1、Safety Integrity LevelSelectionSystematic Methods IncludingLayer of Protection AnalysisSafety Integrity LevelSelectionSystematic Methods IncludingLayer of Protection AnalysisEdward M. Marszal, P.E., C.F.S.E.Dr. Eric W. Scharpf, MIPENZNoticeThe information presented in this publication is for the gen
2、eral education of the reader. Because neither the author nor the publisher has any control over the use of the information by the reader, both the author and the publisher disclaim any and all liability of any kind arising out of such use. The reader is expected to exercise sound professional judgme
3、nt in using any of the information presented in a particular application.Additionally, neither the author nor the publisher has investigated or considered the effect of any patents on the ability of the reader to use any of the information in a particular application. The reader is responsible for r
4、eviewing any possible patents that may affect any particular use of the information presented.Any references to commercial products in the work are cited as examples only. Neither the author nor the publisher endorses any referenced commercial product. Any trademarks or tradenames referenced belong
5、to the respective owner of the mark or name. Neither the author nor the publisher makes any representation regarding the availability of any referenced commercial product at any time. The manufacturers instructions on use of any commercial product must be followed at all times, even if in conflict w
6、ith the information in this publication.Copyright 2002 ISA The Instrumentation, Systems, and Automation SocietyAll rights reserved. Printed in the United States of America. 10 9 8 7 6 5 4 3 2ISBN 1-55617-777-1No part of this work may be reproduced, stored in a retrieval system, or transmitted in any
7、 form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher.ISA67 Alexander DriveP.O. Box 12277Research Triangle Park, NC 27709For information on corporate or group discounts for this book, e-mail: bulksalesisa.org.Librar
8、y of Congress Cataloging-in-Publication DataMarszal, Edward M.Safety integrity level selection: systematic methods including layerof protection analysis / Edward M. Marszal, Eric W. Scharpf.p. cm.Includes bibliographical references and index.ISBN 1-55617-777-11. Industrial safety-Data processing. 2.
9、 System safety. I. Scharpf,Eric William. II. Title.T55 .M3563 2002620.86-dc212002003324DedicationEMM: For all of my girls: Lisa, Melanie Jane, and Lucy.EWS: For Susan.Ive done the mathEnough to knowThe dangers of Our second guessing. Tool (“Schism,” Lateralus, 2001)They do not preach that their God
10、will rouse them a little before the nuts work looseThey do not teach that His pity allows them to drop their job when they dam-well chooseAs in the thronged and lighted ways, so in the dark and desert they stand,Wary and watchful all their days that their brethrens days may be long in this land. Rud
11、yard Kipling (“The Sons of Martha,” 1907)Karma police, arrest this man,He talks in Math. Radiohead (“Karma Police,” OK Computer, 1997)IXContentsPreface xiiiChapter 1 Selecting Safety Integrity Levels: Introduction 11.1 Safety Integrity Level 21.2 Safety Instrumented Functions 31.3 SIL Selection and
12、Risk 51.4 Qualitative versus Quantitative SIL Selection 81.5 Benefits of Systematic SIL Selection 121.6 Objectives of this Book 131.7 Summary 141.8 Exercises 151.9 References 16Chapter 2 Safety Life Cycle Context for SIL Selection 172.1 Standards and the Safety Life Cycle 172.2 SLC Analysis Phase 21
13、2.3 SLC Realization Phase 232.4 SLC Operation Phase 252.5 Summary 252.6 Exercises 272.7 References 27Chapter 3 Tolerable Risk 293.1 Philosophical and Political Basis of Risk Tolerance 303.2 Measuring Tolerable Risks (Revealed Values) 323.3 Risk Tolerance Decisions Based on Financial Guidelines 333.4
14、 Expressions of Risk 353.5 Benchmarking Risk Acceptance 413.6 Using a Financial Basis for Making Risk Reduction Decisions 453.7 Summary 463.8 Exercises 473.9 References 48Chapter 4 Identifying Safety Instrumented Functions 494.1 General Risk Identification and Hazard Analysis 504.2 Identification fr
15、om PHA Reports 524.3 Identification from Engineering Drawings 564.4 Summary 574.5 Exercises 584.6 References 59Safety Integrity Level Selection: Systematic Methods Including Layer of Protection AnalysisXChapter 5 Rules of Probability 615.1 Assigning Probability to an Event 615.2 Types of Events and
16、Event Combinations 625.3 Combining Event Probabilities 655.4 Fault Tree Analysis 695.5 Failure Rate and Probability 755.6 Simplifications and Approximations 815.7 Summary 835.8 Exercises 855.9 References 86Chapter 6 Consequence Analysis Overview 876.1 Introduction to Consequence Analysis 886.2 Metho
17、ds for Performing Consequence Analysis 896.3 Consequence Definitions and Measures 926.4 Quantitative Analysis of Chemical Releases 956.5 Effect Zone and Consequence 1066.6 Consequence Analysis Tools 1096.7 Summary 1126.8 Exercises 1136.9 References 114Chapter 7 Likelihood Analysis Overview 1177.1 St
