 |
|
|
|
 |
Become a fan
0
Safety Instrumented System
What is a process plant Safety Instrumented System (SIS)?
Any process loop identified as a safety system is referred to as a Safety Instrumented System (SIS). In the past, these loops were defined as Emergency Shutdown (ESD) or Safety Shutdown (SSD). The purpose of an SIS is to reduce the risk of an accident.
SIS loops defined: "An SIS is a distinct, reliable system used to safeguard a process to prevent a catastrophic release of toxic, flammable, or explosive chemicals." (Ref. ISA S84.01)
SIS loop scope: "System composed of sensors, logic solvers, and final control elements for the purpose of taking a process to a safe state, when predetermined conditions are violated." (Ref ISA S84.01 and IEC 61508)
Thus, SIS is composed of the entire control loop. This loop will likely consists of pressure and temperature transmitters, Control Valves, DCS (or PLC and SLC), plumbing, wiring, power supplies, and other loop equipment.
Safety Integrity Levels (SIL)
It can be understood accordingly; SIL and availability are simply statistical representations of the integrity of the SIS when a process demand occurs. The acceptance of a SIL 1 SIS means that the level of hazard or economic risk is sufficiently low that a SIS with a 10% chance of failure (90% availability) is acceptable. For example, consider the installation of a SIL 1 SIS for a high level trip in a liquid tank. The availability of 90% would mean that out of every 10 times that the level reached the high level trip point there would be one predicted failure of the SIS and subsequent overflow of the tank. Is this an acceptable risk?
TABLE 1
Safety Integrity Level Availability
Required Probability to Fail on Demand Mean Time
Between Failures
IEC 4 >99.99% E-005 to < E-004 100,000 to 10,000
ISA 3 99.90% E-004 to < E-003 10,000 to 1,000
2 99.00 - 99.90% E-003 to < E-002 1,000 to 100
1 90.00 - 99.00% E-002 to < E-001 100 to 10
A qualitative view of SIL has slowly developed over the last few years as the concept of SIL has been adopted at many independent third party agency in the world that certifies safety instrumented systems (SIS). TUV Rheinland is approved and chemical and petrochemical plants. This qualitative view can be expressed in terms of the impact of the SIS failure on plant personnel and the public or community.
"4" - Catastrophic Community Impact.
"3"- Employee and Community Protection.
"2" - Major Property and Production Protection.
• "1" - Minor Property and Production Protection.
The assignment of SIL is a corporate or company decision based on risk management philosophy and risk tolerance.
Now let's discuss TUV. TUV stands for a rather long German name, Tecnischer Uberwachungs-Verein Rheinland e.V. In short, it is the only world countries and US. The manufacturer of the equipment is issued a certificate, with a detailed report listing the results of the inspection and testing, and most important, General and Specific Restrictions. It is these general and specific restrictions that most manufactures are hesitant and most times never reveal to the user of the equipment.
We can see the correlation between safety integrity levels and TUV Class in Table 2.
Table 2. SIL Vs TUV Class (AK)
SIL 1 2 3 4
TUV Class AK2 AK3 AK4 AK5 AK6 AK7
As an example, if a process event occurred that could cause personal injury or affect the community (not catastrophic), the safety instrumented system designed to mitigate or prevent the hazard, would be assigned a safety integrity level (SIL) "3". The TUV Class certification for the logic system should be an AK5 or AK6 depending on the quantitative assessment. TUV has certified many different voting architectures in logic solvers e.g. 1oo2, 1oo2D, 1oo3, 2oo2, and 2oo3. Depending on the testing results and design, TUV will certify and approve the logic solver for the appropriate Class of safety service 1-7.
As noted above, all approvals and certifications are contingent on operating the device within the "General and Specific Restrictions". TUV's General Restrictions are very clear for all architectures and manufactures, "The safety system shall never operate in the single channel mode for Class 5 and 6".
What is a process plant Safety Instrumented System (SIS)?
