Add to collection(s) Add to saved
  1. No category
Uploaded by dat bui

CFSE Application Engineering Study Guide

advertisement 
excellence in deoendable
automation
'
CERTIFIED FUNCTIONAl SAFETY EXPERT
Application Engineering-Process
Study Guide
2nd Edition
In Collaboration with :
CFSE Governance Board
PO Box 525
Sellersville, PA 18960
Copyright © 2002, exida.com, LLC
All Rights Reserved
No part of this publication may be reproduced or transmitted, in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise,
without the prior written permission of the publisher.
No representation is made or intended that
mastery of the content of the listed
references is sufficient to assure passing
the CFSE Application Engineering Exam.
Exida.com, LLC
64 North Main Street
Sellersville, PA 18960
Table of Contents
1 Introduction .........................................................................................................5
2 exida.com ..........................................................................................................6
3 General Information .............................................................................................7
3.1
Introduction .................................................................................................?
3.2
CFSE Certification Requirements ................................................................. ?
3.2.1
Qualification Criteria for Candidates ....................................................... ?
3.2.2
Examination Schedule ..........................................................................8
3.2.3
Application Procedures and Deadlines ................................................... 8
3.3
Description of the Examination ............ : ........................................................ 8
3.3.1
Exam Format. .......................................................................................8
3.3.2
Exam Content ......................................................................................9
3.4
Scoring Procedures .....................................................................................9
3.5
Examination Procedures and Instructions .................................................... 10
3.5.1
Exam Materials ................................................................................... 10
3.5.2
Special Accommodations .................................................................... 10
4 Tips on Taking the CFSE Exam .......................................................................... 11
5 References for the CFSE Examination ................................................................ 11
5.1
References ............................................................................................... 12
6 Codes, Standards and Regulations for the CFSE Examination ............................. 13
7 CFSE Exam Specification .................................................................................. 15
8 CFSE Exam Sample Problems ........................................................................... 16
8.1
Hazard and Risk Analysis .......................................................................... 17
8.2
Safety Requirements Specification ............................................................. 27
8.3
Conceptual Design lssues .......................................................................... 34
iii
8.4
Detailed Design Issues .............................................................................. 41
8.5
Functional Safety Management .................................................................. 50
9 Solutions to CFSE Sample Problems .................................................................. 59
9.1
Hazard and Risk Analysis .......................................................................... 60
9.2
Safety Requirements Specification ............................................................. 70
9.3
Conceptual Design Issues .......................................................................... 76
9.4
Detailed Design Issues .............................................................................. 84
9.4:1
Functional Safety Management ........................................................... 88
iv
1 Introduction
Personnel that design, implement, maintain, and operate safety instrumented
systems are required to be competent in the activities that they have been
assigned. Although this requirement is self-evident, it is also codified into
national and international standards.
CFSE Certification is a good way to show standards compliance during internal
audits of end-user facilities and equipment vendor development programs.
·Additionally, certification is an effective way for engineering firms and systems
integrators to demonstrate, and for end-users to verify, the competency of
contracted personnel who are performing safety lifecycle services.
The certification process involves review of the applicant's background and
satisfactory completion of a proficiency exam. The background review includes
consideration of the applicants education, both formal and safety instrumented
system specific independent courses, and review of relevant professional
experience. Successful applicants will receive a certificate of competency in one
of four categories:
•
Application Engineering, Process Industries - The Process Safety
Applications program applies to personnel involved in the implementation
of safety-related systems in Process Applications.
•
Application Engineering, Machinery Safety - The Machinery Safety
Applications program applies to personnel involved in the implementation
of safety-related systems in Machinery Applications.
•
Hardware Development - Personnel who are involved with the design of
E/E/PE devices for use in safety applications should be certified in
hardware development.
Equipment vendor personnel who perform
electronic equipment design perform hardware development tasks.
•
Software Development - Personnel who are involved with the
development of software and firmware for E/E/PE devices for use in safety
applications should be certified in software development. Equipment
vendor personnel who develop software embedded, or used to configure,
the E/E/PE perform software development tasks.
5
2 exida.com
exida.com is a knowledge company that provides tools, training, coaching and
consulting primarily in the oil & gas, petrochemical, chemical, machine safety,
nuclear, transportation and power industries. exida.com can help with
documentation templates and requirements databases for IEC61511, IEC61508
and ISA84.01. We provide calculation tools for layer of protection analysis,
consequence analysis and safety integrity level verification. exida.com is
prepared to help with all aspects of standards compliance and safety life cycle
services. These products and associated services have been proven to provide
the most effective implementation methods for safe and reliable automation.
•Industry Market Data, Trend Reports
•Requirements Analysis/Tracking
•Document Templates, Procedures
•Books, Standards Guides
•Safety life Cycle Services
•Risk Analysis
•HAZOP Facmtation, Economic Analysis
•Sil DetermimdionNerification
•Maintenance Procedures
•Functional Safety Management
•Training -IEC65108, Certification
•Safety Analysis Tools
•Silver- Sll Verification Tool
•Silect- Sll Selection Tool
•CFSE Training
• Webinars
•Online CFSE Training
•Onsite Training5Sessions
3 General Information
3.1 Introduction
The CFSE (Certified Functional Safety Expert) concept was originally developed
by a group of international safety experts to ensure that personnel performing
SIS lifecycle activities are competent as required by the IEC 61508, 61511, and
62061 standards. The CFSE is now administered by the CFSE Governance
Board which is in turn supported by a broad consortium of companies including
Honeywell, Pilz, Siemens, TUV, exida and other leading safety related firms.
The experts at exida have developed this study guide, with contributions from a
number of industry experts in the field of safety and high availability automation.
The purpose of this study guide is to assist persons who are preparing for the
Certified Functional Safety Expert examination, in Application Engineering,
Process Industries.
The exams are the result of careful preparation by the CFSE Process Industry
Advisory Board. These engineers supply the content expertise that is essential
in developing the exams. By using the experience of engineers with diverse
backgrounds of operating companies, consultants, and equipment vendors, the
CFSE Governance Board prepares exams that are valid measures of
competency.
3.2 CFSE Certification Requirements
3.2.1 Qualification Criteria for Candidates
Competency certification of personnel who are assigned safety lifecycle tasks are
a critical part of complying with international standards governing the
implementation of SIS, such as IEC61511, and IEC61508.
In addition,
certification forms a documented basis for demonstrating the competency of
contractors and integrators who perform safety lifecycle tasks on SIS for third
parties. In general, use of certified personnel for performing safety lifecycle tasks
would, in part, protect the public by ensuring SIS practitioners are qualified and
competent.
7
When a candidate applies for the CFSE examination, the following criteria will be
considered when determining the appropriateness of education and experience.
•
Educational Background - The candidate should have an educational
background in a related discipline (electrical engineering, computer
science, mechanical engineering, chemical engineering, etc.). Industry
specific training courses and seminars will also be considered.
