Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented...
Transcript of Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented...
![Page 1: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/1.jpg)
Slide DT/ET - 1
Energise to trip?De-energise to trip?
Simple Choice?
Tony Foord & Colin Howardwww.4-sightConsulting.co.uk
+44 (0)1 582 462 324
![Page 2: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/2.jpg)
Slide DT/ET - 2
Examples
![Page 3: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/3.jpg)
Slide DT/ET - 3
Overview
• Available guidance• Why do trip systems fail?• Trip system issues• System failure modes• 3 examples• Architecture and Spurious trip frequency• Diagnostics and Reverse acting transmitters• References• Conclusions
![Page 4: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/4.jpg)
Slide DT/ET - 4
Traditional Choices
Operation
Safety Availability
De-energise to Trip (DT)
Energise to Trip (ET)
![Page 5: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/5.jpg)
Slide DT/ET - 5
Available Guidance
• Very little specific guidance publishedOne or two paragraphs only
Concentrate on “fail safe”WHY?
Custom and practice?Taken for granted?Principles assumed?
![Page 6: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/6.jpg)
Slide DT/ET - 6
Overpressure protection for a turbine driven compressor
![Page 7: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/7.jpg)
Slide DT/ET - 7
Why do trip systems fail?Inadequatespecification
Inadequate designandimplementationInadequateinstallation andcommissioningInadequateoperation andmaintenanceInadequatemodification
Source: Out of Control 2003
![Page 8: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/8.jpg)
Slide DT/ET - 8
Trip system issues
• SIF Requirements• Passive / active systems• Utility Requirements• Effect on Fail to Danger and Spurious Trips
– Design policy / Architecture / Overrides (defeats)– People issues– Operate / Test / Repair policies– Component reliability– Diagnostics
![Page 9: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/9.jpg)
Slide DT/ET - 9
System failure modes
Source: Sintef PDS Method Handbook 2006
![Page 10: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/10.jpg)
Slide DT/ET - 10
SIF
Energise or De-energise to Trip?
Process unit
consumers
Emergency Feed
Surge Drum
OAF
LSZ
![Page 11: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/11.jpg)
Slide DT/ET - 11
Addition of Reactor Inhibitor Options
BD1
CW In
HW In
CW Out
HW Out
Feed B
Feed ATT 1
PT 1
Product Out
Vent
N2 In
Dump tank
HP N2
Inhibitor
Inhibitor
Energise to Trip
De-energise to Trip
![Page 12: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/12.jpg)
Slide DT/ET - 12
Architecture and Spurious Trip Frequency
0.0000001
0.000001
0.00001
0.0001
0.001
0.01
0.1
11oo1 1oo2 1oo3 2oo3
Freq
uenc
y
![Page 13: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/13.jpg)
Slide DT/ET - 13
Valve failure modes ~ 80% open
Failure mode %
Blocking 5
External leak 15
Passing 60
Sticking 20
Data source: Smith: Reliability, Maintainability and Risk
![Page 14: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/14.jpg)
Slide DT/ET - 14
Relay failure modes ~ 90% open
Failure mode %Contacts short circuit
10
Contacts open circuit
80
Coil 10
Data source: Smith: Reliability, Maintainability and Risk
![Page 15: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/15.jpg)
Slide DT/ET - 15
Overpressure protection for a turbine driven compressor
![Page 16: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/16.jpg)
Slide DT/ET - 16
DT fails to danger
![Page 17: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/17.jpg)
Slide DT/ET - 17
ET fails to danger
Logic solver fails
Logic solverhardware fails
Logic solver fails
Logic solverhardware fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
2
Sensors fail
2oo3 sensorsfail
2
Sensors fail
2oo3 sensorsfail
FE 1 fails
Final element1 fails
FE 1 fails
Final element1 fails
FE 2 fails
Final element2 fails
FE 2 fails
Final element2 fails
Both FEs fail
Both finalelement
Both FEs fail
