Uploaded by xnergy2000

01 Safety Instrumented Systems Introduction

advertisement
e ida.com
excellence in dependable automation
Safety Instrumented Systems
Introduction
On-line Lesson
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Welcome to the exida.com safety instrumented systems introduction. A
Safety Instrumented System, known as a “S I S,” will be defined. We will
also describe the purpose of such systems, the basic components of a SIS,
and the key considerations that make SIS design and implementation
different than control system design and implementation.
1
Introduction to Safety
Instrumented Systems
Topics:
• SIS Definitions
• SIS Purpose
• Safety Instrumented Function
• Laws/Regulations/Standards
• Risk Reduction
• Failure Modes
• SIS Equipment
e ida.com
Copyright exida.com 2002
excellence in dependable automation
This lesson defines a safety instrumented system and describes it’s
purpose. Safety instrumented functions are defined and described. The
difference between control systems and safety systems are discussed in the
context of standards compliance, risk reduction and failure modes. Special
purpose equipment certified for SIS usage is also covered.
2
Safety Instrumented System Definition
Power
Supply
CPU
PT
3
Output Input
Module Module
REACTOR
PT
1
TT
2
PT
2
TT
3
TT
1
Power
Supply
CPU
Output Input
Module Module
IEC 61511 (draft) defines a Safety Instrumented System (SIS) as
“instrumented system used to implement one or more safety
instrumented functions. A SIS is composed of any combination of
sensor(s), logic solver(s), and final element(s).”
e ida.com
Copyright exida.com 2002
excellence in dependable automation
IEC 61511 (draft) defines a Safety Instrumented System (SIS) as
“instrumented system used to implement one or more safety instrumented
functions. A SIS is composed of any combination of sensor(s), logic
solver(s), and final element(s).”
There is no restriction as to what type of technology is used or the size of the
system.
3
IEC 61508 Definition
Power
Supply
CPU
PT
3
Output Input
Module Module
REACTOR
PT
1
TT
2
PT
2
TT
3
TT
1
Power
Supply
CPU
Output Input
Module Module
IEC 61508 does not use the
term Safety Instrumented
System (SIS). Instead it
uses the term Safety Related
System (SRS) to mean the
same thing.
Many expect the 61508
standard to be updated to
the newer term - SIS.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
IEC 61508 does not use the term Safety Instrumented System (SIS).
Instead it uses the term Safety Related System (SRS) to mean the same
thing. Many expect the 61508 standard to be updated to the newer term SIS.
4
Safety Instrumented System
Functional Definition
Power
Supply
CPU
PT
3
Output Input
Module Module
REACTOR
PT
1
TT
2
PT
2
TT
3
TT
1
SIS
Power
Supply
CPU
Output Input
Module Module
BPCS
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Practitioners often prefer a more functional definition of SIS such as:
“A SIS is defined as a system composed of sensors, logic solvers and final
elements designed for the purpose of:
1) Automatically taking an industrial process to a safe state when specified
conditions are violated;
2) Permit a process to move forward in a safe manner when specified
conditions allow (permissive functions); or
3) Taking action to mitigate the consequences of an industrial hazard.”
A SIS is much like a basic process control system (BPCS) in that both have
sensors, logic solvers and final elements. But a SIS operates in a
completely different mode and unique design and maintenance, or
mechanical integrity requirements are needed.
5
Layers of Protection - Controller
Under normal circumstances, the process controller
maintains the process.
High level
Normal behavior
process value
Low level
Time
e ida.com
Copyright exida.com 2002
excellence in dependable automation
A safety instrumented system is usually one of several ‘layers of protection’
in an industrial process. Under normal circumstances the control system
keeps the process operating within bounds. If nothing ever went wrong,
there would be no need for other protection layers.
6
Layers of Protection - Alarms
Sometimes things go wrong and an operator takes
action to keep the process within limits.
