Professional Documents
Culture Documents
SIS Overview
SIS Overview
SIS Overview
Purpose of Presentation
Define Process Safety Management Define Safety Instrumented System Review Regulation / Standards / References for Safety Instrumented Systems Examine Methods of Selection and Design of Safety Instrumented Systems Provide Examples of Safety Instrumented Systems
Employee Participation
Operating Procedures
Training
Contractors
Mechanical Integrity
Management of Change
Incident Investigation
Compliance Audits
Trade Secrets
Concept of Protection Layers Using a Process Hazards Analysis Methodology, all potential process Hazards are identified. Hazard
Once a hazard has been identified, the available protection layers are evaluated using Risk Assessment Methodologies. 1 - Physical
Hazard 1
1 - Physical
2 - Human
Hazard 1 2
1 - Physical
2 - Human 3- BPCS
Hazard 1 2
1 - Physical
1 - Physical
Hazard 1 2
4
5
3
SIS Safety Instrumented Systems
What is a Safety Instrumented System (SIS) and associated Safety Instrumented Functions (SIF)? (In the past an SIS has been referred to as an Emergency Shutdown System (ESD) Example HL Area ESD System)
A SIS is an instrumented protective system that consists of an instrument component, group of instrument components, or instrument system that reduces processto be? preventing or If so, how Good does it need risk by mitigating the consequences of a process hazard.
A SIF is an do we know protective system within a SIS that How instrumented if its Good Enough? reduces process risk for a specific process hazardous cause.
Example of SIS
PAHH 103
O C O C
ZI 103 Z5 103 SDV 103
I I
From Wells
FC
PT 103
SEPARATOR
LT 108
30%
I
LALL 108
FC
Oil
40%
SDV 108
FC
FC
H2O
Logic Solver
PT
Sensor & connection to process
SD
Final Control Device & all associated actuation components
SDV 109
These Regulations have common requirement for Safety Systems They shall be designed in accordance with generally accepted good engineering practices established by recognized codes and standards.
IEC 61511
Industry specific standard for the Process Sector Current Status: Published in 2002 (With exception of Part 2 Pending) For USA IEC 61511 shall replace ANSI-ISA-S84.01 with 2003 issue Standard has been been widely accepted throughout the world Standard has three (3) Parts and covers: Selection Methodologies For Determining Need and Classification of SIS Classification of SIS Design Requirements for SIS (Hardware / Software) Installation / Commissioning / Maintenance of SIS Management of Change (MOC) of SIS
Using this reference we now have some definitive methods for making good engineering decisions for the selection and design of Safety Instrumented Systems.
This is important for ensuring: Maximum safety for our processing units Compliance with Regulations.
Life Cycle Chart: Activities involved in the development and implementation of an SIS
Identify Hazardous Consequences, Causes, and Safeguards This is accomplished through Process Hazards Analysis studies: HAZOPS Checklists
What-Ifs
During PHA it is now common to Risk Rank PHA issues based on Severity and Probability of Occurrence
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
Risk Assessment is performed to determine: Severity of Hazardous Consequences Likelihood of Occurrence Adequacy of Safeguards Requirements for SIS/SIF
Risk Assessment Methodologies for SIL Selection: IEC-61511 (Part 3) Methods Risk Matrix Methodology Chart Methodology Fault-tree Analysis Layer of Protection Analysis (LOPA) Detailed training on Risk Assessment Methodologies are beyond this presentation.
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
From Risk Assessment it is determined if additional protection in the form of an SIS/SIF is required or is being used for risk reduction. This evaluation is done for all identified Hazardous Consequences and their associated causes.
SIS Required
SIS Determination and Design should be accomplished only by individuals trained in the use of IEC61511.
IEC-61511 Defines Levels of Integrity for SIFs: Safety Integrity Level (SIL) The higher the integrity level the more risk reduction is obtained from the SIF. The required SIL is dependent upon the needed risk reduction as determined by the Risk Assessment.
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
The SIL values and risk reducing values are defined with IEC-61511.
No
SIS Required
The SIF SIL is measured by its calculated Probability of Failure upon Demand (PFD). Yes
In addition, the SIF shall also meet Refinery established requirements for Spurious Trip Rate (STR).
From IEC61511:
Safety Integrity Level: (PFD = 1 Availability) Level Safety Availability PFD
1 2 3 4
Spurious Trip Rate Requirements: (STR = Years between Spurious Trips) Refinery Choice based on safety and economics
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
A Safety Requirement Specification (SRS) is required for the SIS and all associated SIFs. An SRS shall define: All functional requirements for each SIF All Integrity requirements for each SIF
No
SIS Required
Yes
Determine SIL Required
Separation of Safety Interlock System: Must be independent from Basic Process Control System(BPCS) Must be protected from contamination from Human Machine Interface (HMI) components Must be housed in a separate enclosure Must be well labeled and marked as a Safety Instrumented System
System Configuration Redundancy Can Improve MTBF (Fail to Danger) - PFD Redundancy Can Reduce MTBF (Fail to Safety) - MTBF (Spurious) Hot Standby and 2oo3 Logic Systems Improves both Reliability and Availability
Redundancy and Hot Standby must be evaluated for all components of the Safety Instrumented System.
