Embed Size (px)
DESCRIPTION
FUNCTIONAL SAFETY TRAINING 06 – SIL PFD CALCULATIONS
Citation preview
FUNCTIONAL SAFETY TRAINING
06 – SIL PFD CALCULATIONS
1Dr. Ing. Carlo LebrunFunctional Safety Training
2Dr. Ing. Carlo LebrunFunctional Safety Training
SIL CLASSIFICATION (IEC61508 & IEC61511)
W3 W2 W1
a = =
SIL1 a =
SIL2 SIL1 a
SIL3 SIL2 SIL1
SIL4 SIL3 SIL2
b SIL4 SIL3
CONSEQUENCE•Ca Minor Injury•Cb Serious injury, single death•Cc Some deaths•Cd Many deaths
FREQUENCY•Fa Rare to frequent•Fb Frequent to continuous
AVOIDANCE•Pa Sometimes possible•Pb Almost impossible
•OCCURRENCE PROBABILITY•W1 Very slight•W2 Slight•W3 Relatively High
a = no requirement / b = single SIS not enough
Ca
Cb
Cc
Cd
FaFb
FaFb
FaFb
PaPb
PaPb
PaPb
PaPb
3Dr. Ing. Carlo LebrunFunctional Safety Training
SIL REDUCTION FACTOR (IEC61508 & IEC61511)
SIL PFD avg LOW DEMAND MODE Risk Reduction Factor PFH
HIGH DEMAND MODE
4 10E-5 <= PFD < 10E-4 10 000 < RRF <= 100 000 10E-9 <= PFH < 10E-8
3 10E-4 <= PFD < 10E-3 1 000 < RRF <= 10 000 10E-8 <= PFH < 10E-7
2 10E-3 <= PFD < 10E-2 100 < RRF <= 1 000 10E-7 <= PFH < 10E-6
1 10E-2 <= PFD < 10E-1 10 < RRF <= 100 10E-6 <= PFH < 10E-5
4Dr. Ing. Carlo LebrunFunctional Safety Training
RELIABILITY OF PROTECTIONS
The compliance with IEC61508/IEC61511 is based on the estimation of the
Probability of Failure on Demand(the average in the system lifecycle)
=
The probability a protection will not work in the moment it is required to work
5Dr. Ing. Carlo LebrunFunctional Safety Training
PROBABILITY OF FAILURE ON DEMAND
UNDETECTABLE FAILURE
DETECTABLE FAILURE
MTTR
time
time
Full functionality
Full functionality
Failure mode
Failure mode
Risk cause
Risk cause
ACCIDENT!
PROTECTION ACTION
6Dr. Ing. Carlo LebrunFunctional Safety Training
LOW DEMAND MODE VERSUS HIGH DEMAND MODE
Low demand modethe frequency of demands for operation made on a safety-related system is no greater than one per year and no greater than twice the proof test frequency.
High demand or continuous modethe frequency of demands for operation made on a safety-related system is greater than one per year or greater than twice the proof test frequency. Continuous is regarded as very high demand.
7Dr. Ing. Carlo LebrunFunctional Safety Training
LOW DEMAND MODE VERSUS HIGH DEMAND MODE
Low demand mode:- HIPPS
High demand or continuous mode:- Car brakes
8Dr. Ing. Carlo LebrunFunctional Safety Training
PFD ASSESSMENT AS PER IEC61508
IEC61508/IEC61511 CONSIDER 3 METHODOLOGIES:
- Simplified equations (in detail in this presentation)
- Fault Tree Analysis (requires dedicated software)
- Markov Models (requires dedicated software)
9Dr. Ing. Carlo LebrunFunctional Safety Training
EXAMPLE OF FAULT TREE
10Dr. Ing. Carlo LebrunFunctional Safety Training
EXAMPLE OF MARKOV MODEL
10 2
EXAMPLE : 1oo2 SYSTEM0 - FULL FUNCTIONALITY1 - 1 ELEMENT IN FAILURE2 - 2 ELEMENTS IN FAILURE
λ 1-λ
11Dr. Ing. Carlo LebrunFunctional Safety Training
SIL COMPATIBILITY ASSESSMENT
SIMPLIFIED EQUATIONS METHOD
1 - SYSTEM DECOMPOSITION
2 - FAILURE DATA COLLECTION
3 - PFD AVERAGE ASSESSMENT
4 - FAULT TOLERANCE ASSESSMENT
12Dr. Ing. Carlo LebrunFunctional Safety Training
PT PT PT
SR
S
IASUPPLY
SIF DECOMPOSITION – STEP 1
POWER SUPPLY
13Dr. Ing. Carlo LebrunFunctional Safety Training
PT PT PT
SR
S
IASUPPLY
SIF DECOMPOSITION – STEP 2
POWER SUPPLY
AI DOCPU
FAIL SAFE ACTION
14Dr. Ing. Carlo LebrunFunctional Safety Training
RELIABILITY DIAGRAM
15Dr. Ing. Carlo LebrunFunctional Safety Training
SIL COMPATIBILITY ASSESSMENT
SIMPLIFIED EQUATIONS METHOD
1 - SYSTEM DECOMPOSITION
2 - FAILURE DATA COLLECTION
3 - PFD AVERAGE ASSESSMENT
4 - FAULT TOLERANCE ASSESSMENT
16Dr. Ing. Carlo LebrunFunctional Safety Training
FAILURE RATE
17Dr. Ing. Carlo LebrunFunctional Safety TrainingFunctional Safety Training 17Dr. Ing. Carlo Lebrun
FAILURES RATE FROM IEC61508 CERTIFICATION
18Dr. Ing. Carlo LebrunFunctional Safety Training
FAILURES RATE FROM OREDA DATA BASE