•
Technical Experience - The candidate should demonstrate considerable
technical experience relative to the certification category for which
application has been made.
•
Safety-related experience
The candidate should
considerable experience in the field of functional safety.
For detailed experience and educational
Governance Board website - www.cfse.org
demonstrate
requirements, check the CFSE
3.2.2 Examination Schedule
The CFSE exam is offered as often as the Governance Board deems there are
sufficient applicants for the exam. Visit the CFSE website (www.cfse.org), for
more information on dates of upcoming exams. Application deadlines are
typically two months prior to the exam date.
In addition to the scheduled exams, the test can be given at any location if there
is sufficient volume of test takers.
3.2.3 Application Procedures and Deadlines
Applications and information are available from the CFSE Governance Board.
CFSE GB will provide information on requirements and fees in an application
packet that can be requested by emailing or visiting the web site.
Sufficient time must be allotted to complete the application process and
assemble required data, including professional work history, references, and
academic transcripts or other verification of the applicant's engineering education
and industry courses and seminars attended.
3.3 Description of the Examination
3.3.1 Exam Format
The Certified Functional Safety Expert Exam (also known as the CFSE Exam)
can be taken in one of four disciplines: Application Engineering-Process
Industries, Application Engineering- Machinery Safety, Hardware Development
Engineering, and Software Development Engineering.
8
The examination will only be administered to candidates who have met all of the
previous requirements. The examination will have the following structure.
•
multiple-choice questions
•
case studies
Sample problems in all formats are presented in this study guide. Answers to the
sample problems that present information on how the problem should be solved
and references to more information are also provided.
3.3.2 Exam Content
The subject areas of the CFSE exam are described in the exam specification
section of this study guide. None, one, or more questions in any of the subject
areas described in the exam specification section may be included in the exam.
The type of problem used for a particular area may change from one year's exam
to the next.
3.4 Scoring Procedures
Examination Format
The examination will take five (5) hours and is divided into two (2) sessions. The
examination consists of two (2) categories of questions - multiple choice and
case study. The multiple choice section is two (2) hours and the case study
section is three (3) hours. There will be a one (1) hour break in between.
No. of
Category Questions
Points Minimum
Score
Multiple
Choice
50
1
30
Case
Study
Varies
varies
35
In order to pass the exam the candidate will have to score at least 60% in the
multiple choice, 70% in the case study category, and 80% for the total
examination.
The CFSE exam is not graded "on the curve" so that prescribed percentages of
examinees will pass and fail. Instead, they are graded by an "item-specific,
criterion-references" method, i.e., each answer is evaluated in terms of a grading
plan that reflects what a minimally competent candidate is expected to know.
9
Authority for certification decisions rests with the CFSE Governance Board.
3.5 Examination Procedures and Instructions
3.5.1 Exam Materials
Prior to the beginning of the exarn, proctors will distribute exarn materials. The
exam booklet should not be opened until candidates are instructed to do so by
the proctor. Read the instructions and information given on the front and back
covers. Enter your name in the upper right corner of the front cover. Listen
carefully to all instructions read by the proctor.
3.5.2 Special Accommodations
If you need special accommodations in the test-taking process, due to a disabling
condition, you should communicate your need to CFSE Governance Board well
in advance of the examination day so that appropriate arrangements can be
made.
10
4 Tips on Taking the CFSE Exam
•
Advance study, either individual or in an organized review course, is
generally helpful in preparing for the CFSE exam
•
Last minute study is probably not helpful. A good night's sleep is advised
before the exam.
•
Check that you have the necessary calculator, replacement batteries,
pencils, etc., before leaving for the exam site.
•
Allow sufficient time for delays in travel and in parking.
•
Before starting to answer, read all of the problems. Rank them by the
apparent degree of difficulty to you. Tackle the easiest problem first, then
the next easiest, and so on, until you have answered all of the problems in
the exam. If the easier problems take less time, this approach will leave
more time for the tougher problems at the end of the session.
•
If you finish the exam ahead of time, check your calculations or try to solve
the problem by an alternate method.
•
If you run short of time on the essay problems and cannot complete a
problem, at least describe the method that you would use to obtain the
necessary answers. For the multiple-choice questions, eliminate clearly
incorrect answers and make a guess among the remaining answers (since
there is no penalty for guessing.
5 References for the CFSE Examination
The following pages list selected reference books of the kind that may be useful
in preparing for the CFSE examination. Where possible, several books have
been listed for each topic.
It is not suggested that candidates should be familiar with, or own, all of the
following books, because there are some overlaps in the material described in
the recommended references. Instead, applicants should review these books
and other similar books, select a limited number of references covering major
areas of the CFSE exam, and study the selected references.
Some of the listed references may be out of print; however, their coverage of
basic principles may still be valid and useful.
exida offers a wide range of books and training courses on the implementation of
safety instrumented systems, some of which are described in this section. All
exida products are described on our web site at (www.exida.com).
11
No representation is made or intended that mastery of the content of the
listed references is sufficient to assure passing the CFSE exam.
5.1 References
IEC 61508,- International Electrotechnical Commission- www.iec.ch
IEC61511-International Electrotechnical Commission- www.iec.ch
Goble, William, CONTROL SYSTEMS
RELIABILITY- 2N° EDITION, ISA.
SAFETY
EVALUATION
AND
GUIDELINES FOR SAFE AUTOMATION OF CHEMICAL PROCESSES, AIChE
-Center for Chemical Process Safety.
Marszal, Edward and Scharpf, Eric, SAFETY INTEGRITY LEVEL SELECTION,
ISA
Gruhn, Paul and Cheddie, Harry, SAFETY SHUTDOWN SYSTEMS: DESIGN,
ANALYSIS AND JUSTIFICATION, ISA.
Krishnamoorthi, K.S., RELIABILITY METHODS FOR ENGINEERS, American
Society for Quality Control, Milwaukee, Wisonsin.
Lees, Frank P., LOSS PREVENTION FOR THE PROCESS INDUSTRIES,
Butterworth-Heinemann.
Perry and Green, PERRY'S CHEMICAL ENGINEER'S HANDBOOK, ih Edition,
McGraw-Hill.
Potter, Merle, FUNDAMENTALS OF ENGINEERING, Great Lakes Press.
12
6 Codes, Standards and Regulations for the
CFSE Examination
The following pages list selected codes and standards of the kind that may be
useful in preparing for the CFSE examination. The source, number and title of
each code or standard are given.
A few codes or standards are considered important and basic enough that all
CFSE should be familiar with them; they are marked with an asterisk (*). Copies
of these codes or standards should be obtained and studied, or covered during a
review course.
The following list indicates the KINDS of issues covered by codes and standards.
Because there are so many applicable codes and standards, it is not expected
that CFSE will memorize all their provisions. If exam problems call for details of
a code or standard, the needed information will be supplied as part of the
problem statement.
No representation is made or intended that mastery of the content of the
listed references is sufficient to assure passing the CFSE exam.
