Professional Documents
Culture Documents
SIL 2 Certificate For Complete Valve
SIL 2 Certificate For Complete Valve
lVnJi oq 10UUV;)
SJfvo.1qoifvd puv oUJIfo puv S!oqtw(s fo t{;)V.1n:J;)Volfl petsenbtu
sindoo ;)JUO.1J;)o!o o.1olfA1 .woN)
uooq
ol1.Vlf
uodiu
SJlfl fo
WI.1N:!IGI.iNO:)
.LN:!II,}:)
G.1'} S,}OH.1NO:)-X:!I.1WI
t'OO-L6SI:!I
fOO-L6SI:!I
ZOO-L6SI:!I
roO-L6SI:!I
:S:!l~V)I:JV d HO.1Vfl.1:JV :)1.1VW
ao '\.LIH~:!I.1NI :!IH.L
tsu U!3.l!it@fi!pS!u'I:JiJ.L
8l009E ZELlO :xotl
ZE~Z~EZELlO :/iJ.L
D7frOlN.L
'.LN:FDI
''ilD([fl[flNO.L
'tutuamIVH:JNO
.LN'ilW'ilAONclWI A.LI7VilO
A.LIND'il.LNI sisurs
.LN'ilWSS'ilSSV JISIN l' A.LI7IflVI7'ilN
9Z
SINH03
CONTENTS
Executive Summary & Recommendations
1. Scope and Safety-Integrity Targets
2. Hardware Reliability and Safe Failure Fraction
3. Failure Rate Data
4. References
APPENDIX 1 - Fault Tree details
1(()J
~)
I
L_
:?SOll
FR
RV
__
EXECUTIVE
OBJECTIVES
To assess the safety-integrity of the Matic actuator assemblies E13597-001, E13597-002,
E13597-003 and E13597-004 for comparison against a safety-integrity target of SIL 2.
RESULTS
In respect of the failure modes:
Failure to close a host valve despite a valid removal of a 24 Volt
solenoid valve input signal.
"Hazardous"
Failure rate
Probability
of failure on
demand
Safe Failure
Fraction
"Type A"
SIL
claim
1.16 10-6per hr
5.110-3
>60%
See section 2.2
Thus, in respect of random hardware failures and safe failure fraction, the above allows the
simplex use of the assemblies in up to SIL 2 safety functions.
RECOMMENDATIONS
Take note that the above integrity claim is dependent on the assumptions in this report and,
in particular, the failure rate of the host valve.
__
The assembly is shown in a sketch on page 2 (see also Imtex Drawings J100405-X). Human
error in respect of closing the valve in error is not within the scope of this study. The study
addresses the following failure mode:
Following a valid removal of 24 volts from the solenoid valve, failure to close the
Camtorc actuator (including and excluding the host valve).
Both the instrument air supply and the control system to which this assembly is to be fitted
are outside the scope of this report.
1.2 Assumptions
a) Reliability assessment is a statistical process for applying historical failure data to
proposed designs and configurations. It therefore provides a credible target/estimate of the
likely reliability of equipment assuming manufacturing, design and operating conditions
identical to those under which the data was collected. It is a valuable design review
technique for comparing alternative designs, establishing order of magnitude performance
targets and evaluating the potential effects of design changes. The actual predicted values
cannot, however, be guaranteed as forecasting the precise number of field failures which
will actually occur, since this depends on many factors outside the control of a predictive
exercise. The information and statements contained in this document are opinions only and
reflect Technis's best judgement based on the available information. Technis shall not be
responsible whatsoever for loss or damage (including, without limitation, loss of profits or
any indirect loss), if any, suffered by any party as a result of decisions made or actions taken
in reliance upon or in connectionwith the information contained in this report.
b) Failure rates, for the purpose of this prediction, are assumed to be constant with time.
Both early and wearout related failures would decrease the reliability but are assumed to be
removed by bum in and preventive replacement respectively.
c) The proof test interval for unrevealed failures is annual (8760hrs). The mean time to
repair is thus insignificant and is not modelled.
1.3 Safety-Integrity Targets
The client has stipulated a SIL 2 target.
