Best Safety Practices for Critical Applications
-
Upload
rockwell-automation -
Category
Business
-
view
1.293 -
download
6
Transcript of Best Safety Practices for Critical Applications
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Best Safety Practices for Critical Applications
CFSE&PHA LeaderCarlos R. Jacobo Vargas
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Carlos Jacobo, CFSE, PHA Leader
Carlos is the Senior Safety Leader of the HSE (Health and Safety Environment) department at the Mexican Institute of Petroleum (IMP) of México. Carlos joined the IMP in 1994 and currently leads PHA (Process Hazard Analysis) and implements SIL Selection and Verification for Oil & Gas Process Plants at different subsidiaries within Pemex. Carlos is the President of the ISA México. He holds a Chemical Engineer degree by the University of México and is a Certified Functional Safety Expert (CFSE) and Certified Process Hazard Analysis Leader.
Speaker
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Mexican Institute of Petroleum
• Created in 1965, The Mexican Institute of Petroleum(IMP),was built to develop technology for critical processes in the Petroleum Industry
• Scientific researching and human technological development to serve the National Petroleum Industry
• Dedicated to technological development through the commercialization of products and services, as a result of the preparation of highly specialized human resources.
Mission: “Transform knowledge in innovative industrial applications for strategic priorities in the Oil & Gas Industry”
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
The Safety Instrumented Systems
• An automatic response for the process under certain condition to carry out to a safe state.
– It integrate, sensors + logic solver + final elements
EtherNet/IP
BPCSESD
Pressure: 18 Kg/cm2
SIS Function
Pressure: 10 Kg/cm2
Process Function
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
The Safety Instrumented System
• Safety Instrumented Function (SIF), or “safety loop” proceeded by the Safety Instrumented System
• Requirements of functionality and integrity– What is the safety function for?– What is the reliability required (integrity) - SIL
• Integrity– Referred as SIL, RRF or PFDavg
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• Design is based on completion of standards, using mainly Electronic Programmable Technology
• The solutions that have been developed are designed with certified instrumentation for safety applications
• The design cycle is developed through risk analysis and detailed engineering
Design Criteria
• The phase of verification of the SIL determined that the Safety Instrumented Functions (SIF) or loops that form the SIS, not only depends on the estimation of the PFDavg, but also SIL capability and architectural constraints
EQUIPMENT DESIGN
DIAGNOSTICS
Select the minor ofSILCAP, SILAC, SILPDFavg
SIL by PFDavg CALCULATION (SIL PFDavg)
SAFE FAILURE FRACTION (SFF)FAILURE MODES
FREQUENCY OF TESTING PROOF
FAILURE RATES
CONCEPTUAL DESIGN
SILACHIEVED
SIL CAPABILITY(SIL CAP)
SIL ACHIEVED by ARQUITECTURAL
CONSTRAINS (SIL AC)
HARDWARE FAULT TOLERANCE
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• IEC.61511, 11.2.8 manual means independent of the logic solver, shall be provided to actuate the SIS final elements unless otherwise directed by the safety requirement specification
• All emergency shutdown valves are instrumented with field operating buttons, which is a requirement of NRF-204-PEMEX-2008
• On the other hand, only piston type pneumatic actuators are utilized for high torque with spring return that closes when air is missing
• A pneumatic back up cylinder for three “open-close” cycles is also installed, in order to avoid false trips
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• Standard 10.3.1. indicates: definition of the requirement for any safety instrumented function necessary to survive a major accident event
• For that purpose the protection with fireproofing material is specified for the actuator and components of the valve for 30 minutes of operation. According to the UL 1709 or similar such protection must meet a working condition of at least 1050°C
Definition of the requirement for any safety instrumented function necessary to survive a major accident event
Design Criteria
• In general, the usage of “transmitters” (PIT) is preferred instead of switches (PSH), due to access to diagnostics
• According to our design vision, in the case with a SIL 2 application requirement, a second sensor is added and the principle of using n+1 architecture is considered. With this, a maintenance outline is provided when it does not leave the process at «risk» when a sensor is in maintenance.