Operator takes action
High alarm level
High level
Normal behavior
process value
Low level
Time
e ida.com
Copyright exida.com 2002
excellence in dependable automation
However, things do go wrong. Another layer of protection in manned
installations is the operator. If process alarms are configured and operating,
the operator can frequently diagnose what is wrong and take action to bring
the process back under control.
7
Layers of Protection – Safety Instrumented
System
Safety Instrumented System
Trip level
Emergency Shut-Down action
Operator takes action
High alarm level
High level
Normal behavior
process value
Time
Low level
e ida.com
Copyright exida.com 2002
excellence in dependable automation
In some applications this is not enough. In those situations a SIS can be
configured to execute pre-programmed action to take the process to a safe
state when it detects a potentially dangerous condition.
8
Incident
If that does not work, there may
be an incident...
Safety Instrumented System
Trip level
Operator takes action
High alarm level
High level
Normal behavior
process value
e ida.com
Low level
Time
Copyright exida.com 2002
excellence in dependable automation
If that safety function is not effective, there may be an incident. In such
situations, a SIS can take action to mitigate the consequences of the
incident.
NOTE: A Fire Sprinkler system is an example of a mitigation function.
9
Permissive function of SIS
All main, igniter, and individual
burner and igniter safety shutoff
valves are closed?
One set of ID and
FD fans running?
Are required burner
registers open?
Yes
Yes
Is air at purge rate?
Yes
Yes
Five-minute
time delay
Yes
Reset master
fuel trip relay(s)
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Safety Instrumented Systems can also be used in permissive applications.
The process can be held in a particular state if certain conditions are not
met, in order to avoid a potentially dangerous situation. The SIS permits the
process to move on when the conditions are met.
10
Integrated Control System
High Performance
Control
Low Cost Control
Ultra High
Availability
Safety System
e ida.com
Copyright exida.com 2002
excellence in dependable automation
A Safety Instrumented System will typically be designed to be part of an
integrated control system with perhaps several different types of special
purpose subsystems.
11
Safety Instrumented System
1
Loop 1
Sensors
Loop 2
Final elements
2
6
3
Loop 3
4
5
Logic
Solver
Loop 4
7
Loop 5
8
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Like other types of control systems, a Safety Instrumented System typically
consists of many safety loops, called safety instrumented functions.
12
Safety Instrumented Function (SIF)
1
Loop 1
Logic
Solver
6
Sensors
Final elements
e ida.com
Copyright exida.com 2002
excellence in dependable automation
A safety instrumented function is defined as a “Function to be implemented
by a SIS which is intended to achieve or maintain a safe state for the
process with respect to a specific hazardous event.”
13
Safety Instrumented Function Examples
• Fuel to furnace shutdown
• Supply emergency coolant to reduce
extreme temperature
• Open valve to relieve excessive pressure
• Direct escaping liquid to waste handling
system
• Issue fire alarms
• Issue pre-recorded emergency message
to response team
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Each safety instrumented function is intended to protect against a particular
hazard via shutdown, permissive or mitigation functions such as:
• Fuel to furnace shutdown;
• Supply emergency coolant to reduce extreme temperature;
• Open valve to relieve excessive pressure;
• Direct escaping liquid to waste handling system;
• Issue fire alarms; or
• Issue pre-recorded emergency message to response team.
14
SIF Sensors
Sensors
Logic Solver
Final
Elements
Like a control system, a safety system has sensors. In the
process industries sensors measure process parameters
including pressure, temperature, flow, level, gas
concentrations and other measurements. In the machine
industries sensors measure human proximity, operator
intrusion into a dangerous zone and other protective
parameters.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Also like a control system, SIS sensors measure relevant parameters. In
the process industries these include pressure, temperature, flow, level, gas
concentrations, flame presence or other measurements.
In machine safety sensors measure operator intrusion into a dangerous
zone, human proximity and other protective parameters.
