iso/tr 12489 – application case: high integrity protection ......petrobras rio, november 2014 1...
TRANSCRIPT
1PETROBRAS Rio, November 2014
Application in TOTAL
Jean-Pierre SIGNORETISO/TR 12489 project leader
Reliability expert, TOTAL
Pierre-Joseph CACHEUXReliability expert, TOTAL
ISO/TR 12489 – Application case: High Integrity Protection System (HIPS)
PETROBRAS Rio, November 201447-
From pencil andpaper to computer !
Emergency safety featuresPressurized water reactorsEmergency safety featuresPressurized water reactors
Gulf of Biscaye drilling platform
Gulf of Biscaye drilling platform
Mediterranean deep sea drilling
Mediterranean deep sea drilling
19801980
Drilling with H2S near PAUDrilling with H2S near PAU
19791979
Survey and analyze of reliability tools
Survey and analyze of reliability tools
SKULD(subsea platform)
SKULD(subsea platform)
19811981
Decision to developthe 1st version ofour software tools
Decision to developthe 1st version ofour software tools
19841984
19821982
Safety instrumented systemsNuclear submarines
Safety instrumented systemsNuclear submarines
19711971
19741974 19811981
Reliabilitystudies
Reliabilitystudies
Toolsimprovement
Toolsimprovement
Pencil, paper &formulae
Pencil, paper &formulae
1stsoftware
tools: ADDMarkov
1stsoftware
tools: ADDMarkov
Grondin north eastGrondin north east
19751975 Safety studiesmust be
conservative
!!!
Safety studiesmust be
conservative
!!!
20142014SécuritéSécuritéProductionProduction
ISO/TR12489ISO/TR12489
Result of40 years of
R&D
Result of40 years of
R&DHIPSHIPS
ADD,BDF
Markov,RdP
ADD,BDF
Markov,RdP
PETROBRAS Rio, November 201448-
Preferred techniques
RBDRBD
FTFT
MarkovMarkov
PNPN
Preferred representation of engineersPreferred representation of engineers
Systemic method generally known by contractorsSystemic method generally known by contractors
Beloved by universitiesBeloved by universities
Used by ELF and TOTAL for 30 yearsUsed by ELF and TOTAL for 30 years
Has allowed to solve all our problems all over 30 y earsHas allowed to solve all our problems all over 30 y ears
Easy jump to flow diagramsEasy jump to flow diagrams
Known by some contractorsKnown by some contractors
FT or RBD drivenMarkov processesFT or RBD drivenMarkov processes
StochasticRBD
StochasticRBD
Petro moduleProductionavailability
Petro moduleProductionavailability
FormulaeFormulae
• Very difficult to establish and understand
• PFD(t) not provided (pb for permanent SIL)
=> Not recommended by TOTAL e&P headquarters
• Very difficult to establish and understand
• PFD(t) not provided (pb for permanent SIL)
=> Not recommended by TOTAL e&P headquarters
SILmodule
SILmodule
SoftwareworkshopSoftwareworkshop
PETROBRAS Rio, November 201449-
Choosing the right technique
Fault
Tree Petri nets
Reliability
Block
Diagram
Markov
graph
Start
No
No
No
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Yes
No
Yes
No No
Dynamic ModelsStatic Models
Constant Transition Rates ?
Repairable Components ?
Can dependencies be neglected or conservative approximation?
Is a simple Series-Parallelmodel usable ?
Method to be used
Number of relevantstates manageable ?
Dependent Components ?
single repair team,Stand-by,
spare parts, ... ?
Exponentiallaws only?