• With the redundant outline for sensors, we obtain high levels of performance, even in the cases of maintenance. For example, if a SIF is designed with a 2oo3 configuration for sensors, it is warned that in case of maintenance of a sensor, the original configuration most be reconfigured to a 1oo2 configuration in order to maintain the SIL objective.
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• The Logic Processor is a part of the SIS that handles one or more logic functions.
• Although it is the component with less contribution to the PFDavg of the SIF, it may become the weakest point of the SIS in the following cases:– When the available space is critical
(Offshore platforms)– When due to process requirements,
the SIS must grow in the number of SIF with a higher SIL than the maximum assigned before the SIS “upgrade” .
– When a PLC-SIS is required, with low PFDavg and a low rate of nuisance trips.
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• 11.4.1 IEC-61511
• For safety instrumented functions, the sensor, logic solvers and final elements shall have a minimum hardware fault tolerance.– Hardware fault tolerance is the ability of a component or subsystem to be able to
undertake the required safety instrumented function in the presence of one or more dangerous faults in hardware….
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Design Criteria
• From IEC-51508-1 2010• 7.2.2.2 ….. if any subsystem of an E/E/PE safety related system with a
hardware fault tolerance of zero is taken off-line for testing, the continuing safety of the EUC shall be maintained by additional measures and constrains……[that Measures] shall be at least equal to the safety integrity provided by E/E/PE safety related system
• 7.4.4 Hardware safety integrity architectural constrains– Route 1H based on hardware fault tolerance and safe failure fraction concept; or,– Route 2H based on component reliability data from feedback from end users,
increased confidence levels and hardware fault tolerance for specified safety integrity levels.
• We prefer the use of route 1H for this requirement, and the selection PLC´s with at least one fault tolerance in hardware
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Challenges in Functional Safety
• Select only certified equipment for safety application• Low values of Probability of Failures on Demand• Good performance for low Spurious Trip Rate
– Typically the design consider MTTFsp bout 15-25 years• No use a single logic solver• Low power consumption• Small space for logic solver• Use the appropriate PLCs according to the quantity of inputs• Speed response of about 300ms• Analog output
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Issues and Solutions
• Low STR– In some applications the requirement for MTFFsp, are as large as 25 years, the
safety PLC was the problem and AADvance was the solution in a 1oo2D architecture
• Low power consumption– For an existent offshore platform the power source available was very limited, and
we needed a safety controller with very low requirements for power, we evaluated many options and found a AADvance met this requirement
• High density for signal process– In an Alkylation Plant and FCC the quantity of safety sensors as final elements were
very large, and the requirement were for SIL up to SIL-3, we selected Trusted
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Issues and Solutions
• Small requirements of I/O– In a small application distribution terminal, the quantity for signals was
very small - about 7 Safety Functions - and we needed a flexible PLC with high integrity
• Analog output– In a Pump Station, we needed to stop the pumps required for a Safety
Function, the driver is a turbine and the stop required modulating the feed of gas to the turbine. For this application we needed an analog output certified for a SIL application, the solution was an analog output for AADvance PLC.
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Benefits
• Small requirements of I/O– Optimize the cost for a SIS in small application
• Analog output– With this issue we can stop turbines in a way that provides high
integrity. For customers this is very valuable the ability
• Power consumption and space– Decreasing the requirement of power consumption the limitation in
space also optimize, because the capacity of HVAC decrease and the capacity of UPS an battery bank is small, reducing the space required in control room.
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Benefits
• Return on Investment has always been a difficult subject to deal with, with the administrative people at the plants. They expect an increment of production due to investment in safety and it is not always so direct.
• The right metrics are different “How much I am losing by not investing in Safety”
• The support of the investments we have accomplished for safety projects is based on the following simple concept:
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Return on Investment?
• In most cases, the cost/benefit in safety is always positive with this simple rule and the customer´s criteria of risk acceptance
Copyright © 2011 Rockwell Automation, Inc. All rights reserved.
Questions?