Lloyd’s Register Energy Conference Safety-driven...
Transcript of Lloyd’s Register Energy Conference Safety-driven...
![Page 1: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/1.jpg)
Lloyd’s Register Energy Conference Safety-driven performance 2012
Understanding Safety Integrity Levels (SILs)
Trygve Leinum, Department Manager
Anne Østdahl, Principal Consultant
Scandpower Risk Management
October 18, 2012
![Page 2: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/2.jpg)
Short introduction to terminology
“ Safety Integrity Level (SIL)
“ Safety Instrumented Function
“ SIL Measure: Probability of Failure on Demand (PFD)
Demand :
When the safety function is needed !
“ Process upsets / deviations beyond
limits for normal operation
conditions.
“ External hazardous events
![Page 3: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/3.jpg)
Safety Integrity Levels Definition from IEC 61508 (simplified)
“ IEC 61508 Defines 4 SIL levels for a Safety Function
“ The SIL levels, SIL1, SIL2, SIL3 and SIL4 correspond to a
range of safety integrity values (i.e. probabilities), where SIL4 is the strictest level.
SIL 1
SIL 2
SIL 3
SIL 4
Probability of failure on demand
< 1 / 10 000
< 1 / 1000
< 1 / 100
< 1 / 10
![Page 4: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/4.jpg)
Safety Instrumented Function (IEC 61511)
Safety function which can be either a safety instrumented protection function or a safety
instrumented control function.
SDV
PSHPSD
(PLC)SDV
PSD
(PLC)
PSH
SIL Requirement
![Page 5: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/5.jpg)
Understanding Safety Integrity Levels (SILs)
“ What?
“ How?
“ Why?
An ambitious title for a 45 minutes speech,
so this 45 minutes are limited to the authors’ subjective opinion of
Why SIL?
The point of view is based on experiences from working within the risk and reliability field on the
Norwegian Continental Shelf.
Understanding SIL?
![Page 6: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/6.jpg)
The Piper Alpha disaster led to a new regime
for application of quantitative risk analyses
(QRAs) on offshore installation.
The QRAs brought valuable knowledge.
Especially to conceptual layouts mitigating
consequences of fire and explosions.
After the Piper Alpha Disaster - 1988
![Page 7: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/7.jpg)
Design in accordance with engineering standards
“ Before the early 90‘s, the use of API RP 14 ruled the ground for design of Safety Systems for offshore
production platforms.
API RP 14 C
![Page 8: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/8.jpg)
Did the QRAs at that time (early 90’s) reflect the
reliability of specific process safety and emergency shut
down systems? “ What is the effect of our triple barrier X-mas trees?
“ Have you given credit to our sophisticated built in self test function?
“ What about our
“ Distributed Supervisory, Control and Safety Systems?
“ High Reliability Central Processing Units?
“ High Integrity Pressure Protection System…etc.. etc.. ?
‚Need to know‛ questions from enthusiastic system engineers were limitless !
![Page 9: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/9.jpg)
And the correct answer to these questions was
All safety systems are assumed to be design in accordance with good engineering
practices and relevant standards.
![Page 10: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/10.jpg)
Integration of QRAs and Reliability Studies
“ Still early 90’s: A new era for reliability analyses and comprehensive verification studies
“ Reliability of safety function, defined as:
“ The ‚ability to perform the required safety function‛, and the complementary event
‚loss of safety function‛
“ Quantitative measure: Probability of Failure on Demand - PFD
“ The general approach justification by comparing:
“ reliability figures for the new design A, are equal or better than figures for existing
‚accepted‛ design B.
![Page 11: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/11.jpg)
Introduction of Safety Integrity Levels - SILs
“ A typical and simple example from reliability calculations:
“ The probability of failure in shutting of well-stream on a 40-well platform is approximately 10
time as high as for a 4-well platform.
“ Not a big surprise, but anyhow not sufficiently covered in API-RP 14 C.
“ API-RP 14 C was considered to origin from an environment with rather small installations compared
to the biggest installations in the North Sea.
“ There was an industry-pull for reliability requirement as a supplement to the engineering standard
“ The understanding of - WHY SIL ? - took root
![Page 12: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/12.jpg)
Today, two decades later, the excellent
standard API RP 14 C is still a basic engineering
norm, but supplemented by the functional
safety standards:
- IEC 61508 Generic standard
- IEC 61511 For process industry
Defining 4 safety integrity levels for
Instrumented Functions
Safety Integrity Standards
SIL 1
SIL 2
SIL 3
SIL 4
Probability of failure on demand
< 1 / 10 000
< 1 / 1000
< 1 / 100
< 1 / 10
![Page 13: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/13.jpg)
Example - Xmas tree valves upon PAHH on separator
SDV
PSHPSD
(PLC)SDV
PSD
(PLC)
PSH
SIL Requirement
Can SIL 2 be achieved for PAHH by closing Wing and Master on 17 Xmas trees?
I.e. replacing the SDV with 17 x WV and MV.
![Page 14: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/14.jpg)
SIL 2 requirement: PFDavg < 1 x 10-2
With 50 % of PFD allocated to final
element:
PFDavg < 5 x 10-3
![Page 15: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/15.jpg)
Pitfalls in SIL assessment
“ Reliability data
“ Reliability data from manufacturers are often much better than operational
experiences.
“ This is partly compensated for by ‚proven in use‛ requirements
“ Guidelines provides generic data collected from existing installation
“ Some model uncertainties
“ Selection of common cause failure fractions
“ Complex architecture…..
Manipulation of figures and results will always be possible !
![Page 16: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/16.jpg)
Capitalization from the SIL approach
“ A quantitative scientific approach - i.e. not opinion based
“ Gives engineers the chance of optimizing, i.e. more safety for the money
“ balancing production uptime and safety performance
“ (or same safety for less money )
“ Final and self-convinced statement:
The approach stimulates to innovation, which on a long term is a competitive advantage
for those who ‚have joined‛ !
![Page 17: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/17.jpg)
Lloyd’s Register Energy Conference
Safety-driven performance 2012
Any questions?
![Page 18: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/18.jpg)
The Group at a glance
“ 278 offices delivering services in 228 countries
“ Some 7,500 employees of 90 nationalities
“ 101 companies
“ Celebrating our 250 year anniversary this year
“ Four business divisions:
“ Marine
“ Transportation (rail sector)
“ Energy (ModuSpec, Scandpower)
“ Management Systems (LRQA)
“ Anticipated annual turnover $1.0bn
![Page 19: Lloyd’s Register Energy Conference Safety-driven ...blog.lrenergy.org/wp-content/uploads/2012/10/Trygve_Leinum1.pdfSafety-driven performance 2012 Understanding Safety Integrity Levels](https://reader034.fdocuments.in/reader034/viewer/2022051407/5ad78bdf7f8b9a6b668d14a2/html5/thumbnails/19.jpg)
Lloyd’s Register Energy Conference
Safety-driven performance 2012
For more information, please contact:
Trygve Leinum
Department Manager / Principal Engineer
Scandpower AS, Norway
T +47 90 79 73 74
W www.scandpower.com
w www.lr.org