ)LDU xTi)2 6.75E-04 Undetected Voting portion

2((1-þ)LDD2 x MTTR2) 1.18E-07 Detected voting portion

þ(LDU xTi/2) 2.50E-03 Undetected Common portion

þ(LDD)x MTTR 2.70E-05 Detected common portion

PFD for 1oo2 subsystem 3.20E-03

Page 79: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Formatted Calculation Tables for PFDavg

Worked example for 2oo3

Formula for calculating PFDavg for 2oo3 PFDavg = ((1-þ)LDU xTi)2 + 6((1-þ)LDD x MTTR)2 +þ(LDU xTi/2)+þ(LDD)x MTTR

Failures per year

β λd(1-β) λd

(1-β) λd

(1-β) λd

www.eit.edu.au

Slide 79

Parameter Value Notes

LDU 5.71E-06 Dangerous undetected failure rate for one channel

LDD 1.14 E-05 Dangerous detected failure rate for one channel

þ 0.1000 Common cause factor for dangerous and safe failures

Ti in hrs 8760 Proof test interval

MTTR in hrs 24 Mean time to detect and repair a detectable fault

(1-þ)LDU xTi)2 2.03E-03 Undetected Voting portion

6((1-þ)LDD x MTTR)2 3.54E-07 Detected voting portion

þ(LDU xTi/2) 2.50E-03 Undetected Common portion

þ(LDD)x MTTR 2.70E-05 Detected common portion

PFD for 2oo3 subsystem 4.55E-03

Page 80: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis Model Example

Proof Testing

Auto Diagnostics

Proof Testing

Sensor Logic ActuatorD H

Failure Rates:Z

or MTTF

0.01 0.005 0.01

Overall PFD avg. = 0.025= 2.5 E-2

Qualifies for SIL 1 (E-1 to E-2)

Apply Testing or

Diagnostics

PFD averages:

Apply calculation

+ +

www.eit.edu.au

Slide 80

d1=0.2 Zd2=0.02Zd3=0.15yrs 50yrs 10yrs

Page 81: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Step 1

(SIS)Hazard

Demand Rate D H

Protective System

Hazard Event Rate

Sensor Logic ActuatorD H

SIL 2

SIL 1

SIL 1

SIL 1www.eit.edu.a

uSlide 81

Page 82: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Step 2, identify channels in each stage

Sensor Logic ActuatorD H

Sensor

www.eit.edu.au

Slide 82

Logic

ActuatorD H

Sensor

1oo2D

Actuator

1oo2

D H

Example:Dual channel sensors and actuators, single channel logic

1oo1D

Page 83: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Step 3, expand details for each single channel

Sensor

Logic

Sensor

1oo2D

1oo1D

www.eit.edu.au

Slide 83

Process Connection

TransmitterCable

and Power

Expand detail of sensor sub system and apply fail rates for each item

Page 84: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis SIS Analysis:Step 4: Decide λdu, λdd and λs for the elements Step 5: Enter the values to table and totalize

Process Connection

λDU1

λDD1

λSD1

www.eit.edu.au

Slide 84

TransmitterCable

and Power

λDU3

λDD3

λSD3

λDU2

λDD2

λSD2

Subsystem Element

Device LSD/hr LSU/hr LDD/hr LDU/hr

1 Process connection 1.14E-05 0.00E+00 5.71E-06 3.42E-06

2 Transmitter 1.14E-05 0.00E+00 5.71E-06 5.71E-07

3 Cable and Power 1.14E-05 0.00E+00 5.71E-06 3.42E-06

4

5

Subsystem totals 3.42E-05 0.00E+00 1.71E-05 7.42E-06

Page 85: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Step 6, find the PFDavg for the 1oo2 subsystem

β = common cause failure fraction

1oo2 Failures common to Ch1 and Ch2 sensors

Logic

1oo1β λd

Redundant section: PFDavg =2((1-β).λdd)2 . (MTTR)2

+ ((1-β) .λdu .Ti)2)/3

Common cause section PFDavg =β .λdd (MTTR)+ β .λdu . Ti/2)

