ISA SAF INST SYS VERF-2005 Safety Instrumented Systems Verification - Practical Probabilistic Calculations.pdf

1、Safety InstrumentedSystems Verification:Practical ProbabilisticCalculationsGoble05.book Page i Monday, February 27, 2006 8:15 PMGoble05.book Page ii Monday, February 27, 2006 8:15 PMSafety InstrumentedSystems Verification:Practical ProbabilisticCalculationsWilliam M. GobleHarry CheddieGoble05.book P

2、age iii Monday, February 27, 2006 8:15 PMNoticeThe information presented in this publication is for the general education of the reader. Because neither the author nor the publisher have any control over the use of the information by the reader, both the author and the publisher disclaim any and all

3、 liability of any kind arising out of such use. The reader is expected to exercise sound professional judgment in using any of the information presented in a particular application.Additionally, neither the author nor the publisher have investigated or considered the affect of any patents on the abi

4、lity of the reader to use any of the information in a particular application. The reader is responsible for reviewing any possible patents that may affect any particular use of the information presented.Any references to commercial products in the work are cited as examples only. Neither the author

5、nor the publisher endorse any referenced commercial product. Any trademarks or tradenames referenced belong to the respective owner of the mark or name. Neither the author nor the publisher make any representation regarding the availability of any referenced commercial product at any time. The manuf

6、acturers instructions on use of any commercial product must be followed at all times, even if in conflict with the information in this publication.Copyright 2005 ISA - The Instrumentation, Systems and Automation SocietyAll rights reserved. Printed in the United States of America. 10 9 8 7 6 5 4 3ISB

7、N-10: 1-55617-909-XISBN-13: 978-1-55617-909-9No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior writ-ten permission of the publisher.ISA67 Alexander DriveP.O

8、. Box 12277Research Triangle Park, NC 27709Library of Congress Cataloging-in-Publication Data Goble, William M. Safety instrumented systems verification : practical probabilistic calculations / William M. Goble, Harry Cheddie. p. cm. Includes bibliographical references and index. ISBN 1-55617-909-X

9、(pbk.) 1. Industrial safety. I. Cheddie, Harry. II. Title. T55.G5842 2005 620.86-dc22 2005010931 Goble05.book Page iv Monday, February 27, 2006 8:15 PMDEDICATIONTo my wife Janki, son Neil, and daughters Stephanie, Michelle, and Jennifer for their support, patience and encouragement Harry L. CheddieT

10、o those who provided great support, training and mentoring: Sandra Goble, Robert B. Adams, Dr. Julia V. Bukowski, Dr. Tony Frederickson, Rolf Spiker, and Dr. Arnout C. Brombacher William M. GobleGoble05.book Page v Monday, February 27, 2006 8:15 PMGoble05.book Page vi Monday, February 27, 2006 8:15

11、PMviiAbout theAuthorsHarry L. Cheddie, P.Eng., CFSEHarry Cheddie is Principal Engineer and Partner with exida. He is presently responsible for completing safety studies for end users, developing training programs, and teaching safety courses with an emphasis on IEC 61508 and IEC 61511.Prior to joini

12、ng exida, Harry was a Control Systems Advisor for Bayer Inc. in Sarnia, Ontario, Canada, where he was also the Supervisor of the Central Engineering Group responsible for process control systems design and maintenance.Harry graduated from Salford University in the UK with a B.Sc. (1st Class Honors)

13、degree in Electrical Engineering. He is a registered Professional Engineer in the province of Ontario, Canada.Harry is certified by the American Society for Quality as a Quality Engineer, and as a Reliability Engineer. He is also a Certified Functional Safety Expert from the CFSE Governing Board.Dr.

14、 William M. Goble, P.E., CFSEWilliam M. Goble is currently Principal Partner, exida, a company that does consulting, training and support for safety critical and high availability process automation. He has over 30 years of experience in control systems doing product development, engineering managem

15、ent, marketing, training and consulting.Dr. Goble has developed several of the techniques used for quantitative analysis of safety (FMEDA) and reliability in automation systems. He teaches and consults in this area with instrumentation manufacturers and petrochemical/chemical companies around the wo

16、rld.Dr. Goble has a BSEE from Penn State, an MSEE from Vilanova and a PhD from Eindhoven University of Technology in Reliability Engineering. He is a registereed professional engineer in the State of Pennsylvania and a Certified Functional Safety Expert (CFSE). He is a fellow member of ISA and previ

17、ous author of the ISA book Control Systems Safety Evaluation and Reliability.Goble05.book Page vii Monday, February 27, 2006 8:15 PMGoble05.book Page viii Monday, February 27, 2006 8:15 PMixContentsABOUT THE AUTHORS viiPREFACE xvChapter 1 THE SAFETY LIFECYCLE 1Introduction, 1Functional Safety, 1Func

18、tional Safety Standards, 2Safety Lifecycle, 5Analysis Phase, 8Realization Phase, 9Operation Phase, 11Benefits of the Safety Lifecycle, 12Safety Lifecycle Adoption, 13Exercises, 14References and Bibliography 16Chapter 2 SAFETY INSTRUMENTED SYSTEMS 19Safety Instrumented Systems, 19BPCS versus SIS, 20S

