ELEG-465

Industrial Automation
Homework #2
Done by

Amr Ayman Garada

Mohammad Numan Farah

ID

920014500
920014661

Date

27.04.2014

factor opt

Item A: Safety Instrumented Systems (SIS)

Apart from the great benefits of the industrial processes and

operations in the oil and gas industries, dangers and risks are associated
with these processes due to the nature of these operations. These dangers
can be on the equipment, assets, resources, fields as well as the personal
working on the field. Hence, companies opted to minimize as much as
possible these hazards as it is hard to eliminate them; usually referred to As
Low As Reasonably Practicable (ALARP) level. Therefore, systems such as
IEC61508 and IEC61511 were created to decrease the dangers. Although
these systems are costly, it is much convenient since the losses due to these
dangers

are countless

that might include replacement of damaged

equipment, maintenance and etc. Moreover, it helps to preserve the

environment and the resources.
Protection systems can be divided to six protection layers:
1. Process Control Layer: It is the base of the protection layers. To ensure
a strong safety base, well-designed and tested control algorithms for
the control and monitor of the processes.
2. Operator Intervention: The first layer of the prevention measures,
where the operators collaborate with the control system. Operators
interfere by shutting down the system after some alarms are triggered
by the system. This layer also holds the automatic shutdown protocols
by the system.
3. Safety Instrumented System: Second layer that handles prevention of
accidents. Unlike the second layer, these systems have different
algorithms and field devices than that of the control system.
4. Active Protection Layer: The first layer that actually deals with the
threats to minimize them. Consists of devices and equipment that
relieves various quantities such as pressure to prevent blowouts.
5. Passive Protection Layer: The second layer that mitigates the hazards.
Has mechanisms and installations to contain and direct hazards such
as explosions.

6. Emergency Response Layer: Last layer that handles dangers and of the
protection layers. Consists of plans and protocols to minimize damages
to the equipment and save the workers by evacuation procedures and
so on.
As mentioned earlier, SIS is considered to be the third layer of the
protection layers. It has three main components: sensor, logical devise and
controlled element. As explained earlier, the components of the SIS are
completely distinct from the control systems equipment. A sensor is a
device that reads and measures different parameters such as pressure, flow,
temperature and etc. A sensor can act either as a switching device or a
transmitter connected to a transducer. After the data is measured by the
sensor, it is collected by the logical device. The device is programmed to
carry out a set of procedures such as open a valve if the flow reading is low.
The device should be able to distinguish major faults and minor ones before
acting accordingly. Finally, the control element is the actuating device that
acts upon the command of the logical device. Control valves and circuit
breakers are examples of control elements.
Each process in the industrial operation has different protocols and safety
standards, where they determine the safety level by conducting a risk
tolerance analysis. In order to quantify this risk, Safety Integrity Level (SIL) is
used to convert this risk analysis into a number and therefore assess the
performance of each system. Most of the standards categorize the SIL into 4
levels as table 1 shows. Required safety Availability (RSA) is the percentage
of how often the SIS functions properly while the Probability of Failure on
Demand (PFD) is the percentage of how often the SIS fails.
Table 1. Four levels of SIL according to IEC standards

SIL

Required

1
2
3

Availability (RSA)
90 99 %
99 99.9 %
99.9 99.99 %

Safety Probability

of

Failure

on

Demand (PFD)
10 1 %
1 0.1 %
0.1 0.01 %
2

99.99 99.999 %

0.01 0.001 %

So in order to evaluate the SIL of any system three steps have to

followed:
1. Identification of threats and hazards.
2. Evaluation and assessment of each hazard separately.
3. Identification of other protection layers measures.

Hence, after the assessment of each hazard is completed, a level factor is

assigned to each hazard as tables 2 and 3 show.
Table 2. Frequency of occurrences

Risk Level
1
2
3
4
5

Description
Improbable
Remote
Occasional
Probable
Frequent

Frequency
Once in 10,000 years
Once in 1,000 years
Once in 100 years
Once in 10 years
Once a year

Table 3. Severity of accident

Risk Level
1
2
3
4
5

Description
Negligible
Minor
Serious
Severe
Catastrophic

Severity
No injury
Medical treatment
Disability
Death
Multiple deaths

By the levels determined in the above tables, the risk factor is determined by
multiplying the risk level from both tables. Accordingly, SIL is assigned as per
the result of the multiplication. As stated previously, each hazard and every
safety procedure has to conduct this analysis to select the suitable SIL for
the SIS and then design the system considering the PFD percentage.

Since the possibility that the SIS fails is there, there are several ways in
which it can. The first is when the operation is terminated before the
existence of a threat. But such failure is costly in terms of time and operation
costs. The second would be more harmful and devastating as the process
continues with high risk of threats to occur. Such failure blinds the SIS from
responding which could be fatal. The percentage PFD showed in table 1 is to
the total percentage failure of all the components of the SIS. Each element is
evaluated separately by analyzing data on failure rates. As the PFD
increases, the Test Interval rises; which is the time between maintaining and
testing each device. Tests should be done more frequently to maintain an
acceptable PFD percentage as the SIL is higher of a system.

Item B: Questions to Answer

Q1) Explain what Safety Integrity Levels (SIL) are.
A1) In order to assess and evaluate the safety measurements for the SIS, a
risk tolerance analysis has to be conducted. This risk is quantified and known
as SIL. As mentioned in the article above, they consist of four different levels.
Q2) Explain why SIS uses different from other process control systems (DCS
and PLC) instruments.
A2) SIS has completely distinct elements than that of the process control
systems. In addition, some measures have to be taken for each element in
the SIS, as well as the probability of failure of SIS is different than the risk
due to process failure.
Q3) If reliability of a valve (probability of non-failure within a specified period of time) is 0.9,
what is reliability of (a) parallel connection of 2 identical valves; (b) series connection of 2
valves; (c) parallel/series connection of 4 valves?

A3) (a) 1[ ( 10.9 ) ( 10.9 )]=0.98

(b) 0.9 0.9=0.81
(c) 0.98 0.81=0.7938