Sensors Logicsolver
Finalelements
Key toFaultTrees
Both FEs fail
![Page 18: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/18.jpg)
Slide DT/ET - 18
DT (left) and ET fails to danger
Logic solver fails
Logic solverhardware fails
Logic solver fails
Logic solverhardware fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
2
Sensors fail
2oo3 sensorsfail
2
Sensors fail
2oo3 sensorsfail
FE 1 fails
Final element1 fails
FE 1 fails
Final element1 fails
FE 2 fails
Final element2 fails
FE 2 fails
Final element2 fails
Both FEs fail
Both finalelement
Both FEs fail
Sensors Logicsolver
Finalelements
Key toFaultTrees
Both FEs fail
![Page 19: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/19.jpg)
Slide DT/ET - 19
DT spurious trips
![Page 20: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/20.jpg)
Slide DT/ET - 20
ET spurious trips
![Page 21: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/21.jpg)
Slide DT/ET - 21
DT (left) and ET spurious trips
Logic solver fails
Logic solverhardware fails
Logic solver fails
Logic solverhardware fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 1 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 2 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
Sensor 3 fails
2
Sensors fail
2oo3 sensorsfail
2
Sensors fail
2oo3 sensorsfail
FE 1 fails
Final element1 fails
FE 1 fails
Final element1 fails
FE 2 fails
Final element2 fails
FE 2 fails
Final element2 fails
Both FEs fail
Both finalelement
Both FEs fail
Sensors Logicsolver
Finalelements
Key toFaultTrees
Both FEs fail
![Page 22: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/22.jpg)
Slide DT/ET - 22
Diagnostics and Reverse Acting Transmitters
• Safety Function operates on “high” signals• Transmitter failure leads to low signal
Diagnostics require separate inputReverse acting transmitter provides automatic protection– Avoids technical complexity BUT introduces
human factors and management complexity
![Page 23: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/23.jpg)
Slide DT/ET - 23
References - 1• http://www.hse.gov.uk/comah/sragtech/index.htm
which includes links to Case Studies illustrating the importance of Control and Protection Systems, for example– Texaco Refinery - Milford Haven - Explosion and Fires (24/7/1994)– International Biosynthetics Ltd (7/12/1991) – BP Oil (Grangemouth) Refinery Ltd (22/3/1987)– Seveso - Icmesa Chemical Company (9/7/1976)
• Out of Control (2003), Second edition, HSE Books, ISBN 0-7176-2192-8
• IEC 61508 (1998 & 2000), Functional safety of electrical/electronic/programmable electronic safety-related systems Parts 1-7
![Page 24: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/24.jpg)
Slide DT/ET - 24
References - 2• Reliability Prediction Method For Safety Instrumented
Systems. PDS Method Handbook (2006) SINTEF• ISA-TR84.00.02 (2002) - Safety Instrumented Function
(SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction – page 57
• Reliability Maintainability and Risk (2001) David J Smith ISBN 0-7506-5168-7
• Safety Shutdown Systems Design, Analysis and Justification (1998) Paul Gruhn and Harry Cheddie ISBN1-55617-665-1
• Safety-Critical Computer Systems (1996), Neil Storey, ISBN 0-201-42787-7
• Safeware: system safety and computers (1995), Nancy Leveson, ISBN 0-201-11972-2
![Page 25: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/25.jpg)
Slide DT/ET - 25
Available Guidance on ET
Is there anything else out there?
![Page 26: Energise to Trip - Institution of Engineering and …• ISA-TR84.00.02 (2002) - Safety Instrumented Function (SIF) - Safety Integrity Level (SIL) Evaluation Techniques Part 1: Introduction](https://reader030.fdocuments.in/reader030/viewer/2022040915/5e8e18566553f747565b9edc/html5/thumbnails/26.jpg)
Slide DT/ET - 26
Conclusions
• Choice less clear-cut than at first sight– Need to look holistically– Wider than simply the core SIF
• ET can be made to work – possibilities of getting it wrong are greater
• ET inherently more complex– Does everyone understand the
complexity?• Some DT systems have ET elements