15
Sensors
SIF Logic Solver
Logic Solver
Final
Elements
A safety system also has a logic solver, typically
a controller, that reads signals from the sensors
and executes preprogrammed actions to prevent
or mitigate a process hazard. The controller
does this by sending signals to final elements.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
A SIS has a logic solver. This is typically a special purpose PLC but can
also be a relay system or solid state logic. The controller reads signals from
the sensors, executes pre-programmed functions designed to prevent or
mitigate a potentially dangerous process hazard and takes action by
sending signals to final elements.
16
SIF Final Elements
Final
Elements
The final element in a SIF is often a remote actuated valve
in the process industries. A final element in machine
safety may likely be a clutch/brake assembly.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
The final element in a SIF is often a remote actuated valve. Sometimes
solenoid valves are used directly, as are power relays, motors or other
devices that do things like interrupt fuel flow, vent high pressure gas, flood
with cooling water or release inert gas.
As with sensors, final elements in a safety instrumented function handle the
same process materials and environmental conditions as a control system
and need to be designed with the same considerations for materials,
hazardous area classifications, and so forth.
17
Safety Instrumented Function (SIF)
Implementation
Sensing
Element
Sensing
Element
Signal
Conditioning
Signal
Conditioning
Sensing
Element
Logic Solver
Circuit Utilities
i.e. Electrical Power,
Instrument Air etc.
Signal
Conditioning
Final Control
Element
Final Control
Element
Interconnections
The actual implementation of any single safety instrumented
function may include multiple sensors, signal conditioning
modules, multiple final elements and all dedicated circuit
utilities like electrical power or instrument air.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
The actual implementation of any single safety instrumented function may
include multiple sensors, signal conditioning modules, multiple final
elements and all circuit utilities like electrical power or instrument air.
18
Safety Instrumented System vs.
Basic Process Control System
Safety Instrumented
System (SIS)
Inputs
PT
1A
Outputs
Basic Process Control
System (BPCS)
Inputs
Outputs
PT
1B
I/P
FT
A SIS appears in many ways like a control system and many of the
technical skills needed for good control system design are needed for
SIS design.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
A SIS appears in many ways like a control system and many of the
technical skills needed for good control system design are needed for SIS
design. There are important differences however.
19
Safety Instrumented System Design
SIS
However, unlike control system design, there are special considerations and
additional requirements because of the critical nature of the application. SIS
design is also the subject of national regulations and international standards.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Safety instrumented systems are often subject to national regulations and
the requirements of international standards as well.
20
Laws and Regulations
¾ National Laws / Acts
EU Directives: Seveso, Machinery, Low Voltage, EMC,
Gaseous Fuel Appliances, Pressure Appliances
Statutory
German Laws: GSG, BImSchG, WhG
American Acts: Clear Air/Water Act
¾ National Directives (Verordnungen)
Germany: StörFallV, ElexV, AufzugsV
¾ Technical Regulations
Germany: UVV, ZH, TRA, TRbF, TRB, TRD,
AD-Merkblätter
e ida.com
Copyright exida.com 2002
excellence in dependable automation
In many countries of the world legislation, national laws and acts, is passed
to protect people and the environment. Many examples from Europe and
the United States come to mind. Regulations are often issued by various
governmental bodies in support of legislation. In the United States for
example, the Clean Air Act resulted in the Environmental Protection Agency
issuing various regulations.
21
“Listed” Standards
Evidence for meeting Laws
¾ European Standard referencing an EU Directive
e ida.com
Examples:
Gaseous fuel:
Machinery:
EN 298, EN 230
EN 60204, EN 292, EN 954-1
(EN 62061)
Low Voltage:
EN 61010-1, EN 60950,
EN 61131-2, EN 50178
EMC:
EN 50081, EN 50082
Hazardous Area: EN 50020
(Seveso:
EN 61511)
¾ Listed National Standard
Examples listed by „Bundesanzeiger“ under GSG:
DIN V 19250, DIN VDE 0116, DIN V VDE 0801
Copyright exida.com 2002
excellence in dependable automation
When legislation or a regulation refers to a standard, that standard gains the
force of law. European Standards are referred to by various regulations and
have full legal standing.
