Documente Academic
Documente Profesional
Documente Cultură
Instrument Selection
www.eit.edu.au
Instrument Selection
Slide 2
Instrument Selection
Sensors and Actuators remain the most critical reliability items in an SIS
Separation, diversity and redundancy are critical issues.
Safety related instruments must have a proven record of performance.
IEC 61508 / 61511 have specific requirements
Logic solver intelligence and communications power will help to provide
diagnostic capabilities to assist field device reliability
Failure modes and common cause issues are potential problems for
intelligent instruments
www.eit.edu.au
Slide 3
Instrument Selection
Fault
tolerance
Prior use
justification
Slide 4
Instrument Selection
Table 7.1
PFD avg
% of total
0.05
0.006
32
0.0005
0.0125
65
0.019 (SIL 1)
100
PFD avg
Fail to
Danger Rate
/ yr.
0.1
The field devices taken together contribute 97% of the PFD for this example.
The PFD figures for the field devices are affected by environmental conditions
and maintenance factors.
Slide 5
PES logic solvers benefit from auto-diagnostics.
www.eit.edu.au
Instrument Selection
Bus connected safety certified instruments
Foundation Field Bus
Profi-safe
ASI-Safety Bus
See Session 5
Slide 6
www.eit.edu.au
Instrument Selection
"
www.eit.edu.au
Instrument Selection
$
Components of the instrument
Process connection
Fouling /corrosion/process fluids/clogging
Wiring
Environmental: Process/Climate/Electrical
Specification/range/resolution.
Response time
Power supplies
Intrinsic safety barriers
Calibration/testing/ left on test/isolated.
Slide 8
www.eit.edu.au
Instrument Selection
Figure 7.4
Electrical Drive Trip
SIS
Logic
380 v ac
power
SIS
Logic
Interlocks
M
Slide 9
www.eit.edu.au
Instrument Selection
& &
'
(
Stop Category 1
Safety Control Category 2
Safety
Relay
Power
Reset
K1 Time
Delayed
K1
Relay
E-Stop
command
www.eit.edu.au
Drive
controller
Slide 10
Instrument Selection
Wiring to solenoids
www.eit.edu.au
Slide 11
Instrument Selection
" &
www.eit.edu.au
Instrument Selection
or
Prior Use
Smart tx
Analog or switch
SIL 1 or 2
SIL 3 requires
assessement and a safety
manual
Apply IEC 61511
limitations
And PFD must satisfy SIL target
www.eit.edu.au
Slide 13
Instrument Selection
www.eit.edu.au
Instrument Selection
Boiler Steam
Drum
LSL
LT
1
Figure 7.5
Boiler
Trip
Logic
LIC
1
Feed water
supply
Slide 15
Instrument Selection
LT
Boiler Steam
Drum
LT
1
Boiler
Trip
Logic
LIC
1
Feed water
supply
Slide 16
www.eit.edu.au
Instrument Selection
Figure 7.6
Separate Sensor
Boiler Damage
Boiler Damage
0.105 / yr.
Low level and NO TRIP
0.0075 / yr.
Low level and NO TRIP
OR
FW Fails and
No Trip
0.005 / yr.
AND
Low level
0.3 / yr.
LT-1 Fails
high-No Trip
LIC causes
low level
0.1 / yr.
AND
FW Fails
FW Fails
0.2 / yr.
OR
www.eit.edu.au
0.2 / yr.
LT-1 Fails
high, LIC-1
causes low
level
0.1 / yr.
Slide 17
Instrument Selection
&
&
,$
- ,
.- ./
Slide 18
Instrument Selection
&
&
,$
- ,
.- ./
A single valve may be used for both BPCS and SIS but
is not recommended if valve failure places a demand on
the SIS.
Normally shared valve can only be used if: Diagnostic
coverage and reaction time are sufficient to meet
safety integrity requirements
Recommendations for a single valve application
SIL 2 and SIL 3 normally require identical or diverse
separation. Diversity not always desireble
Slide 19
www.eit.edu.au
Instrument Selection
! &&
'
Figure 7.7
SIS
BPCS
Solenoid valve
direct acting,
direct mounted.
De-energise to
vent actuator.
