Q2..TNT equivalent is a convention for expressing the energy released in an explosion.

The
"ton of TNT" is a unit of energy defined by that convention to be 4.184 gigajoules,[1] which is the
approximate energy released in the detonation of a metric ton (1,000 kilograms or one
megagram) of TNT. The convention intends to compare the destructiveness of an event with that
of ordinary explosives, although TNT is not the most energetic among them. The energy density
of dynamite, for example, is approximately 7.5 MJ/kg, about 60% greater than the 4.7 MJ/kg of
TNT.
The "megaton of TNT" is a unit of energy equal to 4.184 petajoules.[2] The kiloton and megaton
of TNT have traditionally been used to describe the energy output, and hence the destructive
power, of a nuclear weapon. The TNT equivalent appears in various nuclear weapon control
treaties, and has been used to characterize the energy released in such other highly destructive
events as an asteroid impact.

Conversion to other units

1 ton TNT equivalent is approximately:

1.0109 calories

4.184109 joules

3.96831106 British thermal units

3.08802109 foot pounds

1.162103 kilowatt hours

Qualitative Analysis
(Cut Sets)
3..

A listing taken directly from the Fault Tree

of the events, ALL of which must occur to
cause the TOP Event to happen
PEUSS 2011/2012 FTA Page 23

Algebraic representation is:

Q = (A C ) ( D B )
which can be re-written as:
Q = (A D ) (A B ) ( C D ) ( C B )
Q = ( A D ) + ( A B ) + ( C D ) + ( C B )
which is a listing of Groupings ...each of
which is a Cut Set

AD AB CD BC

Qualitative Analysis (Cut Sets)

PEUSS 2011/2012 FTA Page 24

Q
ACDB
13

Qualitative Analysis
(Minimal Cut Sets)
A listing, derived from the Fault Tree Cut Sets and
reduced by Boolean Algebra, which is the smallest
list of events that is necessary to cause the Top
Event to happen
PEUSS 2011/2012 FTA Page 25Fault

tree analysis (FTA) is a top down, deductive failure

analysis in which an undesired state of a system is analyzed using Boolean logic to
combine a series of lower-level events. This analysis method is mainly used in the
fields of safety engineering and reliability engineering to understand how systems
can fail, to identify the best ways to reduce risk or to determine (or get a feeling for)
event rates of a safety accident or a particular system level (functional) failure. FTA
is used in the aerospace, nuclear power, chemical and process,[1][2][3]
pharmaceutical,[4] petrochemical and other high-hazard industries; but is also used
in fields as diverse as risk factor identification relating to social service system
failure.[5] FTA is also used in software engineering for debugging purposes and is
closely related to cause-elimination technique used to detect bugs.

4.. Safety integrity level (SIL) is defined as a relative level of risk-reduction provided by a
safety function, or to specify a target level of risk reduction. In simple terms, SIL is a
measurement of performance required for a safety instrumented function (SIF).
The requirements for a given SIL are not consistent among all of the functional safety standards.
In the European functional safety standards based on the IEC 61508 standard four SILs are
defined, with SIL 4 the most dependable and SIL 1 the least. A SIL is determined based on a
number of quantitative factors in combination with qualitative factors such as development
process and safety life cycle management.
Assignment of SIL is an exercise in risk analysis where the risk associated with a specific hazard,
that is intended to be protected against by a SIF, is calculated without the beneficial risk
reduction effect of the SIF. That "unmitigated" risk is then compared against a tolerable risk
target. The difference between the "unmitigated" risk and the tolerable risk, if the "unmitigated"
risk is higher than tolerable, must be addressed through risk reduction of the SIF. This amount of
required risk reduction is correlated with the SIL target. In essence, each order of magnitude of
risk reduction that is required correlates with an increase in one of the required SIL numbers.