22
Standards
¾ Other national documents/standards
State of the Art
VDI/VDE 2180, NE 31
NFPA 8502, FM7605
¾ International recommendations (IEC, ISO)
need to be taken over into European or National
Standards to receive statutory importance
PES: IEC 61508, IEC 61511
Nuclear: IEC 61513, IEC 880
QM:
e ida.com
ISO 9000, ISO 14000
Copyright exida.com 2002
excellence in dependable automation
Standards that are not referenced by legislation or regulation do not have the
force of law. However, it is generally recognized that these standards show
consensus regarding best technical practices and many companies choose
to follow them (or parts of them).
23
Most Influential Documents
• AIChE CCPS; Guidelines for
Safe Automation of Chemical
Processes, 1993
• ISA84.01; Application of Safety
Instrumented Systems for the
Process Industries, 1996
• IEC 61508 (and dS61511);
Functional Safety - Safety Related
Systems, 1998/2000
e ida.com
Copyright exida.com 2002
excellence in dependable automation
In the process industries, there are several influential documents on safety
instrumented systems.
The American Institute of Chemical Engineers released their guideline
textbook in late ‘93. It covers the design of DCS and ‘interlock’ systems.
ISA 84.01 is a US standard focused on safety in automatic protection
systems. It has been endorsed by OSHA is an example of the “good
engineering practices” required by their regulations. Many companies
worldwide are beginning to use that standard as the basis for their safety
instrumented design.
The International Electrotechnical Commission has released IEC61508
which covers the use of relay, solid state and programmable systems. The
standard will apply for all industries such as transportation, medical, nuclear,
etc. It currently forms the primary basis for equipment manufacturer’s who
want certification of equipment for safety applications.
In the future, it is predicted that IEC61508 and IEC61511 will become the
dominant international standards for functional safety.
24
9
ISA84.01 Safety Life Cycle
Not Covered
by S84.01
Define Target
SIL
Start
Conceptual
Process Design
Develop Safety
Specification
PHA &
Risk Assessment
SIS Conceptual
Design
SIS Detailed
Design
Develop nonSIS Layers
No
SIS
Required?
SIS Installation,
Commissioning
and Pre-startup
Acceptance Test
Pre-startup
Safety Review
(Assessment)
Establish
Operating and
Maintenance
Procedures
SIS startup,
operation,
maintenance,
Periodic
Functional Tests
Modify,
Decommission?
SIS
Decommissioning
Yes
Modify
e ida.com
Covered by
S84.01
Decommission
Copyright exida.com 2002
excellence in dependable automation
All the standards propose the use of a "safety life cycle." Safety lifecycle
analysis is a methodology used to insure that risks have been properly
managed, that they have been identified, that the necessary steps have
been taken to mitigate those risks. The safety lifecycle can be viewed simply
as a logical process for SIS design and operation.
25
Inherent Risk
Risk: A combination of the probability of occurrence of harm and
the severity of that harm (per IEC/ISO Guide 51:1990)
A measure of the likelihood and consequence of adverse effects,
i.e., How often can it happen, and what will be the consequences
if it does?
Inherent Risk: The risk from a completed process design that
contains a given amount of process materials at given process
parameters (temperature, pressure, etc.)
e ida.com
Copyright exida.com 2002
excellence in dependable automation
The objective is the safety lifecycle process is reduce risk. Inherent Risk is
defined the amount of risk in a completed process design resulting from a
given quantities of materials and given process parameters.
26
Risk Reduction
L
i
k
e
l
i
h
o
o
d
Risk of the
Process
Increasing Risk
Unacceptable
Risk Region
ALARP
Risk Region
Tolerable Risk
Region
Consequence
e ida.com
Copyright exida.com 2002
excellence in dependable automation
The design objective of a safety instrumented system is to reduce the risk of
any process hazard from a region known as the ‘unacceptable risk region’ to
the ‘tolerable risk region.’ The inherent risk of a process from a
consequence perspective is fixed once the process design is fixed. Inherent
risk takes no credit for protective measures such as safety instrumented
systems, relief devices, etc.