19、IS Engineering Requirements, 22Safety Instrumented Function, 23Exercises, 25References and Bibliography 26Chapter 3 EQUIPMENT FAILURE 27Failure, 27The Well-Designed System, 29Failure Rate, 30Goble05.book Page ix Monday, February 27, 2006 8:15 PMxContentsTime-Dependent Failure Rates, 30Censored Data,

20、 37Confidence Factor, 38Getting Failure Rate Data, 39Exercises, 39References and Bibliography 40Chapter 4 BASIC RELIABILITY ENGINEERING 43Measurements of Successful Operation No Repair, 43Useful Approximations, 49Measurements of Successful OperationRepairable Systems, 50Periodic Restoration and Impe

21、rfect Testing, 56Exercises, 57References and Bibliography 59Chapter 5 SYSTEM RELIABILITY ENGINEERING 61Introduction, 61System Model Building, 61Reliability Block Diagrams, 62Series System, 62Parallel System, 63Fault Trees, 65Fault Tree Symbols, 67Comparison of the Reliability Block Diagram and the F

22、ault Tree, 68Fault Tree AND Gates, 69Fault Tree OR Gates, 69Approximation Techniques, 69Common Mistake, 71Markov Models, 74Markov Solution Techniques, 76Realistic Safety Instrumented System Modeling, 78Exercises, 79References and Bibliography 82Chapter 6 EQUIPMENT FAILURE MODES 83Introduction, 83Equ

23、ipment Failure Modes, 83Fail-Safe, 85Fail-Danger, 85Annunciation, 86No Effect, 86Detected/Undetected, 86SIF Modeling of Failure Modes, 86PFS/PFD, 87PFDavg, 87Exercises, 88Goble05.book Page x Monday, February 27, 2006 8:15 PMContents xiChapter 7 SIF VERIFICATION PROCESS 89The Conceptual Design Proces

24、s, 89Equipment Selection, 91Redundancy, 94SIF Testing Techniques, 96Probabilistic Calculation Tools, 112Verification Reports, 112Exercises, 114References and Bibliography 115Chapter 8 GETTING FAILURE RATE DATA 117Introduction, 117Industry Failure Databases, 118Product Specific Failure Data, 121A Com

25、parison of Failure Rates, 122Comprehensive Failure Data Sources, 122The Future of Failure Data, 122Exercises, 126References and Bibliography 127Chapter 9 SIS SENSORS 129Instrument Selection, 129Diagnostic Annunciation, 129Probabilistic Modeling of Sensors, 131Pressure, 135Temperature, 137Level, 138F

26、low, 140Gas/Flame Detectors, 141Burner Flame Detectors, 142Miscellaneous, 143Exercises, 143References and Bibliography 144Chapter 10 LOGIC SOLVERS 145Introduction, 145Relays/Pneumatic Logic, 145Solid State / Intrinsically Safe Solid State, 146Programmable Logic Controllers, 146Safety Programmable Lo

27、gic Controllers, 147Probabilistic Modeling of the PLC, 150Exercises, 154References and Bibliography 154Goble05.book Page xi Monday, February 27, 2006 8:15 PMxii ContentsChapter 11 SIS FINAL ELEMENTS 157Final Elements, 157The “Well Designed” Remote Actuated Valve, 158Actuator Types, 159Valve Failure

28、Modes, 160Valve Types, 162Probabilistic Modeling, 165Failure Rate Comparison, 166Diagnostics and Annunciation , 166Exercises, 171References and Bibliography 171Chapter 12 TYPICAL SIF SOLUTIONS 173Introduction, 173Typical SIL 2 Architecture, 180Some Common Hardware Issues Relating to the Various Solu

29、tions for SIL1, SIL2,and SIL3 Systems, 188References and Bibliography 188Chapter 13 OIL AND GAS PRODUCTION FACILITIES 189Introduction, 189Overall System Description, 191Individual Well Controls and Shutdowns, 191High Line Pressure Safety Instrumented Function (SIF), 195SIF PFDavg Calculation, 196Alt

30、ernative SIF Designs, 209Exercises, 214References and Bibliography 214Chapter 14 CHEMICAL INDUSTRY 215Introduction, 215Reactor, 215Exercise, 228References and Bibliography 228Chapter 15 COMBINED BPCS/SIS DESIGNS 229Introduction, 229Analysis Tasks, 229Alternative Designs, 231Detailed Analysis of Comb

31、ination BPCS and SIS Systems, 236Exercises, 237REFERENCES AND BIBLIOGRAPHY 238Appendix A STATISTICS 239Goble05.book Page xii Monday, February 27, 2006 8:15 PMContents xiiiAppendix B PROBABILITY 245Appendix C FAULT TREES 257Appendix D MARKOV MODELS 275Appendix E FAILURE MODES EFFECTS AND DIAGNOSTIC A