+

(1-β) λd

(1-β) λd

=PFDavg

Break out the common cause failure fraction for the redundant channels and calculate PFD for each portion and add them together

www.eit.edu.au

Slide 85

Page 86: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Step 7, repeat steps 3 to 6 for each stage

Sensor

Logic

Actuator

Sensor

1oo2

Actuator

1oo2

Example: Dual channel sensors and actuators, single channel logic

1oo1

PFDavg for sensors

+ PFDavg for logic solver + PFDavg

for actuators

www.eit.edu.au

Slide 86

Page 87: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: ExampleExample: Dual channel sensors and actuators, single channel logic. 1yr test

.045

0.05

.09

.045 .09

1oo2

1oo1D

λDD = 0.04751oo2

Dual Sensors PFD= .00075 +.00125= .002

Logic solver PFD= .00013 +.00125= .00138

Dual Actuators PFD= .005 + .0027= .0077

.0025 .01

SIS PFD = .002 + .0014 +.0077= . 0111 or 1.11 E-2 = SIL 1

www.eit.edu.au

Slide 87

þ = 5% þ = 10%

λDU = 0.0025

C = 95%

λDU = 0.05 λDU = 0.1

Page 88: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Example using the EIT Calculator

www.eit.edu.au

Slide 88

me: EIT GP SIL Calculator .xls

Data Input Table for Sensor Subsystem File naProof Test Interval in Hrs (Ti) 8760

Common cause factor (B)% 5%

Mean Time To Test & Repair (Hrs) (MTTR) 24

Subsystem Element

Device LSD/hr LSU/hr LDD/hr LDU/hr

1 Sensor all components 1.14E-05 0.00E+00 0.00E+00 5.71E-06

2

3

4

5

Subsystem totals 1.14E-05 0.00E+00 0.00E+00 5.71E-06

Calculation results for Sensing

Safe Failure Fraction 66.7%

Diagnostic coverage 0.0%

PFDavg for 1001 2.50E-02

PFDavg for 1002 2.00E-03

PFDavg for 2003 3.51E-03

Page 91: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Example Calculation for Spurious Trip

Example:Dual channel sensors and actuators, single channel logic

Sensor MTTF = 5 years, 75% safe failure fraction. C=0%, β = 10%, Ti = 0.5 yrs, MTTR = 8hrs Logic MTTF = 10 years, 50% safe failure fraction. C= 95%, β = 10%, Ti = 1 yrauto diagnostics test interval = 2 secs, MTTR = 24hrsActuator MTTF = 2 years, 80 % safe failure fraction. C= 0%, β = 10%, Ti = 0.25 yrs, MTTR = 24hrs

Sensor: single channel λs = 1/5 x .75 = .15/yr Logic: single channel λs = 1/10 x .5 = .05 Actuator: single channel λs = 1/2 x .8 = .4/yr

www.eit.edu.au

Slide 91

λdd = (C x λd ) =95% x 0.05 = .0475/yr

Page 92: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis SIS Analysis: Example Calculation for Spurious Trip

Example :Dual channel sensors and actuators, single channel logic

www.eit.edu.au

Slide 92

Spurious Trip for 1oo1

ST = LS + LDD Logic solver 1oo1

Parameter Sensor Logic Actuator Notes

LS 0.05 Fail safe rate

LDD 0.0475 DD rate added due to 95 coverag

Total for 1oo1 subsystem 0.0975 Spurious trip rate per yr

Spurious Trip for 1oo2

ST = 2x(1-B) (LS + LDD) +B(LS + LDD) Actuators: 1oo2

Parameter Sensor Logic Actuator Notes

LS 0.15 0 0.4 Fail safe rate

LDD 0 0 0 DD rate added due to S

Beta 0.1 0 0.1

2x(1-B) (LS + LDD) 0.27 0 0.72 1oo2 portion

B(LS + LDD) 0.015 0 0.04 Common portion

Total for 1oo2 subsystem 0.285 0 0.76 Spurious trip rate per yr

Overall Spurious Trip Rate

1.1425 per yr

Page 93: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

SIS Analysis: Example, Spurious Trip Rate

Example: Dual channel sensors and actuators, single channel logic

.36

..0135.05

.0135.36

1oo2

1oo1

1oo2

Dual Sensors Spurious= .28 trips per yr

Logic solver.097 trips per yr

Dual Actuators PFD= (2x .36) + (1x.04)= .76 trips per yr

.04

Spurious trip rate = ..28 + .097 +.76= 1.14 trips per year

.015

www.eit.edu.au

Slide 93

Page 94: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Reducing Spurious Trip Rate

