Embed Size (px)
DESCRIPTION
Certificate
Citation preview
(poolUV.lVnJioq10UUV;)SJfvo.1qoifvdpuvoUJIfopuvS!oqtw(sfot{;)V.1n:J;)Volflpetsenbtuuooqol1.VlfuodiuSJlflfosindoo;)JUO.1J;)o!oo.1olfA1.woN)
WI.1N:!IGI.iNO:).LN:!II,}:)
G.1'}S,}OH.1NO:)-X:!I.1WI
t'OO-L6S£I:!IfOO-L6S£I:!IZOO-L6S£I:!IroO-L6S£I:!I
:S:!l~V)I:JVdHO.1Vfl.1:JV:)1.1VW
ao'\.LIH~:!I.1NI:!IH.L
tsu·U!3.l!it@fi!p·S!u'I:JiJ.L8l009EZELlO:xotlZE~Z~EZELlO:/iJ.L ·D7frOlN.L
'.LN:FDI''ilD([fl[flNO.L'tutuamIVH:JNO9Z
SINH03.LN'ilW'ilAONclWIA.LI7VilO
A.LIND'il.LNIsisurs.LN'ilWSS'ilSSVJISINl'A.LI7IflVI7'ilN
Technis Reliability Study 18llIssue .1.0: 7 Dec 2015 _Client Confidential
CONTENTS
Executive Summary & Recommendations1. Scope and Safety-Integrity Targets2. Hardware Reliability and Safe Failure Fraction3. Failure Rate Data4. ReferencesAPPENDIX 1- Fault Tree details
(Note: Where electronic copies of this report have beenrequested the accuracy of symbols and of line andpage breakscannot beguaranteed)
1-(()J~)
I
L_ :?-SOll
FRRV
__ ----'Dr David J Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE _2
Technis Reliability Study T8llIssue .1.0: 7 Dec 2015 - Client Confidential
EXECUTIVE SUMMARY & RECOMMENDATIONS
OBJECTIVES
To assess the safety-integrity of the Matic actuator assemblies E13597-001, E13597-002,E13597-003 and E13597-004 for comparison against a safety-integrity target of SIL2.
RESULTS
In respect of the failure modes:
Failure to close a host valve despite a valid removal of a 24 Voltsolenoid valve input signal.
"Hazardous" Probability Safe Failure SILFailure rate of failure on Fraction claim
demand "Type A"
Including the Host 1.16 10-6per hr 5.110-3 >60% 2ESD Valve See section 2.2Assumes 0.5 pmhfor the host
Thus, in respect of random hardware failures and safe failure fraction, the above allows thesimplex use of the assemblies in up to SIL 2 safety functions.
RECOMMENDATIONS
Take note that the above integrity claim is dependent on the assumptions in this report and,in particular, the failure rate of the host valve.
__ ____cDrDavid J. Smith Bsc,PhD, CEng,FIEE,FIQA,HonFSaRS,MIGasE _3
Technis Reliability Study 18llIssue .1.0: 7 Dec 2015 - Client Confidential
1. SCOPE & SAFETY-INTEGRITY TARGETS
1.1 Scope
• Bifold FP15 Solenoid• Camtorc Type S Actuator• SBVBall Valve
The assembly is shown in a sketch on page 2 (see also ImtexDrawings J100405-X).Humanerror in respect of closing the valve in error is not within the scope of this study. The studyaddresses the following failuremode:
Following a valid removal of 24 volts from the solenoid valve, failure to close theCamtorc actuator (including and excluding the host valve).
Both the instrument air supply and the control system to which this assembly is to be fittedare outside the scope of this report.