32、NALYSIS (FMEDA) 303Appendix F SYSTEM ARCHITECTURES 315Appendix G MODELING THE REPAIR PROCESS 357Appendix H ANSWERS TO EXERCISES 367INDEX 379Goble05.book Page xiii Monday, February 27, 2006 8:15 PMGoble05.book Page xiv Monday, February 27, 2006 8:15 PMxvPrefaceThis book was written in response to man

33、y requests for more information regarding the details of probabilistic evaluation of safety instrumented functions. As the authors have had the great benefit of being asked to perform many such jobs, the problems apparent with previous methods have become clear to us. This book would not have been w

34、ritten except for many individuals who have contributed with thought provoking questions and detailed comments on our work, our data and our methods. The authors would like to thank Dr. Julia V. Bukowski for many solutions to involved modeling questions. We thank Hal Thomas for many detailed questio

35、ns and feedback on the initial answers. We thank Aart Pruysen, Rolf Spiker and Simon Brown for the detailed discussions on failure modes and interpretation.We thank those who took the time to review our draft documents and provide valuable feedback. Those included Hal Thomas, Tim Layer, Vic Maggioli

36、, Lindsey Bredemeyer, Eric Scharpf, Curt Miller, Oswaldo Moreno, Mike Bragg, Wally Baker and several others. We thank ISA and particularly Lois Ferson who has guided us through the publishing process and shown great patience. Goble05.book Page xv Monday, February 27, 2006 8:15 PMGoble05.book Page xv

37、i Monday, February 27, 2006 8:15 PM11The SafetyLifecycleIntroductionA working definition of the Safety Lifecycle is that it is an engineering process utilizing specific steps to ensure that Safety Instrumented Systems (SIS) are effective in their key mission of risk reduction as well as being cost e

38、ffective over the life of the system. Activities associated with the Safety Lifecycle start when the conceptual design of facilities is complete and stop when the facilities are entirely decommissioned. Key activities associated with a Safety Lifecycle are outlined below.Analyzing risksAssessing the

39、 need for risk reductionEstablishing system performance requirementsImplementing the system according to the required performance criteriaAssuring that the system is always correctly operated on the structure and planning of the safety lifecycle; and on verification throughout the entire lifecycle.

40、Figure 1-4. IEC 61508 Safety LifecycleFigure 1-5. ANSI/ISA-84.00.01-2004 (IEC 61511) Safety Lifecycle“ANALYSIS” Phase(End User / Consultant)1 ConceptOverall ScopeDefinitionHazard however, the trend is clearly toward more analysis (Ref. 12 and 13). The consequence severity and the likelihood frequenc

41、ies determine risk. In some cases, the risk of a hazard is within tolerable levels, and no risk reduction is needed. For these cases, no SIS is required. In other cases, risk reduction is required, and the quantity of risk reduction is specified by an order-of-magnitude level called the safety integ

42、rity level (SIL) as indicated in Figure 1-7. Each safety instrumented function is documented in the safety requirements specification. That document (or collection of documents) includes all functional information, logic, performance information, timing, bypass/maintenance requirements, reset requir

43、ements, the safety integrity level for each safety instrumented function, and any other requirement information that the designers may need.Realization PhaseWhen all safety instrumented functions are identified and documented, the design work can begin (Figure 1-8). A conceptual design is performed

44、by choosing the desired technology for the sensor, the logic solver, and the final element. Redundancy may be included so as to achieve high levels of safety integrity, to minimize false trips, or for both reasons. Once the technology and architecture have been chosen, the designers review the perio

45、dic test philosophy constraints provided in the SRS. Given that safety instrumented systems will, hopefully, not be called on to activate, they must be completely inspected and tested at specified time Figure 1-7. A Chart of Safety Integrity Levels (SIL)Safety Integrity Level4321Probability of Failu

46、re on Demand (PFDavg.) Low Demand ModeRisk Reduction Factor (RRF)10010 dRRF211010t! PFDavg321010t!PFDavg431010t!PFDavg541010t!PFDavg1000100 dRRF100001000 dRRF10000010000 dRRFGoble05.book Page 9 Monday, February 27, 2006 8:15 PM10 The Safety Lifecycleintervals. This periodic testing is performed to e

47、nsure that all the elements of the system are fully operational and to verify that no failures have occurred. In some industries, the target periodic test interval corresponds with a major maintenance cycle, for example, two, three, or even five years. In other industries, a periodic inspection must

48、 be done more frequently. If these tests must be performed while the process is operating, online test facilities are designed into the system. A periodic inspection and test plan is required for all the instrumentation equipment in each safety instrumented function. Once the technology, architectur

49、e, and periodic test intervals are defined, the designers do a reliability and safety evaluation (Ref. 14 and 15) to verify that the design has met the target safety integrity level and reliability requirements. In the past, this probabilistic evaluation has not been part of a conventional design process. The effort requires gathering failure rate data as a function of failure modes for each piece of equipment in the safety instrumented function. Results of the evaluation typically include a number of safety integrity and ava