•
29 CFR 1910.119- Process Safety Management of Highly Hazardous
Chemicals (OSHA PSM)
•
40 CFR 68- Risk Management Plan (EPA)
•
API RP 14-C - Recommended Practice for Analysis, Design, Installation,
and Testing of Basic Surface Safety Systems for Offshore Production
Platforms
•
API RP 556 - Recommended Practice for Instrumentation and Control
Manuals for Refinery Service - Fired Heaters and Steam Generators
•
API RP 752 - Recommended Practice for Management of Hazards
Associated With Location of Process Plant Buildings
•
DIN VDE-0116- Electrical Equipment of Furnaces
•
EN 1050- Safety of Machinery- Principles for Risk Assessment
•
EN 292- Safety of Machinery
•
EN 60240- Safety of Machinery- Electrical equipment of machines
•
FM 7605 - Programmable Logic Controller Based Burner Management
Systems
•
IEC 60300 - Dependability Management
13
•
IEC 61131- Programmable Controllers
•
IEC 61508* - Functional Safety of Electrical/Electronic/Programmable
Electronic Safety-Related Systems
•
IEC 61511 * - Functional Safety: Safety Instrumented Systems for the
Process Industry Sector
•
IEC 62061 -Safety of Machinery
•
ISO 9000- Quality Management and Quality Assurance Standards
•
NFPA 70- National Electrical Code
•
NFPA 85- Standard for Burner Boiler Operation
•
UL 372 - Burner Control Units
•
ISA 84.01 - Application of Safety Instrumented Systems for the Process
Industries
•
ISA TR84.0.02 - Safety Instrumented Systems Safety Integrity Level
Evaluation Techniques
14
1 CFSE Exam Specification
When developing problems for actual exams, problem developers have
interpreted the specification to allow problems on a list of key topics surrounding
the safety lifecycle. This list, presented in this section, can be viewed as
expanding the exam specification in terms familiar to personnel who perform
safety lifecycle services. It should be helpful to persons wanting more precise
description of the exam, as well as candidates preparing for the exam and
groups organizing review courses.
A
Hazard and Risk Analysis
Process Hazards Analysis, HAZOP, Process FMEA, Consequence Analysis,
Likelihood Analysis, Layer of Protection Analysis, Expected Value of Loss,
Tolerable Risk Guidelines.
B.
Safety Requirements Specification
Logic Representation, Performance
Documentation Requirements.
C.
Requirements,
Design
Requirements,
Conceptual Design Issues
Probability Theory, Statistical Analysis, Confidence Levels, Failure Rates, Total
Cost of Ownership, Time Value of Money, Expected value of Loss, Reliability
Engineering, Equipment Architecture, Equipment Technology.
D.
Detailed Design Issues
Total Cost of Ownership, Time Value of Money, Sensor Selection and
Installation, PES Programming, Final Element Selection and Installation.
E.
Functional Safety Management
Safety Lifecycle, Competency of Personnel, Scheduling and Monitoring, Auditing,
Procedure Development, Documentation.
15
8 CFSE Exam Sample Problems
The following problems are examples of the problems that will typically be found
in the CFSE exam. The problems in this study guide are not expected to appear
in subsequent exams.
The example problem set contains more problems than will be asked during a
typical exam. The reason for the additional questions is to give the user of this
guide a better understanding of the potential questions that could be asked
during the exam.
The following set of problems does not conform to the specified TOV Product
Service format (which is four essay or four free-response problems, and four tenpart multiple choice problems). Instead the study guide provides a variety of
questions for every study area listed in the exam specification. Additional
problems are included for some areas to illustrate other topics that might appear
on the exam. Candidates should understand that any one CFSE exam can only
cover part of the areas of activity and knowledge contained in the exam
specification. Thus, the following problems do not necessarily cover all of the
specified areas of CFSE activity of knowledge that may appear in future CFSE
exams.
While this problem set is not in the identical format as the test, this material
should be useful in preparing for the CFSE exam.
Answers and/or solutions are given separately, in the Sample Problems
Solutions section, so that users of the study guide can review the range of
problems that are available, select problems that should be solved without being
exposed to the answers.
In the following sections, sample problems and their solutions are identified by
headings with the following format.
The heading "QUESTION" refers to the identifier that is assigned to the problem.
The identifier consists of the two-letter code that refers to the topic, and then a
sequential numeral.
The heading "TOPIC" refers to one of the divisions of the exam, as defined in the
exam specification. See the Exam Specification section for more information.
Readers are reminded that there are no restrictions on the kind of problem
used for individual areas of the exam.
16
8.1 Hazard and Risk Analysis
MULTIPLE CHOICE PROBLEMS
1. Given the event tree shown below, the frequency at which the rail car
overturn and rupture will result in a flash fire is nearest to:
Rail Car Overturns
and Ruptures
Spilled
Material
Type
Material is
Flammable
P=0.25
Source of
Ignition
Contacted
P=0.05
jYes
Outcome
Flash Fire
r.Y~e~s~-----;I~IP~=~0~.9~5--------~No~lm~np~<a~ct~-­
P=0.2
Volatile Liquid
F = 8.0 x 10-5/vear
No
P=0.75
No
Environmental
P=0.4
Non-Volatile Liquid
Environmental
P=0.4
Powder
Environmental
a) 4.0 x 10·5 /year
b) 2.0 X 10·7 /year
c) 1.2 x 10·5 /year
d) 3.8 x 1o-e /year
e) None of the answers above is correct
2. The rupture of a vessel containing 625 kg of propane is expected to result in
an explosion. Using the data shown below, the equivalent weight of TNT that
could be used to model this explosion is nearest to:
Propane Ratio of Specific Heats:
Propane Lower Explosive Limit:
Propane Upper Explosive Limit:
Propane Heat of Combustion:
TNT Heat of Combustion:
Expected Explosive Yield:
1.13
2.0%
9.5%
46,333 kJ/kg
4,437 kJ/kg
10%
a) 653 kg
b) 625 kg
17
c) 131 kg
d) 62.5 kg
e) 6 kg
3. Transportation statistics for a country in which a new rail system is being
proposed are shown below.
Based on these statistics, the average
consequence of a train derailment, in terms of fatalities is nearest to:
In 1997, (the most recent data set)
914
Train accidents occurred
689
Fatalities occurred as the result of train accidents
20,018
Injuries occurred as the result of train accidents
a) 1.33
b) 21.9
c) 0.91
d) 0.754
e) 0.034
4. A hazard is being analyzed, using the risk graph shown below, in order to
select the SIL of the SIS that is mitigating the risk. The unwanted event is
expected to cause serious injuries to several people but no fatalities. There is
a certain delay in the event occurrence, which provides a possibility of
escape. Furthermore the area of the hazard is mostly occupied. It is more
than likely that the event occurs. Based on the information provided, which
SIL should be selected?