1.2Assumptions
a) Reliability assessment is a statistical process for applying historical failure data toproposed designs and configurations. It therefore provides a credible target/estimate of thelikely reliability of equipment assuming manufacturing, design and operating conditionsidentical to those under which the data was collected. It is a valuable design reviewtechnique for comparing alternative designs, establishing order of magnitude performancetargets and evaluating the potential effects of design changes. The actual predicted valuescannot, however, be guaranteed as forecasting the precise number of field failures whichwill actually occur, since this depends on many factors outside the control of a predictiveexercise. The information and statements contained in this document are opinions only andreflect Technis's best judgement based on the available information. Technis shall not beresponsible whatsoever for loss or damage (including, without limitation, loss of profits orany indirect loss), if any, sufferedby anyparty as a result of decisionsmade or actions takenin relianceupon or in connectionwith the information contained in this report.
b) Failure rates, for the purpose of this prediction, are assumed to be constant with time.Both early and wearout related failureswould decrease the reliability but are assumed to beremoved by bum in and preventive replacementrespectively.
c) The proof test interval for unrevealed failures is annual (8760hrs). The mean time torepair is thus insignificantand is not modelled.
1.3 Safety-Integrity Targets
The client has stipulateda SIL2 target.
Low demand High DemandPFD PFD
SIL 4 >=10-5 to <10-4 >=10-5 to <10-4
SIL3 >= 10-4 to <10-3 >=10-4 to <10-3
SIL2 >= 10-3 to <10-2 >=10-3 tot <10-2
SILl >= 10-2 to <10-1 >=10-2 to <10-1
__ _____:DrDavid J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE _4
Technis Reliability Study IS}}Issue .1.0: 7 Dec 2015 - Client Confidential
2. HARDWARE RELIABILITY AND SAFE FAILURE FRACTION
2.1 Random Hardware Failures
The fault tree in Figure 2.1 shows the simple simplex arrangement of the three elements. Itwas analysed using the TTREE package (reference 4.5). The details are shown in Appendix1.
The probability of the top event is 5.110-3 which (being in the SIL 2 range) meets the SIL 2requirement.
Figure 2.1 - Fault Tree - Failure to close
BIFOLDSOLENOID
FAILS TO REL
CAMTORCACTUATOR
FAIL TO MOVE
HOST VALVEFAILS TOCLOSE
FAIL TOCLOSE THEHOST VALVE
GTOP
SOL CAM VALVE
Note that (Appendix 1) the top event is dominated 43% by the failure of the host valverather than by the Imtex equipment.
__ _____cDrDavid J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE _5
----------------------------- -- -- --
TechnisReliabilityStudyT8llIssue .l.0: 7 Dec 2015 - Client Confidential
2.2 Safe Failure Fraction (Architectures)
The safe failure fraction (SFF) is calculated from the ratio:
"safe" failures + Diagnosed failures of that modeTotal ("safe" failures + failures of that mode)
A "safe" failure is a failure of an element and/or subsystem and/or system that plays a part inimplementing the safety function that:
• a) results in the spurious operation of the safety function to put the EUe (or part thereof) into asafe state or maintain a safe state; or
• b) increases the probability of the spurious operation of the safety function to put the EUe (orpart thereof) into a safe state or maintain a safe state
There are two Tables which cover the so-called "Type A" components (Failure modes well defmedPLUS behaviour under fault conditions well defmed PLUS failure data available) and the "Type B"components (likely to be more complex and whereby any of the above are not satisfied).
In the following Tables "m" refers to the number of failures which lead to system failure. The Tablesprovide the SIL number for each safe failure fraction case. The expression "m+ 1" implies redundancywhereby there are (m+ 1) elements and m failures are sufficient to cause system failure.