NOTE: ALARP (As Low As Reasonably Practicable). See exida.com on-line
lesson – ALARP.
27
Non-SIS Risk Reduction
Non SIS Risk
Reduction,
Alarms, BPCS,
Administrative
Procedures, etc.
L
i
k
Non SIS Risk
Reduction,
e e.g.
Pressure Relief
Valvesl
i
h
o
o
d
Tolerable Risk
Consequence
Reduction, e.g.,
material reduction,
containment dikes,
physical protection
Inherent
Risk of the
Process
Increasing Risk
All layers of protection
Unacceptable
Risk Region
ALARP
Risk Region
Region
Consequence
e ida.com
Copyright exida.com 2002
excellence in dependable automation
If possible, it is desirable to reduce the inherent process risk by modifying
the process. Consequence reduction can be achieved by lowering quantities
of materials or building physical protection. Likelihood can be reduced by
reviewing methods used to control the process as well as any means to
recover from upsets, such as alarms.
28
SIS Risk Reduction
Non SIS Risk
Reduction,
Alarms, BPCS,
Administrative
Procedures, etc.
L
i
k
Non SIS Risk
Reduction, e.g.
Pressure Relief
Valves
l
i
SIS Risk
h
Reduction
o
o
d
Consequence
Reduction, e.g.,
material reduction,
containment dikes,
physical protection
Inherent
Risk of the
Process
Increasing Risk
All layers of protection
Unacceptable
Risk Region
ALARP
Risk Region
Tolerable Risk
Region
Consequence
e ida.com
Copyright exida.com 2002
excellence in dependable automation
If this reduction in the likelihood still leaves the estimated process risk too
high, safety instrumented functions are often designed to reduce risk further.
29
Safety Integrity Levels
Safety Integrity
Level
e ida.com
Probability of failure
on demand per year
(Demand mode of operation)
Risk Reduction
Factor
SIL 4
- 5to <10
>=10
4
100000 to 10000
SIL 3
- 4to <10
>=10
3
10000 to 1000
SIL 2
- 3to <10
>=10
2
1000 to 100
SIL 1
- 2to <10
>=10
1
100 to 10
Copyright exida.com 2002
excellence in dependable automation
The needed risk reduction is expressed in order of magnitude targets called safety
integrity levels. The IEC61508 standard shows four levels with the highest risk
reduction called SIL4, the lowest risk reduction called SIL1. Risk reduction levels
are shown in the right column of the SIL chart.
Risk reduction in a particular set of equipment chosen for a safety system is
measured by the probability that it will fail when needed. This is called “failure on
demand.” This is a measure used to determine if the design meets need. It is
shown in the middle column of the SIL chart.
30
The equipment used in control and
Safety Instrumented Systems has
more than failure mode.
Two critical failure modes for Safety
Instrumented Systems:
1. Outputs de-energized
or open circuit.
2. Outputs energized or
frozen short circuit.
e ida.com
For De-Energize to Trip-
SAFE
DANGEROUS
Copyright exida.com 2002
excellence in dependable automation
One key difference between control system design and SIS design is the
realization that the way in which a piece of equipment fails is very important.
The failure modes of equipment used to implement a control system or a SIS
can be classified in two important failure categories - safe and dangerous.
In a normally energized safety system (de-energize to trip) safe is deenergize, dangerous is energized.
31
35
Multiple Failure Modes
NORMAL
For de-energize to trip
SAFE
Failed Open Circuit
DANGEROUS
Failed Short Circuit
Copyright exida.com 2000
These two categories - safe and dangerous represent different ways of
failing. Think about a switch. When it is working normally, the switch goes
on and off. It conducts electricity when it is on and does not conduct
electricity when it is off.
