Sil target selection verification exida

SIL Target Selection – SIL Verification

Shanghai, 16 March 2011Koen Leekens

Singapore +65 6222 5160 Shanghai +86 21 5171 7250Hong Kong +852 2633 7727

Canada +1 403 475 1943United Kingdom +44 2476 456 195Netherlands +31 318 414 505

Exida Contacts

Copyright exida LLC ® 2000-2011

g gGermany +49 89 4900 0547USA +1 215 453 1720Switzerland +41 22 364 14 34

Australia / NZL +64 3 472 7707Mexico +52 55 5611 9858South Africa +27 31 267 1564

IEC 61511 is Risk BasedIEC 61511 is Risk Based

“There is risk in reaping the cheese”Reduce the Risk to a tolerable level“There is risk in reaping the cheese”Reduce the Risk to a tolerable levelReduce the Risk to a tolerable levelReduce the Risk to a tolerable level

The IEC 61511 Safety Lifecycle

Analysis PhaseAnalysis PhaseAnalysis PhaseAnalysis Phase

What is…?

SIL Target Selection:

“Select the Safety Integrity Level (SIL) for each Safety Instrumented Function (SIF). The SIL Target is the risk reduction to be provided by the SIF to bring the ( ) g p y gactual risk below the tolerable risk”

SIL Target Selection Methods

Risk Graph

Hazard MatrixHazard Matrix

Frequency Based Targets (LOPA)Most Accurate resulting in best cost versus safety

SIL Target Selection Methods

Risk Graph

Hazard MatrixHazard Matrix

Frequency Based Targets (LOPA)Most Accurate resulting in best cost versus safety

Simplified Exercise

Risk of 1 Fatality …

per year

per 10 year

HIGH RISK

per 100 year

per 1,000 year

per 10,000 year

per 100 000 year

per 1,000,000 year

per 100,000 year

LOW RISK

“Risk‐O‐Mometer”

Simplified Exercise

Risk of 1 Fatality … Practical SIL Target Selection

per year

per 10 year

HIGH RISK

per 100 year

per 1,000 year

per 10,000 year

per 100 000 year

per 1,000,000 year

per 100,000 year

LOW RISK

“Risk‐O‐Mometer”

1. Define Tolerable Risk

Risk of 1 Fatality … Practical SIL Target Selection

per year

per 10 year

per 100 year

per 1,000 year Tolerable Risk must

per 10,000 year

per 100 000 year

be defined by Corporate

per 1,000,000 year

per 100,000 year

1. Define Tolerable Risk

Risk of 1 Fatality … Practical SIL Target Selection– Company Tolerable Risk Guidelines:

per year

per 10 year

1 Fatality per 100.000 year (=10‐5)

per 100 year

per 1,000 yearObjective

Reduce risk belowper 10,000 year

per 100 000 year

Reduce risk below this Tolerable Frequency

per 1,000,000 year

per 100,000 yearq y

2. Determine Actual Risk

Risk of 1 Fatality … Practical SIL Target Selection– Company Tolerable Risk Guidelines:

per year

per 10 year

1 Fatality per 100.000 year (=10‐5)– Result HAZOP “Cryogenic Heat exchange”

Imbalance warm/cold flow can result in f i d f t f i d

per 100 year

per 1,000 year

freezing and fracture of pipe, and explosion.

per 10,000year

per 100 000year

HAZOP PHA method to

per 1,000,000 year

per 100,000year PHA method to identify Hazards

Practical SIL Target Selection– Company Tolerable Risk Guidelines:

per year

per 10 year

freezing and fracture of pipe, and explosion. per 100 year

per 1,000 year

per 10,000year

per 100 000year

Actual RiskFrequence (1/time)

per 1,000,000 year

per 100,000year Frequence (1/time) Consequence (%)

per year

per 10 year

– Actual Risk Frequency Flow Imbalance: 10 year

per 100 year

per 1,000 year Frequency Flow Imbalance: 10 yearConsequence: 1 fatalityper 10,000year

per 100 000year

per 1,000,000 year

per 100,000year

3. Take credit for “Other Layers of Protection”

InitiatingInitiatingEvent

Layers of Protection Outcome

Flow Imbalance

OperatorFails

No pipe fracture

No Ignition ExplosionImbalance Fails fracture

0.2 Per Year

0 50.5

Per Year No Event

per year

per 10 year

– Result of Risk AssessmentFrequency Flow Imbalance: 10 year

per 100 year

per 1,000 year Frequency Flow Imbalance: 10 yearConsequence: 1 fatality

– Layer of Protection Analyses (LOPA):Reduced Frequency: 1000 year

per 10,000year

per 100 000year educed eque cy 000 yea

per 1,000,000 year

per 100,000year

per year

per 10 year

per 100 year

per 10,000year

per 100 000year educed eque cy 000 yea

per 1,000,000 year

per 100,000year

4. Select SIL

per year

per 10 year

per 100 year

per 10,000year

per 100 000yearSelect SIL

?10‐2

educed eque cy 000 yea

per 1,000,000 year

per 100,000yearHow much more risk reduction required?