FY
FV
Positioner
A/S
Slide 20
0 -
&
Instrument Selection
Figure 7.8
0 1
'
BPCS
SIS
A/S
FY
Slide 21
Instrument Selection
www.eit.edu.au
Instrument Selection
Valve Diagnostics
Assurance that a trip valve will respond correctly when needed
Freedom of movement, full travel
Correct venting of actuator
Correct rate of response
Absence of sticking
Trip signals and solenoid all working
Slide 23
www.eit.edu.au
Instrument Selection
www.eit.edu.au
Instrument Selection
&
23
Slide 25
23
Instrument Selection
&
www.eit.edu.au
Instrument Selection
Slide 27
&
Instrument Selection
, 4
Slide 28
www.eit.edu.au
&
Instrument Selection
, 4
Slide 29
www.eit.edu.au
4
#
4
Instrument Selection
&
,
Slide 30
www.eit.edu.au
Instrument Selection
Redundancy Options
Sensor or Actuator
Configuration.
Table 7.4
Selection
1oo1
1oo2
2oo3
Slide 31
www.eit.edu.au
Instrument Selection
www.eit.edu.au
Instrument Selection
Figure 7.10
SIS
PT
1A
Be careful to analyze
for common cause
faults
e.g Try to avoid this
www.eit.edu.au
PT
1B
Slide 33
Instrument Selection
Figure 7.11
Where measurement is
the problem use diverse
redundancy.
e.g. Steam or Ammonia
overpressure protection
SIS
PT
01
TT
01
Slide 34
www.eit.edu.au
Instrument Selection
Adequate documentation
Volume of experience, > 1 yr exposure per case.
www.eit.edu.au
Slide 35
Instrument Selection
Remove instruments from the list when they let you down
Slide 36
Instrument Selection
www.eit.edu.au
Slide 37
Instrument Selection
Figure 7.12
&
Hart
Interface
Status Alarm
Hand Held
Programmer
Slide 38
&
Instrument Selection
Figure 7.14
Slide 39
www.eit.edu.au
Instrument Selection
www.eit.edu.au
Instrument Selection
&
The safety manual presents all the essential information and set
up conditions that must be followed to allow the instrument to
be validated for any given application.
The manual also supplies the failure rates summary and
expected PFDavg
Compliance to safety manual requirements must be
demonstrated in the validation phase.
See examples of safety manuals and FMEDA reports
Slide 41
www.eit.edu.au
Instrument Selection
&
The safety certificate is issued by the testing body to clearly define what
products have been tested and what standards and limitations have been
applied in the evaluation.
The safety certificate is an essential document for the validation phase.
See examples of Safety Certificates: 3051C and Rex Radar
Testing Authorities include :
TUV Rheinland
Exida.com
Any recognized testing body that can show competency in the SIS field.
Note : Exida specializes in certifying instruments claiming prior use
qualification. Reports supply SFF and failure rate data with declaration of fault
tolerance requirements relevant to IEC 61511. See examples.
Slide 42
www.eit.edu.au
Instrument Selection
$
Instruments must be well proven for safety with an assessment
report or Certified SIL capable to IEC 61508.
Intelligent instruments treated as PES
Separation, Redundancy, Diversity, Diagnostics
Diagnostic Coverage via Smarts or Logic Solver
Bus technology established and growing.
Slide 43
www.eit.edu.au
Reliability Analysis
EIT Safety Instrumentation E-Learning
www.eit.edu.au
Slide 44
Reliability Analysis
Introduction to Chapter 8:
Reliability Analysis of the SIS
The task of measuring or evaluating the SIS design
for its overall safety integrity
Identification of formulae
www.eit.edu.au
Slide 45
Reliability Analysis
www.eit.edu.au
Slide 46
Reliability Analysis
Terminology
RRF
SIL
PFDavg
www.eit.edu.au
Slide 47
Reliability Analysis
Terminology
MTTFd
MTTFs
MTTRd
Ti
dd
du
sd
www.eit.edu.au
Slide 48
Reliability Analysis
1
PFDavg
du
Compare PFDavg with the target PFDavg for the SIL range we need.
www.eit.edu.au
Slide 49
Reliability Analysis
www.eit.edu.au
Slide 50
Reliability Analysis
State of Process
Operating
safely
Reportable
accident
occurs
Operating but
not protected
2 yr
1 yr
www.eit.edu.au
Slide 51
Mission time
Reliability Analysis
State of Process
Proof test
Hazardous condition
Occurs (Demand)
Operating
safely
Accident
prevented
Fault
repaired
0.5 yr
www.eit.edu.au
Mission time
1 yr
Slide 52
Reliability Analysis
Reportable
accident
occurs
Demand occurs
before next proof
test
State of Process
Proof test
Operating
safely
0.5 yr
www.eit.edu.au
Mission time
1 yr
Slide 53
Reliability Analysis
Detectable Dangerous
fault occurs
State of Process
Operating safely
Diagnostic test
reveals fault
Accident
prevented
Fault
detected &
repaired
Diagnostic test
typically100
times/day
www.eit.edu.au
2 yr
1 yr
Slide 54
Mission time
0 #
Reliability Analysis
Low demand mode applies when the demand on the SIS is equal to
or less than once per year. ( IEC 61511) . Alternatively no more than
two demands per proof test interval.