If the switch fails such that it does not conduct electricity no matter which
position it is in, that failure is called “open circuit.” In a normally energized
safety system, that de-energizes an output and is considered fail-safe.
If a switch fails such that it always conducts electricity no matter what the
switch position, that failure is called “short circuit.” It is potentially dangerous
in a normally energized SIS.
32
Boiler Example
PRESSURE
SWITCH
STEAM
SAFETY
PLC
FUEL VALVE
NATURAL GAS
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Imagine a boiler where steam is generated from a natural gas burner.
Several possible hazards have been identified including the possibility that
the steam line will become clogged and the pressure in the tank can go too
high.
A pressure switch is installed on the tank. When the pressure is normal, the
switch is closed. The switch opens when the pressure goes too high. A
safety controller is programmed to turn off power (de-energize) a valve
which cuts off the fuel and turns off the burner.
33
Successful Operation
For normal
operation,
switch is
closed.
For abnormal
operation,
switch opens.
+
Normally Energized Systems
Pressure
Sense
Switch
Discrete Input
PLC
+
Solid State
Output Switch
For normal
operation,
output switch
is energized.
For abnormal
operation,
output switch
de-energizes.
LOAD
Example: High Pressure protection system. Sense switch
closed when pressure is below danger point. Switch opens
when pressure goes above danger point. PLC de-energizes
output if sense switch opens for more than 15 seconds
during start-up and more than 5 seconds during steady
operation.
e ida.com
-
Copyright exida.com 2002
excellence in dependable automation
The safety instrumented system consists of the switch, a PLC and the valve.
As long as the SIS is operating successfully, it will respond to high pressure
process demand. When operating successfully, the switch reads the
pressure, the PLC does timing and opens or closes its output switch. The
valve stays open when pressure is normal and closes when pressure goes
too high. The steam boiler is kept safe and operating as long as the safety
instrumented system is operating successfully.
34
36
Fail - Safe
+
+
Normally Energized Systems
Pressure
Sense
Switch
Discrete Input
Input Circuit fails
such that the
PLC thinks the
sense switch is
open even when
it is closed.
e ida.com
PLC
System
causes
false trip!
Solid State
Output Switch
LOAD
Logic Solver fails to
read logic 1 inputs,
fails to solve logic,
or fails to generate
logic 1 output.
Output Circuit
fails open
circuit.
Copyright exida.com 2002
excellence in dependable automation
If the SIS fails safely, it causes a false trip, it shuts the boiler down when it
should not have. This can certainly be caused by an open circuit failure of
the output device, It can also be caused by many types of failures of
components all through the system.
Input switch,
Input Circuits fail.
PLC fails,
Output Circuits,
Valve fails.
35
37
Fail - Danger
+
+
Normally Energized Systems
Pressure
Sense
Switch
Discrete Input
Input Circuit fails
such that the
PLC thinks the
sense switch is
closed even
when it is open.
e ida.com
PLC
If Pressure
goes high system
cannot
respond.
Solid State
Output Switch
LOAD
Logic Solver fails to
read logic 0 inputs
that indicate danger, Output Circuit
fails to solve logic,
fails short
or fails to generate
circuit.
logic 0 output.
Copyright exida.com 2002
excellence in dependable automation
If the system fails dangerously, the outputs cannot de-energize when
needed. Failures in all areas of the system can be responsible. This type of
failure means that the safety instrumented system cannot do its job. No
protection is provided under these circumstances.
This is bad but it can especially be bad because these failures are likely to be
undetected in normal operation. The output is supposed to be energized. If
it fails energized, operators and maintenance personnel do not notice a
difference.
36
38
PFS
RELIABILITY
Nuisance Trip
AVAILABILITY
PFD
SUCCESSFUL OPERATION
PFS - Probability of Safe Failure
UNSUCCESSFUL
OPERATION
PFD - Probability of Failure on Demand (Dangerous Failure)
RRF - Risk Reduction Factor = 1/PFD.
e ida.com
Copyright exida.com 2002
excellence in dependable automation
The area of this box represents successful or failed operation of the system.
