goble safety expo06
DESCRIPTION
Goble Safety Expo06TRANSCRIPT
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Automation Connections ISA EXPO
2006
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Control System Safety and Reliability Evaluation
William M Gobleexida
Key Points
• Safety and Reliability Evaluation is done to show how to improve, how to save money.– Eliminate weak links– Identify maintenance priorities
• New ISA S84.00.01-2004 (IEC 61511 Mod.) requires probabilistic evaluation– Regulatory compliance– Optimal safety system design
• Safety and reliability evaluation has become practical– Data sources are available– Tools are available
• IEC 61508 Certification provides reliability and safety via design integrity
Why do safety and reliability evaluation?
System Reliability?
“The 9000 series is the most reliable computer ever made. No 9000 computer has ever made a mistake or distorted information. We are all by any practical definition of the words, foolproof and incapable of error.”
Key Issues
• Failure rates - HIGH STRENGTH• Failure Modes• Diagnostic coverage - online test capability• Diagnostic coverage – manual proof tests• Common cause strength• Software reliability
Activities
• Get failure rate and failure mode data• Build a model for alternative designs
– Markov model?– Fault Tree?– Reliabiity Block Diagram?
• Compare results based on objectives– Life cycle cost?– Minimum capital expense?– Risk reduction?
Reliability/Safety Evaluation Process
Failure Rates for each failure mode
Component Probabilities of Failure for each Failure Mode
Repair Times
Manual Proof Test Interval
Manual Proof Test Effectiveness
Other…
System Probabilities of Failure for each Failure Mode
RT
TI
CPT
PFDavg
MTTFS
PFS
PFDavg
MTTFS
PFS
SIL
Benefits of Reliability Analysis
• Higher uptime• Lower risks• Better product quality• Lower life cycle costs• Understanding system operation during failure conditions• Making the right choices• Meeting requirements of ISA 84.00.01-2004
Modify?
Select SIS TechnologySelect SIS ArchitectureDetermine Test FrequencySIS Detailed DesignSIS InstallationSIS CommissioningSIS Initial Validation
Conceptual Process DesignIdentify Potential RisksConsequence AnalysisLayer of Protection AnalysisDevelop Non-SIS LayersDetermine SIF Target SILDocument Requirements
Yes
StartupOperationMaintenancePeriodic Proof TestsModificationsDecommissioning
No
Analysis Realization Operation
Safety Life Cycle – ISA S84.00.01-2004
Modify?Yes No
How much safety do I need?
How much safety do I have
with my design?
How will I keep it safe?
Drawing by Hal Thomas
10. SIS Installation,Commissioningand Pre-startup Acceptance Test
Safety Requirements Specification -Functional Description of each Safety Instrumented Function, Target SIL, Mitigated Hazards, Process parameters, Logic, Bypass/Maintenance requirements, Response time, etc
7. SIS ConceptualDesign
7a. Select Technology
7b. Select Architecture
Redundancy: 1oo1,1oo2, 2oo3, 1oo2D
7c. Determine Test Philosophy
7d. Reliability, Safety Evaluation
SILs Achieved SIL
Achieved?No
Yes
8. SIS Detailed Design
Failure Data Database
Manufacturer’s Installation Instructions
9. Installation& Commission
Planning
Manufacturer’s Failure Data
Detailed Design Documentation -Loop Diagrams, Wiring Diagrams, Logic Diagrams, Panel Layout, PLC Programming, Installation Requirements, Commissioning Requirements, etc.
Manufacturer’s Safety Manual
Choose sensor, logic solver and final element technology
Drawing copyright 2006, exida.com LLC, Safety Lifecycle Poster, used with permission
Realization Phase - SIF Design Process
PERD – Site Specific Failure Database
AIChE CCPS – Process Equipment Reliability Database Project
• Mission - Operation of an Equipment Reliability Database, Making Available High Quality, Valid, and Useful Data to the HPI and CPI Enabling Analyses to Support Availability, Reliability, and Equipment Design Improvements, Maintenance Strategies, and Life Cycle Cost Determination
#
Failure Rate Data Harvest - PERD
CCPS IndustryDatabase
Company 1Database
Event Data Maintenance Inspections Proof Testing Incidents Etc.