Low demand calculations use PFDavg.
Hazard event rate H = D x PFDavg
High demand mode applies when the demand on the SIS is more
than once per year. ( IEC 61511) . Alternatively more than two
demands per proof test interval.
High demand mode calculations use PFH probability of dangerous
failure per hour.
Hazard event rate H = PFH
96
www.eit.edu.au
#
Slide 55
Reliability Analysis
Pressure relief
trip (SIS)
Accident occurs if
dangerous fault
undetected before the
surge occurs
Slide 56
Reliability Analysis
Electronic
Braking Controls
(SIS)
Accident occurs as
soon as brake circuit
fails
Slide 57
Reliability Analysis
Revise Design
No
Acceptable
Yes
Proceed to Detail Design
www.eit.edu.au
Slide 58
Reliability Analysis
(SIS)
Hazard
Event Rate
Sensor
Logic
Actuator
PFD1
PFD2
PFD3
Slide 59
Reliability Analysis
( SIL 1)
Slide 60
Reliability Analysis
6 <
Hazard
Event
Rate H
#
Accident Rate
H = Fail rate d
H=
H=
D x T<< 1
D x T> 1
Demand mode
Continuous mode
Demand rate D
Slide 61
Reliability Analysis
= .
&
,
p(t)
1
Probability of
being failed when
demand occurs.
Proof test action
=
Average
value
0
www.eit.edu.au
Ti
Slide 62
2Ti
Time t
Reliability Analysis
Overt Failures
Covert Failures
S = 1/MTBFsp
D = 1/MTTFD
D
DD
Loss of Production
S + DD
Trips plant unless
2oo3 or 2oo2 voting
C= Coverage
www.eit.edu.au
DU
Detectable
by Self
Diagnostics
DD
Slide 63
= C
Undetectable
except by manual
proof testing
DU
= (1 C)
Reliability Analysis
Example: Find the Safe and Dangerous Failure Modes
SIS High Level Trip
Logic Solver
PSV
AS
LC
1
I/P
Fluid
Feed
FC
FC
LT
1
LT
2
Device
LE connection
LT electronics
Cable
Power
www.eit.edu.au
Slide 64
sp
du
dd
Reliability Analysis
Covert Failures
S = 1/MTBFsp
D = 1/MTTFD
C= Coverage
DD = C D
Loss of Production
S + DD
Trips plant unless
2oo3 or 2oo2 voting
SP Trip Rate = s + DD
www.eit.edu.au
Detectable by
Self
Diagnostics
PFD1 = DD x (MTTR)
Slide 65
D
DU
= (1 C)
Detectable by
manual proof
testing
PFD2 = DU x (Ti/2)
Reliability Analysis
Covert Failures
S = 1/MTBFsp
D = 1/MTTFD
C= Coverage
DD = C D
Loss of Production
Trips plant unless
2oo3 or 2oo2 voting
Detectable by
Self
Diagnostics
PFD1 =2(
DD)2( MTTR)2
Slide 66
D
DU
= (1 C)
Detectable by
manual proof
testing
PFD2 =((
D U .Ti)2)/3
Reliability Analysis
Formula sets
Single Channel SIS Fail Rates
Overt Failures
Covert Failures
S = 1/MTBFsp
D = 1/MTTFD
C= Coverage
Loss of Production
S + DD
Trips plant unless
2oo3 or 2oo2 voting
Formula set 1
in Fig 8.6
www.eit.edu.au
DD = C D
DU
= (1 C)
Detectable by
Self
Diagnostics
Detectable by
manual proof
testing
Formula set 2
in Fig 8.6
Formula set 3
in Fig 8.6
Slide 67
Overt Failures
d = 1/MTTF
s = 1/MTBFsp
Detectable
By Self
Diagnostics
D D = DC. D
Voting
Formula set 1
Formula set 2
D D (MTTR)
1oo1
1oo2
2
s
2oo2
2(
s)2(MTTR)
2 D D (MTTR)
2oo3
6(
s)2(MTTR)
6(
D D)2 (MTTR)2
www.eit.edu.au
2(
DD)2( MTTR)2
Detectable
By Manual
Proof testing
D U = (1-DC) D
Formula set 3
D U (Ti/2)
((
D U .Ti)2)/3
D U .Ti
((
D U .Ti)2)
PFD due to proof test
Reliability Analysis
Sources of Reliability Data
http://www.sintef.no/Projectweb/PDS-Main-Page/PDS-Handbooks/
Sintef: http://www.sintefbok.no/Product.aspx?sectionId=65&productId=559&categoryId=10
1.