<100 : Handmade <106 : Automatic
TopsideHIPS
TopsideHIPS
SubseaHIPS
SubseaHIPS
Smallcomplexsystems
Smallcomplexsystems
FT drivenMarkov
processes
FT drivenMarkov
processes
Periodicallytested
components
Periodicallytested
components
PETROBRAS Rio, November 201450-
Staggering testsStaggering tests more CCF testsmore CCF tests
Components tested at the same timeComponents tested at the same time
SIL3
SIL3
Design versus operation risks
SIL2
0 2000 4000 6000 8000 10000 12000 14000 16000 18000 20000 22000 24000 26000
5.0e-4
1.0e-3
1.5e-3
T=8760
28.1%71.9%
6300h
0 2000 4000 6000 8000 10000 12000 14000 16000 18000 20000 22000 24000 26000
2.0e-4
4.0e-4
6.0e-4
8.0e-4
1.0e-3T=8760
4.46e-4
6.94e-4
Time spentSIL zonesTime spentSIL zones Maximum
valueMaximum
value
2460h
Permanent SIL3
Permanent SIL3 SIL3SIL3
Designer
point
of view
Designer
point
of view
Worker
point
of view
Worker
point
of view
"PFD avg""PFD avg"
PFD(t)
PFD(t)
"Permanent" SILis safer for operators
"Permanent" SILis safer for operators
PETROBRAS Rio, November 201451-
ISO14224
Background &general philosophy
IEC61511
IEC61508
ISO20815
Maximizing Productionunder safe conditionsMaximizing Productionunder safe conditions
Safety
RAM
ISO/TR12489
SILSIL
IEC60300-1
IEC62551
IEC TC56 / UTE UF56 (FR)
"Dependability"
ChairmanChairman
Standardi-
sation
Compromise
Safety Production
ReferentialReferential
SafetyInstrumented
Systems
SafetyInstrumented
Systems
ProductionAssurancePlan
ProductionAssurancePlan
DataCollection
DataCollection
SafetyRelatedSystems
SafetyRelatedSystems
SafetySystemsSafetySystems
ProjectleaderProjectleader
Dependabilitymanagement
Dependabilitymanagement
PetriNetsPetriNets
Design ofsafety
Design ofsafety
Design of DependabilityDesign of
Dependability
VerificationVerification
Terminology•Methodology •Availability•Maintenance•Human factor•Software•etc.
Terminology•Methodology •Availability•Maintenance•Human factor•Software•etc.
Functional safety
IEC60300-3-1
Guide ondependability
Guide ondependability
IEC61703
Mathematicalformulae
Mathematicalformulae
IEV191
TerminologyTerminology
CompatibilityCompatibility
IEC61025
FaulttreeFaulttree
IEC61078
ProjectleaderProjectleader
RBDRBD
Methods& tools
Methods& tools
≈≈≈≈ 80stds≈≈≈≈ 80stds
ProjectleaderProjectleader
IEC/ISO31010Risk
managementRisk
management
OREDA
PETROBRAS Rio, November 201452-
Reliability data
IEC 61511IEC 61511
IEC 61508IEC 61508
Norequirement aboutdata collection in
1st editions
Norequirement aboutdata collection in
1st editions
15 years lost fordata collection
15 years lost fordata collectionButButProbabilistic
standardsProbabilistic
standards
Insinuation of the ideathat data collection
is not importantor not possible
Insinuation of the ideathat data collection
is not importantor not possible
Data beingbullshit … any
simplisticcalculations are
well enough
Data beingbullshit … any
simplisticcalculations are
well enough
Wrong
reasoning
!!!
Wrong
reasoning
!!!Weak PointWeak Point
It is not legitimate to add
uncertainty to uncertainty byusing rough simplistic calculations
It is not legitimate to add
uncertainty to uncertainty byusing rough simplistic calculations
Don't count too much on data from others
Don't count too much on data from others
Progress to be done to collect
own field feedback
Progress to be done to collect
own field feedback
OREDA :
Offshore Reliability Data BankOREDA :
Offshore Reliability Data Bank
Preferreddata set
Preferreddata set
30 yearsof data
collection
30 yearsof data
collection
Valid forE&P
studies
Valid forE&P
studies Input for accurate or conservative resultsInput for accurate or conservative results
Comparisons/ sensibility studies
Comparisons/ sensibility studies
usefulness of accurate
calculation tools
usefulness of accurate
calculation tools
SideeffectSideeffect
ISO14224
Conserva-
tiveness
Conserva-
tiveness
53 - PETROBRAS Rio, November 2014TC67/ WG4
Formulae
Taylor'sexpansionTaylor's
expansion
FTRBD
State Transition models(finite state automata)
Probabilistic models overviewProbabilistic models overview
Analyticalmethods
Analyticalmethods
Monte Carlosimulation
Monte Carlosimulation
Generictools
Generictools
SpecificformulaeSpecificformulae
Behavioralmodels
Behavioralmodels
50 years of
experience
50 years of
experience
Markovianapproach
Markovianapproach
BooleanapproachBoolean
approach
Graphicalrepresentations
Graphicalrepresentations
PowerfulalgorithmsPowerful
algorithms
Soundmathematics
Soundmathematics
ApproximationsApproximations
UnderlyinghypothesisUnderlyinghypothesis
Lack offlexibilityLack of
flexibility
Progress directionProgress direction SystemicApproaches
SystemicApproaches
SimplifiedapproachesSimplified
approaches
SafetysystemsSafety
systemsRAM
& safetysystems
Conservatism?
