Functional safety from scratch : a practical guide to process industry applications /
Functional safety is the task of developing and implementing automatic safety systems used to manage risks in many industries where hazardous processes and machinery are used. Functional Safety from Scratch: A Practical Guide to Process Industry Applications provides a practical guide to functional...
| Main Author: | |
|---|---|
| Corporate Author: | |
| Format: | eBook |
| Language: | English |
| Published: |
Amsterdam :
Elsevier,
2023.
|
| Subjects: | |
| Online Access: | Connect to the full text of this electronic book |
Table of Contents:
- Front Cover
- Functional Safety from Scratch
- Functional Safety from Scratch
- Copyright
- Contents
- About the author
- Acknowledgements
- Abbreviations
- Glossary
- Introduction
- Which industries are covered?
- Who is the book suitable for?
- Who developed this book?
- 1
- Introduction to functional safety
- 1.1 What could possibly go wrong?
- 1.2 Hazard and risk
- 1.2.1 What is a hazard?
- 1.2.2 What is harm?
- 1.2.3 What is risk?
- 1.2.4 What is tolerable risk?
- 1.2.5 Risk management through functional safety
- 1.3 Functional safety standards: IEC 61508 and IEC 61511
- 1.3.1 Purpose of the standards
- 1.3.2 Scope of IEC 61511
- 1.3.3 Why comply with IEC 61511?
- 1.4 IEC 61511 key concepts
- 1.4.1 The functional safety lifecycle
- 1.4.2 Intrinsically safer design
- 1.4.3 The safety requirements specification (SRS)
- 1.4.4 Assuring that functional safety is achieved
- 1.4.5 Random and systematic failures
- 1.4.6 Competency
- 1.5 The structure of IEC 61511
- 1.6 The origins of IEC 61511
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 4-Answer
- References
- Further reading
- 2
- Basic terminology: SIF, SIS and SIL
- 2.1 The meaning of SIF, SIS and SIL
- 2.1.1 What is a SIF?
- 2.1.2 What is a SIS?
- 2.1.3 SIL, reliability, and integrity
- 2.1.4 What is an interlock (or trip)?
- 2.2 Anatomy of a SIF
- 2.2.1 The sensor subsystem
- Other components of the sensor subsystem
- The MooN concept for initiators
- 2.2.2 The logic solver subsystem
- 2.2.3 The final element subsystem
- Actuated valves
- Motor control circuits
- Other final elements
- Other elements of the final element subsystem
- The MooN concept for final elements
- 2.2.4 Permissives and inhibit functions
- 2.2.5 Other important aspects of a SIF
- 2.3 Development of a SIF
- 2.3.1 SIL assessment.
- 2.3.2 SIL verification
- 2.4 Failure
- 2.4.1 Failure modes
- 2.4.2 Failure rates
- 2.4.3 Hardware fault tolerance
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 3-Answer
- Question 4-Answer
- Question 5-Answer
- Question 6-Answer
- Question 7-Answer
- Question 8-Answer
- References
- 3
- Risk evaluation
- 3.1 Identifying hazardous scenarios
- 3.2 Expressing risk in numbers
- 3.3 Tolerable risk
- Defining a tolerable risk per event
- Defining a total tolerable risk per risk receptor
- 3.4 How much precision is needed?
- 3.5 The ALARP concept
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 3-Answer
- References
- 4
- Introduction to SIL assessment
- 4.1 Safety instrumented function (SIF) operating modes
- 4.1.1 What are low demand, high demand and continuous modes?
- 4.1.2 Selecting an operating mode
- 4.1.3 Formal definition of operating modes
- 4.1.4 The significance of operating modes
- Definition of SIL
- Failure rates
- SIL assessment methodology
- 4.1.5 Tips on selecting the operating mode
- 4.2 The objectives of SIL assessment
- 4.2.1 Low demand mode SIFs
- 4.2.2 High demand and continuous mode SIFs
- 4.2.3 Why not use default SIL targets?
- 4.2.4 Prevention or mitigation?
- 4.3 Identifying and documenting SIFs
- 4.3.1 Objective
- 4.3.2 Using process control narratives, interlock descriptions
- 4.3.3 Using cause &
- effect diagrams (C&
- EDs)
- 4.3.4 Using HAZOP and old SIL assessment study reports
- Should BPCS trips be included?
- 4.3.5 Using binary logic diagrams
- 4.3.6 Using interlock logic diagrams
- 4.3.7 Using piping &
- instrumentation diagrams (P&
- IDs)
- 4.4 Separating complex interlocks into SIFs
- 4.5 The double jeopardy rule
- 4.6 Independent protection layers
- 4.6.1 Pressure relief devices (PRDs).
