1、Safety Instrumented Functions (SIF)- Safety Integrity Level (SIL)Evaluation Techniques Part 4:Determining the SIL of a SIFvia Markov AnalysisApproved17 June 2002ISA-TR84.00.02-2002 - Part 4TECHNICAL REPORTISA The Instrumentation,Systems, andAutomation Society TMNOTICEOFCOPYRIGHTThis is a copyrighted
2、 document and may not be copied or distributed in anyform or manner without the permission of ISA. This copy of the document wasmadeforthesoleuseofthepersontowhomISAprovideditandissubjecttothe restrictions stated in ISAs license to that person. It may not be provided toany other person in print, ele
3、ctronic, or any other form. Violations of ISAscopyright will be prosecuted to the fullest extent of the law and may result insubstantial civil and criminal penalties.ISA-TR84.00.02-2002 Part 4Safety Instrumented Functions (SIF) Safety Integrity Levels (SIL) Evaluation Techniques Part 4:Determining t
4、he SIL of a SIF via Markov AnalysisISBN: 1-55617-805-0Copyright 2002 by The Instrumentation, Systems, and Automation Society. All rights reserved. Not forresale. Printed in the United States of America. No part of this publication may be reproduced, stored ina retrieval system, or transmitted in any
5、 form or by any means (electronic mechanical, photocopying,recording, or otherwise), without the prior written permission of the Publisher.ISA67 Alexander DriveP.O. Box 12277Research Triangle Park, North Carolina 27709- 3 - ISA-TR84.00.02-2002 - Part 4PrefaceThis preface, as well as all footnotes an
6、d annexes, is included for information purposes and is not part ofISA-TR84.00.02-2002 Part 4.This document has been prepared as part of the service of ISA the Instrumentation, Systems, andAutomation Society toward a goal of uniformity in the field of instrumentation. To be of real value, thisdocumen
7、t should not be static but should be subject to periodic review. Toward this end, the Societywelcomes all comments and criticisms and asks that they be addressed to the Secretary, Standards andPractices Board; ISA; 67 Alexander Drive; P. O. Box 12277; Research Triangle Park, NC 27709;Telephone (919)
8、 549-8411; Fax (919) 549-8288; E-mail: standardsisa.org.The ISA Standards and Practices Department is aware of the growing need for attention to the metricsystem of units in general, and the International System of Units (SI) in particular, in the preparation ofinstrumentation standards. The Departm
9、ent is further aware of the benefits to USA users of ISAstandards of incorporating suitable references to the SI (and the metric system) in their business andprofessional dealings with other countries. Toward this end, this Department will endeavor to introduceSI-acceptable metric units in all new a
10、nd revised standards, recommended practices, and technicalreports to the greatest extent possible. Standard for Use of the International System of Units (SI): TheModern Metric System, published by the American Society for Testing and redundant element with one or more safety instrumented function.Ea
11、ch element should be evaluated with respect to all the safety instrumented functions with which it isassociated to ensure that it meets the integrity level required for each safety instrumented function; to understand the interactions of all the safety instrumented functions; and to understand the i
12、mpact of failure of each component.This document does not provide guidance in the determination of the specific SIL required (e.g., SIL I, 2,and 3) for the SIS. The user is again referred to ANSI/ISA-84.01-1996 or to other references.ISA-TR84.00.02-2002 - Part 4 - 12 -The primary focus of this docum
13、ent is on evaluation methodologies for assessing the capability of theSIS. The SIS lifecycle model is defined in ANSI/ISA-84.01-1996. Figure I.2 shows the boundaries of theSIS and how it relates to other systems.StartConceptualProcessDesignPerformProcess HazardAnalysis systematic failures may be int
14、roduced during the specification,design, implementation, operational and modification phase and may affect hardware as well as software.ANSI/ISA-84.01-1996 addresses systematic safety integrity by specifying procedures, techniques,measures, etc. that reduce systematic failures.SIS BoundaryISA-TR84.0
15、0.02-2002 - Part 4 - 14 -An acceptable safe failure rate is also normally specified for a SIF. The safe failure rate is commonlyreferred to as the false trip, nuisance trip, or spurious trip rate. The spurious trip rate is included in theevaluation of a SIF, since process start up and shutdown are f
16、requently periods where chances of ahazardous event are high. Hence in many cases, the reduction of spurious trips will increase the safety ofthe process. The acceptable safe failure rate is typically expressed as the mean time to a spurious trip(MTTFspurious).NOTE In addition to the safety issue(s)
17、 associated with spurious trips the user of the SIS may also want the acceptableMTTFspuriousto be increased to reduce the effect of spurious trips on the productivity of the process under control. This increase inthe acceptable MTTFspuriouscan usually be justified because of the high cost associated