The white area is successful operation. This is normally measured by a
parameter called availability or reliability. While reliability or availability are
important for an SIS, the other important metrics are called PFS, probability
of failing safety,
PFD, probability of failing dangerously and
RRF, risk reduction factor, the inverse of PFD.
37
Higher Availability
RELIABILITY
Lower Failure
AVAILABILITY
Rate
SUCCESSFUL OPERATION
e ida.com
PFS
PFD
UNSUCCESSFUL
OPERATION
Copyright exida.com 2002
excellence in dependable automation
In both control systems and SIS, it is clearly an important objective to design
the system to be highly successful. A lower failure rate leads to higher
probability of success.
38
Higher Safety
AVAILABILITY
SUCCESSFUL OPERATION
SIS SAFETY
RELIABILITY
PFS
PFD
UNSUCCESSFUL
OPERATION
e ida.com
Copyright exida.com 2002
excellence in dependable automation
But in a safety instrumented system design, the other objective is to make
sure that the probability of failing dangerous is much lower.
39
CCM
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
CCM
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
Special Purpose SIS Equipment
ODM
e ida.com
• Many instrumentation
manufacturers build special
products for SIS
applications. This
equipment performs control
and logic functions like
normal controllers. This
equipment also meets
special requirements for
high availability and failsafe operation.
Copyright exida.com 2002
excellence in dependable automation
Many control equipment manufacturers build special products for safety
instrumented system applications. This equipment performs control and
logic functions much like normal controllers and meets special requirements
for high availability and fail-safe operation.
40
The Functional Safety Certification Program
• Independent, internationally
recognized testing-agency
• A certification program for
equipment used in critical
installations
• Benefits vendor by improving
product and minimizing the
need to supply evaluation
systems
• Benefits user by supplying
impartial evaluation of system
e ida.com
Copyright exida.com 2002
excellence in dependable automation
Several agencies, including TUV based in Germany, certify safety critical
equipment for functional safety. Based on standards, equipment and the
processes used to develop and manufacture the equipment are evaluated.
The primary standard used today is IEC61508. Sensors, PLCs, final
elements and other equipment used in SIS design is available as certified
per IEC61508.
41
Introduction to Safety
Instrumented Systems
Topics:
• SIS Definitions
• SIS Purpose
• Safety Instrumented Function
• Laws/Regulations/Standards
• Risk Reduction
• Failure Modes
• SIS Equipment
e ida.com
Copyright exida.com 2002
excellence in dependable automation
This lesson has covered the basics of SIS. Safety instrumented functions
were defined and described. Standards compliance, risk reduction and SIS
failure modes were also presented. Functional safety equipment certification
was reviewed. The participant should have an understanding of the
differences between basic process control systems and safety instrumented
systems. Please take the lesson quiz to verify correct understanding and
review the lesson if necessary.
42
More Information
Questions - please send any questions to
info@exida.com We will respond as soon as possible.
Additional Resources A series of free articles are available to download from
the exida.com website. These can be reached at
http://www.exida.com/articles.asp
Addition resources including books, tools and reports
are available from the exida on-line store. A product
listing is available at http://www.exida.com/products2/
e ida.com
Copyright exida.com 2002
excellence in dependable automation
We hope you have found this lesson useful. If have any questions, they may
sent via email to info@exida.com. Please refer to this particular lesson Introduction to Safety Instrumented Systems.
Additional resources are available from the exida website including a series
of free articles that may be downloaded. Books, reports and engineering
tools are available at exida on-line store.
Exida.com is a knowledge focused on system reliability and safety. We
provide training, tools, coaching, and consulting. For general information
about exida, please view our detail website - www.exida.com.
Thank you for your interest. Consider other lessons in the on-line training
series from exida.com.
43
Download