4. Select SIL Target

4. Select SIL

per year

per 10 year

per 100 year

per 10,000year

per 100 000year

10‐2 SIL2educed eque cy 000 yea

– Select SIL: 10‐3 to 10‐5 = 10‐2 so SIL2Risk Reduction below Tolerableper 1,000,000 year

per 100,000year

The IEC 61511 Safety Lifecycle

l hl hRealization PhaseRealization Phase

What is…?

SIL Verification“Verify if the SIL achieved by the SIF meets the SIL Target.

The SIL achieved is the minimum of:1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)

2. SILAC : Hardware Fault Tolerance

3. SILCAP:Capability to prevent Systematic Failures (SILCAP)

What is…?

PFDsensor + PFDmux + PFDinput + PFDmp + PFDOutput + PFDrelay + PFDfe + PDFprocess‐connection

It is easy to do the calculations right –

It is difficult to do the right

calculations

What is…?

ifiifi ifi iifi iCertificateby VendorCertificateby Vendor

Justification by User

What is…?

The SIL achieved is the minimum of:

1 SIL : SIL21. SILPFD: SIL2

2. SILAC : SIL1

3 SIL SIL3The SIL level for this Safety Instrumented3. SILCAP: SIL3Safety Instrumented Function (SIF) is:

What is…?

The SIL achieved is the minimum of:

1 SIL : SIL21. SILPFD: SIL2

2. SILAC : SIL1

3 SIL SIL3The SIL level for this Safety Instrumented3. SILCAP: SIL3Safety Instrumented Function (SIF) is:

Common Mistakes SIL Verification

DO NOT:– Use Spreadsheet without justification

Use optimistic (Dangerous) Failure Rates– Use optimistic (Dangerous) Failure Rates

– Use 100% Proof Test coverage

– Ignoring Common Cause Failures

– Ignoring Process Connections

– Ignoring SIL Capability

– Ignoring Hardware Fault Tolerance

Next CFSE Trainings China:May – June 2011

– Engineer insufficiently trained

Certified by 3rd Party

Sil target selection verification exida

Education

Certificado Exida

Functional Safety Solutions for the Process Control Industry Asset Library/asco-functional-safety... · SIL 3 Capable, Certified by Exida, ATEX Approved. Process Valve Fuel Gas Line

exSILentia - exida · rity Level (SIL) verification (SILver®). All-new functionality allows users to follow the entire IEC 61511 / ISA 84 functional safety lifecycle for the first

Hydraulic Accumulators SIL Certificate Exida

61508 SIL 3 CAPABLE - exida · 61508 / IEC 61511 and confidence that sufficient attention has been given to systematic failures during the development process of the device. This

exSILentia - exida · exSILentia Version 3 adds ... Safety Integrity Level (SIL) Selection (Risk Graph Hazard Matrix, LOPA) ... possible, for example, to use a mixture of risk graph

Accounting for Human Systematic Error During SIL Verification Website

Safety Engineering, Risk Analysis and Asset · PDF fileSafety Engineering, Risk Analysis and Asset Integrity ... or SRS and SIL Verification), LOPA ... derived from the SIL index determined

Design Verification - Siemensw5.siemens.com/italy/web/AD/ProdottieSoluzioni... · SIL 3 SIL 3 Design Verification LAZ--402 Air. Air. 21.03.2011, 8_Verifikation.xls Sheet 1 of 1 Back

IEC 61508 Assessment - · PDF fileThe functional safety assessment performed by exida consisted of the following activities: ... and SIL 3@HFT=1 and the Systematic Capability requirements

Failure Modes, Effects and Diagnostic · PDF filesystem (SIS) usage in a particular safety integrity level (SIL). ... exida is one of the world’s leading product certification and

Sil Verification

exida Company Profile

SIL methodology A methodology for SIL verification in ... SIL... · 1.0 Methodology. 5 — 1.1 SIL verification - a definition ... pre-design; the EPC is responsible for delivering

Accounting for Human Error Probability in SIL Verification ... · Unfortunately, most of the SIL verification calculations today use the truncated Eq. No. 1 (instead of 1a) from ISA-TR84.00.02:

Safety Functions and SIL Verification - ABB Group€¦ · Safety Functions and SIL Verification / November 2017 Our approach is holistic - we understand all the dimensions relevant

SOLENOID VALVES 3/2 - Induchem Group...• The valves are certified according to IEC 61508 Functional Safety data and have SIL-3 capability (TÜV & Exida certification) • The solenoid

ST100 Series Thermal Mass Flow Meter FMEDA · PDF fileST 100 Thermal Mass Flow Meter Company: ... exida T-001 February 2012 ... particular safety integrity level (SIL)

TurboSentry™ Overspeed Protection Device IEC and SIL ...tri-sen.com/.../uploads/2012/04/...and-SIL-Report.pdf · TurboSentry - IEC 61511 Compliance and SIL Verification Report Reference:

SOLENOID VALVES 3/2 - Sitek · PDF fileSOLENOID VALVES pilot operated, ... (551/TÜV)-SIL 3 (552-553/EXIDA) ... 316 SS enclosure l-l W S L PK F Flameproof