18、 with a spurious trip.The objective of this technical report is to provide users with techniques for the evaluation of the hardwaresafety integrity of SIF (PFDavg) and the determination of MTTFspurious. Methods of modeling systematicfailures are also presented so a quantitative analysis can be perfo
19、rmed if the systematic failure rates areknown.ISA-TR84.00.02-2002 shows how to model complete SIF, which includes the sensors, the logic solverand final elements. To the extent possible the system analysis techniques allow these elements to beindependently analyzed. This allows the safety system des
20、igner to select the proper system configurationto achieve the required safety integrity level.ISA-TR84.00.02-2002 - Part 1 provides a detailed listing of the definition of all terms used in this document. These are consistent with theANSI/ISA-84.01-1996, IEC 61508 and IEC 61511 standards. the backgr
21、ound information on how to model all the elements or components of a SIF. It focuses onthe hardware components, provides some component failure rate data that are used in the examplescalculations and discusses other important parameters such as common cause failures and functionalfailures. a brief i
22、ntroduction to the methodologies that will be used in the examples shown in this document.They are Simplified equations (3), Fault Tree Analysis (4), and Markov Analysis (5).ISA-TR84.00.02-2002 - Part 2 provides simplified equations for calculating the SIL values for DemandMode Safety Instrumented F
23、unctions (SIF) installed in accordance with ANSI/ISA-84.01-1996,“Applications of Safety Instrumented Systems for the Process Industries”. Part 2 should not beinterpreted as the only evaluation technique that might be used. It does, however, provide theengineer(s) performing design for a SIS with an
24、overall technique for assessing the capability of thedesigned SIF.ISA-TR84.00.02-2002 - Part 3 provides fault tree analysis techniques for calculating the SIL for DemandMode Safety Instrumented Functions (SIF) installed in accordance with ANSI/ISA-84.01-1996,“Applications of Safety Instrumented Syst
25、ems for the Process Industries”. Part 3 should not beinterpreted as the only evaluation technique that might be used. It does, however, provide theengineer(s) performing design for a SIS with an overall technique for assessing the capability of thedesigned SIF.ISA-TR84.00.02-2002 - Part 4 provides M
26、arkov analysis techniques for calculating the SIL values forDemand Mode Safety Instrumented Functions (SIF) installed in accordance with ANSI/ISA-84.01-1996,“Applications of Safety Instrumented Systems for the Process Industries”. Part 4 should not beinterpreted as the only evaluation technique that
27、 might be used. It does, however, provide theengineer(s) performing design for a SIS with an overall technique for assessing the capability of thedesigned SIF.- 15 - ISA-TR84.00.02-2002 - Part 4ISA-TR84.00.02-2002 - Part 5 addresses the logic solver only, using Markov Models for calculating thePFD o
28、f E/E/PE logic solvers because it allows the modeling of maintenance and repairs as a function oftime, treats time as a model parameter, explicitly allows the treatment of diagnostic coverage, and modelsthe systematic failures (i.e., operator failures, software failures, etc.) and common cause failu
29、res.Figure I.3 illustrates the relationship of each part to all other parts.ISA-TR84.00.02-2002 - Part 4 - 16 -Figure I.3 ISA-TR84.00.02-2002 overall frameworkPart 1Part 2Part 3Part 4Part 5Development of the overall terms, symbols, explanation ofSIS element failures, comparison of system analysistec
30、hniques, and uncertainty analysis examples.Development of SIL for SIF usingSimplified Equation Methodology.Development of SIL for SIF usingFault Tree Analysis Methodology.Development of SIL for SIF usingMarkov Analysis Methodology.Guidance indeterminingthe PFD ofE/E/PE logicsolver(s) viaMarkovAnalys
31、is.- 17 - ISA-TR84.00.02-2002 - Part 41 Scope1.1 ISA-TR84.00.02-2002 - Part 4 is informative and does not contain any mandatory requirements.ISA-TR84.00.02-2002 - Part 4 is intended to be used only after a thorough understanding of ISA-TR84.00.02-2002 Part 1. This technical report is intended to pro
32、videa) technical guidance in Safety Integrity Level (SIL) Analysis;b) ways to implement Safety Instrumented Functions (SIF) to achieve a specified SIL;c) failure rates and failure modes of SIF components;d) diagnostics, diagnostic coverage, covert faults, test intervals, redundancy of SIF components
33、; ande) tool(s) for SIL verification of SIF.1.2 ISA-TR84.00.02-2002 - Part 4 provides one possible technique for calculating PFDavgvalues forSafety Instrumented Systems (SIS) installed in accordance with ANSI/ISA-84.01-1996, “Application ofSafety Instrumented Systems for the Process Industries.”1.3