Conservatism?
A single framework
for safety & dependability
A single framework
for safety & dependability
Goodunderstanding
of models
Goodunderstanding
of models
54 - PETROBRAS Rio, November 2014TC67/ WG4
DetailedsolutionsDetailedsolutions
Conclusions
ISO/TR12489
ISO/TR12489
In line with IEC 61508-6In line with IEC 61508-6
Identification of difficultiesIdentification of difficulties
Consolidationsimplified
approaches
Consolidationsimplified
approachesDangerous
failuresDangerous
failures
Spurious failures
Spurious failures
Raising ofwarnings
Raising ofwarnings
Should be usedas a reference
for SIL calculation
Should be usedas a reference
for SIL calculation
Should be used as areference for developingSIL software packages
Should be used as areference for developingSIL software packages
Should be usedby anybody involved inprobabilistic calculation
of safety systems
Should be usedby anybody involved inprobabilistic calculation
of safety systems
Systemic approachesdescribed in ISO/TR 12489
are used dailyin TOTAL
Systemic approachesdescribed in ISO/TR 12489
are used dailyin TOTAL
RAMstudiesRAM
studiesSafetystudiesSafetystudies
HIPSHIPS
They are very effective
They are very effective
They are very easy to handleThey are very easy to handle
Providedrelevant tools
are used
Providedrelevant tools
are used
Provided agood
knowledgeof models
Provided agood
knowledgeof models
Provideaccuratemodels &
results
Provideaccuratemodels &
resultsFeasibility
is doneFeasibility
is done
Commonsafety
systems
Commonsafety
systems
Detailedexplanations
Detailedexplanations
Demystification of systemic approaches
Demystification of systemic approaches
55 - PETROBRAS Rio, November 2014TC67/ WG4
That's allFolks...
That's allFolks...
Anyquestions
?...
Anyquestions
?...
PETROBRAS Rio, November 201456-
SIL Bridge ! PFDavg is not reallya good indicator for worker in operation
PFDavg is not reallya good indicator for worker in operation
PETROBRAS Rio, November 201457-
• Spare Slides
PETROBRAS Rio, November 201458-
Technologicalwatch
Technologicalwatch
Safety, Reliability and Integrity department (E&P b ranch)
You want the
result next
week, really?!!
You want the
result next
week, really?!!
Reliabilityteam
RAMstudiesRAM
studies
SafetystudiesSafetystudies
ConsultingConsulting
R&DstudiesR&D
studies
Methods & tools
Methods & tools
Study coordination
Study coordination
Interface with contractors
Interface with contractors
TrainingTraining
Reliabilitydata
Reliabilitydata
HotlineHotline
Joint ventureJoint venture
PublicationsDisseminationPublications
Dissemination
StandardizationStandardization
Anticipate future needsAnticipate
future needs
MaintainknowledgeMaintain
knowledge
Satisfactionof project needs
Data collectionData collection
IEC 61508/511ISO/TR 12489
IEC 61508/511ISO/TR 12489
Dependability(IEC TC56)
Dependability(IEC TC56)
Adaptationto functional
safety
Adaptationto functional
safety
OREDAOREDA
Preferreddata set
Preferreddata set
Contractors"encouraged" to
use our tools
Contractors"encouraged" to
use our tools
PETROBRAS Rio, November 201459-
Examples of HIPS studies
• AKPO anti surge
•OFON2
• OML 58
• BUFALO
• PECIKO
• BULISAA
• KAOMBO
• etc
• AKPO anti surge
•OFON2
• OML 58
• BUFALO
• PECIKO
• BULISAA
• KAOMBO
• etc
• ABK
• AL KHALIJ
• L4G
• OFON 2
• OML 100 WH
• MOHO BILONDO
• SP 11
• TP1 by pass
• AL JURF
• GIRASSOL
• etc.