18、atistical Analysis 1177.2 Fault Propagation Modeling 1187.3 Likelihood Analysis: An Example 1227.4 Summary 1287.5 Exercises 1297.6 References 129Chapter 8 Event Tree Analysis 1318.1 Introduction to Event Tree Analysis 1318.2 Initiating Events 1328.3 Branches 1338.4 Outcomes 1348.5 Quantifying Event
19、Trees 1358.6 Average Consequence of Incidents Using Event Trees 1378.7 Summary 1388.8 Exercises 1398.9 References 140Chapter 9 Layer of Protection Analysis 1419.1 LOPA Overview 1419.2 Protection Layers and Mitigating Events 1429.3 LOPA Quantification 1439.4 Typical Protection Layers 1449.5 Multiple
20、Initiating Events 1569.6 Summary 1579.7 Exercises 1589.8 References 159ContentsXIChapter 10 SIL Assignment 16110.1 Correlating Required Risk Reduction and SIL 16210.2 Hazard Matrix 16510.3 Risk Graph 16910.4 Incorporating LOPA into Qualitative Methods 17710.5 Assignment Based on Frequency 17910.6 As
21、signment Based on Individual and Societal Risk 18210.7 Calibrating Hazard Matrices and Risk Graphs 18310.8 SIL Assignment Based on Environmental Consequence 18610.9 SIL Assignment Based on Financial Consequence 19210.10 Selecting from Multiple Integrity Level Categories 19510.11 Summary 19810.12 Exe
22、rcises 19910.13 References 203Appendix A Derivation of Equations 205A.1 DerivationSIL Assignment Equation 205A.2 DerivationTolerable Event Frequency 207A.3 DerivationComponent Average Probability of Failure (Single Mode) 209Appendix B Acronyms 211Appendix C Glossary 213Appendix D Problem Solutions 2
23、27Index 245XIIIPrefaceThis book describes a systematic method for selecting safety integrity lev-els (SILs) for safety instrumented systems (SIS). Although numerous methods have been proposed and adopted by industry, layer of protec-tion analysis (LOPA) is rapidly becoming the most frequently used m
24、ethod. Its popularity stems from its ease of use and the accuracy of the results it provides. This LOPA method, more than any other, accounts for most existing layers of protection. With this proper accounting, the SIS is neither overdesigned nor overpriced. The LOPA method ensures that users achiev
25、e the maximum return on their risk reduction investments.We wrote this book because we found that there is a need for a com-prehensive and authoritative discussion of the process of selecting SILs. The small amount of literature on the subject is scattered among various periodicals and symposia. Mor
26、eover, much of this material is of marginal quality, mainly focusing on qualitative methods.The result of using poor methods to select SILs is typically either an overdesigned or an underdesigned safety instrumented system. The risk analysis that forms the basis for SIL selection, however, can be gr
27、eatly improved. This will provide the user with more accurate results so for-merly inflated requirements can be relaxed, which will in turn lower not only the initial installation costs, but the cost of ongoing maintenance. Because of the high costs associated with poor selection methods, many pract
28、itioners are turning to more quantitative methods, one of which is layer of protection analysis. Thus, layer of protection analysis already boasts a strong and rapidly growing base of sophisticated users.In developing the tools and procedures that control systems engineers can use to select SILs, we
29、 found there was no need for new scientific the-ories or extensive laboratory research. Instead, these tools and proce-dures are directly derived from the specific application of general princi-ples of loss prevention engineering to SIS design. The key purpose of this book is to make this sometimes
30、obscure theory accessible to a wider audi-ence and to focus these principles on the task of SIL selection. We are indebted to the late Frank P. Lees for making this task manageable. His three-volume collection, Loss Prevention for the Process Industries (1992), contains a vast and vital storehouse o
31、f knowledge on the topic of loss prevention.Safety Integrity Level Selection: Systematic Methods Including Layer of Protection AnalysisXIVAbout this BookThe material for this book was developed from a series of training courses and seminars we have written and delivered over the past few years. The
32、Exida training course (which bears the same name as this book and is co-sponsored by ISA under the catalog number EX-01) and numerous related on-line courses provided a major source of material for this book and also provided an outline for organizing its contents.Much of the material in this book i
33、s based on the application of the safety life cycle as it is described in the international standards ANSI/ISA-84.01-1996-Application of Safety Instrumented Systems for the Process Industry and IEC 61508/61511. This book expands upon the framework developed in these standards. In addition to describ