TYPE ASFF<60%60%-90%90%-99%>99%
TYPEBSFF<60%60%-90%90%-99%>99%
SIL for SIL for SIL forSimplex (m+l) (m+2)
1 2 32 3 43 4 43 4 4
SIL for SIL for SIL forSimplex (m+l) (m+2)
NO* 1 21 2 32 3 43 4 4
* This configuration is not allowed.Simplex infers no redundancy and is referred to as Hardware Fault Tolerance 0(m+l) infers lout of2, 2 out of3 etc and is referred to as Hardware Fault Tolerance 1(m+2) infers lout of3, 2 out of 4 etc and is referred to as Hardware Fault Tolerance 2
Thus:Matic SFF =3.06/[3.06+0.44] = 80.5%Bifold SFF = 0.363/[0.363+0.223] = 61.9%Valve (typical) SFF = 3.5/[3.5+0.5] = 87.5%Overall SFF (adding the above elements) = 6.92/8.09 = 85.5%Each of the above are in the SIL 2 range for a HFT[O] device
__ ----'Dr David J. Smith Bsc.Phl), CEng,FlEE,FlQA,HonFSaRS,MIGasE, _6
Technis Reliability Study T811• Issue .1.0: 7 Dec 2015 - Client Confidential
3. FAILURE RATE DATA
Solenoid valve(FP15 Bifold)
FAILURE MODE MODE SOURCERATEpmh FRATE(PFD)
0.586 Fail to release 0.223 Ref4.4b0.586 Spurious rel 0.363 Ref4.4b
ITEM
Solenoid valve genericPessimistic 5 Fail to release 0.5 Ref4.3Optimistic 0.03 Fail to release 0.003 Ref4.3
Thus for this study Fail to release 0.223 Note (i)Spurious rel 0.363 Note (i)
Note (i) The Ref4.4b Exida claim is within the Faradip range is thus perceived as credible.
Matic Actuator 3.5 Fail to close 0.44Spurious close 3.06
Ref4.6Ref4.6
Typical ESD valve* 4 Fail to close 0.5 Ref 4.3
* The failure rate of a host ball valve will depend upon the type and application. A crediblevalue has been used in this study.
4. REFERENCES
4.1 The Safety Critical Systems Handbook (A straightforward guide to functional safetyIEC61508) 3rd edition, 2010, Smith DJ and Simpson KGL, Butterworth Heinemann ISBN97800809678134.2 IEC Standard 61508 Functional Safety, E/EIPE Safety Related Systems (7 Parts).4.3 FARADIP.THREE Version 8.0 Failure Rate Data Base, Technis ISBN 0 951656236.4.4 Client Documents:a) email JR to DJS 4112/2015b) EXida Certificate 1107001 COOl4.5 TTREE Version 4.0 User's Manual 2015, Fault Tree package ISBN 09516562 4 4.4.6 Technis Report T674 Matic Camtorc Actuator Failure Data
___ Dr David J. Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE7 ------
- - . - . _ - - -----------------
Technis Reliability Study T811Issue .1.0: 7 Dec 2015 - Client Confidential
APPENDIX 1- FAULT TREE DETAILS
WITH HOST VALVE (0.5 pmh failure rate)TTREE version 4.0File name: T811.TROResults of fault treeTop event frequency
Top event MTBF
quantification for top0.116E-05 per hour0.101E-01 per year0_864E+06 hours0.987E+02 years0.439E+04 hours
= 0.SOSE-02
event: GTOP
Top event MDTTop event probability(PFD / Unavailability)
BasicBasicEventSOLCAMVALVE
Event Reliability DataType Failure Mean Downtime/
Rate Test IntervalI/E .223E-06 .876E+04 (PTI)I/E .440E-06 .876E+04 (PTI)I/E .500E-06 .876E+04 (PTI)
ConstantProbability
Fussell-Vesely measure of cut set importance
Rank 1 Importance .430 Cut set probability .219E-02
Basic Type Failure Mean Downtime/ ConstantEvent Rate Test Interval ProbabilityVALVE I/E .500E-06 .876E+04 (PTI)
Rank 2 Importance .379 Cut set probability .192E-02
Basic Type Failure Mean Downtime/ ConstantEvent Rate Test Interval ProbabilityCAM I/E .440E-06 .876E+04 (PTI)
Rank 3 Importance .192 Cut set probability .976E-03
Basic Type Failure Mean Downtime/ ConstantEvent Rate Test Interval ProbabilitySOL I/E .223E-06 .876E+04 (PTI)
____ Dr David J. Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE _8