2.
3.
4.
www.eit.edu.au
Also see:
exida.com Reliability Handbook
Manufacturers Safety manuals for
specific SIL certified instruments
Faradip 3 Database
exida.com: Safety Automation
Equipment List ..Functional Safety
Assessment Reports
http://www.exida.com/index.php/resour
ces/sael/
Slide 69
Reliability Analysis
du
du
PFDavg = ( du xTi)2 /3
Example: If fail to danger rate = 0.05 per year, Ti = 1 year
PFDavg = (0.05 x 1)2 / 3 = 0.00083
( SIL 3)
Slide 70
Reliability Analysis
Common Cause
Failures
(1-
) d
(1-
) d
Example:
2oo3 sensor with
common cause
failures
(1-
) d
www.eit.edu.au
Slide 71
Reliability Analysis
www.eit.edu.au
Slide 72
Reliability Analysis
du
(1-
) du
+ du xTi/2
www.eit.edu.au
Slide 73
Reliability Analysis
(1-
) d
(1-
) d
www.eit.edu.au
Slide 74
Reliability Analysis
www.eit.edu.au
Slide 75
!
7
Reliability Analysis
$
&
Value
Notes
DU
0.0500
DD
0.1000
Ti in yrs
1.0000
MTTR in yrs
0.0027
( DU xTi/2)
2.50E-02
Undetected portion
( DD x MTTR)
2.74E-04
Detected portion
2.53E-02
www.eit.edu.au
Slide 76
!
7
Reliability Analysis
$
&
Value
Notes
DU
5.71E-06
DD
1.14 E-05
Ti in hrs
8760
MTTR in hrs
24
( DU xTi/2)
2.50E-02
Undetected portion
( DD x MTTR)
2.74E-04
Detected portion
2.53E-02
www.eit.edu.au
Slide 77
$
7
Reliability Analysis
!
:
&
$
(1(1-) d
(1(1-) d
Safecalc: D = 1.71
% safe =0 C=66%
Value
Notes
DU
5.71E-06
DD
1.14 E-05
0.1000
Ti in hrs
MTTR in hrs
8760
24
(1/3)*((1- ) DU xTi)2
6.75E-04
1.18E-07
( DU xTi/2)
2.50E-03
( DD)x MTTR
2.70E-05
3.20E-03
www.eit.edu.au
Slide 78
Reliability Analysis
$
7
!
:
&
$
(1(1-) d
(1(1-) d
(1(1-) d
Value
Notes
DU
5.71E-06
DD
1.14 E-05
0.1000
Ti in hrs
MTTR in hrs
8760
24
(1- ) DU xTi)2
2.03E-03
6((1- ) DD x MTTR)2
3.54E-07
( DU xTi/2)
2.50E-03
( DD)x MTTR
2.70E-05
4.55E-03
www.eit.edu.au
Slide 79
Reliability Analysis
Logic
d1=0.2
d2=0.02
or MTTF
5yrs
50yrs
10yrs
Apply
calculation
Proof
Testing
Auto
Diagnostics
Proof
Testing
D
Failure Rates:
PFD averages:
0.01
0.005
Actuator
d3=0.1
Slide 80
0.01
Apply
Testing or
Diagnostics
Reliability Analysis
(SIS)
Hazard
Event Rate
Sensor
Logic
Actuator
SIL 2
SIL 1
SIL 1
SIL 1
www.eit.edu.au
Slide 81
Reliability Analysis
Sensor
Sensor
Logic
Actuator
Actuator
Actuator
Logic
D
Sensor
1oo1D
1oo2D
www.eit.edu.au
1oo2
Slide 82
Reliability Analysis
Logic
Sensor
1oo1D
Process
Connection
Transmitter
Cable and
Power
Expand detail of sensor sub system and apply fail rates for each item
www.eit.edu.au
Slide 83
Reliability Analysis
SIS Analysis:
Step 4: Decide du, dd and s for the elements
Step 5: Enter the values to table and totalize
Process
Connection
DU2
DD2
SD2
DU1
DD1
SD1
Subsystem
Element
Cable and
Power
Transmitter
Device
DU3
DD3
SD3
SD/hr
SU/hr
DD/hr
DU/hr
Process connection
1.14E-05
0.00E+00
5.71E-06
3.42E-06
Transmitter
1.14E-05
0.00E+00
5.71E-06
5.71E-07
1.14E-05
0.00E+00
5.71E-06