W3
W2
Wl
Consequence Classifications
Ca ~Minor Injury
Cb- Serious Injury to one or more
persons, death to one person
Cc- Death to several people
Cd- Very many people killed
Ca
Cb
Cc
Frequency of Exposure
Classifications
Fa- Rare to more often exposure
Fb- FreQuent to permanent exposure
Cd
Possibility of A voidance
Classifications
Pa- Possible under certain
conditions
Pb - Almost impossible
a) SIL = 1
b) SIL = 2
c) SIL 3
=
18
Probability
Classifications
W 1 - A very slight
probability of
occurrence, and only a
few occurrences are
likely
W2- A slight
probability, few
occurrences are likely
W3 - A relatively high
probability that the
unwanted event will
occur, and frequent
unwanted occurrences
are likely.
d) SIL = 4
e) None of the above answers are correct
5. A hazard is expected to result in an explosion that will cause $2,000,000 in
property damage. A layer of protection analysis showed that the expected
frequency of this event is 2.1 x 10-3 /year. A SIS is being considered to
reduce the risk. The expected life of the SIS is 20 years, and the interest rate
is 8%. Assuming that the SIS can completely remove 100% of the risk of
explosion, the highest amount of money that can be cost-effectively expended
on this SIS is nearest to:
a) $41,250
b) $4200
c) $2,000,000
d) $160,000
e) $100,000
6. Before performing a Process Hazards Analysis, such as a HAZOP, the
participants in the study will need to have all of the following safety
information, except:
a) A block flow diagram or simplified process flow diagram
b) SIS internal wiring diagrams
c) Area electrical classification
d) Design codes and standards employed
e) Safe upper and lower limits for process variables such as flow,
temperature and pressure
7. A hazardous event is expected to cause an explosion whose consequence is
expected to have a probable loss of life (PLL) of 22.8. A layer of protection
analysis determined that the event is expected to occur with a frequency of
5.7 x 10-5 . The plant where this hazard exists uses an event-based tolerable
risk guideline of 1.0 x 1o-s fatalities per year as maximum tolerable individual
risk. The most appropriate SIL for a SIS to reduce the risk of this event would
be:
a) SIL = 1
b) SIL = 2
d) SIL = 4
c) SIL 3
e) A single SIF does not provide adequate risk reduction
=
8. Which of the following standardized toxic exposure criteria most accurately
represents the concentration where a person is likely to be fatally injury when
exposed for one hour.
a) IDLH
c) PEL
b) TLV-TWA
d) ERPG-3
19
e) None of the above answers are correct
9. A hazard has a consequence of $2,500,000 and the frequency of the event is
7.0 x 104 per year. The process owner is considering installing a SIS that has
a PFD of 0.1 and an annualized cost of $5,500. The benefit-to-cost ratio for
installation of the SIS is nearest to:
b) 0.45
a) 455
d) 0.03
c) 0.29
e) None of the above answers are correct
10. A hazard is being analyzed, using the hazard matrix shown below, in order to
select the SIL of the SIS that is mitigating the risk. There are no fatalities
expected as result of the unwanted event. However, the event is expected to
occur very frequently. Based on the information provided, which SIL should
be selected?
Event Likelihood
Consequence Classifications
Minor- Impact initially
limited to Ideal area
Serious- Impact causing
serious injury or fatality
Extensive - Impact that is
five times worse than serious
High
Moderate
Low
Minor
Serious Extensive
Event Severity
=
b) SIL = 2
a) SIL 1
d) SIL = 4
c) SIL = 3
e) A SIF is not required for this hazard.
20
Probability Classifications
Low- Very low probability of
occurrence within the lifetime
of the plant.
Moderate- Low probability of
occurrence within the lifetime
of the plant
High - A failure can reasonably
be expected to occur within the
expected lifetime of the plant.
SHORT RESPONSE PROBLEMS
1. SITUATION
A delivery driver pumping more material into a storage tank than the available
capacity can initiate a toxic release. The delivery driver may or may not
realize there is not enough capacity for the material that he is delivering, and
then not attempt to transfer the material. The driver may also carefully monitor
the level in the storage tank and stop the material transfer before a release
occurs.
Based on historical data, delivery drivers are requested to deliver to storage
tanks that do not have the required capacity approximately 12 times per year.
Due to a training initiative educating the drivers on the hazards of overfilling
the tank the probability that the driver will try to fill a tank that does not have
sufficient capacity is estimated at 0.02. The probability that the driver will not
detect a high level condition after he has begun transfer is estimated at 0.4.
REQUIREMENTS
Draw an event tree diagram to describe this situation and quantify the
diagram to calculate the rate at which the toxic release is expected to occur.
Calculate all of the outcomes that are possible.
2. SITUATION
A Hazards and Operability (HAZOP) type process hazards analysis was
performed on a process unit. An excerpt from that study's report is shown
below.
Guide Word
NONE
No Flow
Possible Causes
No hydrocarbon
available at
intermediate
storage
MORE OF
More Flow
Level control valve
LCV-42 fails open.
LESS OF
Less Flow
Leaking valve or
valve outlet not
blinding and
leaking.
Consequence
Loss of feed to reaction
section and reduced
output. Polymer formed
in heat exchanger under
no flow conditions.
Settling tank overfills
causing volatile toxic
liquid to be spilled
Material loss of volatile
toxic liquid.
21
Safequards
Operator response
to alarms
Recommendations
Operator response
to high level alarm,
Install SIS to close
tank inlet valve on
high level.
Existing safeguards
are adequate.
Maintenance
procedures requiring
blinding of flanges
and daily
inspections of
closed valves.
Ensure good
communication with
intermediate storage
operator.
REQUIREMENTS
Create a LOPA diagram(s) that lists the initiating event, protection layers and
outcome of the process hazard for which safety instrumented functions have
been proposed.
22
3. SITUATION
An engineer is considering installing a protective system that will open a valve
from the outlet to the suction of a high-head pump if the flow through the
pump drops below the trip point. If the pump is left operating below its low
flow limit, the pump will be destroyed. Replacing the pump involves a
replacement cost of $550,000, and the low flow condition that destroys the
pump is expected to occur with a frequency of 0.15 times per year.
A SIL 1 class protective system has a probability of failure on demand of
PFD=0.03 and an annualized cost of $3,100. Upgrading the protective system
from SIL 1 class to a SIL 2 class with a probability of failure on demand of
PFD=0.008 will increase the total annualized cost of the protective system to
$3,900.
REQUIREMENTS
Determine which system; SIL 1 Class System, SIL 2 Class System, or No
System, should be installed in this situation with the most cost-effective
installation being the design goal. Show calculations that justify your decision.
4. SITUATION
The following LOPA diagram describes a hazardous event.
INITIATING EVENT PROTECTION LAYERS
Rupture of Flexible Check Valve Fails
Hose
OUTCOMES
Chemical Spill
Chemical Spill
Rupture
OPERATES
No Event
Equipment Failure Rates:
Equipment Item
Failure Rate (per million hours)
Flexible Hose
Check Valve
0.78
5.32
Assume that both the flexible hose and the check valve have one failure
mode and that the check valve is functionally tested once every four years.
