IEC 61508 IEC 61511 Presentation - PowerPoint PPT Presentation

1 / 56
About This Presentation
Title:

IEC 61508 IEC 61511 Presentation

Description:

Standard History ... American Standard ISA-S84.01 (1996) and German DIN 19250 (1994). Standard Requirements. Other related standards. DIN 19250 (1994) ... – PowerPoint PPT presentation

Number of Views:2365
Avg rating:3.0/5.0
Slides: 57
Provided by: Franc251
Category:

less

Transcript and Presenter's Notes

Title: IEC 61508 IEC 61511 Presentation


1
IEC 61508 IEC 61511Presentation
Document last revised 20 May 2005
G.M. International s.r.l Via San Fiorano,
70 20058 Villasanta (Milano) ITALY www.gmintsrl.co
m info_at_gmintsrl.com
2
Standard Definitions
  • Title Standard for Functional Safety of
  • Electrical / Electronic / Programmable Electronic
  • Safety-Related System
  • IEC 61511 has been developed as a
  • Process Sector of IEC 61508
  • Title Safety Instrumented Systems for the
  • Process Industry

3
Standard History
  • The IEC 61508 was conceived to define and
    harmonize a method to reduce risks of human
    and/or valuable harms in all environments.
  • The IEC 61508 integrates and extends
  • American Standard ISA-S84.01 (1996)
  • and German DIN 19250 (1994).

4
Standard Requirements
5
Other related standards
  • DIN 19250 (1994)
  • Title Fundamental Safety aspects to be
    considered for measuring and control equipment
  • Deals with Quantitative Risk Analysis used for
    Part 5 of IEC 61508, classification in AK classes
    1-8 similar to SIL levels
  • ISA-S84.01 (1996)
  • Title Application of Safety Instrumented
    Systems (SIS) for the process industry
  • Defines Safety Lifecycles assuming Risk analysis
    and SIL been carried out.

6
Fundamental Concepts
  • Risk Reduction and Risk Reduction Factor (RRF)
  • Safety Integrity Level (SIL)
  • Independence Levels and consequences
  • Probability of Failure on Demand (PFD)
  • Reliability
  • Availability
  • Failure Rate (?)
  • Proof Test Interval between two proof tests
    (TProof)
  • Failure In Time (FIT)
  • Mean Time To Failure (MTTF)
  • Mean Time Between Failure (MTBF)
  • Mean Time To Repair (MTTR)
  • Safe Failure Fraction (SFF)
  • Safety Lifecycle
  • Safety Instrumented System (SIS)

7
Risk Reduction
Fundamental Concepts
As Low As Reasonably Practicable or Tollerable
Risk (ALARP ZONE)
8
Risk Reduction
Fundamental Concepts
9
Safety Integrity Level (SIL)
Fundamental Concepts
  • SIL levels (Safety Integrity Level)
  • RRF (Risk Reduction Factor)
  • PFD avg (Average Probability of Failure on
    Demand)
  • SIL Table for Demand and Continuous mode of
    Operation

10
Independence Levels
Fundamental Concepts
  • Assessement Independence Level
  • as a function of consequences

11
PFDavg / RRF
Fundamental Concepts
Correlation between Probability of Failure on
Demand and Risk Reduction Factor
12
Reliability
Fundamental Concepts
  • Reliability is a function of operating time.
  • All reliability functions start from reliability
    one and decrease to reliability zero. The device
    must be successful for an entire time interval.
  • The statement Reliability 0.76 for a time of
    100.000 hs makes perfect sense.
  • R(t) P(Tgtt)

13
Reliability
Fundamental Concepts
  • Reliability is the probability that a device will
    perform its intended function when required to do
    so,
  • if operated within its specified design limits.
  • The device intended function must be known.
  • When the device is required to function must be
    judged.
  • Satisfactory performance must be determined.
  • The specified design limits must be known.
  • Mathematically reliability is the probability
    that a device
  • will be successful in the time interval from zero
    to t
  • in term of a random variable T.

