|
Up
Gas Monitoring
Assigning SIL
| |
Safety
Integrity Level (SIL) is
defined as a relative level of risk-reduction provided by a safety function, or
to specify a target level of risk reduction.
Four SIL levels
are defined, with SIL4 being the most dependable and SIL1 being the least. A SIL
is determined based on a number of quantitative factors in combination with
qualitative factors such as development process and safety life cycle
management. The requirements for a given SIL are not consistent among all of the
functional safety standards.
Introduction to Safety Integrity Levels
|
|
Safety instrumented
systems (SIS) are used to provide safe control functions for processes,
e.g. emergency shutdown (ESD), fire detection and blowdown functions.
SIS typically are composed of sensors, logic solvers and final control
elements. Due to the critical nature of such systems, OSHA recognizes
compliance with the standard ANSI/ISA S84.01 - Application of SIS for
the Process Industries - as a good engineering practice for safety
instrumented systems. This is a consensus standard for the application
of SIS for the process industries, which is based on international
standards from the International Electrotechnical Commission (IEC).
One of the standards is IEC 61508, Functional Safety of
Electrical/Electronic/Programmable Electronic Safety-Related Systems,
Parts 1-7, 1998. It is an umbrella standard applicable to all
industries. IEC is in the process of developing a
process-industry-specific version of IEC 61508 based on ANSI/ISA S84.01
i.e. IEC 61511, Functional SIS for the Process Industry Sector. Part 1
of the standard, IEC 61511-1 (Ed. 1.0) "Framework, definitions, systems,
hardware and software requirements" is now available from IEC. Part 2 of
the standard, IEC 61511-2 (Ed. 1.0) "Guidelines in the application of
Part 1" will be published shortly and Part 3, IEC 61511-3 (Ed. 1.0)
"Guidance for the determination of safety integrity levels" is scheduled
to appear in June 2003.
What is a SIL?
A SIL is a statistical representation of
the reliability of the SIS when a process demand occurs. It is used in
both ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS.
Both ISA and IEC have agreed that there are three categories: SILs 1, 2
and 3. IEC also includes an additional level, SIL 4, that ISA does not.
The higher the SIL is, the more reliable or effective the system is.
SILs are correlated to the probability of failure of demand (PFD), which
is equivalent to the unavailability of a system at the time of a process
demand.
Correlation of SIL and
PFD |
|
SIL |
IEC 61508 |
ANSI S84.01 |
PFD |
Availabilty Required |
1/PFD |
|
4 |
YES |
NO |
10-5 to 10-4 |
> 99.99% |
100,000 to 10,000 |
|
3 |
YES |
YES |
10-4 to 10-3 |
99.90 to 99.99% |
10,000 to 1,000 |
|
2 |
YES |
YES |
10-3 to 10-2 |
99.90 to 99.99% |
1,000 to 100 |
|
1 |
YES |
YES |
10-2 to 10-1 |
99.90 to 99.99% |
100 to 10 |
|
|
What is Target SIL?
ANSI/ISA S84.01 and IEC 61508 require that companies assign a target SIL
for any new or retrofitted SIS. The assignment of the target SIL is a
decision requiring the extension of the Process Hazards Analysis (PHA).
The assignment is based on the amount of risk reduction that is
necessary to mitigate the risk associated with the process to an
acceptable level. All of the SIS design, operation and maintenance
choices must then be verified against the target SIL.
Standards and Regulations relating to
SIL Analysis
ANSI/ISA-SP-84.01, "Application of Safety Instrumented Systems for the
Process Industries," Instrument Society of America Standards and
Practices, 1996.
IEC-61508,"Functional Safety: Safety Related Systems," International
Electrotechnical Commission,Technical Committee (1998).
IEC-61511, "Functional Safety: Safety Instrumented Systems for the
process industry sector", International Electrotechnical Commission,
Technical Committee (Draft).
"Programmable Electronic Systems in Safety Related Applications", Health
and Safety Executive, U.K., 1987.
29 CFR
Part 1910, "Process Safety Management of Highly Hazardous Chemicals;
Explosives and Blasting Agents", Occupational Safety and Health
Administration, 1992.
When should you use SIL?
ANSI S84.04 requires that companies assign a target SIL for all SIS. As
well, after a PHA study, the study team may determine that certain
critical systems require that a SIL be assigned. The assignment of the
target SIL is a decision requiring the extension of the Process Hazards
Analysis (PHA). The assignment is based on the amount of risk reduction
that is necessary to mitigate the risk associated with the process to an
acceptable level. All of the SIS design, operation and maintenance
choices must then be verified against the target SIL. |
Basic Fundamentals of Safety Instrumented Systems SIS
Basic Fundamentals of Safety
Instrumented Systems SIS
The operation of many
industrial processes involve inherent risks due to the presence of dangerous
material like gases and chemicals. Safety Instrumented Systems SIS are
specifically designed to protect personnel, equipment and the environment by
reducing the likelihood (frequency) or the impact severity of an identified
emergency event.