REQUIREMENTS
Quantify the frequency of the unwanted event for the situation described
above. The result should be presented in events per year.
23
APPLICATION EXERCISE PROBLEM
Reactant A
(through manhole}
r - - - - - - . T o Safe
©-------~a
Reactant B
_J
Location
.
,---·---VUc'l
i
~
Cooling Water
Supply
jorain
'----1~ Product
~
Solution
~
SITUATION:
Process:
A specialty chemical company has developed a batch process to produce a new
polymer. The process creates a solution of polymer and cyclohexane that is
withdrawn from the bottom of the pressurized, water cooling jacketed,
continuously stirred tank reactor. The vessel is charged by filling it with 250 kg of
cyclohexane and manually dumping 125 kg, or 5 bags of reactant A into the
vesseL After the vessel is charged and closed, the stirring mechanism is started
and the vessel's jacket is flooded with cooling water. After the stirring and
cooling have been established a small, metered rate of 0.5 kg/min of reactant 8
is continuously added to the solution. Reactants A and 8 combine to form the
desired product. Each batch operates for three weeks, and 5 batches are
operated per year.
Hazards:
The reaction of A and 8 is nearly instantaneous and highly exothermic. Safe
operation of this process requires that cooling water continuously be flowing
through the jacket. Hazard analysis determined that loss of cooling water could
cause a "runaway" reaction and physical explosion of the vessel. The planfs
24
safety division performed a quantitative consequence analysis of the physical
explosion of this vessel. The analysis determined that the explosion would result
in the following consequences:
•
Probable Loss of Life:
5.64 fatalities
•
Probable Injuries:
13.23 injuries
•
Expected Value of Loss:
$5,600,000
The following layers of protection were identified as a safeguard against
explosion of the vessel due to runaway reaction.
•
A rupture disk set to relieve the pressure well below the design pressure
of the vessel
•
Operator intervention to high vessel temperature, high vessel pressure
and low cooling water flow alarms
A safety instrumented system that injects a reaction-inhibiting chemical if the
vessel temperature or pressure exceeds predetermined conditions was
recommended in the process hazards analysis.
Plant and Equipment Information:
A process engineer determined the following frequencies and failure probabilities
after reviewing the history of the plant.
•
Cooling Water Pump Fails:
1/75/year
•
Rupture Disk PFD:
0.0956
•
Operator Response to Cooling Water Loss:
0.1
25
The plant uses the following table to determine tolerable frequency of an
unwanted event, based on its consequence.
Likely
Multiple
Likely
REQUIREMENTS:
1. Create a LOPA diagram that describes the situation described above.
2. Quantify the LOPA Diagram to obtain the frequency at which the
unwanted explosion is expected to occur.
3. Based on the company's tolerable risk guidelines, select the safety
integrity level for the inhibitor injection SIS.
4. Ignoring safety considerations, determine if an SIS with a Risk Reduction
Factor of 50 and an annualized cost of $2,500 be a wise investment?
Show calculations to support your conclusion.
26
8.2 Safety Requirements Specification
Safety Requirements Specification
MULTIPLE CHOICE PROBLEMS
1. A reactor is designed to withstand temperatures that are higher than normal
environment temperatures. The reactor's rating states that the maximum
allowable working temperature is 500 C. The normal operating temperature
ranges from 150 to 350 C. The trip point for a high integrity protection
system, in this case, should be closest to:
a) 345 C
b) 450
c
c) 355 C
d) 125
c
e) None of the above trip points are suitable
2. Consider the following documents. Which of the statements about the
requirement of these documents to be an input to the safety requirements
specification is most correct?
1. Hazard and Risk Analysis Report
2. Installation and Commissioning Procedures
3. Process Flow Diagrams
a) 1 and 2 are required, 3 is not
b) 2 and 3 are required, 1 is not
c) 1 and 3 are required, 2 is not
d) 2 is required, 1 and 3 are not
e) 3 is required, 1 and 2 are not
27
3. Which of the following methods are acceptable for presenting the functional
relationship between process inputs and outputs, including logic,
mathematical descriptions and any required permissives?
1. Cause-and-Effect Diagrams
2. Simple Textual Description
3. Binary Logic Diagrams, as described in standard !SA 5.2
a) 1 is acceptable, 2 and 3 are not
b) 2 is acceptable, 1 and 3 are not
c) 3 is acceptable, 1 and 2 are not
d) 1 and 3 are acceptable, 2 is not
e) All three are acceptable
4. Which of the following statements about selection of de-energize-to-trip or
energize-to-trip are true?
1. Selection of energize-to-trip or de.-energize-to-trip is specified in the
safety requirements specification
2. Since de-energize-to-trip is the only fail-safe method, energize-to-trip
methods are prohibited
3. Energize-to-trip systems can only be used in existing applications; all
new applications are required to be de-energize-to-trip.
a) 1 is acceptable, 2 and 3 are not
b) 2 is acceptable, 1 and 3 are not
c) 3 is acceptable, 1 and 2 are not
d) 1 and 3 are acceptable, 2 is not
e) All three are acceptable
5. The process safety time (i.e., the expected amount of time between detection
of an abnormal condition, and a occurrence of an unwanted event) is 5
seconds. The best choice for SIS response time requirements for this SIF is:
a) 5 seconds
b) 5 milliseconds
c) 4 seconds
d) 2.5 seconds
e) None of the above trip points are suitable
28
6. Consider the following cause-and-effect diagram. What are the actions that
will occur if the reactor pressure moves to 4 70 kPa(g)?
~
"'c
"'
-"'"'
0::
c
E
Taq#
PT-054
TT-032
FT -098
XS-011
Description
Reactor Pressure High
Reactor Temperature Hiqh
Feed A Flow High
Mixer Contactor
...J
Cii
2
2
1
1
2
u;
c
0-500
500-900
0-75
-
0
"'
~
a.
·o::
r-
::>
::::J
::>
::::J
!g
!g
>
~
rn
:::J
~
c
::::J
450 kPa(g:
750
c
m3/h
50
OFF
-
N
0
0
"'
::>
::::J
!g
~
(f)
....0
'
>
::::J
~
~
(f)
c
"' "'[!l
.Q
c
(.)
(3
0
X
X
X
X
X
X
X
X
X
X
X
(f)
"'a. 0"'a.
a) Valve UV-01 is closed
b) Valves W-01 and UV-02 are closed
c) Valves UV-01, UV-02, UV-03, and UV-04 are closed
d) Valves UV-01 and UV-02 are closed, and valves UV-03 and UV-04 are
opened
e) No action is taken
29
SHORT RESPONSE PROBLEMS
1. SITUATION
The standards require that requirements be specified for "response time
requirements for the SIS to bring the process to a safe state".
REQUIREMENTS
What considerations should be made when specifying the response time
requirements for a SIS.