Common Cause Failures (CCF) Power Supplies Air Supply Cabling Environmental Conditions Many others
Interlock By-Passing Key Lock Switches Alarm when bypassed Special Operating Procedures when bypassed
Improve SIL with increased Diagnostic Coverage: Diagnostic Coverage: Ratio of detectable faults (found through testing) to total possible faults. Continuous Diagnostics (Logic Solver, Field Devices, Wiring) Component Inspections Component Testing Transmitters vs. Switches New Technologies for Field Equipment
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
Initial conceptual design for each SIF and the SIS shall be accomplished based on the applicable SRSs. Specific design requirements assigned SIL are defined within IEC 61511.
No
SIS Required
Yes
Determine SIL Required
Perform PHA
Risk Analysis Evaluate Consequences, Causes & Safeguards
No
No
SIS Required
All function specification are met All integrity specification are met
Yes
Determine SIL Required
SIS/SIF Validation
Functional (As defined by SRS and in accordance with IEC 161511): Checklist to ensure that all functional requirements are met such as: Sensor Inputs Logic Solver Requirement Final Control Device Safe State for all components S/D Logic Manual S/D Bypassing Reset Special Startup Requirements Human Machine Interface (HMI) Typically via DCS
SIS/SIF Validation
Integrity Requirements(As defined by SRS and in accordance with IEC-61511):
System Architecture To Improve PFD and/or STR, redundancy may be required in system components
System Test Interval The testing interval for SIFs will effect the PFD of the system and must be within an acceptable period for process operations
Equipment Selection Failure Rate in dangerous mode Facility Experience with equipment Diagnostic Coverage Component Self Testing and failure detection capabilities PFD & STR Calculations Simplified Equation in accordance with ANSI/ISA S84.01/TR.84.02
Logic Solver
PT
Sensor & connection to process
SD
Final Control Device & all associated actuation components
TI PFD x ] avg DU [ [ 2
TI x ] F 2
D
1oo2
2
Systematic Failures
D F
2 PFD ) TI [ avg x ] DU [ ( 3
DD = detected dangerous failure rate Note: For short repair time MTTR is insignificant
2oo3
PFD )x 2 avg( 2 TI [ [ DU ]
Systematic Failures
S = Spurious trip rate for each component SF = Safe systematic failure rate for each component DD = Dangerous detected failure rate for each component
1oo2
DD S S [( STR S ) [ F ] ) 2 DD [( ] ]
Systematic Failures
2oo3
DD S S [( ] [ F ] STR DD SS [ ( ) 6 xMTTR] )
Systematic Failures
Once SIS/SIFs have been Validated, detailed design can be performed. IEC 61511 provide design requirements and acceptable practices.
No
Yes
No
SIS Required
Yes
Determine SIL Required
SIS/SIF Verification Prior to installation (if applicable) SIS/SIFs shall be Factory Accepted Testing (FAT) in accordance with procedures defined in IEC 61511. IEC-61511 provides installation requirements and acceptable procedures. After installation the SIS/SIF shall be subject to Site Acceptance Testing in accordance with procedures defined IEC 61511.
No Yes
Perform Detail SIS Design SIS Installation and Commissioning
No
SIS Required
Yes
Determine SIL Required
No Yes
Perform Detail SIS Design SIS Installation and Commissioning
No
SIS Required
Yes
Determine SIL Required
New or revision to maintenance procedures shall be developed for detailing: Routine maintenance of SIS/SIFs Periodic proof testing procedures based on Test Interval established with SRS integrity requirements.
Perform PHA
Risk Analysis Evaluate Consequences & Safeguards
No Yes
Perform Detail SIS Design SIS Installation and Commissioning
No
SIS Required
Yes
Determine SIL Required
A Pre-Start Up Safety Review in accordance with Refinery PSM requirements shall be accomplished prior to SIS/SIFs startup.
Perform PHA
Risk Analysis Evaluate Consequences & Safeguards
No Yes
Perform Detail SIS Design SIS Installation and Commissioning
No
SIS Required
Yes
Determine SIL Required
The SIS/SIFs shall be operated and maintained (including periodic proof testing in accordance with IEC-61511.
No Yes
Perform Detail SIS Design
SIS Installation and Commissioning
No
SIS Required
Modify or Decommission
Yes
Determine SIL Required
SIS Decommissioning