34、ing the tasks that users should perform during the safety life cycle, this book also provides detailed procedures for accomplishing these tasks. These procedures are based on risk analysis and reliability engineering principles from a variety of disciplines.This book is intended to demonstrate the a
35、pplication of quantitative risk analysis techniques and tools to the problem of selecting SILs. Its goal is to bring this topic down to earth and explain it in a clear and approachable way, distilling the essential theory into a format that the practicing control systems engineer can apply quickly a
36、nd effectively in everyday work. This book is not intended to be a generic theoretical dis-sertation, nor a comprehensive treatment of the topic of quantitative risk analysis. It presents a focused process for applying simple, yet powerful, tools of quantitative risk analysis specifically to the pro
37、blem of selecting SILs for safety instrumented systems.About the AuthorsEdward M. Marszal, P.E., C.F.S.E., and Dr. Eric W. Scharpf, MIPENZ, are principal engineers and partners in Exida, an engineering consulting firm that helps users and vendors of automation systems develop safety-criti-cal and hi
38、gh-availability automation solutions. At Exida, both authors are responsible for safety life cycle services for end users, including pro-cess hazards analysis, SIL selection and verification, and functional safety assessment of safety critical systems.Mr. Marszal started his career with UOP, a licen
39、sor of process units to the petroleum and petrochemical industries, where he performed functional assessments of control and safety instrumented systems at customer sites worldwide. At UOP, he designed and managed the devel-opment of custom control and SIS projects. After leaving UOP, he joined the
40、Environmental Resource Management companies in their Business Risk Solutions consulting group. In this position, he specialized in finan-PrefaceXVcial risk analysis and process safety management. He performed and managed risk assessment projects that involved quantitative risk analysis, including pr
41、eparing Environmental Protection Agency (EPA) Risk Man-agement Plans with off-site consequence analysis for over one hundred facilities. Companies used his recommendations from these projects to ensure regulatory compliance, justify risk reduction expenditures, and optimize insurance coverage.Mr. Ma
42、rszal holds a Bachelor of Science in chemical engineering from Ohio State University and is a registered professional engineer in the states of Illinois and Ohio. He has developed and taught safety instru-mented system engineering courses for ISA, for whose local chapters in Columbus, Ohio, he holds
43、 several executive positions. He is also a mem-ber of the American Institute of Chemical Engineers. Mr. Marszal was among the first group of engineers to be awarded the status of Certified Functional Safety Expert (C.F.S.E.) by TV Product Services.Dr. Scharpf has worked as a process chemical enginee
44、r in the petro-leum and chemicals industries for both Mobil and Air Products and Chemicals in the United States and Europe. In these roles he has designed and developed several new processes and published numerous patents and papers on his work. He has focused much of his career on process optimizat
45、ion, new process design, safety and risk analysis in vari-ous segments of the chemical processing industry. This work has included hazard, risk, and consequence analysis as well as safety system work. Because of Dr. Scharpfs increasing responsibility level and per-sonal interest in the safety and ri
46、sk-related aspects of these systems and processes, in 2000 he joined Mr. Marszal in forming Exida to pursue this work more directly. At Exida, he now leads the consulting, training, and support for safety-critical and high-availability process automation in the Asia-Pacific region. In this role, he
47、has authored and reviewed numerous Exida safety training courses and related material focusing primarily on IEC 61508, 61511, and 62061 safety life cycle applications.Dr. Scharpf has a Bachelor of Science in chemical engineering from the University of Delaware and a Ph.D. in chemical engineering fro
48、m Princeton University. Dr. Scharpf is a registered engineer and member of the Institution of Professional Engineers New Zealand and is a member of the New Zealand Society for Risk Management. He also serves as a mem-ber of the Board of Directors of the Certified Functional Safety Expert Governance
49、Board. Dr. Scharpf is currently based near Dunedin, New Zealand, and teaches courses in safety, process engineering, and related subjects at the University of Otago in addition to his responsibilities at Exida.1CHAPTER 1Selecting Safety Integrity Levels: IntroductionThe purpose of a safety instrumented system (SIS) is to reduce the risk that a process may become hazardous to a tolerable level. The SIS does this by decreasing the frequency of unwanted accidents. The amount of risk reduction that an SIS can provide is represented by its safety integrity level (SIL), which is