2. SITUATION
Nuisance trips of the SIS impact the safety and availability of a process plant.
REQUIREMENTS
Explain the specifications for nuisance trips that are required by the
standards.
3. SITUATION
Standards require that Safety
requirements for proof test intervals.
Requirements
Specifications
define
REQUIREMENTS
Explain why proof test interval requirements are important for subsequent life
cycle steps, such as conceptual design.
4. SITUATION
The safety requirements specification is based on a number of input
documents.
REQUIREMENTS
List the documents that are inputs to the SRS.
30
5. SITUATION
A SIS for a fired heater is being designed. The following safety functions
were identified in the process hazards analysis.
Upon low heater charge flow, as measured by FT-8421, the fuel gas shutoff
valve, UV-8409 and the pilot gas shutoff valve, UV-8411, are closed. The
valve shall be closed after a 15 second delay.
Low fuel gas pressure, as measured by PSL-8401, closes the fuel gas shutoff
valve, UV-8409.
Low pilot gas pressure, as measured by PSL-8402, closes the fuel gas
shutoff valve, UV-8409 and the pilot gas shutoff valve, UV-8411.
Manual shutoff switch, US-8431, closes the fuel gas shutoff valve, UV-8409
and the pilot gas shutoff valve, UV -8411.
REQUIREMENTS
Draw a cause-and-effect diagram that inCludes all of the safety instrumented
functions listed above.
31
Safety Requirements Specification
APPLICATION EXERCISE PROBLEM
SITUATION
A pressure let down station for natural gas is described in Figure SR-3-1. The let
down station is at the end of an offshore production platform wellhead line.
Letdown Station P&ID Section
Figure SR-3-1
Air
Supply
Vent
'
rr*\
~
Pipe Pressure
Rating = 1000 psi
Pipe Pressure
Rating = 500 psi
Wellhead
A HAZOP study was performed to identify hazards present in this process
section. An excerpt of the HAZOP report is shown below.
Dev
Causes
1.0
More Pressure
1.0
Failure of control
loop PIC-01 in a
position that allows
unrestricted ftow of
gas through valve
PV-01.
Consequences
Safeguards
Recommendations
Overpressure of the
pipe segment
downstream of valve
PV-01 potentially
resulting in rupture of
the piping and
explosion/fire of the
released ftammable
material.
Operator action to
manually close PV-01
if pressure becomes
excessive.
Consider installing a
SIS that will close a
shutoff valve
upstream of the valve
PV-01 when the
pressure downstream
of the valve becomes
excessive
32
After the HAZOP was performed, a LOPA analysis was performed to determine
the SIL that is required for the high-pressure shutoff safety instrumented function
described in the HAZOP. The report yielded a requirement of SIL 1 for this
safety instrumented function.
The operational parameters of the plant are shown below.
Process Variable
Nonnal
Low
Normal
High
Transmitter
Range
Maximum
Allowable
Upstream Pressure
790 PSI
830 PSI
0-1200 PSI
1000 PSI
Downstream Pressure
250 PSI
300 PSI
0-500 PSI
500 PSI
Upstream Temperature
145 F
175 F
N/A
N/A
Gas Flow Rate
800 SCFH
950 SCFH
N/A
N/A
REQUIREMENTS
Based on the information provided in the HAZOP report excerpt, the P&ID
Diagram Section, the LOPA Analysis Report,.and operational parameters, create
a cause-and-effect diagram (or a logic diagram) for the safety requirements
specification of the safety instrumented function that is described.
33
8.3 Conceptual Design Issues
MULTIPLE CHOICE PROBLEMS
1. Solve the fault tree below. The events are not mutually exclusive. The
probability of the top event is nearest to:
P=O.l5
P=0.3
a) 0.01
b) 0.355
c) 0.025
d) 0.395
e) 0.755
2. A control valve is used in an SIS. The valve has a constant dangerous failure
rate of once in four years, and is tested on a three-year interval. The
maximum probability of failure is nearest to:
a) 3.6x10-3
b) 0.53
c) 0.3
d) 0.47
e) 0.75
3. A SIS uses pressure measurement as an input. The pressure measurement
is performed with two pressure switches. If either one of the two switches
indicates an abnormal condition, a shutdown will occur. In this case, the
switch system can be called:
a) simplex
34
b) one-out-of-two voting (1 oo2)
c) two-out-of-two voting (2oo2}
d) one-out-of-three voting (1 oo3)
e) none of the above are correct
4. The figure below is a Markov model of the failure of a temperature switch.
The '0' state is where the switch is operational, the '1' state is where the
switch has failed dangerously, and the '2' state is where the switch has failed
safely. If the dangerous failure rate is given by Ao and the safe failure rate is
given by As. The value of 'A' in the transition matrix below is most accurately
described by:
P=
~
0
I
2
0
A
Ao
1-.s
I
0
2
0
0
0
a) As -Ao
b) 1 +As+ Ao
c) (As- Ao) + 1
d) 1 -(As + Ao)
e) None of the above answers is correct.
35
5. A power supply has a probability of failure of 0.2, in any given year. An SIS
has two power supplies wired in parallel, each of which can supply the entire
load. Assuming no common cause, the probability, in any given year, that the
SIS loses power is nearest to:
a) 0.04
b) 0.2
c) 0.4
d) 0.02
e) 0.22
6. All of the following are advantages of using programmable electronic systems
in safety applications, except:
a) Capability for self-diagnostics including fault isolation.
b) Capability for performing complex calculations.
c) Inherent safe (de-energized) failure of electronic components performing
output switching.
d) Ease of making changes to system logic.
e) All of the above statements are true.
7. Rank the following redundancy schemes from lowest probability of failure on
demand to highest probability of failure on demand.
Lowest ---------Highest
a) 1oo2 - 2oo2 - 2oo3
b) 2oo2- 1oo2- 2oo3
c) 2oo3- 2oo2 -1oo2
d) 2oo2 - 2oo3 - 1oo2
e) 1oo2- 2oo3- 2oo2
8. A flow transmitter is used to sense an abnormal process condition. Two
transmitters are arranged in a one-out-of-two voting arrangement. The
transmitter has a failure rate of 'A = 0.03 failures per year, and a beta factor of
10%. The common cause failure rate is nearest to:
a) 0.006 failures /year
b) 0.027 failures /year
c) 0.003 failures /year
d) 0.3 failures /year
e) None of the above answers are correct
36
9. A safety instrumented system has an average probability of failure on
demand of 0.007. Which category of safety integrity level describes this
system?
a) Does not meet requirements for SIL = 1
b) SIL = 1
c) SIL = 2
d) SIL = 3
e) SIL = 4
10.A "smart" transmitter has a failure rate of 0.05 failures/year. The safe failures
ratio is 70%, and the diagnostic coverage of dangerous failures is 60%.