19Dr. Ing. Carlo LebrunFunctional Safety Training
FAILURES RATE FROM OREDA DATA BASE
20Dr. Ing. Carlo LebrunFunctional Safety Training
FAILURES RATE FROM OTHER SOURCES
1 - CORPORATE FAILURE RATES COLLECTIONS
2 - MILITARY (USA) FAILURE RATES COLLECTIONS
3 - OTHER REFERENCE DATABASE (e.g. EXIDA)
4 - PROJECT SPECIFICATIONS
5 - OTHER REFERENCE NATIONAL STANDARDS (es OLF-70)
21Dr. Ing. Carlo LebrunFunctional Safety Training
input_device_failure_data_conversion_tool.xls
22Dr. Ing. Carlo LebrunFunctional Safety Training
SIL COMPATIBILITY ASSESSMENT
SIMPLIFIED EQUATIONS METHOD
1 - SYSTEM DECOMPOSITION
2 - FAILURE DATA COLLECTION
3 - PFD AVERAGE ASSESSMENT
4 - FAULT TOLERANCE ASSESSMENT
23Dr. Ing. Carlo LebrunFunctional Safety Training
SIMPLIFIED EQUATIONS FOR REDUNDANCY OPTIONS
24Dr. Ing. Carlo LebrunFunctional Safety Training
SELECT RIGHT EQUATION PER EACH COMPONENT
25Dr. Ing. Carlo LebrunFunctional Safety Training
CREATE THE SEQUENCE
COPY & PASTE
26Dr. Ing. Carlo LebrunFunctional Safety Training
THE SUM OF ALL PFDAVG
27Dr. Ing. Carlo LebrunFunctional Safety Training
THE BEST ARCHITECTURE
28Dr. Ing. Carlo LebrunFunctional Safety Training
MTTFspurious
MTTFspurious GIVES INFORMATION ON THE PROBABILITY OF SPURIOUS TRIP: SOME PORTION OF FAILURES MAY PROMOTE THE TRIP WHEN IT IS NOT REALLY REQUIRED.
A PROBLEM: THE RATE OF SPURIOUS FAILURES λspurious IS MOSTLY UNKNOWN.
29Dr. Ing. Carlo LebrunFunctional Safety Training
HOW TO ACHIEVE TARGET SIL
Beta: probability of common cause of dangerous undetectable failure. See dedicated lesson. Some moderate influence is in the hands of designer and end-user.
BetaD: probability of common cause of dangerous detectable failure. See dedicated lesson. Some moderate influence is in the hands of designer and end-user.
MTTR: Mean Time To Restore (… the full functionality). Depends on end-user procedures, tools available for corrective actions (eg valve bypass), and spare parts availability.
T1: time interval for full proof test
Tid (PST): time interval for partial proof test
To achieve the target SIL you need to optimize the choice of right redundancy with the correct selection of variable parameters:
30Dr. Ing. Carlo LebrunFunctional Safety Training
OTHER SOURCES FOR PFDAVG CALCULATION
HIMA SILENCE
31Dr. Ing. Carlo LebrunFunctional Safety Training
OTHER SOURCES FOR PFDAVG CALCULATION
HIMA SILENCE
32Dr. Ing. Carlo LebrunFunctional Safety Training
SIL COMPATIBILITY ASSESSMENT
SIMPLIFIED EQUATIONS METHOD
1 - SYSTEM DECOMPOSITION
2 - FAILURE DATA COLLECTION
3 - PFD AVERAGE ASSESSMENT
4 - FAULT TOLERANCE ASSESSMENT
33Dr. Ing. Carlo LebrunFunctional Safety TrainingFunctional Safety Training 33Dr. Ing. Carlo Lebrun
SFF = (λSD + λSU + λDD) / (λS + λD) =
= 1 – λDU / λ
λS = safe failure rateλD = dangerous failure rateλSD = rate of detectable safe failureλSU = rate of undetectable safe failureλDD = rate of detectable dangerous failure
SAFE FAILURE FRACTION
34Dr. Ing. Carlo LebrunFunctional Safety Training
DEVICE TYPES
DEVICE TYPE A“Non-Complex” component (using discrete elements); for details see 7.4.3.1.2 of IEC 61508-2= mechanical components (poor or no diagnostic)
DEVICE TYPE B“Complex” component (using micro controllers or programmable logic); for details see 7.4.3.1.3 of IEC 61508-2= electronic components (important diagnostic)
35Dr. Ing. Carlo LebrunFunctional Safety Training
FAULT TOLERANCE ANALYSYS – TYPE A DEVICES
SFF 1 FAULT TOLERATED 2 FAULTS TOLERATED 3 FAULTS TOLERATED
< 60% SIL1 SIL2 SIL3
60% <= < 90% SIL2 SIL3 SIL4
90% <= < 90% SIL3 SIL4 SIL4
>= 99% SIL3 SIL4 SIL4
36Dr. Ing. Carlo LebrunFunctional Safety Training
FAULT TOLERANCE ANALYSYS – TYPE B DEVICES
SFF 1 FAULT TOLERATED 2 FAULTS TOLERATED 3 FAULTS TOLERATED
< 60% Not allowed SIL1 SIL2
60% <= < 90% SIL1 SIL2 SIL3
90% <= < 90% SIL2 SIL3 SIL4
>= 99% SIL3 SIL4 SIL4
37Dr. Ing. Carlo LebrunFunctional Safety Training
http://www.ecisgroup.it/
END OF PRESENTATION