Inventory Data ID Number Tag Number
Plant nData
Plant 2Data
Company nDatabase
Company 2Database
Plant 1Data
Inventory Data
Event Data
Inventory Data
Event Data
Modeling
• Fault Trees
• Reliability Block Diagrams
• Markov Models
• Others
Solenoid subsystem
failure
Solenoid B fails
PF
Solenoid A fails
PF
Common Cause Solenoid
Solenoid subsystem
failure
Solenoid B fails
PF
Solenoid A fails
PF
Common Cause Solenoid
POWER SUPPLY
A
CONTROLLERA
POWER SUPPLY
B
CONTROLLERB
POWER SUPPLY
A
CONTROLLERA
POWER SUPPLY
B
CONTROLLERB
OK0
DegradedDetected
1
DegradedUndetected
2
Fail-Safe
3
Fail-Danger
4
1
3
2
4
5
6
7
1
2
3
Reliability and Safety Modeling Tools
• Casspack, L&M Engineering
• SafeCalc, Honeywell
• exSILentia, exida.com
• SIL Solver, SIS-Tech
• Others
What about Systematic Faults / Software Errors ?
Specification of requirements, design, implementation
Real needs
Correct Design Incorrect Design Systematic Fault
Well Designed System: system is correct Random failure
The system is not correct
The system has a failure
Function required or execution trajectory hits
incorrectness
Systematic Faults
Complex Systems Reliability and Safety- REALITY?
Carter: Mr. Jones, are we ready to release our new software?
Jones: Yes Sir. As requested it is full of bugs which means that people will be forced to upgrade for years.
Carter: Outstanding!
Copyright 1997, Danjaq LLC and United Artists, from the James Bond movie “Tomorrow Never Dies.”
Systematic Fault ProtectionIEC 61508 Full Certification
• Many instrumentation products are now IEC 61508 certified. The certification process requires a full assessment of the design and testing procedures used to create the product.
• The end result of the certification process is a certificate listing the SIL level for which a product is qualified. Higher SIL levels require more stringent procedures and should provide higher reliability and safety.
• Sometimes restrictions are listed in the safety manual and must be followed if safe operation is required.
IEC 61508 Certified Instruments
Free list of certified instrumentation on www.exida.com
Product Type Manufacturers Pressure Transmitter ABB, Rosemount, Yokogawa Temperature Transmitter Rosemount, Yokogawa Flow Transmitter Micro-Motion Level Transmitter Endress+Houser Gas Detector Det-Tronics Flame Detector Det-Tronics Solenoid ASCO, Westlock, RGS Pneumatic Actuator Hy-Tork, El-O-Matic, Bettis Valves Maxon, Mokveld
Reliability and Safety Analysis
Many understand that these methods help us to minimize risk, optimize the design and lower cost.
Remember, things do fail.
Jack Godell, explaining: “A faulty relay in the generator circuit and …a a stuck valve”Copyright 1979, Columbia Pictures, from the movie “The China Syndrome”
Remember – things do fail!
Summary
• Safety and Reliability Evaluation is done to show how to improve, how to save money.– Eliminate weak links
– Identify maintenance priorities
– Optimize designs
• New ISA S84.00.01-2004 (IEC 61511 Mod.) requires probabilistic evaluation– Regulatory compliance
– Optimal safety system design
• Safety and reliability evaluation has become practical– Data sources are available
– Tools are available
• IEC 61508 Certification provides reliability and safety via design integrity
Questions and Discussion
For more information:
ISA best sellers on automation safety and reliability
More Information on Reliability and Safety
Phone: (919) 549-8411 E-mail Address: [email protected]