Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ... Safety Considerations Guide for Trident v2 Systems - TUV ...
6 Chapter 1 Safety Concepts As a required SIL capability increases, SIS integrity increases as measured by: • System availability (expressed as a percentage) • Average probability of failure to perform design function on demand (PFDavg) • Risk reduction factor (RRF, reciprocal of PFDavg) Determining a Safety Integrity Level If a PHA concludes that an SIS is required, ANSI/ISA S84.01 and IEC 61508 require that a target SIL capability be assigned. The assignment of an SIL capability is a corporate decision based on risk management and risk tolerance philosophy. Safety regulations require that the assignment of SIL capabilities should be carefully performed and thoroughly documented. Completion of a HAZOP determines the severity and probability of the risks associated with a process. Risk severity is based on a measure of the anticipated impact or consequences. On-site consequences include: • Worker injury or death • Equipment damage Off-site consequences include: • Community exposure, including injury and death • Property damage • Environmental impact • Emission of hazardous chemicals • Contamination of air, soil, and water supplies • Damage to environmentally sensitive areas A risk probability is an estimate of the likelihood that an expected event will occur. Classified as high, medium, or low, a risk probability is often based on a company’s or a competitor’s operating experience. Several methods of converting HAZOP data into SIL capabilities are used. Methods range from making a corporate decision on all safety system installations to more complex techniques, such as an IEC 61508 risk graph. Safety Considerations Guide for Trident v2 Systems
Sample SIL Calculation Hazard and Risk Analysis 7 As a PES, the Trident controller is designed to minimize its contribution to the SIL, thereby allowing greater flexibility in the SIS design. R I S K R E D U C T I O N 99.9999 Risk Measures 0.000001 99.999 0.00001 99.99 0.0001 99.00 0.01 90.00 0.1 Percent Availability Figure 3 Comparison of Percent Availability and PFD * Trident controller module failure rates, PFDavg, Spurious Trip Rate, and Safe Failure Fraction (SFF) calculation methods have been independently reviewed by TÜV Rheinland. The numbers presented here (and in the following tables) are typical. Exact numbers should be calculated for each specific system configuration. Contact the Invensys Global Customer Support (GCS) Center for details on calculation methods and options related to the Trident controller. The Triconex controller is a type-B safety-related subsystem as defined in IEC 61508-2 7.4.4.1.3. 3 Pressure Transmitters (2oo3) Sensors 3 Temperature Transmitters (2oo3) 99.90 0.001 SIL capability 3 SIS PFD Trident PES* Safety Integrated System TMR Controller (2oo3) PES/Logic Solver Figure 4 Simplified Diagram of Key Elements 2 Block Valves in Series (1oo2) Final Elements Safety Considerations Guide for Trident v2 Systems
- Page 1 and 2: Trident v2 Systems Safety Considera
- Page 3 and 4: Contents Preface vii Summary of Sec
- Page 5 and 6: Contents v Partitioned Processes. .
- Page 7 and 8: Preface This guide provides informa
- Page 9 and 10: • All other requests are handled
- Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
- Page 13 and 14: Protection Layers Methods that prov
- Page 15: Hazard and Risk Analysis Hazard and
- Page 19 and 20: Safety Life Cycle Model Hazard and
- Page 21 and 22: Hazard and Risk Analysis 11 • Eac
- Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
- Page 25 and 26: 2 Application Guidelines Overview 1
- Page 27 and 28: General Guidelines This section des
- Page 29 and 30: General Guidelines 19 Safety Measur
- Page 31 and 32: Emergency Shutdown Systems The safe
- Page 33 and 34: Safety-Shutdown Guidelines for Tric
- Page 35 and 36: Guidelines for Triconex Controllers
- Page 37 and 38: Guidelines for Triconex Controllers
- Page 39 and 40: Guidelines for Triconex Controllers
- Page 41 and 42: Guidelines for Triconex Controllers
- Page 43 and 44: 3 Fault Management Overview 34 Syst
- Page 45 and 46: System Diagnostics System Diagnosti
- Page 47 and 48: Operating Modes Each input or outpu
- Page 49 and 50: Analog Output (AO) Modules Module D
- Page 51 and 52: Calculation for Diagnostic Fault Re
- Page 53 and 54: External Communication Module Diagn
- Page 55 and 56: 4 Application Development Developme
- Page 57 and 58: Array Index Errors Infinite Loops D
- Page 59 and 60: Setting Scan Time 49 application. T
- Page 61 and 62: Sample Safety-Shutdown Programs Sam
- Page 63 and 64: Sample Safety-Shutdown Programs 53
- Page 65 and 66: When Some I/O Modules Are Safety-Cr
6 Chapter 1 <strong>Safety</strong> Concepts<br />
As a required SIL capability increases, SIS integrity increases as measured by:<br />
• System availability (expressed as a percentage)<br />
• Average probability of failure to per<strong>for</strong>m design function on demand (PFDavg)<br />
• Risk reduction factor (RRF, reciprocal of PFDavg)<br />
Determining a <strong>Safety</strong> Integrity Level<br />
If a PHA concludes that an SIS is required, ANSI/ISA S84.01 and IEC 61508 require that a target<br />
SIL capability be assigned. The assignment of an SIL capability is a corporate decision based on<br />
risk management and risk tolerance philosophy. <strong>Safety</strong> regulations require that the assignment<br />
of SIL capabilities should be carefully per<strong>for</strong>med and thoroughly documented.<br />
Completion of a HAZOP determines the severity and probability of the risks associated with a<br />
process. Risk severity is based on a measure of the anticipated impact or consequences.<br />
On-site consequences include:<br />
• Worker injury or death<br />
• Equipment damage<br />
Off-site consequences include:<br />
• Community exposure, including injury and death<br />
• Property damage<br />
• Environmental impact<br />
• Emission of hazardous chemicals<br />
• Contamination of air, soil, and water supplies<br />
• Damage to environmentally sensitive areas<br />
A risk probability is an estimate of the likelihood that an expected event will occur. Classified as<br />
high, medium, or low, a risk probability is often based on a company’s or a competitor’s<br />
operating experience.<br />
Several methods of converting HAZOP data into SIL capabilities are used. Methods range from<br />
making a corporate decision on all safety system installations to more complex techniques, such<br />
as an IEC 61508 risk graph.<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>