14
Availability
Fundamental Concepts
  • Availability is the probability that a device is
    successful at
  • time t.
  • No time interval is involved.
  • A device is available if its operating.
  • The measure of success is MTTF (Mean Time To
    Failure)

15
MTTF
Fundamental Concepts
  • MTTF is an indication of the average successful
    operating time of a device (system) before a
    failure in any mode.
  • MTBF (Mean Time Between Failures)
  • MTBF MTTF MTTR
  • MTTF MTBF - MTTR
  • MTTR (Mean Time To Repair)
  • Since (MTBF gtgt MTTR) MTBF is very near to
    MTTF in value.

16
MTBF and Failure Rate
Fundamental Concepts
  • Relation between MTBF and Failure Rate ?
  • Failure per unit time 1
  • ? ----------------------------- ------------
  • Quantity Exposed MTBF
  • 1 Quantity Exposed
  • MTBF ------ ----------------------------
  • ? Failure per unit time

17
MTBF - Example
Fundamental Concepts
  • Instantaneous failure rate is commonly used as
    measure of reliability.
  • Eg. 300 Isolators have been operating for 10
    years. 3 failures have occurred. The average
    failure rate of the isolators is
  • Failure per unit time 3
  • ? -------------------------------
    -----------------
  • Quantity Exposed 300108760
  • 0.000000038 per hour
  • 38 FIT (Failure per billion hours)
  • 38 probabilities of failure in one billion
    hours.
  • MTBF 1 / ? 303 years (for constant failure
    rate)

18
Failure Rate Categories
Fundamental Concepts
  • ? tot ? safe ? dangerous
  • ? s ? sd ? su
  • ? d ? dd ? du
  • ? tot ? sd ? su ? dd ? du
  • Where
  • sd Safe detected
  • su Safe undetected
  • dd Dangerous detected
  • du Dangerous undetected

19
FIT
Fundamental Concepts
  • Failure In Time is the number of failures per one
    billion devices hours.
  • 1 FIT 1 Failure in 109 hours
  • 10-9 Failures per hour

20
SFF (Safe Failure Fraction)
Fundamental Concepts
SFF summarizes the fraction of failures, which
lead to a safe state and the fraction of failure
which will be detected by diagnostic measure
and lead to a defined safety action
21
Type A SFF Chart
Fundamental Concepts
  • Type A components are described as simple devices
    with well-known failure modes and a solid history
    of operation

22
Type B SFF Chart
Fundamental Concepts
  • Type B Complex component (using micro
    controllers or programmable logic) according
    7.4.3.1.3 of IEC 61508-2

23
HSE Study
Fundamental Concepts
  • Results of system failure cause study done by
    English Health and Safety Executive (HSE)

24
Safety Lifecycle Origin
Fundamental Concepts
25
Safety Lifecycle 1/5
Fundamental Concepts
26
Safety Lifecycle 2/5
Fundamental Concepts
  • First portion of the overall safety lifecycle
  • ANALYSIS (End user / Consultant)

27
Safety Lifecycle 3/5
Fundamental Concepts
  • Realisation activities in the overall safety
    lifecycle

28
Safety Lifecycle 4/5
Fundamental Concepts
  • Safety lifecycle for the E/E/PES
  • (Electrical / Electronic / Programmable
    Electronic)
  • Safety - Related System (IEC 61508, Part 2)

29
Safety Lifecycle 5/5
Fundamental Concepts
  • Last portion of the overall safety lifecycle
  • OPERATION (End User / Contractor)

30
SIS
Fundamental Concepts
  • SIS (Safety Instrumented System)
  • according to IEC 61508 and IEC 61511

31
IEC 61511
  • Safety Instrumented Systems
  • for Process Industry
  • IEC 61511 has been developed as a Process Sector
    implementation of the IEC 61508.
  • The Safety Lifecycle forms the central framework
    which links together most of the concepts in this
    standard, and evaluates process risks and SIS
    performance requirements (availability and risk
    reduction).
  • Layers of protection are designed and analysed.
  • A SIS, if needed, is optimally designed to meet
    particular process risk.