There are several methods used to assign a SIL. These are normally used in combination, and
may include:

Risk matrices

Risk graphs

Layers of protection analysis (LOPA)

Of the methods presented above, LOPA is by far the most commonly used by large industrial
facilities.
The assignment may be tested using both pragmatic and controllability approaches, applying
guidance on SIL assignment published by the UK HSE.[1] SIL assignment processes that use the
HSE guidance to ratify assignments developed from Risk Matrices have been certified to meet
IEC EN 61508
There are several problems inherent in the use of safety integrity levels. These can be
summarized as follows:

Poor harmonization of definition across the different standards bodies which utilize SIL

Process-oriented metrics for derivation of SIL

Estimation of SIL based on reliability estimates

System complexity, particularly in software systems, making SIL estimation difficult to

impossible

These lead to such erroneous statements as, "This system is a SIL N system because the process
adopted during its development was the standard process for the development of a SIL N
system", or use of the SIL concept out of context such as, "This is a SIL 3 heat exchanger" or
"This software is SIL 2". According to IEC 61508, the SIL concept must be related to the
dangerous failure rate of a system, not just its failure rate or the failure rate of a component part,
such as the software. Definition of the dangerous failure modes by safety analysis is intrinsic to
the proper determination of the failure rate.[2]
SIL is for electrical controls only and does not relate directly to the caT architecture in EN
62061. It appears to be a precursor to PL ratings that are now the new requirements which
encompass hydraulic and pneumatic valves.[citation needed]

Certification
The International Electrotechnical Commission's (IEC) standard IEC 61508 defines SIL using
requirements grouped into two broad categories: hardware safety integrity and systematic safety

integrity. A device or system must meet the requirements for both categories to achieve a given
SIL.
A Safety Instrumented System (SIS) consists of an engineered set of hardware and software
controls which are especially used on critical process systems. A critical process system can be
identified as one which, once running and an operational problem occurs, may need to be put
into a "Safe State" to avoid adverse Safety, Health and Environmental(SH&E) consequences.
Examples of critical processes have been common since the beginning of the Industrial Age. One
of the more well known critical processes is the operation of a steam boiler. Critical parts of the
process would include the lighting of the burners, controlling the level of water in the drum, and
controlling the steam pressure.
A SIS is engineered to perform "specific control functions" to failsafe or maintain safe operation
of a process when unacceptable or dangerous conditions occur. Safety Instrumented Systems
must be independent from all other control systems that control the same equipment in order to
ensure SIS functionality is not compromised. SIS is composed of the same types of control
elements (including sensors, logic solvers, actuators and other control equipment) as a Basic
Process Control System (BPCS). However, all of the control elements in an SIS are dedicated
solely to the proper functioning of the SIS
The correct operation of an SIS requires a series of equipment to function properly. It must have
sensors capable of detecting abnormal operating conditions, such as high flow, low level, or
incorrect valve positioning. A logic solver is required to receive the sensor input signal(s), make
appropriate decisions based on the nature of the signal(s), and change its outputs according to
user-defined logic. The logic solver may use electrical, electronic or programmable electronic
equipment, such as relays, trip amplifiers, or programmable logic controllers. Next, the change of
the logic solver output(s) results in the final element(s) taking action on the process (e.g. closing
a valve) to bring it to a safe state. Support systems, such as power, instrument air, and
communications, are generally required for SIS operation. The support systems should be
designed to provide the required integrity and reliability.

Other names
Other terms often used in conjunction with and/or to describe safety instrumented systems
include:

Critical control system

Safety shutdown system

Protective instrumented system

Equipment protection system

SIS examples

Safety instrumented systems are most often used in process (i.e., refineries, chemical, nuclear,
etc.) facilities to provide protection such as:

High fuel gas pressure initiates action to close the main fuel gas valve.

High reactor temperature initiates action to open cooling media valve.

High distillation column pressure initiates action to open a pressure vent valve.

5. Explain sil1 sil2 sil3???

Next page

Look for Next page