Professional Documents
Culture Documents
Functional Safety in Process Automation: Instrumentation
Functional Safety in Process Automation: Instrumentation
IEC 61508 / 61511 International safety engineering standards Integrated checking and functional safety of electronic control systems Fail safe components plant risk reduction
Instrumentation
On July 10, 1976, a chemical accident happened in the small town of Seveso, North Italy. Highly toxic dioxin (TCDD) was released into the air, causing tremendous damage to man and nature. The accident was caused by uncontrolled overheating, resulting in overpressure that destroyed a safety device. The reactor had no automatic cooling system. When the incident occurred, no skilled chemical staff was on site. It was pure chance that the escaped quantity of toxic gas was not even higher.
Legislative measures
As a consequence of the Seveso accident the acts, directives and regulations for the protection of man, nature and environment were tightened. In the mid of the 80ies the European Community adopted the so-called Seveso I Directive which has been replaced with the Seveso II Directive (Council Directive 96/82/EC) later on. This was a fundamental change to the legal basis regarding the control of plants with major accident hazards.
In Germany, the Act for the Protection Against Immissions (12. BImSchV) supplemented with an Incident Regulation has been adopted on April 26, 2000. The Incident Regulation refers to DIN19250 and DIN 19251 which define requirement classes AK 0-8 for the realization of the requested measures DIN 19250 and DIN 19251will expire on July 31, 2004. IEC 61508 and IEC 61511 provide an adequate basis for risk assessment and certification of assessed systems to ensure compliance with the Incident Regulation for the future.
ABB field instruments are subject to various extensive analyses and tests performed in close co-operation with an independent body and recorded in detail. This is required to allow for conformity assessment and determine whether or not a device complies with the SIL requirements in accordance with IEC 61508 or IEC 61511 for a specific safety chain.
HFT = 2 Dual redundancy version. At least three hardware faults must occur at the same time to cause a safety loss.
SFF HFT = 0 Single-channel use. A single fault may cause a safety loss. HFT = 1 Redundant version. At least two hardware faults must occur at the same time to cause a safety loss. < 60 60-90 90-99 > 99
The following table shows which probability of failure on demand is assigned to which SIL. PFDaverage < 10-3 < 10-2 10-4 < 10-3 10-6 < 10-4 10-2 10-1 SIL SIL1 SIL2 SIL3 SIL4
As the positioner TZIDC is a proven-in-field device and meets various other safety-relevant requirements, the calculable SIL value in accordance with IEC 61511 can be increased by 1 (HFT = 0). When the SFF and HFT values are entered in the relevant table, the SIL value reachable for these two values can be seen: The positioner TZIDC is suitable for use in SIL2 safety loops, as far as the HFT and SFF values are concerned. HFT 0 SIL1
Classification Overview
Process Instrument Transmitter for absolute pressure* Transmitter for gauge pressure* Transmitter for differential pressure* Transmitter for absolute pressure Transmitter for gauge pressure Transmitter for differential pressure Multivariable transmitter Type 2600T-Series 268Nx Safety, 268Vx Safety 268Hx Safety, 268Px Safety 268Dx Safety 264Nx, 264Vx, 265Ax 264Hx, 264Px, 265Gx 264Bx, 264Dx, 265Dx, 265Jx 267Cx, 269Cx 2000T-Series 2010TA, 2020TA 2020TG 2010TD 2010TC TZIDC TZIDC-200 Shutdown-Modul TH02, TH02-Ex TH102, TH102-Ex TH202, TH202-Ex FCM2000-MC2 267Cx, 269Cx SIL Level SIL3 SIL3 SIL3 SIL2 SIL2 SIL2 SIL2
SFF 60-90 %
1 SIL2
2 SIL3
The PFDavg value of the positioner TZIDC was calculated with the FMEDA on the basis of a oneyear test interval and resulted in 7.52 x 10-4. PFDavg 10-4 < 10-3 SIL3
Transmitter for absolute pressure Transmitter for gauge pressure Transmitter for differential pressure Multivariable transmitter Positioner Positioner, ExD Option board for TZIDC Temperature transmitter Head-mounted Rail-mounted Field-mounted Coriolis Mass Flowmeter Flowmeter (multi-variable)
SIL2 SIL2 SIL2 SIL2 SIL2 SIL2 SIL2 SIL2 SIL2 SIL2 i. p. SIL2
With regard to the most important value in the safety chain the positioner is, thus, suitable for use in SIL3.
Temperature sensors in conjunction with temperature transmitters are appropriate for SIL2.
Plant Certification
From Certified Devices to a Safe Plant
Assessment of the Entire Safety Loop In order to ensure safe operation of a plant the entire safety loops have to be examined and assessed to comply with IEC 61508 or 61511, respectively. A single safety loop comprises:
Sensor/Transmitter
Control system
Actor
Risk Assessment
Prior to designing and calculating the safety loop, the so-called SIL assessment has to be performed, i.e. the safety standard (e.g. SIL2) with which the safety loop must comply has to be determined. In IEC 61508 the risk graph is used for this purpose:
Risk graph
S1 A1 G1 G2
S2 A2 G1 G2 A1
S3 A2
S4
Risk parameters Extent of damages S1: minor injuries of a person; minor harmful influences on the environment S2: serious, irreversible injuries of one or more persons or death of a person; temporary major harmful influences on the environment S3: death of several persons; lasting major harmful influences on the environment S4: catastrophic effects, many dead persons How often/long do persons stay A1: seldom to once in a while A2: frequently to permanently Risk avoidance G1: possible under special conditions G2: hardly possible
W3
relatively high
W2
low
W1
very low
From SIL assessment results that the respective safety loop must comply with a specific SIL rating, upon evaluation of the risk parameters.
statistic evaluations. The user should agree with the local authorities which method NAMUR recommendation or IEC 61508 / 61511 should be used.
The IndustrialIT wordmark and all mentioned product names in the form XXXXXXIT are registered or pending trademarks of ABB. ABB has Sales & Customer Support expertise in over 100 countries worldwide. www.abb.com/instrumentation
The Companys policy is one of continuous product improvement and the right is reserved to modify the information contained herein without notice. Printed in the Fed. Rep. of Germany (03.2004) ABB 2004 3KDE010001R5001 Rev. A
ABB Automation Products GmbH Borsigstrasse 2 63755 Alzenau GERMANY E-Mail Customer Care Center: CCC-support.deapr@de.abb.com