Low demand
__
High Demand
PFD
PFD
SIL 4
>=10-5 to <10-4
>=10-5 to <10-4
SIL3
>=10-4 to <10-3
SIL2
SILl
>=10-2 to <10-1
_____:Dr
David J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE
4
2. HARDWARE RELIABILITY
2.1 Random Hardware
Failures
The fault tree in Figure 2.1 shows the simple simplex arrangement of the three elements. It
was analysed using the TTREE package (reference 4.5). The details are shown in Appendix
1.
The probability of the top event is 5.110-3 which (being in the SIL 2 range) meets the SIL 2
requirement.
Figure 2.1 - Fault Tree - Failure to close
FAIL TO
CLOSE THE
HOST VALVE
GTOP
BIFOLD
SOLENOID
FAILS TO REL
CAMTORC
ACTUATOR
FAIL TO MOVE
HOST VALVE
FAILS TO
CLOSE
SOL
CAM
VALVE
Note that (Appendix 1) the top event is dominated 43% by the failure of the host valve
rather than by the Imtex equipment.
__
_____cDr
David J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE
5
-----------------------------
-- --
--
TYPE A
SFF
<60%
60%-90%
90%-99%
>99%
TYPEB
SFF
<60%
60%-90%
90%-99%
>99%
SIL for
Simplex
SIL for
(m+l)
SIL for
(m+2)
1
2
3
3
2
3
4
4
3
4
4
4
SIL for
Simplex
SIL for
(m+l)
SIL for
(m+2)
NO*
1
2
3
1
2
3
4
2
3
4
4
* This configuration
is not allowed.
Simplex infers no redundancy and is referred to as Hardware Fault Tolerance 0
(m+l) infers lout of2, 2 out of3 etc and is referred to as Hardware Fault Tolerance 1
(m+2) infers lout of3, 2 out of 4 etc and is referred to as Hardware Fault Tolerance 2
Thus:
Matic SFF = 3.06/[3.06+0.44] = 80.5%
Bifold SFF = 0.363/[0.363+0.223] = 61.9%
Valve (typical) SFF = 3.5/[3.5+0.5] = 87.5%
Overall SFF (adding the above elements) = 6.92/8.09 = 85.5%
Each of the above are in the SIL 2 range for a HFT[O] device
__
Solenoid valve
(FP15 Bifold)
FAILURE
RATEpmh
(PFD)
MODE
MODE
FRATE
SOURCE
0.586
0.586
Fail to release
Spurious rel
0.223
0.363
Ref4.4b
Ref4.4b
5
0.03
Fail to release
Fail to release
0.5
0.003
Ref4.3
Ref4.3
Fail to release
Spurious rel
0.223
0.363
Note (i)
Note (i)
Note (i) The Ref4.4b Exida claim is within the Faradip range is thus perceived as credible.
Matic Actuator
3.5
Fail to close
0.44
Spurious close 3.06
Fail to close
0.5
Ref4.6
Ref4.6
Ref 4.3
* The failure rate of a host ball valve will depend upon the type and application. A credible
value has been used in this study.
4. REFERENCES
4.1 The Safety Critical Systems Handbook (A straightforward guide to functional safety
IEC61508) 3rd edition, 2010, Smith DJ and Simpson KGL, Butterworth Heinemann ISBN
9780080967813
4.2 IEC Standard 61508 Functional Safety, E/EIPE Safety Related Systems (7 Parts).
4.3 FARADIP.THREE Version 8.0 Failure Rate Data Base, Technis ISBN 0 951656236.
4.4 Client Documents:
a) email JR to DJS 4112/2015
b) EXida Certificate 1107001 COOl
4.5 TTREE Version 4.0 User's Manual 2015, Fault Tree package ISBN 09516562 4 4.
4.6 Technis Report T674 Matic Camtorc Actuator Failure Data
___
------
. _ -
-----------------
0.SOSE-02
Constant
Probability
Importance .430
Basic
Event
VALVE
Rank
Type
I/E
Failure
Rate
.440E-06
Importance .192
Basic
Event
SOL
____
I/E
Failure
Rate
.500E-06
Importance .379
Basic
Event
CAM
Rank
Type
Type
I/E
Failure
Rate
.223E-06
Constant
Probability
Constant
Probability
Constant
Probability