3.42E-06
3.42E-05
0.00E+00
1.71E-05
7.42E-06
4
5
Subsystem totals
www.eit.edu.au
Slide 84
Reliability Analysis
SIS Analysis: Step 6, find the PFDavg for the 1oo2 subsystem
Break out the common cause failure fraction for the redundant channels and calculate
PFD for each portion and add them together
(1-
) d
1oo2
(1-
) d
PFDavg
Redundant section:
PFDavg =
2((1-
).dd)2 . (MTTR)2
+ ((1-
) .du .Ti)2)/3
www.eit.edu.au
+
Slide 85
Logic
1oo1
Reliability Analysis
Sensor
Actuator
Logic
1oo1
Sensor
Actuator
1oo2
PFDavg
for sensors
www.eit.edu.au
1oo2
+
PFDavg for
logic solver
Slide 86
PFDavg
for actuators
Reliability Analysis
DU = 0.05
.045
DU = 0.0025
= 5%
.0025
.045
1oo2
Dual Sensors PFD
= .00075 +.00125
= .002
C = 95%
0.05
1oo1D
DD = 0.0475
Logic solver PFD
= .00013 +.00125
= .00138
www.eit.edu.au
Slide 87
DU = 0.1
= 10%
.09
.01
.09
1oo2
Dual Actuators PFD
= .005 + .0027
= .0077
Reliability Analysis
8760
5%
24
Subsystem
Element
1
Device
Sensor all components
SD/hr
SU/hr
DD/hr
DU/hr
2
3
4
5
Subsystem totals
66.7%
Diagnostic coverage
0.0%
2.50E-02
2.00E-03
www.eit.edu.au
3.51E-03
Slide 88
Reliability Analysis
www.eit.edu.au
Slide 89
www.eit.edu.au
&
Reliability Analysis
3.
Slide 90
Reliability Analysis
www.eit.edu.au
Slide 91
Reliability Analysis
Logic
Actuator Notes
0.05
DD
Total for 1oo1 subsystem
0.0475
0.0975
Actuators: 1oo2
Sensor
Logic
Actuator Notes
0.15
DD
Beta
0.1
0.1
0.27
0.72
0.015
0.285
2x(1-B) ( S + DD)
B( S + DD)
Total for 1oo2 subsystem
Overall Spurious Trip Rate
1.1425 per yr
www.eit.edu.au
Slide 92
Reliability Analysis
.04
.05
1oo1
1oo2
1oo2
Logic solver
.097 trips per
yr
www.eit.edu.au
.36
Slide 93
Reliability Analysis
Design Version B
Design Version A
.15
.135
2oo3
.015
.15
.135
1oo2
Dual Sensors Spurious
= 2 x .15
= .30 trips per yr
.135
Slide 94
Reliability Analysis
www.eit.edu.au
Slide 95
Reliability Analysis
www.eit.edu.au
Slide 96
Reliability Analysis
&&
0 #
9
6
;
Low demand mode applies when the demand on the SIS is equal to
or less than once per year. ( IEC 61511) . Alternatively no more than
two demands per proof test interval.
Low demand calculations use PFDavg.
Hazard event rate H = D x PFDavg
High demand mode applies when the demand on the SIS is more
than once per year. ( IEC 61511) . Alternatively more than two
demands per proof test interval.
High demand mode calculations use PFH ( same as failure to danger
rate)
Hazard event rate H = PFH
www.eit.edu.au
Slide 97
Pump
Power
Reliability Analysis
PSH
d = 0.05 and Ti = 1/yr:
SIS
6
Hp safety Trip
Slide 98
so H = 5.7E-06/hr = 0.05/yr
0 #
Pump
Reliability Analysis
PSH
d = 0.05 and Ti = 1/yr:
SIS
Power
so H = 5.7E-06/hr = 0.05/yr
Slide 99
0 #
Reliability Analysis
Demand on SIS
H = hazardous event
D = 0.1/yr ..H =
/yr ?
D = 1.0/yr ..H =
/yr ?
D = 10.0/yr ..H =
/yr ?
/yr ?
www.eit.edu.au
Slide 100