Assuming all diagnosed dangerous failures will immediately be converted to a
safe process shutdown, what is the maximum probability of failure on demand
if the transmitter is tested twice per year?
a) 0.003
b) 0.007
c) 0.004
d) 0.010
e) 0.016
11. How many levels of fault tolerance (per IEC 61508) to a dangerous fault exist
in a 1oo2 architecture?
a) 0
b) 1
c) 2
d) 1o
e) 3
12. A smart transmitter has a safe failure fraction of 86.2%. In a 1oo1
architecture, to what SIL level would the design qualify per IEC 61508?
a) 0
b) 1
c) 2
d) 3
e) 4
37
SHORT RESPONSE PROBLEMS
1. SITUATION
An SIS process variable input section is composed of three pressure
switches, arranged in 2oo3 voting. Consider common cause failures of these
devices, but assume that no diagnostics are present in the system.
REQUIREMENTS
Draw a fault tree whose top event is the failure of the SIS pressure sensor
sub-system.
2. SITUATION
Three fair dice are rolled. Consider the sum of the numbers that come up on
the three dice.
REQUIREMENTS
Determine the probability that the roll will result in 3 or 5?
3. SITUATION
When considering events and combinations of events for the purpose of
analyzing their probabilities, events are considered dependent and
independent, and groups of events are considered mutually-exclusive, not
mutually-exclusive, or complementary.
REQUIREMENTS
In terms of dependence/independence and mutual exclusivity, describe the
assumptions made about the failure of SIS components when performing
reliability analysis.
38
4. SITUATION
A certain type of transmitter is known to have a constant failure rate of 9x1 o""
failures per hour.
REQUIREMENTS
a) Calculate the MTIF of the transmitter in years.
b) Calculate the probability that a given transmitter will work for three years
without failing.
c) Calculate the probability of failure at the Mean Time To Failure.
d) Calculate the maximum design life of the transmitter such that the
reliability of the transmitter never falls below 85%.
5. SITUATION
For a gas burner to work without failure, one of two identical fans, the burner,
and the controls have to function without failure. The reliability of a fan is 0.95.
The reliability of the burner is 0.97. The reliability of the control system is 0.8.
The aforementioned reliabilities are for a period of five years. It can be
assumed that the failure of each of the listed components is independent of
any other failure.
REQUIREMENTS
Calculate the reliability of the furnace system over a five-year period.
39
APPLICATION EXCERSICE PROBLEM
SITUATION
The need for an SIS has been identified for a reactor system. The process
hazards analysis states that either high temperature or high pressure is an
indication of a potential runaway reaction that may result in an explosion. The
safety function, as defined in the safety requirements specification, is as follows:
If a high temperature or high pressure is detected, then feed flow to the
reactor should be stopped by closing the feed valve.
The safety requirements specification further states that the safety function shall
be SIL 2, and the probability of a false trip shall not exceed 0.2 in a year.
Equipment
l. 5 [hr"1]
l, D [hr"1]
cs
co
$
Temperature transmitter
0.40 X 10"6
0.80 X 10-6
0.8
0.3
800
Pressure transmitter
0.60 X 10-6
1.20 X 10·6
0.9
0.3
900
Safety PLC
1.61 X 10-6
5.36 X 10"7
0.999
0.996
6000
Valve and actuator
5.60 X 10"6
2.40 X 10·6
0.0
0.0
5000
Temperature switch
6.85 X 10-6
4.55 X 10·6
0.0
0.0
500
6
6
0.0
0.0
500
Pressure switch
6.85 X 10"
4.55 X 10"
REQUIREMENTS
Using the equipment data listed above, perform a conceptual design for the
lowest-cost, lowest-complexity system that meets the requirements listed above.
If two identical components a·re used consider a common cause factor of 0.01. A
proof test interval of 1 year should be considered. Finally it should be assumed
that dangerous detected failures will result in a safe state. To successfully
complete the problem the following items must be demonstrated.
1. Equipment Selected
2. Equipment Architecture
3. Calculations verifying that the selected architecture achieves the required SIL.
4. Calculations verifying that the selected architecture achieves the required
probability of false trip.
40
8.4 Detailed Design Issues
MULTIPLE CHOICE PROBLEMS
1. Consider the cause and effect diagram listed below:
Q)
Ol
c
0::
"'
c
Q)
E
Tag#
TSH-25
TSH-26
Description
Reactor Top Temperature Hiqh
Reactor Bottom Temperature Hiqh
ii5
~c
2
2
Disc.
Disc.
....J
~
0
:>
:::J
~
c;;
>Q)
"'
.Q
()
X
X
Assuming that the system is de-energize-to-trip and that when the input is
energized, it is logically true in the logic solver. Which function block should
be used to connect the two temperature switch inputs to the output valve?
a) AND
b) OR
c) NOR
d) NAND
e) None of the above answers are correct
41
2. Which ladder logic statement most accurately represents the following text
statement?
If input A is true and input B is not true then make output C true.
a)
b)
c)
d)
e)
HA
I '
CJ-j
B
B
HA~I
I '
c
A
42
3. A, B, and C are discrete inputs to a safety PLC, and D is an output. Which
ladder logic statement most accurately represents 2oo3 Voting of these
inputs?
a)
B
B
c
b)
A
c
HI
c) I
A
d)
c
43
HH
B
01-1
C
c
e)
c
4. A SIS actuates a shutdown with 1oo2 voting shutdown valves. The system
has a manual bypass that allows testing to be performed. Which of the
following drawings represents how this situation would be best represented
on a Piping and Instrumentation Diagram that shows both the bypass switch
and the bypass valve?
Air
Supply
Vent
(W\
~
Bypass
Switch
"
a)
Air
Supply
From SIS
Vent
(?)
~
(uV\
~"
b)
44
Air
Supply
From SIS
Logic
Solver
Vent
(uV\
~
c)
Air
Supply
Vent
(uV\
~
Bypass
Switch
d)
e) None of the above representations are correct.
45
5. A 4 - 20mA transmitter is connected to an analog input in a safety PLC. The
signal is converted to digital by a 12-bit converter and is represented by a
number from 0 to 4095. The transmitter is calibrated for a process range of
100 - 250 psi(g). A safety function trip point is to be set to 200 psi(g). The
comparison function block should have a limit set most nearly to:
a) 3275
b) 2730
c) 3000
d) 2750
e) 4210
6. What is "proven-in-use"?
a) A test technique used by manufactures to show compliance to IEC 61508
for a product.
b) A concept where a product has demonstrated acceptable safety and
reliability in a specific application and this performance is documented by
accurate records.
c) A stress testing technique used by a certification body to approve
equipment.
d) A technique used to verify functionality of operator controls and other
human machine interfaces.
e) A military term used on equipment that has been in service for more than
ten years.
7. Each individual field device shall have its own dedicated wiring to the system
Input/Output. The exceptions to this rule include
1. Multiple discrete sensors are connected in series to a single input and
the sensors all monitor the same process condition (e.g., motor
overloads).
