You are on page 1of 62

How To Implement an ANSI/ISA 84 Compliant

Safety System

Jan N. de Breet
Technical Solutions Consultant
Yokogawa Corporation of America
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

-1-

Presenter
Jan de Breet
Technical Solutions Consultant
Safety Instrumented Systems
Yokogawa Corporation of America
o

Jan de Breet is a Senior Technical Solutions Consultant at Yokogawa Corporation


of America for safety instrumented systems solutions, based in the Sugar Land,
Texas office.

Since 1988, Jan de Breet has been working in the safety instrumented systems
industry in research and development, field service, operations, sales and
marketing.

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-2-

Introduction

Why replace a safety system?


Why ANSI/ISA 84 compliance?
ANSI/ISA 84 Overview
What does it require to comply?
Why Yokogawa - ProSafe-RS?

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-3-

Why replace a safety system?


Current Situation

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-4-

Current Situation

Aging installed base of safety systems


Old relay and pneumatic need to be replaced.
Old technologies, compatibility issues
Disappearing knowledge/experience
End of product life, no more support
High reliability leads to longer (= too long) use.
Variety of different systems through acquisition
Specialized knowledge for each brand required

Source: ARC Advisory Group - Process Safety Systems


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

-5-

Why ANSI/ISA 84 Compliance?


Good Engineering Practice

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-6-

Why ANSI/ISA 84 Compliance?

Major incidents
Liability, Insurance
Even with good personal safety management
plants are still at risk from process hazards
OSHA 29 CFR PSM 1910
Good Engineering Practice
Grandfather Clause

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-7-

Why ANSI/ISA 84 Compliance?

Grandfather Clause
"For existing SIS designed and constructed in accordance
with codes, standards, or practices prior to the issue of
this standard, the owner/operator shall determine that
the equipment is designed, maintained, inspected, tested
and operating in a safe manner.
Issue: 2004 (and 1996)
Only very basic upgrades possible, e.g. repairs
Very hard to keep up-to-date

De Facto not possible anymore


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

-8-

Why ANSI/ISA 84 Compliance?

ISA 84: The Most Widely Used Standard

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

-9-

ANSI/ISA 84
An Overview

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 10 -

ANSI/ISA 84 Overview

ANSI/ISA-84.00.01-2004
Functional Safety
Safety Instrumented Systems for the Process Industry Sector
Part 1 Describes the safety life cycle and all the requirements
that apply.
Part 2 Guidelines for the application of part 1.
Part 3 Examples of methods to determine the required safety
integrity level.
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 11 -

ANSI/ISA 84 Overview

Main Characteristics

Management of Functional Safety


Safety Life Cycle
Pipe-to-Pipe Approach
Quantitative Safety Assessment

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 12 -

ANSI/ISA 84 Overview

Management of Functional Safety


Must have a Functional Safety Management (FSM)
system in place
Specifies all management and technical activities
necessary to achieve required functional safety

Life cycle
Procedures
Competencies, Responsibilities
Verification and Validation Procedures
Auditable
Traceable

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 13 -

ANSI/ISA 84 Overview

Safety Life Cycle

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 14 -

ANSI/ISA 84 Overview

Pipe-to-Pipe Approach
Safety Instrumented Function, SIF

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 15 -

ANSI/ISA 84 Overview

Quantitative Safety Assessment

SIF

=> Risk Reduction

Expressed as Safety Integrity Level, SIL

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 16 -

ANSI/ISA 84 Life Cycle Overview

HAZARD and Risk Assessment


As Low As Reasonably Practicable (ALARP) and
tolerable risk concepts
Semi-quantitative method
The safety layer matrix method
Determination of the required safety integrity levels
a semi qualitative method: calibrated risk graph
Determination of the required safety integrity levels
a qualitative method: risk graph
Layer of protection analysis (LOPA)

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 17 -

ANSI/ISA 84 Life Cycle Overview

HAZARD and Risk Assessment


Team consists of:

Process designers
Instrumentation engineers
Safety engineers
Electrical engineers
Mechanical engineers
Operators
Maintenance engineers

Facilitator

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 18 -

ANSI/ISA 84 Life Cycle Overview

HAZARD and Risk Assessment

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 19 -

ANSI/ISA 84 Life Cycle Overview

Allocation of Safety Functions

HAZOP

Available Layers
of Protection

SIS

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 20 -

ANSI/ISA 84 Life Cycle Overview

Allocation of
Safety
Functions

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 21 -

ANSI/ISA 84 Life Cycle Overview

Safety Requirements Specifications

Description of the safety functions and SIL


I/O Assignment to SIFs
Safe state of the process (open/closed, de-/energized)
Process inputs and trip points, Process outputs and actions
Functional relationships, failure modes
Manual shutdown and reset requirements
Maintenance/bypassing requirements
Safe state Process safety time and Response time
requirements
Operator interfaces modes: start-up, steady operation,
shut down.
Foreseeable abnormal conditions
Requirements for starting-up and shutting-down
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 22 -

ANSI/ISA 84 Life Cycle Overview

Safety Requirements Specifications


References to several documents, e.g.:
C&E diagrams or Logic diagrams, describing the
functionality of the SIS
I/O lists defining all inputs and outputs to/from the SIS
Narratives
Safety philosophy
Shutdown hierarchy
Maintenance override philosophy

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 23 -

ANSI/ISA 84 Life Cycle Overview

The SIS design

Availability
System Architecture
Sensors
Final Elements
Logic Solver
Failure Modes and PFD Calculations
Design Principles
Failure Modes
Necessary calculation parameters
Proof Testing
Common Cause
Reliability Data and calculation methodology

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 24 -

ANSI/ISA 84 Life Cycle Overview

The SIS Design

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 25 -

ANSI/ISA 84 Life Cycle Overview

Application Software
ANSI/ISA 84 gives this very much attention
Many clauses to comply with
Has its own life cycles

