Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com
Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com
12 Hazard and Risk Analysis▼PES Steps in a Safety Life Cycle:1 Develop a safety requirement specification.An SRS consists of safety functional requirements and safety integrityrequirements. An SRS can be a collection of documents or information.Safety functional requirements specify the logic and actions to be performed byan SIS and the process conditions under which actions are initiated. Theserequirements include such items as consideration for manual shutdown, loss ofenergy source, etc.Safety integrity requirements specify a SIL and the performance required forexecuting SIS functions. Safety integrity requirements include:• Required SIL for each safety function• Requirements for diagnostics• Requirements for maintenance and testing• Reliability requirements if the spurious trips are hazardous2 For conceptual design, an engineer should:• Define the SIS architecture to ensure the SIL is met; e.g. voting 1oo1,1oo2, 2oo2, 2oo3• Define the logic solver to meet the highest SIL if different SIL levels arerequired in a single logic solver• Select a functional test interval to achieve the SIL• Verify the conceptual design against the SRS3 Develop a detail design including:• General requirements• SIS logic solver• Field devices• Interfaces• Energy sources• System environment• Application logic requirements• Maintenance or testing requirementsTricon Safety Considerations Guide
Hazard and Risk Analysis 13Some key ANSI/ISA S84.01 requirements are:• The logic solver shall be separated from the basic process control system• Sensors for SIS shall be separated from the sensors for the BPCS• The logic system vendor shall provide:– MTTF data– Covert failure listing– Frequency of occurrence of identified covert failures• Each individual field device shall have its own dedicated wiring to thesystem I/O. Using a field bus is not allowed!• A control valve from the BPCS shall not be used as a single final elementfor SIL3• The operator interface may not be allowed to change the SIS applicationsoftware• Forcing shall not be used as a part of application software or operatingprocedures• When on-line testing is required, test facilities shall be an integral part ofthe SIS design4 Develop a pre-start-up acceptance test procedure that provides a fully functionaltest of the SIS to verify conformance with the SRS.5 Before startup, establish operational and maintenance procedures to ensure thatthe SIS functions comply with the SRS throughout the SIS operational life,including:• Training• Documentation• Operating procedures• Maintenance program• Testing and preventive maintenance• Functional testing• Documentation of functional testing6 Before start-up, complete a safety review.Chapter 1Safety Concepts
- Page 1 and 2: TriconVersion 9Safety Consideration
- Page 3: AcknowledgementTriconex acknowledge
- Page 6 and 7: viRelated DocumentsRelated Document
- Page 8 and 9: viiiHow to Contact TriconexHow to C
- Page 10: xTrainingFor Turbomachinery Systems
- Page 13 and 14: xiCONTENTSAbout This Guide ........
- Page 15 and 16: xiiiAnalog Input Module Alarms ....
- Page 17 and 18: CHAPTER 1Safety ConceptsThis chapte
- Page 19 and 20: Safety Overview 3Protection LayersT
- Page 21 and 22: Hazard and Risk Analysis 5Hazard an
- Page 23 and 24: Hazard and Risk Analysis 7Completio
- Page 25 and 26: Hazard and Risk Analysis 9Equation
- Page 27: Hazard and Risk Analysis 11Flowchar
- Page 31 and 32: Safety Standards 15Safety Standards
- Page 33 and 34: Safety Standards 17Application-Spec
- Page 35 and 36: CHAPTER 2Application GuidelinesThis
- Page 37 and 38: General Guidelines 21• Under cert
- Page 39 and 40: Guidelines for Tricon Controllers 2
- Page 41 and 42: Guidelines for Tricon Controllers 2
- Page 43 and 44: Guidelines for Tricon Controllers 2
- Page 45 and 46: Guidelines for Tricon Controllers 2
- Page 47 and 48: Guidelines for Tricon Controllers 3
- Page 49 and 50: Guidelines for Tricon Controllers 3
- Page 51 and 52: Guidelines for Tricon Controllers 3
- Page 53 and 54: CHAPTER 3Fault ManagementThis chapt
- Page 55 and 56: System Diagnostics 39System Diagnos
- Page 57 and 58: Operating Modes 41Operating ModesEa
- Page 59 and 60: Module Diagnostics 43Module Diagnos
- Page 61 and 62: Module Diagnostics 45Relay Output M
- Page 63 and 64: Module Diagnostics 47System Attribu
- Page 65 and 66: CHAPTER 4Application DevelopmentThi
- Page 67 and 68: Important TriStation Commands 51Imp
- Page 69 and 70: Setting Scan Time 53Setting Scan Ti
- Page 71 and 72: Sample Safety-Shutdown Programs 55S
- Page 73 and 74: Sample Safety-Shutdown Programs 57I
- Page 75 and 76: Sample Safety-Shutdown Programs 59A
- Page 77 and 78: Sample Safety-Shutdown Programs 61P
Hazard and Risk Analysis 13Some key ANSI/ISA S84.01 requirements are:• The logic solver shall be separated from the basic process control system• Sensors for SIS shall be separated from the sensors for the BPCS• The logic system vendor shall provide:– MTTF data– Covert failure listing– Frequency of occurrence of identified covert failures• Each individual field device shall have its own dedicated wiring to thesystem I/O. Using a field bus is not allowed!• A control valve from the BPCS shall not be used as a single final elementfor SIL3• The operator interface may not be allowed to change the SIS applicationsoftware• Forcing shall not be used as a part of application software or operatingprocedures• When on-line testing is required, test facilities shall be an integral part ofthe SIS design4 Develop a pre-start-up acceptance test procedure that provides a fully functionaltest of the SIS to verify conformance with the SRS.5 Before startup, establish operational and maintenance procedures to ensure thatthe SIS functions <strong>com</strong>ply with the SRS throughout the SIS operational life,including:• Training• Documentation• Operating procedures• Maintenance program• Testing and preventive maintenance• Functional testing• Documentation of functional testing6 Before start-up, <strong>com</strong>plete a safety review.Chapter 1<strong>Safety</strong> Concepts