eBook - ePub
Safety Integrity Level Selection: Systematic Methods Including Layer of Protection Analysis
This is a test
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Safety Integrity Level Selection: Systematic Methods Including Layer of Protection Analysis
Book details
Book preview
Table of contents
Citations
About This Book
This book describes a systematic method for selecting safety integrity levels (SILs) for safety instrumented systems (SISs). The method emphasizes accounting for existing layers of protection, and it ensures that the maximum return on risk reduction investments is achieved. This reference demonstrates the application of quantitative risk analysis techniques and tools to the problem of safety integrity level selection. Essential theory is distilled into a format that the average control systems engineer can quickly apply. This is not a generic theoretical dissertation, nor a comprehensive treatment of the topic of quantitative risk analysis. It is a focused process for applying simple, yet powerful, tools of quantitative risk analysis specifically to the problem of selecting safety integrity levels for safety instrumented systems. Congratulations to Ed Marszal and Eric Scharpf for receiving the Thomas G. Fisher Award of Excellence for a Standards-Based Book Publication for their book Safety Integrity Level Selection: Systematic Methods Including Layer of Protection Analysis!
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Safety Integrity Level Selection: Systematic Methods Including Layer of Protection Analysis by Edward Marzal, Eric Scharpf in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Mechanical Engineering. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
Selecting Safety Integrity Levels: Introduction
The purpose of a safety instrumented system (SIS) is to reduce the risk that a process may become hazardous to a tolerable level. The SIS does this by decreasing the frequency of unwanted accidents. The amount of risk reduction that an SIS can provide is represented by its safety integrity level (SIL), which is defined as a range of probability of failure on demand. An SIS senses hazardous conditions and then takes action to move the process to a safe state, preventing an unwanted accident from occurring. The method organizations use to select SILs should be based on their risk of accident, an evaluation of the potential consequences and likelihoods of an accident, and an evaluation of the effectiveness of all relevant process safeguards. Implementing an SIS, and therefore selecting an SIL, should involve considering relevant laws, regulations, and national and international standards. In the United States, the āProcess Safety Managementā (PSM) section of the OSHA standard OSHA 29 CFR Part 1910.119 requires organizations to provide assurance of the mechanical integrity of all their emergency shutdown systems and safety critical controls. The āSeveso Directiveā (96/82/EC) promulgates similar requirements in the European Union. In the United States, ISAāThe Instrumentation, Systems, and Automation Society promulgated industry standard ANSI/ISA-84.01-1996 to promote compliance with the PSM regulation. The International Electrotechnical Commission (IEC) created a similar document, IEC 61508, which is an umbrella standard that covers numerous industries. IEC standard 61511 is the process-sector specific standard that falls under the IEC 61508 umbrella. This standard, when ratified, will be reviewed by ISA SP84 and accepted as a replacement for ANSI/ISA-84.01, possibly with some modification. The IEC standard 61511 will have a global scope.
ANSI/ISA-84.01-1996 and IEC 61508/61511 use the concept of the safety life cycle as a tool for managing the application of safety instrumented systems. As an integral part of the safety life cycle, the selection of an SIL forms the foundation of a management system that can assure safe processes. International standards for SIS design, such as ANSI/ISA-84.01-1996 and IEC 61508 and 61511, require that an SIL be selected. These standards are the basis of organizationsā efforts to comply with the local and national laws and regulations that govern processes that contain significant risks. Many āauthorities having jurisdiction,ā who are responsible for enforcing these laws and regulations, tend to view complying with such international standards as equivalent to complying with āgood and generally recognized engineering practicesā clauses.
1.1Safety Integrity Level
Safety integrity levels (SILs) are categories based on the probability of failure on demand (PFD) for a particular safety instrumented function (SIF). The categories of PFD range from one to three, as defined by ANSI/ISA- 84.01-1996, or one to four as defined by IEC 61508 and 61511. Table 1.1 shows the PFD ranges and associated risk reduction factor (RRF) ranges that correspond to each SIL.
Table 1.1Safety Integrity Levels and Corresponding PFD and RRF
The SIL is the key design parameter specifying the amount of risk reduction that the safety equipment is required to achieve for a particular function in question. If an SIL is not selected, the equipment cannot be properly designed because only the action is specified, not the integrity. To properly design a piece of equipment, two types of specifications are required: a specification of what the equipment does and a specification of how well the equipment performs that function. The safety integrity level addresses this second specification by indicating the minimum probability that the equipment will successfully do what it is designed to do when it is called upon to do it.