Any process loop identified as a safety system is referred to as a Safety Instrumented System (SIS). In the past, these loops were defined as Emergency Shutdown (ESD) or Safety Shutdown (SSD). The purpose of an SIS is to reduce the risk of an accident.
SIS loops defined: "An SIS is a distinct, reliable system used to safeguard a process to prevent a catastrophic release of toxic, flammable, or explosive chemicals." (Ref. ISA S84.01)
SIS loop scope: "System composed of sensors, logic solvers, and final control elements for the purpose of taking a process to a safe state, when predetermined conditions are violated." (Ref ISA S84.01 and IEC 61508)
Thus, SIS is composed of the entire control loop. This loop will likely consists of pressure and temperature transmitters, Control Valves, DCS (or PLC and SLC), plumbing, wiring, power supplies, and other loop equipment.
Safety Integrity Levels (SIL)
It can be understood accordingly; SIL and availability are simply statistical representations of the integrity of the SIS when a process demand occurs. The acceptance of a SIL 1 SIS means that the level of hazard or economic risk is sufficiently low that a SIS with a 10% chance of failure (90% availability) is acceptable. For example, consider the installation of a SIL 1 SIS for a high level trip in a liquid tank. The availability of 90% would mean that out of every 10 times that the level reached the high level trip point there would be one predicted failure of the SIS and subsequent overflow of the tank. Is this an acceptable risk?
TABLE 1
Safety Integrity Level Availability
Required Probability to Fail on Demand Mean Time
Between Failures
IEC 4 >99.99% E-005 to < E-004 100,000 to 10,000
ISA 3 99.90% E-004 to < E-003 10,000 to 1,000
2 99.00 - 99.90% E-003 to < E-002 1,000 to 100
1 90.00 - 99.00% E-002 to < E-001 100 to 10
A qualitative view of SIL has slowly developed over the last few years as the concept of SIL has been adopted at many independent third party agency in the world that certifies safety instrumented systems (SIS). TUV Rheinland is approved and chemical and petrochemical plants. This qualitative view can be expressed in terms of the impact of the SIS failure on plant personnel and the public or community.
"4" - Catastrophic Community Impact.
"3"- Employee and Community Protection.
"2" - Major Property and Production Protection.
• "1" - Minor Property and Production Protection.
The assignment of SIL is a corporate or company decision based on risk management philosophy and risk tolerance.
Now let's discuss TUV. TUV stands for a rather long German name, Tecnischer Uberwachungs-Verein Rheinland e.V. In short, it is the only world countries and US. The manufacturer of the equipment is issued a certificate, with a detailed report listing the results of the inspection and testing, and most important, General and Specific Restrictions. It is these general and specific restrictions that most manufactures are hesitant and most times never reveal to the user of the equipment.
We can see the correlation between safety integrity levels and TUV Class in Table 2.
Table 2. SIL Vs TUV Class (AK)
SIL 1 2 3 4
TUV Class AK2 AK3 AK4 AK5 AK6 AK7
As an example, if a process event occurred that could cause personal injury or affect the community (not catastrophic), the safety instrumented system designed to mitigate or prevent the hazard, would be assigned a safety integrity level (SIL) "3". The TUV Class certification for the logic system should be an AK5 or AK6 depending on the quantitative assessment. TUV has certified many different voting architectures in logic solvers e.g. 1oo2, 1oo2D, 1oo3, 2oo2, and 2oo3. Depending on the testing results and design, TUV will certify and approve the logic solver for the appropriate Class of safety service 1-7.
As noted above, all approvals and certifications are contingent on operating the device within the "General and Specific Restrictions". TUV's General Restrictions are very clear for all architectures and manufactures, "The safety system shall never operate in the single channel mode for Class 5 and 6".
Comments & Reviews ^topBe the first to comment on this! |
|
RecommendedTUV & SIL U CAN DO IT TUV ~ SIL Rule of the day MANTRA OF SUCCESS The Warren Buffet Way data base management. ERM's.marto |
© WP Technology Inc. 2009
User-posted content is subject to its own terms.
User-posted content is subject to its own terms.