34、Persons using ISA-TR84.00.02-2002 - Part 4 require knowledge of the Markov modeling technique.The reader who is interested in learning more about Markov modeling is referred to: Evaluating Control Systems Reliability(5), Chapter 5; Reliability Evaluation of Engineering Systems(12), Chapter 8 and 9;
35、Introduction to Reliability Engineering(13), Chapter 9; ISA-TR84.00.02-2002 - Part 5.1.4 ISA-TR84.00.02-2002 - Part 4 introduces the reader to three examples, which explain the Markovtheory and capabilities. These three examples make it possible to better understand the Base Example,which is also pr
36、esented in ISA-TR84.00.02-2002 Part 2 and ISA-TR84.00.02-2002 Part 3.2 References1. ANSI/ISA-84.01-1996 “Application of Safety Instrumented Systems for the Process Industries,”Instrumentation, Systems, and Automation Society,“ ISA, Research Triangle Park, NC, 27709,February 1996.2. ISA-TR84.00.02-20
37、02, “Safety Instrumented Functions (SIF) Safety Integrity Level EvaluationTechniques, Part 1: Introduction; Part 2: Determining the SIL of a SIF via Simplified Equations; Part 3:Determining the SIL of a SIF via Fault Tree Analysis; Part 4: Determining the SIL of a SIF via MarkovAnalysis; Part 5: Det
38、ermining the PFD of SIS Logic Solvers via Markov Analysis,“ Instrumentation,Systems and Automation Society, Technical Report, Research Triangle Park, NC, 27709, 2002.3. “Reliability, Maintainability and Risk (Practical Methods for Engineers),” 4thEdition, D.J. Smith,Butterworth-Heinemann, 1993. ISBN
39、 0-7506-0854-4.4. “Guidelines for Safe Automation of Chemical Processes,” Center for Chemical Process Safety,American Institute of Chemical Engineers, New York, NY 10017, 1993.5. “Evaluating Control Systems Reliability,” W. M. Goble, Instrument Society of America, ResearchTriangle Park, NC, 27709, 1
40、990.ISA-TR84.00.02-2002 - Part 4 - 18 -6. Probabilistic Risk Assessment, Henley, Ernest J. and Kumamoto, Hiromitsu, IEEE Press, New York,New York, 1992.7. CARE III, COSMIC, University of Georgia, 382 Broad East Street, Athens, GA 30602, USA.8. CARMS, DAINA Corp., 4111 Central Ave. NE, Suite 212, Col
41、umbia Heights, MN 55421-2953, USA.9. MARKOV1, Decision Systems Associates, 746 Crompton Rd., Redwood City, CA 94061, USA.10. PC Availability, Management Sciences, 6022 Constitution Ave. NE, Albuquerque, NM 87110, USA.11. MKV, Item Software Inc., 6545 Sunrise Blvd. Suite 201, Citrus Heights, Californ
42、ia 95610-5105, USA.12. “Reliability Evaluation of Engineering Systems,” R. Billinton, R.N. Allan, Pitman Advanced PublishingProgram, Marshfield, MA 02050, 1983.13. “Introduction to Reliability Engineering,” E.E. Lewis, John Wiley Partially failed system (degraded), but still fulfilling its function;
43、 or Totally failed system.4.2 A Markov model consists of Markov states and the transitions between these states, seeFigure 4.1. The driving force to transition from one state to another is the failure or repair probability ofcomponents. There are two reasons why a transition from one state to anothe
44、r can occur: First, a component in an operating state can fail. Second, a component in a failed state can be repaired.- 19 - ISA-TR84.00.02-2002 - Part 4State 1 State 2FailureRepairFigure 4.1 Simple Markov model5 Modeling and calculation proceduresMarkov analysis offers certain advantages and disadv
45、antages. The main advantage of Markov modelingis its modeling flexibility. Markov analysis can model all the aspects that are important for SIFs. In oneMarkov model, it is, for example, possible to model different failure modes of different components,different repair or test strategies (i.e., on-li
46、ne, off-line, periodic), imperfect testing and repair, diagnosticscapabilities, time dependent sequences of failures and common cause or systematic failures. Once theMarkov model is constructed all the information is available to calculate the probability of a failure ondemand or spurious trip.The m
47、ain disadvantage is its computational and modeling complexity. A number of computer programsare available on the market to perform the actual calculations, for example CARE III(7), CARMS(8),MARKOV1(9), PC Availability(10), MKV(11). The construction of the Markov model is seen by users andpractitione
48、rs of the technique as the largest disadvantage. Todays current practice is that these modelsare constructed by hand. ISA-TR84.00.02-2002 Part 4, Clause 5 explains a straight forward FMEA typeof approach to construct the Markov model. This method is easy in use although constructing the Markovmodel
49、is more time consuming and tedious as the SIS grows in complexity.5.1 Modeling and calculation procedures1. Assign each safety function to its SIS as defined in the safety requirements specification(1).2. List the components that have a safety impact on each safety function. This will include logicsolver(s), sensor(s) and final control element(s).3. List the possible failure modes for each component.4. Determine the degraded (intermediate) and failure system states by introducing in a systematic waythe different failure modes of each component and its e
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1