Professional Documents
Culture Documents
List of All International Safety Standards.
List of All International Safety Standards.
Dataoganalyse
metoder (PDS)
FSAplan
SAR
Comp
liance
Report
SRS
Rev.
5
Best practice design of safety systems
(following standards, NORSOK and
authority regulations is acceptable, given a
standard offshore platform
Risk reduction
according to min.
SIL tables
Scope of
OLF 070
Key concepts
Global safety function:
Fire and explosion hazard safety functions that
provide protection for one or several fire cells.
Example: Emergency shutdown, isolation of ignition
sources and emergency blow down.
Verification
Verification
FSA nr 2
Validation
(e.g., Site
acceptance test)
Verification
Verification
FSA nr 4
Verification
FSA nr 3
FSA nr x
Approach:
The OLF 070 represents an alternative to the fully risk
based approach for determining SIL that is suggested
in IEC 61508 and IEC 61511.
Rationale: [] enhance standardization across the
industry, and also avoid time-consuming calculations
and documentation for more or less standard safety
functions.
10
11
12
13
14
Overpressure
protection fails
LOPA
PSD
isolation
fails
Minimum SIL table
or by calculating
the PFD of the
proposed
technical solution
CCF
(HIPPS
/PSD)
HIPPS
isolation
fails
Risk
graph
Risk
matrix
15
Overpressure
protection fails
LOPA
PSD
isolation
fails
Minimum SIL table
or by calculating
the PFD of the
proposed
technical solution
CCF
(HIPPS
/PSD)
HIPPS
isolation
fails
Risk
graph
Risk
matrix
16
17
SRS
(SIS)
SIFn:
SIF2:
EUC boundaries
Assumptions
SIF1:
EUC boundaries
Functional
Assumptions
EUC boundaries
Functional
Assumptions
requirements
Safety
integrity
requirements
Functional
requirements
requirements
Safety
integrity
requirements
Safety integrity
requirements
18
19
PFD or PFH
Architectural constraints
Avoidance and control with systematic failures
Visit IEC
61508 or IEC
61511 for
guidance
20
Input
data
PFD
(or PFH)
21
Sensor:
Manufacturers that claim conformance to IEC 61508 must provide such documentations (e.g.,
certificates)
Diagnostic coverage to be estimated (rules for maximum credit taken from comparison of pressure
reading)
Sensor: Various types of transmitters, switches, and also (manually operated) pushbuttons
NTNU, September 2007
22
Logic solver:
Manufacturers that claim conformance to IEC 61508 must provide such documentations (e.g.,
certificates)
Procedures must be made for how to initiate, implement, and verify application software changes
Logic solver: Hardwired, Solid state, programmable logic solvers (PLC)
23
Final element:
Manufacturers that claim conformance to IEC 61508 must provide such documentations (e.g.,
certificates)
Any local control panel must be lockable (to avoid inadvertent or unauthorized operation of valves)
Considerations may be made to the use (and the effect from using) partial stroke testing (valves)
Final elements: Valves, solenoid valves, circuit breakers, fire doors, dampers, etc.
24
Utility systems:
Redundancy may be needed (if the recipient components are redundant, or if loss of utility may lead
to insufficient performance of a safety function)
Utility systems: Electrical power (generators or UPS), hydraulic power, pneumatics
25
Any failure of the HMI shall not adversely affect the ability of the SIS to perform its safety functions
If operators need to respond to an alarm: This must be included as elements in the SIF and follow the
SIL requirement
System in place to monitor and display status for inhibits, overrides, blockings (may consider
removing the overriding capability for SIL 3 functions).
Utility systems: VDU stations in control room, critical alarm panel in control room, local equipment rooms,
cabinets in field, and so on.
26
Independence
Physical independence between different SISs (performing different type of safety functions, such
as PSD, ESD, F&G) is preferred
SISs shall be independent from process control system (status information from the SISs is
sometimes provided, to reduce the complexity of e.g., the PSD and ESD system)
In practice, there is some dependencies among SISs and between SISs and process control, from
sharing components (e.g., sensors and valves) and common communication channels. Sufficient
functional independence has been introduced as a concept in this respect.
Some reports have been published on this particular issue, see e.g.,:
Hauge, S., Onshus, T., ien, K., Grtan, T.O., Holmstrm, S., Lundteigen, M.A. (2006):
"Uavhengighet av sikkerhetssystemer offshore - status og utfordringer". STF50 A06011
(82-14-03884-7)
27
28
Compliance report:
29
30
31
32
Local
Safety function
33
34
35
Simple
PFD(t)
PFDavg
Challenges:
2
NTNU, September 2007
36
37
http://folk.ntnu.no/lundteig/Publications/2010proveforelesning-lundteigen-final.pdf
http://folk.ntnu.no/lundteig/Publications/lundteige
n-esrel2009-final.pdf
NTNU, September 2007
38