32
Process sector system standard
IEC 61511
33
IEC 61511 Parts
IEC 61511
  • The Standard is divided into three Parts
  • Part 1 Framework, Definitions, Systems, Hardware
    and Software Requirements
  • Part 2 Guidelines in the application of IEC
    61511-1
  • Part 3 Guidelines in the application of hazard
    and risk analysis

34
IEC 61511 Part 3
IEC 61511
Guidelines in the application of hazard and risk
analysis
35
FMEDA
  • Failure Modes and Effects Diagnostic Analysis
    (FMEDA)
  • Is one of the steps taken to achieve functional
    safety assessement of a device per IEC 61508 and
    is considered to be a systematic way to
  • identify and evaluate the effects of each
    potential component failure mode
  • classify failure severity
  • determine what could eliminate or reduce the
    chance of failure
  • document the system (or sub-system) under
    analysis.

36
FMEDA
  • The following assumptions are usually made during
    the FMEDA
  • Constant Failure Rates (wear out mechanisms not
    included)
  • Propagation of failures is not relevant
  • Repair Time 8 hours
  • Stress levels according IEC 60654-1, Class C
    (sheltered location), with temperature limits
    within the manufacturers rating and an average
    temperature over a long period of time of 40C

37
FMEDA
38
1oo1 Architecture
  • PFDavg (T1) ?dd RT ?du T1/2
  • because RT (avg. repair time) is ltlt T1
  • PFDavg ?du T1/2
  • ?du ?du (sensor) ?du(isolator)
    ?du(controller) ?du(final element)
  • SIL level is the lowest in the loop.

39
1oo2 Architecture
  • PFDavg ?duc (T1/2) ?ddc RT(?ddn RT)2
    (?ddn RT ?dun T1)2/2 (?dun T1)2 /3
  • PFDavg (?dun T1)2/2 (?dun T1)2 /3

40
2oo3 Architecture
PFDavg ?duc (T1/2) 3?ddc RT(?ddn RT)2
(?ddn RT ?dun T1)2/2 (?dun T1)2 /3
41
SIL3 using SIL2 subsystem
  • SIL3 Control Loop or Safety Function using SIL2
    SubSystems in 1oo2 Architecture

42
Safety Manual
  • A Safety Manual is a document provided to users
    of a product that specifies their
    responsabilities for installation and operation
    in order to maintain the design safety level.
  • The following information shall be available for
    each safety-related sub-system ..

43
Safety Manual Requirements
  • Functional specification and safety function
  • Estimated rate of failure in any mode which would
    cause both undetected and detected safety
    function dangerous failures
  • Environment and lifetime limits for the
    sub-system
  • Periodic Proof Tests and/or maintainance
    requirements
  • T proof test time interval
  • Information necessary for PFDavg, MTTR, MTBF,
    SFF, ?du, ?total
  • Hardware fault tolerance and failure categories
  • Highest SIL that can be claimed (not required for
    proven in use sub-systems)
  • Documentary evidence for sub-systems validation
    (EXIDA)
  • Proof Test Procedures to reveal dangerous faults
    which are undetected by diagnostic tests.

44
Standard references
Using the Safety Manual
  • Remembering that
  • SIL (Safety Integrity Level)
  • RRF (Risk Reduction Factor)
  • PFD avg (Average Probability of Failure on
    Demand)
  • SIL Table for operative modes high and low
    demand

45
Standard references
Using the Safety Manual
  • Remembring definitions given for type A and B
    components,
  • sub-systems, and related SFF values

46
Loop PFDavg calculation
Using the Safety Manual
  • 1oo1 typical control loop
  • PFDavg(sys) PFDavg(tx) PFDavg(i) PFDavg(c)
    PFDavg(fe)

47
Loop PFDavg calculation
Using the Safety Manual
  • For calculating the entire loops reliability
    (Loop PFDavg), PFDavg values for each sub-systems
    must first be found and be given a proportional
    value (weight) compared to the total 100.
  • This duty is usually assigned to personnel in
    charge of plants safety, process and
    maintainance.