Explosions and fires account for millions of dollars of losses in the chemical
or oil and gas industries each year. Since a great potential for loss exists, it
is common to employ Safety Instrumented Systems SIS to provide safe isolation of
flammable or potentially toxic material in the event of a fire or accidental
release of fluids.
This online training tutorial will explain the basic concepts, definitions and
commonly used terms in Safety Instrumented Systems SIS and provide a basic
understanding of related concepts.
Basics of Safety and
Layers of Protection
Safety is provided by layers
of protection. These layers start with safe and effective process control,
extend to manual and automatic prevention layers, and continue with layers to
mitigate the consequences of an event.
The first layer is the Basic Process Control System BPCS. The control system
itself provides significant safety through proper design of process control.
The next layer of protection is also provided by the control system and the
system operators. Automated shutdown sequences in the process control system
combined with operator intervention to shut down the process are the next layer
of safety.
The third layer is the Safety Instrumented System SIS. It is a safety system
independent of the process control system. It has separate sensors, valves and
logic system. No process control is performed in this system, its only role is
safety.
These layers are designed to prevent a safety related event. If a safety related
event occurs there are additional layers designed to mitigate the impact of the
event.
The fourth layer is an active protection layer. This layer may have valves or
rupture disks designed to provide a relief point that prevents a rupture, large
spill or other uncontrolled release that can cause an explosion or fire.
The fifth layer is a passive protection layer. It may consist of a dike or other
passive barrier that serves to contain a fire or channel the energy of an
explosion in a direction that minimizes the spread of damage.
The final layer is plant and emergency response. If a large safety event occurs
this layer responds in a way that minimizes ongoing damage, injury or loss of
life. It may include evacuation plans, fire fighting, etc.
Overall safety is determined by how these layers work together.
Basics of Safety Instrumented
Systems SIS
Typically, Safety Instrumented
Systems consist of three elements: A Sensor, a Logic Solver and a Final Control
Element
Sensors:
Field sensors are used to collect information necessary to determine if an
emergency situation exists. The purpose of these sensors is to measure process
parameters (e.g. temperature, pressure, flow, etc.) used to determine if the
equipment or process is in a safe state. Sensor types range from simple
pneumatic or electrical switches to Smart transmitters with on-board
diagnostics. These sensors are dedicated to the Safety Instrumented System SIS.
Logic Solver:
The purpose of this component of Safety Instrumented Systems SIS is to determine
what action is to be taken based on the information gathered. Highly reliable
logic solvers are used which provide both fail-safe and fault-tolerant
operation. It is typically a controller that reads signals from the sensors and
executes pre-programmed actions to prevent a hazard by providing output to final
control elements.
Final Control Element:
It implements the action determined by the logic system. This final control
element is typically a pneumatically actuated On-Off valve operated by solenoid
valves.
It is imperative that all three elements of the SIS system function as designed
in order to safely isolate the process plant in the event of an emergency.
Probability of Failure upon
Demand PFD
By
understanding how components of an Safety Instrumented System SIS can fail, it
is possible to calculate a Probability of Failure on Demand PFD. There are two
basic ways for SIS to fail. The first way is commonly called a spurious trip
which usually results in an unplanned but safe process shutdown. While there is
no danger associated with this type of SIS failure, the operational costs can be
very high. The seconf type of failure does not cause a process shutdown or
nuisance trip. Instead, the failure remains undetected, permitting continued
process operation in an unsafe or dangerous manner. If an emergency demand
occurred, the SIS would be unable to respond properly. These failures are known
as covert or hidden failures and contribute to the probability PFD of the system
failing in a dangerous manner on demand.
The PFD for the Safety Instrumented System SIS is the sum of PFD's for each
element of the system. In order to determine the PFD of each element, the
analyst needs documented, historic failure rate data for each element. This
failure rate (dangerous) is used in conjunction with the Test Interval TI term
to calculate the PFD. It is the test interval TI that accounts for the length of
time before a covert fault is discovered through testing. Increases in the test
interval directly impact the PFD value in a linear manner; e.g. if you double
the interval between tests, you will double the Probability of Failure on
Demand, and make it twice as difficult to meet the target Safety Integrity Level
SIL.
The governing standards for Safety Instrumented Systems SIS state that plant
operators must determine and document that equipment is designed, maintained,
inspected, tested and operated in a safe manner. Thus, it is imperative that
these components of Safety Instrumented Systems be tested frequently enough to
reduce the PFD and meet the target SIL.
Magnetrol SIL Explanation |