.135

.015

.135

.135

2oo3 Sensors Spurious

= 6x λs2 (MTTR)+ β λs= (6 x .1352x 8/8760) + .015= .0001 + .015. 015 trips per yr

2oo3

.15

1oo2

Dual Sensors Spurious= 2 x .15= .30 trips per yr

From 0.3 per year to 0.015/yr

If 1 trip costs AUD 50 000 the annual saving

is What? ……………………………….

www.eit.edu.au

Slide 94

.15

Design Version A

Design Version B

Page 95: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Outcomes of a Reliability Study

www.eit.edu.au

Slide 95

• Show whether or not the SIS will satisfy the SIL target

• Overall SIS Probability of Failure on Demand (PFDavg)

• PFDavgs for each section of the SIS

• Show benefits of redundancy or voting schemes

• Decide the proof testing intervals

• Predict the accident rate

Page 96: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Conclusions on Analysis Models

www.eit.edu.au

Slide 96

• Models help to visualise SIS performance

• Software speeds up analysis

• IEC 61508 part 6 - methods and tables

• Fault tree analysis for detailed systems

Page 97: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis Supplementary notes on Low Demand Mode versus High Demand

Mode(also known as continuous mode)

■ Low demand mode applies when the demand on the SIS is equal to or less than once per year. ( IEC 61511) . Alternatively no more than two demands per proof test interval.

■ Low demand calculations use PFDavg.■ Hazard event rate H = D x PFDavg

■ High demand mode applies when the demand on the SIS is more than once per year. ( IEC 61511) . Alternatively more than two

demands per proof test interval.■ High demand mode calculations use PFH ( same as failure to

dangerrate)

■ Hazard event rate H = PFH

www.eit.edu.au

Slide 97

Page 98: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

High v Low

Demand Calculatio

nPFDavg = 0.05 x ½ = 0.025.

and PFH = 0.05 /8760 = 5.7E-06/hr

Suppose the demand rate D is once per year and the overpressure event rate

= H/yr

In low demand mode calculation H = D x PFDavg so H = 1 x 0.025 =

0.025/yr In high demand mode calculation H = PFH so H = 5.7E-06/hr

= 0.05/yr

PSH

SISPower

PumpZd = 0.05 and Ti = 1/yr:

www.eit.edu.au

Slide 98

Hp safety Trip

Page 99: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

High v Low

Demand Calculatio

nSIS

Power

PFDavg = 0.05 x ½ = 0.025.and PFH = 0.05 /8760 = 5.7E-

06/hr

Suppose the demand rate D is once per day( 365/yr) And the overpressure event rate = H/yr

In low demand mode: H = D x PFDavg so H = 365 x 0.025 =

9.1/yr In high demand mode :H = PFH so H = 5.7E-06/hr

= 0.05/yr

PSHPump

Zd = 0.05 and Ti = 1/yr:

www.eit.edu.au

Slide 99

Page 100: SIS & ESD Sistems for Process Industries Using IEC 61508 Unit7 SIL Selection

EIT EQO26: Unit 8 Reliability Analysis

Event rate calculation according to low or high demand mode

SIS has failures at PFD = 0.01PFH = 0.02/yr (2.28 E-06/hr)

Demand on SIS H = hazardous event

D = 0.1/yr ……………………………………..H =

/yr ?

D = 1.0/yr ……………………………………..H =

/yr ?

D = 10.0/yr ……………………………………..H =

/yr ?

D = 100 /yr ……………………………………..H =

www.eit.edu.au

Slide 100

/yr ?