2. Multiple final elements are connected to a single output.
3. A fieldbus based on the IEC 1158 standard is used to network multiple
field instruments.
a) All of the above statements are true, there are no special requirements
b) Statement 3 is true, 1 and 2 are false.
c) Statement 2 is true, 1 and 3 are false.
d) Statements 1 and 2 are true, 3 is false.
e) None of the above statements are true, there are no exceptions to the
rule.
46
8. Considerations when selecting relays as a logic solver in a SIS include:
a) Use of special relays that fail safe
b) Limiting of contact current to eliminate contact welding
c) The complexity of the logic
d) The need to change the logic
e) All of the above
47
SHORT RESPONSE PROBLEMS
1. Draw a ladder logic diagram that demonstrates a latching de-energize-to-trip
function.
2. Prepare a function block for this situation.
3. Detailed design involves technology selection. Potential technologies include
electromechanical relays, solid-state logic, and programmable electronic
systems.
Compare and contrast PES and Electromechanical relays, giving the
strengths and weaknesses of each. Also explain some situations where each
would be more appropriate than the other.·
4. Explain how an analog transmitter, whose output is a continuous 4-20 mA
signal, can be used in a SIS where the logic-solving portion is composed of
electromechanical relays.
48
APPLICATION EXERCISE PROBLEM
SITUATION
A Safety Requirements Specification describes the logic that a logic solver is to
execute using the following text description.
A batch reactor has two modes of operation, mix (mode 1) and "sanitize-in-place"
(SIP, mode 2). The SIP mode of operation involves injecting a disinfectant
chemical into the mixing vessel at high temperature and pressure. During SIP
mode the temperature and pressure limits are set to 100 psig and 450 degrees F.
During the other mode, the limits are set to 200 psig and 600 degrees F. The
mode is sensed by two discrete signals that equal logic 1 when the mode active.
REQUIREMENTS
Using function block diagrams, or ladder logic, write PES code that will perform
the tasks required by the Safety Requirements Specification. For each process
variable, assume mde has already been written to scan the inputs and outputs
and convert transmitter inputs to a real value in engineering units.
49
8.5 Functional Safety Management
Functional Safety Management
MULTIPLE CHOICE PROBLEMS
1. Which of the following statements about the required competency of
individuals performing safety lifecycle tasks is correct.
1. Must have a degree in engineering from an accredited university
2. Must be certified by an independent third party organization
3. The manager of the project must ascertain that the person is
competent in all phases of the safety lifecycle
a) 1 and 2 are true, 3 is false
b) 1 and 3 are true, 2 is false
c) 2 and 3 are true, 1 is false
d) 1, 2 and 3 are true
e) None of the above statements are true
2. Which of the following information items is NOT required to be maintained
throughout the lifecycle of an SIS:
1. The results of the hazard and risk analysis and related assumptions
2. Information regarding the equipment items used for safety
instrumented functions together with the function's safety requirements
3. The procedures necessary to maintain functional safety
a) 1 and 2 are required, 3 is not
b) 1 and 3 are required, 2 is not
c) 2 and 3 are required, 1 is not
d) 1, 2 and 3 are required
e) None of the information items listed above are required
50
3. Which of the following statements about the documentation required for
safety planning are true:
1. Safety Planning documentation can be included as a section in the
quality plan entitled "safety plan".
2. Safety Planning must be documented in a separate document entitled
"safety plan".
3. Safety Planning can be documented in a series of documents that may
include other company procedures or working practices, such as
corporate standards.
a) 1 and 2 are true, 3 is false
b) 1 and 3 are true, 2 is false
c) 2 is true, 1 and 3 are false
d) 1, 2 and 3 are true
e) None of the above statements are true .
4. A supplier that supplies products or services to an organization can have
overall responsibility for one or more phases of the safety lifecycle provided
that:
a) The supplier's products and/or services are certified as compliant with IEC
61508 by an independent third party.
b) The products and/or services are delivered according to specifications
provided by the purchaser, and the supplier has an appropriate quality
management system.
c) The supplier's products and/or services are certified as compliant with IEC
61508 and their work processes are certified as compliant with ISO 9001,
each by an independent third party.
d) The supplier's product is the lowest cost in a competitive bidding situation.
e) None of the above, suppliers cannot be responsible for carrying out safety
lifecycle activities, these can only be performed by the process
owner/operator.
51
5. Which of the following statements about a functional safety assessment team
are true
1. The team shall include technical, application, and operations expertise
needed for the particular application
2. The team shall include at least one senior, competent person not
involved with the design team.
3. The team shall include at least one senior, competent person from an
independent third-party organization.
a) 1 and 2 are true, 3 is false
b) 1 and 3 are true, 2 is false
c) 2 and 3 are true, 1 is false
d) 1, 2 and 3 are true
e) None of the above statements are true
6. Consider the following safety lifecycle stages
Stage 1 -
After the hazard and risk assessment has been carried out,
the required protection layers have been identified and the
safety requirements specification has been developed
Stage 2 -
After the safety instrumented system has been designed
Stage 3 -
After the installation, pre-commissioning and final validation of
the safety instrumented system has been completed and
operation and maintenance procedures have been developed
Stage 4 -
After gaining experience in operation and maintenance
Stage 5 -
After modification and prior to decommissioning of a safety
instrumented system
After which stages are functional safety assessment activities required to be
carried out?
a) After all stages
b) After stages 1, 2, 3, and 5
c) After stage 5 only
d) After stage 3 only
e) None of the above statements are true
52
7. Which of the following development and production tools are exempt from
functional safety assessment?
1. Databases of requirements
2. Compilers for SIS software development
3. SIS Logic Testing Software
a) Tools 1 and 2 are exempt, 3 is not
b) Tools 1 and 3 are exempt, 2 is not
c) Tools 2 and 3 are exempt, 1 is not
d) All of the tools, 1, 2 and 3 are exempt
e) None of the above tools are exempt from functional safety assessment
8. lEG 61511 requires that an audit of the compliance with the safety
requirements listed for an SIS be performed on what interval.
a) Twice per year
b) Once per year
c) Once every three years
d) Once every five years
e) lEG 61511 does not specify a required time interval for compliance audits
9. Which of the following tasks impacting the functional safety of a SIS does not
require a procedure to be developed to manage its implementation.
1. Modification of an existing SIS
2. Auditing of the compliance with SIS requirements
3. Tracking of SIS configurations
a) 1 and 2 are required, 3 is not
b) 1 and 3 are required, 2 is not
c) 2 and 3 are required, 1 is not
d) 1, 2 and 3 are required
e) None of the above tasks require procedures
53
Related documents
CFSE cell labeling
CFSE cell labeling
INTERNATIONAL STUDENTS’ PATHWAYS TO CAREERS THAT MAKE A DIFFERENCE
INTERNATIONAL STUDENTS’ PATHWAYS TO CAREERS THAT MAKE A DIFFERENCE
Supplementary Material Materials and Methods Generation of
Supplementary Material Materials and Methods Generation of
Download
advertisement