Standards Certification Education & Training Publishing Conferences & Exhibits

Automation Connections ISA EXPO 2006

Control System Safety and Reliability Evaluation William M Goble

exida
Standards Certification Education & Training Publishing Conferences & Exhibits

Key Points
Safety and Reliability Evaluation is done to show how to improve, how to save money.
Eliminate weak links Identify maintenance priorities

New ISA S84.00.01-2004 (IEC 61511 Mod.) requires probabilistic evaluation

Regulatory compliance Optimal safety system design

Safety and reliability evaluation has become practical

Data sources are available Tools are available

IEC 61508 Certification provides reliability and safety via design integrity

Why do safety and reliability evaluation?

System Reliability?

The 9000 series is the most reliable computer ever made. No 9000 computer has ever made a mistake or distorted information. We are all by any practical definition of the words, foolproof and incapable of error.

Key Issues
Failure rates - HIGH STRENGTH Failure Modes Diagnostic coverage - online test capability Diagnostic coverage manual proof tests Common cause strength Software reliability

Activities
Get failure rate and failure mode data Build a model for alternative designs
Markov model? Fault Tree? Reliabiity Block Diagram?

Compare results based on objectives

Life cycle cost? Minimum capital expense? Risk reduction?

Reliability/Safety Evaluation Process

Failure Rates for each failure mode

Component Probabilities of Failure for each Failure Mode

PFDavg MTTFS PFS

System Probabilities of Failure for each Failure Mode

PFDavg

MTTFS
PFS SIL

RT
TI

Repair Times Manual Proof Test Interval

Manual Proof Test CPT Effectiveness Other

Benefits of Reliability Analysis

Higher uptime Lower risks Better product quality Lower life cycle costs Understanding system operation during failure conditions Making the right choices Meeting requirements of ISA 84.00.01-2004

Safety Life Cycle ISA S84.00.01-2004

Analysis
Conceptual Process Design Identify Potential Risks Consequence Analysis Layer of Protection Analysis Develop Non-SIS Layers Determine SIF Target SIL Document Requirements

Realization

Operation
Startup Operation Maintenance Periodic Proof Tests Modifications Decommissioning

How much safety do I need?

How much safety do I have with my design?

Yes No

Select SIS Technology Select SIS Architecture Determine Test Frequency SIS Detailed Design SIS Installation SIS Commissioning SIS Initial Validation

Modify?

How will I keep it safe?

Yes

Modify?

No

Drawing by Hal Thomas

Realization Phase - SIF Design Process

Safety Requirements Specification Functional Description of each Safety Instrumented Function, Target SIL, Mitigated Hazards, Process parameters, Logic, Bypass/Maintenance requirements, Response time, etc

7a. Select Technology 7. SIS Conceptual Design

Manufacturers Failure Data Failure Data Database

Choose sensor, logic solver and final element technology Redundancy: 1oo1,1oo2, 2oo3, 1oo2D

7b. Select Architecture 7c. Determine Test Philosophy

No

SIL Achieved? Yes

7d. Reliability, Safety Evaluation

SILs Achieved

Manufacturers Safety Manual

8. SIS Detailed Design 10. SIS Installation, Commissioning and Pre-startup Acceptance Test

Manufacturers Installation Instructions

9. Installation & Commission Planning

Detailed Design Documentation Loop Diagrams, Wiring Diagrams, Logic Diagrams, Panel Layout, PLC Programming, Installation Requirements, Commissioning Requirements, etc.

Drawing copyright 2006, exida.com LLC, Safety Lifecycle Poster, used with permission

PERD Site Specific Failure Database

AIChE CCPS Process Equipment Reliability Database Project

Mission - Operation of an Equipment Reliability Database, Making Available High Quality, Valid, and Useful Data to the HPI and CPI Enabling Analyses to Support Availability, Reliability, and Equipment Design Improvements, Maintenance Strategies, and Life Cycle Cost Determination

Failure Rate Data Harvest - PERD

CCPS Industry Database

Company 1 Database

Company 2 Database

Company n Database

Plant 1 Data

Plant 2 Data

Plant n Data

Inventory Data ID Number Tag Number

Inventory Data Event Data

Inventory Data Event Data

Event Data Maintenance Inspections Proof Testing Incidents Etc.

Modeling
Fault Trees
Solenoid A fails PF

Solenoid subsystem failure

Solenoid B fails PF

Common Cause Solenoid

Reliability Block Diagrams Markov Models

l2 l1 1 2 OK 0 l3 2 l4 3
Degraded Detected

POWER SUPPLY A POWER SUPPLY B

CONTROLLER A

CONTROLLER B

Fail-Safe

l5 1 l6
Degraded Undetected

Others

l7

FailDanger

Reliability and Safety Modeling Tools

Casspack, L&M Engineering SafeCalc, Honeywell exSILentia, exida.com SIL Solver, SIS-Tech

Others

What about Systematic Faults / Software Errors ?

Real needs Specification of requirements, design, implementation Correct Design Incorrect Design Systematic Fault Random failure
Function required or execution trajectory hits incorrectness

Well Designed System: system is correct

The system is not correct

The system has a failure

Systematic Faults
Complex Systems Reliability and SafetyREALITY?

Copyright 1997, Danjaq LLC and United Artists, from the James Bond movie Tomorrow Never Dies.

Carter: Mr. Jones, are we ready to release our new software? Jones: Yes Sir. As requested it is full of bugs which means that people will be forced to upgrade for years. Carter: Outstanding!

Systematic Fault Protection IEC 61508 Full Certification

Many instrumentation products are now IEC 61508 certified. The certification process requires a full assessment of the design and testing procedures used to create the product. The end result of the certification process is a certificate listing the SIL level for which a product is qualified. Higher SIL levels require more stringent procedures and should provide higher reliability and safety. Sometimes restrictions are listed in the safety manual and must be followed if safe operation is required.

IEC 61508 Certified Instruments

Product Type Pressure Transmitter Temperature Transmitter Flow Transmitter Level Transmitter Gas Detector Flame Detector Solenoid Pneumatic Actuator Valves

Manufacturers ABB, Rosemount, Yokogawa Rosemount, Yokogawa Micro-Motion Endress+Houser Det-Tronics Det-Tronics ASCO, Westlock, RGS Hy-Tork, El-O-Matic, Bettis Maxon, Mokveld
Free list of certified instrumentation on www.exida.com

Reliability and Safety Analysis

Many understand that these methods help us to minimize risk, optimize the design and lower cost. Remember, things do fail.

Remember things do fail!

Jack Godell, explaining: A faulty relay in the generator circuit and a a stuck valve
Copyright 1979, Columbia Pictures, from the movie The China Syndrome

Summary
Safety and Reliability Evaluation is done to show how to improve, how to save money.
Eliminate weak links Identify maintenance priorities Optimize designs

New ISA S84.00.01-2004 (IEC 61511 Mod.) requires probabilistic evaluation

Regulatory compliance Optimal safety system design

Safety and reliability evaluation has become practical

Data sources are available Tools are available

IEC 61508 Certification provides reliability and safety via design integrity

Questions and Discussion

More Information on Reliability and Safety

For more information:

ISA best sellers on automation safety and reliability
Phone: (919) 549-8411 E-mail Address: info@isa.org