SIL Assessments and verifications - M+W Process Automation

8/18/2019 SIL Assessments and verifications - M+W Process Automation

1/34

Ein Unternehmen der M+W Group

A Company of the M+W Group

Doc.-Vers.: 16

M+W Process Automation

SIL Assessments and Verif ications in theProcess Industry

Bram Van Liefferinge


2/34

2 © M+W Process Automation – A Company of the M+W GroupCompany Presentation Doc.-Vers.: 16

SIL Assessments and verifications in the

process industryContent


IEC 61511 M+W Process Automation


3/34




TÜV FSE 625/07

Project Engineer Head Functional Safety Departement


4/34


SIL – Process Industry

IEC 61511

Functional Safety - Safety Instrumented Systems for the Process Industry

Who? Why?

What about?

How?


5/34


IEC 61508 >< IEC61511

IEC 61508

=> Manufacturers & SuppliersIEC 61511

=> End Users & System Integrators


6/34


Who?

Seveso II Directive:

control of major-accident hazards involving dangerous substances

High level Seveso company

Low level Seveso company

Kind of substance

Amount of substances

Seveso locaties in Belgium:

173 H

194 L


7/34


Why?

Seveso Directive:

Take all necessary measures and show to inspecting authorities that all necessarymeasures are fullfilled.

=> Which measures and why

High level of protection

=> Codes of good practise: IEC 61511

PAM: Preventive Active Measures Belgium: Seveso

MES 3-audit

Func. Safety: PAM


8/34


What about?

Risk Reduction with: SIS

Sensor Logic Actor


9/34


How?

Lifecycle concept

How do I build an SIS?

How do I keep my SIL / Risk reduction?


10/34


Hazard and Risk Analysis

Seveso: “To take all necessary measures and to show inspecting authoritiesthat all necessary measures are fullfilled.”

Identify Hazards

Define Risks

Define necessary risk reduction

Without safeguards!

Risk = Probability x Severity


11/34


Allocation of Safety Functionsto Protection Layers

Risk unacceptable?

Identify existing safeguards

Define additional safeguards

• Intrinsic Safe Design

• Mechanical Protection Layer

• Instrumental Protection Layer (SIL)

• Passive protection layers (dyke)• Human intervention

LOPA, matrix, risk graph

S I L A S S E S

S E D !


12/34


Safety Integrity Level

• Measure for the reliability of the SIS (PFD)

• SIL3 much harder then SIL1

RRF = 1 / PFD


13/34


IEC 61511 Lifecycle


14/34


Safety Requirements Specification

Why is this so important?

=> Emphasis government: PAM


15/34



SIF Safety Requirement Specification

Functional requirements

Integrity requirements

PFD-calculations to determine

Test Interval

SIL => Safety

STL (Spurious Trip Level) => Availability

Before basic/detail/software engineering Basis for documentation

Basis for validation

General concept

SIF specification

Design & Engineering

PFD-calculation


16/34



IEC 61511 & PAM

Trip setting

Safe operating limit + argumentation

Response time requirements

Diagnostics

Reset functions

Additional risks because of trip? Fail actions

Demands rates

Test interval and repair times

When is the function active? (start up, normal operation,...) ...


17/34


Engineering

Allocation of safety functions

=> Risk Reduction & PFD


=> Functionality


18/34


SIL Verification

Architectural Constraints

HFT

SFF

PFDavg

Failure rate (Lambda λ)

Architecture

Diagnostic Coverage Common cause (Beta β)

Test Interval (TI)

Mean time to repair (MTTR)

Demand mode


=> SIL

PFD (SIF)


19/34


Failure Rates

Sources:

Vendor data (certified or not) Oreda

Exida

...


20/34



Hardware Fault Tolerance (HFT)

How many hardware failures may occure without loss of the safety function?

