Post on 19-Apr-2018
Lloyd’s Register Energy Conference Safety-driven performance 2012
Understanding Safety Integrity Levels (SILs)
Trygve Leinum, Department Manager
Anne Østdahl, Principal Consultant
Scandpower Risk Management
October 18, 2012
Short introduction to terminology
“ Safety Integrity Level (SIL)
“ Safety Instrumented Function
“ SIL Measure: Probability of Failure on Demand (PFD)
Demand :
When the safety function is needed !
“ Process upsets / deviations beyond
limits for normal operation
conditions.
“ External hazardous events
Safety Integrity Levels Definition from IEC 61508 (simplified)
“ IEC 61508 Defines 4 SIL levels for a Safety Function
“ The SIL levels, SIL1, SIL2, SIL3 and SIL4 correspond to a
range of safety integrity values (i.e. probabilities), where SIL4 is the strictest level.
SIL 1
SIL 2
SIL 3
SIL 4
Probability of failure on demand
< 1 / 10 000
< 1 / 1000
< 1 / 100
< 1 / 10
Safety Instrumented Function (IEC 61511)
Safety function which can be either a safety instrumented protection function or a safety
instrumented control function.
SDV
PSHPSD
(PLC)SDV
PSD
(PLC)
PSH
SIL Requirement
Understanding Safety Integrity Levels (SILs)
“ What?
“ How?
“ Why?
An ambitious title for a 45 minutes speech,
so this 45 minutes are limited to the authors’ subjective opinion of
Why SIL?
The point of view is based on experiences from working within the risk and reliability field on the
Norwegian Continental Shelf.
Understanding SIL?
The Piper Alpha disaster led to a new regime
for application of quantitative risk analyses
(QRAs) on offshore installation.
The QRAs brought valuable knowledge.
Especially to conceptual layouts mitigating
consequences of fire and explosions.
After the Piper Alpha Disaster - 1988
Design in accordance with engineering standards
“ Before the early 90‘s, the use of API RP 14 ruled the ground for design of Safety Systems for offshore
production platforms.
API RP 14 C
Did the QRAs at that time (early 90’s) reflect the
reliability of specific process safety and emergency shut
down systems? “ What is the effect of our triple barrier X-mas trees?
“ Have you given credit to our sophisticated built in self test function?
“ What about our
“ Distributed Supervisory, Control and Safety Systems?
“ High Reliability Central Processing Units?
“ High Integrity Pressure Protection System…etc.. etc.. ?
‚Need to know‛ questions from enthusiastic system engineers were limitless !
And the correct answer to these questions was
All safety systems are assumed to be design in accordance with good engineering
practices and relevant standards.
Integration of QRAs and Reliability Studies
“ Still early 90’s: A new era for reliability analyses and comprehensive verification studies
“ Reliability of safety function, defined as:
“ The ‚ability to perform the required safety function‛, and the complementary event
‚loss of safety function‛
“ Quantitative measure: Probability of Failure on Demand - PFD
“ The general approach justification by comparing:
“ reliability figures for the new design A, are equal or better than figures for existing
‚accepted‛ design B.
Introduction of Safety Integrity Levels - SILs
“ A typical and simple example from reliability calculations:
“ The probability of failure in shutting of well-stream on a 40-well platform is approximately 10
time as high as for a 4-well platform.
“ Not a big surprise, but anyhow not sufficiently covered in API-RP 14 C.
“ API-RP 14 C was considered to origin from an environment with rather small installations compared
to the biggest installations in the North Sea.
“ There was an industry-pull for reliability requirement as a supplement to the engineering standard
“ The understanding of - WHY SIL ? - took root
Today, two decades later, the excellent
standard API RP 14 C is still a basic engineering
norm, but supplemented by the functional
safety standards:
- IEC 61508 Generic standard
- IEC 61511 For process industry
Defining 4 safety integrity levels for
Instrumented Functions
Safety Integrity Standards
SIL 1
SIL 2
SIL 3
SIL 4
Probability of failure on demand
< 1 / 10 000
< 1 / 1000
< 1 / 100
< 1 / 10
Example - Xmas tree valves upon PAHH on separator
SDV
PSHPSD
(PLC)SDV
PSD
(PLC)
PSH
SIL Requirement
Can SIL 2 be achieved for PAHH by closing Wing and Master on 17 Xmas trees?
I.e. replacing the SDV with 17 x WV and MV.
SIL 2 requirement: PFDavg < 1 x 10-2
With 50 % of PFD allocated to final
element:
PFDavg < 5 x 10-3
Pitfalls in SIL assessment
“ Reliability data
“ Reliability data from manufacturers are often much better than operational
experiences.
“ This is partly compensated for by ‚proven in use‛ requirements
“ Guidelines provides generic data collected from existing installation
“ Some model uncertainties
“ Selection of common cause failure fractions
“ Complex architecture…..
Manipulation of figures and results will always be possible !
Capitalization from the SIL approach
“ A quantitative scientific approach - i.e. not opinion based
“ Gives engineers the chance of optimizing, i.e. more safety for the money
“ balancing production uptime and safety performance
“ (or same safety for less money )
“ Final and self-convinced statement:
The approach stimulates to innovation, which on a long term is a competitive advantage
for those who ‚have joined‛ !
Lloyd’s Register Energy Conference
Safety-driven performance 2012
Any questions?
The Group at a glance
“ 278 offices delivering services in 228 countries
“ Some 7,500 employees of 90 nationalities
“ 101 companies
“ Celebrating our 250 year anniversary this year
“ Four business divisions:
“ Marine
“ Transportation (rail sector)
“ Energy (ModuSpec, Scandpower)
“ Management Systems (LRQA)
“ Anticipated annual turnover $1.0bn
Lloyd’s Register Energy Conference
Safety-driven performance 2012
For more information, please contact:
Trygve Leinum
Department Manager / Principal Engineer
Scandpower AS, Norway
T +47 90 79 73 74
E tle@scandpower.com
W www.scandpower.com
w www.lr.org