48
Loop PFDavg calculation
Using the Safety Manual
  • Equation for 1oo1 loop
  • Where
  • RT repair time in hours (conventionally 8
    hours)
  • T1 T proof test, time between circuit
    functional tests (1-5-10 years)
  • ?dd failure rate for detected dangerous
    failures
  • ?du failure rate for undetected dangerous
    failures

49
Loop PFDavg calculation
Using the Safety Manual
  • If T1 1 year then
  • but being ?dd 8 far smaller than ?du 4380

50
Example 1
Using the Safety Manual
  • PFDavg ?du T1/2
  • For D1014 ?du is equal to 34 FIT (see manual)
  • Therefore
  • PFDavg 34 10-9 4380
  • 0,000148920 148920 FIT

51
Example 2
Using the Safety Manual
  • Weights of each sub-system in the loop must be
    verified in relation with expected SIL level
    PFDavg and data from the devices safety manual.
  • For example, supposing SIL 2 level to be
  • achieved by the loop on the right in a low
  • demand mode
  • PFDavg(sys) is between 10-3 and 10-2 per year
  • Weight of D1014 Isolator is 10
  • Therefore PFDavg(i) should be between 10-4 and
    10-3 per year.

52
Example 2
Using the Safety Manual
  • Given the table above (in the safety manual)
    conclusions are
  • Being D1014 a type A component with SFF 90, it
    can be used both in SIL 2 and SIL 3 applications.
  • PFDavg with T proof 1yr allows SIL3
    applications
  • PFDavg with T proof 5yr allows SIL2
    applications
  • PFDavg with T proof 10yr allows SIL1
    applications

53
1oo2 architecture
Using the Safety Manual
  • What happens if the total PFDavg does not reach
    the wanted SIL 2 level, or the end user requires
    to reach a higher SIL 3 level?
  • The solution is to use a 1oo2 architecture which
    offers very low PFDavg, thus increasing fail-safe
    failure probabilites.

54
1oo2 architecture
Using the Safety Manual
For D1014S (1oo1) PFDavg ?du T1/2
PFDavg 148920 FIT For D1014D (1oo2)
PFDavg (?dun T1)2/2 (?dun T1)2 /3
PFDavg 75 FIT In this case a 1oo2 architecture
gives a 2000 times smaller PFDavg for the
sub-system
55
Final considerations
Using the Safety Manual
  • Always check that the Safety Manual contains
    information necessary for the calculation of SFF
    and PFDavg values.
  • Between alternative suppliers, choose the one
    that offers
  • highest SIL level,
  • highest SFF value,
  • longest Tproof time interval for the same SIL
    level,
  • lowest value of PFDavg for the same Tproof.
  • When in presence of units with more than one
    channel and only one power supply circuit, the
    safety function allows the use of only one
    channel. Using both of the channels is allowed
    only when supply is given by two independent
    power circuits (like D1014D).
  • Check that the Safety Manual provides all proof
    tests procedures to detect dangerous undetected
    faults.

56
Credits and Contacts
  • G.M. International s.r.l
  • Via San Fiorano, 70
  • 20058 Villasanta (Milan)
  • ITALY
  • www.gmintsrl.com
  • info_at_gmintsrl.com
  • Document last revised 20 May 2005

TR Automatyka Sp. z o.o. ul. Lechicka 14 02-156
Warszawa POLAND www.trautomatyka.pl biuro_at_trautoma
tyka.pl
Write a Comment
User Comments (0)
About PowerShow.com