SFF from SIL certificate vendor

1oo1

1oo2

1oo3

2oo3


21/34



IC/Software => Type B!IEC 61508

SIL2 application simple pressure measurement => 1oo1

SIL2 application temperature measurement smart => 1oo2


22/34



IEC 61511

SIL2 application simple pressure measurement => 1oo2

SIL2 application temperature measurement smart => 1oo2

“Dominant failure = safe failure”


23/34



IEC 61511 Loophole

“HFT may be reduced by one if:

• Hardware of the device selected on prior use basis• Only process related parameters may be adjusted• Parameters protected• SIL

SIF

< SIL 4”


24/34


PFDavg: Architecture

IDU1oo1

2

1T PFD

IDU

2I

2DU

1oo2

2

1

3T

T PFD

IDU2oo2 T PFD

IDU

3

I

3

DU

1oo3

2

1

4T

T PFD

IDU2I

2DU2oo3

2

1T T PFD


25/34


PFDavg: Diagnostic Coverage

Sensors

External comparison => 90% λdu detected

Logic

PLC

DC > 99%

Relay Systems

DC = 0

Final ElementsOn/Off valve: DC=0

Partial Stroke testing: 60%

Longer Test Interval!


26/34


PFDavg: Common cause

IEC 61511-1 3.2.6.1 common cause failure

“failure, which is the result of one or more events, causing failures of two or moreseparate channels in a multiple channel system, leading to system failure”

β determined by:

Separation of channels

Diversity

Procedures / Training / Test methods

Environment

...

β estimation: Conservative (10%)

Tables IEC 61508

Exida

β can have a significant impact!


27/34


PFDavg: TI, MTTR and Demand Mode

Test Interval => PFD

Mean Time To Repair (MTTR)Limited influenceSpare available!Repair must be possible!

Demand ModeProcess => Normally Low Demand Mode

IDU1oo1

2

1T PFD


28/34


SIL Verification


PFD Calculations

=> PFD (SIF) => SIL Achieved!


29/34


IEC 61511 Lifecycle


30/34


Conclusion

SIL Assessments & Verifications are not easy!

No experience? Get help!


31/34


Organization of the M+W Group

Anzahl der Mitarbeiter der M+W Group: 4.524 - Gesamtumsatz ca. 1,73 Mrd. €

100%

Dr. Hannes Rosenthaler Juergen Wild (Speaker of the Board)

M+W Group GmbH

Number of employees of the M+W Group: 4.524 – Annual sales revenue approx. 1,73 billion €

Product Solutions

224 Employees

Herbert Blaschitz

M+W Products GmbH,Stuttgart

Clean Room SystemsClean Room Products

Process Solutions

825 Employees

Juergen Wild

M+W Process AutomationGmbH, LudwigshafenM+W Process IndustriesGmbH, Stuttgart

ChemicalPharmaceuticalBiotech AutomotiveFood and BeverageWater / Waste Water Oil and GasEnergy

Others

• Fac.Eng.GmbH• Real Estate• IT / Caatoosee (51%)

Facility Solutions

3.306 Employees

M+W Asia Limited,Singapore

Juergen Wild

ElectronicsFlat Panel DisplaysPhotovoltaic

Energy /Renewable Energy


32/34


Organization Process Solutions

Business Unit Process Solutions

M+W Process Automation GmbH

Headquarters: Ludwigshafen

470 Employees, Sales 2008: 63 M €

Management: Andreas Bieber, Franz Greisberger &

Henning Hammerstaedt

Automation

• Chemicals• Pharmaceuticals• Food and Beverage• Biotech• Water / Waste Water • Oil and Gas• Energy• Automotive Regional Office B + NL

50 Employees

Management:

Stephan Hoste

Locations B: Melsele, Wavre,Locations NL: Breda

M+W Process Industries GmbH

Headquarters: Stuttgart

386 Employees, Sales 2008: 95 M €

Management:Dr. Tobias Luecke,

Hermann Schwarzkopf

Process Plant Engineering

• Biotech• Pharmaceuticals• Chemicals• Food and Beverage• Cosmetics

Head: Juegen Wild


33/34



Consulting

DesignBasic

Engineering

Detail

Engineering

Specification

Supply

Management

PLC and DCS

Robot

Programming

Start-Up

Training

Service

Validation

Control Cabinet

Mounting

Installation

Project Management

Manufacturing

&Business

Integration


34/34

Ein Unternehmen der M+W Group A Company of the M+W Group

Doc.-Vers.: 16

Version: May 2010

Thank you for your attention!If you have any questions...


Eric Vohy

Documents

SIL Assessments and verifications - M+W Process Automation