• ABK
• AL KHALIJ
• L4G
• OFON 2
• OML 100 WH
• MOHO BILONDO
• SP 11
• TP1 by pass
• AL JURF
• GIRASSOL
• etc.
Studies managed by
Headquarters
Studies managed by
HeadquartersAtypicalstudiesAtypicalstudies
KO-DrumoverflowKO-Drumoverflow
• AKPO
• DALIA
• FORVIE
• HILD
• JAFRA
• ROSA-LIRIO
• KHARIR
• TIGF
• SHAH DENIZ
• etc.
• AKPO
• DALIA
• FORVIE
• HILD
• JAFRA
• ROSA-LIRIO
• KHARIR
• TIGF
• SHAH DENIZ
• etc.
Expertise& advicesExpertise& advices
Studies managed by
Headquarters
Studies managed by
Headquarters
Classicalstudies
Classicalstudies
Most of theseHIPSare
HIPPS
Most of theseHIPSare
HIPPS
PETROBRAS Rio, November 201460-
Examples of RAM studies
• KASHAGAN
• MOHO BILONDO
• QATAGAS
• DOLPHIN
• FLNG
• ICHTHYS
• JOSLYN
• LAGGAN
• TORMORE
• YAMAL LNG
• etc.
• KASHAGAN
• MOHO BILONDO
• QATAGAS
• DOLPHIN
• FLNG
• ICHTHYS
• JOSLYN
• LAGGAN
• TORMORE
• YAMAL LNG
• etc.
• ABK
• AHNET
• ANGUILLE
• BUL HANINE
• DALIA
• KAOMBO
• KHARYAGA
• MARTIN LINGE
• MLJ
• MOHO
• MTPS
• PNGF
• South SULIGE
• TEMPA ROSSA
• VEGA PLEYADE
• ABK
• AHNET
• ANGUILLE
• BUL HANINE
• DALIA
• KAOMBO
• KHARYAGA
• MARTIN LINGE
• MLJ
• MOHO
• MTPS
• PNGF
• South SULIGE
• TEMPA ROSSA
• VEGA PLEYADE
• ADC
• AL JURF
• CLOV
• EGINA
• K5
• KCTS
• NKARIKA
• NKOSSA
• OML 100
• OML 58
• PAZFLOR
• PECIKO
• TIGF
• USAN
• YLNG
• PECIKO
• ADC
• AL JURF
• CLOV
• EGINA
• K5
• KCTS
• NKARIKA
• NKOSSA
• OML 100
• OML 58
• PAZFLOR
• PECIKO
• TIGF
• USAN
• YLNG
• PECIKO
Managed byHeadquartersManaged byHeadquarters Expertise
& advicesExpertise& advices
Managed byHeadquartersManaged byHeadquarters
PETROBRAS Rio, November 201461-
A systems analysis software for determiningthe key indicators of dependability:
Reliability – Availability – Frequency – Performance – Safety.
A systems analysis software for determiningthe key indicators of dependability:
Reliability – Availability – Frequency – Performance – Safety.
http://grif-workshop.fr/
Fault tree
Fault tree
MarkovMarkov
Petri netsPetri nets
RBDRBDPetroPetro
SILSIL
PFDavgPFDavg PFHPFH
Generaltechniques
Generaltechniques
SpecificmodulesSpecificmodules
Spuriousfailures
Spuriousfailures
PETROBRAS Rio, November 201462-
Enables to choose the most suitable modelling technique.
Includes pre-configured architectures, making modelling all the easier.
GRIF software packages Three
Packages
Three
Packages
Boolean packageBoolean package
Simulation packageSimulation package
Markovian packageMarkovian package
PETROBRAS Rio, November 201463-
Fault Trees
Reliability Block Diagrams
ALBIZIA
Events Tree
SIL
Boolean package
Developedfor the refining
branch
Developedfor the refining
branch
Calculationengine
Calculationengine
Forthose who
don't want touse faulttrees !!!
Forthose who
don't want touse faulttrees !!!
Allowing using asystemic approachinstead of formulae
Allowing using asystemic approachinstead of formulae