- 4.6.2 Alarms with operator response
- 4.6.3 Control loops
- 4.6.4 Autostart of standby equipment
- 4.6.5 BPCS interlocks
- 4.6.6 Interlocks in other PLCs
- 4.6.7 Check valves
- 4.6.8 Other mechanical protective devices
- 4.6.9 Operating procedures
- 4.6.10 Spill containment
- 4.6.11 Trace heating
- 4.6.12 Backup utility supplies
- 4.6.13 Another SIF
- 4.6.14 Typical IPL credit available
- 4.6.15 Examples of insufficient independence
- 4.7 Critical common element analysis
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 3-Answer
- Question 4-Answer
- Question 5-Answer
- Question 6-Answer
- Question 7-Answer
- Question 8-Answer
- Question 9-Answer
- Question 10-Answer
- Question 11-Answer
- Question 12-Answer
- Question 13-Answer
- References
- 5
- SIL assessment methodology
- 5.1 Introduction
- 5.2 Overview of SIL assessment methods
- Features of SIL assessment common to all methods
- 5.3 Selecting initiating events
- Typical initiating events
- Determine the initiating event in sufficient detail
- Control loop malfunctions
- Failure of safeguards as initiating events
- 5.4 Assessing the likelihood of initiating events
- 5.5 Assessing the consequence severity
- 5.6 Documenting the SIL assessment study
- 5.7 Risk matrix method
- 5.7.1 Method overview
- 5.7.2 Likelihood and severity categories
- 5.7.3 The risk matrix
- 5.7.4 Calibration of the risk matrix
- 5.7.5 Handling multiple initiating events
- 5.7.6 Handling enabling conditions and conditional modifiers
- 5.7.7 Handling independent protection layers (IPLs)
- 5.7.8 Estimating the SIF demand rate
- 5.7.9 Risk matrix and ALARP
- 5.7.10 High demand and continuous mode SIFs
- 5.8 Risk Graph method
- 5.8.1 Method overview
- 5.8.2 Parameters used in Risk Graph
- 5.8.3 Risk Graph examples.
- 5.8.4 Selecting parameter categories
- Demand frequency (W parameter)
- Exposure (F parameter)
- Avoidance (P parameter)
- 5.8.5 Calibration of the Risk Graph
- 5.8.6 Handling multiple initiating events
- 5.8.7 Handling enabling conditions and conditional modifiers
- 5.8.8 Handling independent protection layers (IPLs)
- 5.8.9 Estimating the SIF demand rate
- 5.8.10 High demand and continuous mode SIFs
- 5.9 Layer of protection analysis (LOPA)
- 5.9.1 Method overview
- 5.9.2 Enabling conditions
- 5.9.3 Conditional modifiers
- 5.9.4 Handling multiple initiating events
- 5.9.5 Estimating the SIF demand rate
- 5.9.6 Example LOPA worksheet
- 5.9.7 High demand and continuous mode SIFs
- 5.10 Fault tree analysis
- 5.10.1 Method overview
- 5.10.2 Documenting Fault Tree analysis
- 5.11 Cost/benefit analysis
- 5.11.1 Introduction
- 5.11.2 Calculating the cost of the outcome
- Example
- 5.11.3 Calculating the cost of the SIF
- 5.11.4 Selecting the optimal solution
- 5.12 The SIL assessment workshop
- 5.12.1 The SIL assessment team
- 5.12.2 Overall objectives of the SIL assessment workshop
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 3-Answer
- Question 4-Answer
- Question 5-Answer
- Question 6-Answer
- Question 7-Answer
- Question 8-Answer
- Question 9-Answer
- Question 10-Answer
- Question 11-Answer
- Question 12-Answer
- Question 13-Answer
- Question 14-Answer
- Question 15-Answer
- Question 16-Answer
- Question 17-Answer
- Question 18-Answer
- References
- 6
- SIL assessment: special topics
- 6.1 Redundant initiators
- Handling redundant initiators
- 6.2 Redundant safety functions
- What determines if two SIFs are redundant?
- One SIF as backup to another
- Redundant SIFs in low risk situations
- 6.3 One SIF-two hazards
- 6.4 The IPLs vary depending on demand case.
- 6.5 The demand case is activation of another SIF
- 6.6 One SIF cascades to another
- 6.7 Initiating event involves multiple simultaneous failures
- Example 1
- Example 2
- 6.8 Permissives
- Demand frequency
- Defining physical initiators and final elements
- 6.9 Multiple sensors distributed across a wide area
- 6.10 Operator action as initiator
- 6.11 Duty and standby pumps
- Variable number of pumps running
- Duty pump switchover
- 6.12 Alarms from cascade control loops
- 6.13 Final elements are shared between the basic process control system (BPCS) and the SIS
- 6.14 Selecting primary final elements
- 6.14.1 Introduction
- 6.14.2 The safe state
- 6.14.3 Selecting primary final elements
- Exercises
- Answers
- Question 1-Answer
- Question 2-Answer
- Question 3-Answer
- Question 4-Answer
- Question 5-Answer
- Question 6-Answer
- Question 7-Answer
- Question 8-Answer
- Question 9-Answer
- Reference
- 7
- Key functional safety documents
- 7.1 The how and why of documentation
- 7.2 The functional safety management plan
- 7.2.1 Introduction
- 7.2.1 Introduction
- 7.2.2 The functional safety lifecycle
- 7.2.2 The functional safety lifecycle
- What information is needed for each lifecycle phase?
- 7.2.3 Management of change and configuration management
- 7.2.3 Management of change and configuration management
- Management of change
- Configuration management
- 7.2.4 Management requirements in the FSMP
- 7.2.4 Management requirements in the FSMP
- Overall planning
- Document management
- Competency management
- Action item management
- Contractor management
- SIL capability management
- Assurance planning
- 7.2.5 Why the FSMP is important
- 7.2.5 Why the FSMP is important
- 7.3 The Safety Requirements Specification (SRS)
- 7.3.1 Introduction
- 7.3.1 Introduction
- 7.3.2 What is the purpose of the SRS?.