In comparing safety equipment design to the more traditional design of a control system, one could say that specifying the action of a safety instrumented function and not specifying the SIL is like specifying a control valve without specifying the flow rate (or Cv) of the valve. Although you could pick a valve without knowing the flow rate (perhaps by simply choosing the same size as the piping and selecting equal percentage trim), your selection would not be optimal. You would have no guarantee that the valve would be able to pass the proper flow rate, and you would almost be guaranteed to have selected a valve that is oversized, and thus overpriced. You could improve performance and lower capital expenditures by investing the effort required to select a piece of equipment that not only performs the proper function, but also has the required performance characteristics.
Selecting safety integrity level involves giving a numerical target upon which subsequent steps in the safety life cycle are based. Thus SIL selection offers an important guide when you are selecting equipment and making maintenance decisions. The SIL is documented along with the SIS operational requirements and logic as part of the safety requirements specification. This specification provides the foundation for all of the safety life cycle activities an organization later conducts.
1.2Safety Instrumented Functions
In this book, we will adopt the terminology of IEC 61511, wherein a safety instrumented function (SIF) is an action a safety instrumented system takes to bring the process or the equipment under control to a safe state. This function is a single set of actions that protects against a single specific hazard. A safety instrumented system (SIS), on the other hand, is a collection of sensors, logic solvers, and actuators that executes one or more safety instrumented functions that are implemented for a common purpose, such as a group of functions protecting the same process or implemented on the same project. Note that the term SIF often refers to the equipment that carries out the single set of actions in response to the single hazard, as well as to the particular set of actions itself. Here are some examples:
ā¢SIF 1: High reactor temperature closes the two reactor feed valves.
ā¢SIF 2: High column pressure or high column temperature closes a valve in the steam to the reboiler.
ā¢SIF 3: High column pressure closes the two reactor feed valves.
The logic for all safety functions is performed in a safety PLC. This PLC would then combine with all of the equipment associated with each SIF to constitute the SIS.
Figure 1.1Safety Instrumented Functions versus Safety Instrumented Systems
You may implement one or more SIFs in a SIS, as shown in figure 1.1. ANSI/ISA-84.01-1996 uses the terms SIF and SIS in a somewhat interchangeable and confusing way. IEC 61511 makes the distinction between SIF and SIS very clear. As figure 1.1 shows, a safety function can include multiple inputs and outputs. SIF 1 is executed with two outputs, that is, the two reactor feed valves, and SIF 2 has two inputs, that is, the high pressure and high temperature measurements. It is also important to note that a multiple SIF system can include common equipment. For instance, in figure 1.1, both SIFs use the same logic solver. In instances where common equipment is used in multiple SIFs, the common equipment item should be designed to meet the SIL of the SIF that has the highest requirements.
Throughout this book, we use the word selection to describe the overall process of choosing an SIL and assignment to define the final stage of the process, in which the SIL is assigned based on the results of the analysis that led to the selection.
1.3SIL Selection and Risk
The reason an organization should use a systematic methodology, which includes layer of protection analysis, to select safety integrity level is to make the choice that best reduces risk. A good decision during this phase of the safety life cycle will ensure that the safety system specified will be cost-effective while still providing appropriate loss prevention. To make the best decision about safety integrity level, an SIS designer needs to completely understand not only the potential likelihood of an unwanted event, but also the possible consequences of that event. Viewing either of these two facets of the risk equation in isolation will yield poor results. Once the risk is known, one must determine how to reduce that risk to...
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Dedication
- Contents
- Preface
- Chapter 1: Selecting Safety Integrity Levels: Introduction
- Chapter 2: Safety Life Cycle Context for SIL Selection
- Chapter 3: Tolerable Risk
- Chapter 4: Identifying Safety Instrumented Functions
- Chapter 5: Rules of Probability
- Chapter 6: Consequence Analysis Overview
- Chapter 7: Likelihood Analysis Overview
- Chapter 8: Event Tree Analysis
- Chapter 9: Layer of Protection Analysis
- Chapter 10: SIL Assignment
- Appendix A: Derivation of Equations
- Appendix B: Acronyms
- Appendix C: Glossary
- Appendix D Problem Solutions
- Index