Use a certified (IEC61508) system and


programming tools
Combine hardware and software life cycle
Describe this well in project documentation

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 26 -

ANSI/ISA 84 Life Cycle Overview

Installation, Commissioning and Validation


Installation and Commissioning
Plan this well
Document all activities
Document changes (e.g. resolving issues)

Validation (SAT)
Safety Validation Plan
Validate that the requirements in the SRS are met
Plan this well, from the start

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 27 -

ANSI/ISA 84 Life Cycle Overview

Functional Assessment
Has a hazard and risk analysis been carried out
Are the recommendations from this analysis implemented or
resolved
Are design change procedures in place and properly used
Are recommendations from earlier assessments resolved
Is the SIS designed and installed in accordance with the SRS
Are the procedures for operation, maintenance and modification
of the SIS ready
Has the validation of the SIS been done, and are all
recommendations resolved
Are the operators and maintenance engineers educated and
trained
Is there a plan for further safety assessments in place
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 28 -

ANSI/ISA 84 Life Cycle Overview

Operation, Maintenance and Repair


Collect data on

Failures
Test Results
Actual Demands
Accidents

Use data to verify assumptions made


HAZOP
SIL Calculations Failure Rates

Proof Testing
Transmitters
Valves
Logic Solvers
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 29 -

ANSI/ISA 84 Life Cycle Overview

Modification and Retrofit


MOC Procedure

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 30 -

ANSI/ISA 84 Life Cycle Overview

Modification and Retrofit Check List

HAZOP consequences.
Risk assessment consequences.
C&E diagrams changes./I/O lists changes.
SIL target effects other or modified SIF.
SRS changes
Application logic changes.
Overriding, by-pass requirements or changes.
Design documentation changes.
Commissioning Pre-Start-up and Acceptance Test
procedure(s)
SIS operating procedure(s).
SIS maintenance procedure(s).
Proof test procedure(s).
Safety validation procedures.
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 31 -

What does it require to comply?


DOs and DONTs

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 32 -

What does it require to comply?

Compliance to ANSI/ISA 84 must be full


That is the actual cost of a compliant safety system
One time expense
Lifecycle expense

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 33 -

What does it require to comply?

What is the cost of


A shutdown?
An accident?
A calamity?

What is prevention of each worth?


$
$
$

Reduce cost by the right approach


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 34 -

What does it require to comply?

Management of the safety life cycle requires


competent individuals, trained/certified
Assign personnel to FSM (1 2+)
Develop a coherent strategy from the
beginning stages of the project, include all
steps of the lifecycle.
Look for industry expertise and project
execution experience

Source: ARC Advisory Group - Process Safety Systems


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 35 -

What does it require to comply?

Replacing a safety system can mean replacing


transmitters and valves
Use certified sensors and valves

Source: ARC Advisory Group - Process Safety Systems


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 36 -

What does it require to comply?

High standards of maintenance are required.


Maintenance of safety equipment is often overlooked.

New technology offers predictive maintenance.


Safety systems require this more than control systems

Asset management systems


To prevent unwanted shutdowns
Make use of new diagnostic capabilities

Source: ARC Advisory Group - Process Safety Systems


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 37 -

DOs

Supplier selection

Look for long term support


Vendor track record
Technology roadmap
MAC approach

Hardware and Software IEC 61508 compliant


High Availability

Integrate security with safety


Source: ARC Advisory Group - Process Safety Systems
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 38 -

DONTs

Dont phase an sis upgrade


Avoid re-doing many activities

Plant on or off line during replacement?


Prepare for Off Line

Source: ARC Advisory Group - Process Safety Systems


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 39 -

Yokogawa ProSafe-RS

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 40 -

Corporate Information

March 31, 2013

Company Name

Yokogawa Electric Corporation

Founded

September 1, 1915

Total Assets

$4.4B USD

Shareholder Equity

$1.8B USD

Capital Ratio

40.5%

Sales

$4.1B USD

Operating Income

$202M USD

R&D Investment/Sales

8.2%

Number of Employees

19,437

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 41 -

Yokogawa North America Locations

Yokogawa Canada, Inc.


Calgary, Alberta

Yokogawa Corporation of America


Atlanta, Georgia

Yokogawa Corporation of America


North America Headquarters

Yokogawa de Mexico, S.A. de C.V.

Houston, Texas

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

Mexico City, DF

- 42 -

ProSafe-RS Global Market Share in Refining

Source ARC 2013

40

Refining
35

34.7

30.1

Market Shares in %

30
25.6

25
23.3
20

15

13.9

10

0
2009

2011

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

2012

- 43 -

2013

ProSafe-RS Installation Map


8772 controllers
81 countries

EUROPE
Austria (1)
Belarus (4)
Belgium (16)
Bosnia (2)
Bulgaria (3)
Croatia (1)
Cyprus (1)
Czech (2)
Denmark (1)
France (58)
Germany (32)
Greece (1)
Hungary (16)
Italy (16)
Kazakhstan (6)
Macedonia (1)
Netherlands (23)
Norway (2)
Poland (2)
Portugal (1)
Romania (5)
Russia (137)
Serbia (2)
Slovakia (14)
Spain (13)
Sweden (1)
Turkmenistan (4)
UK (19)
Ukraine (4)

As of December 31, 2014

Europe

TOTAL

Asia

1521

Middle
East

North
America

NORTH AMERICA
Canada (6)
USA (80)

projects
Africa

AFRICA
Algeria (12)
Angola (14)
Cameroun (1)
Congo (6)
Egypt (8)
Ghana (4)
Libya (3)
Morocco (3)
Namibia (2)
Nigeria (13)
Senegal (1)
South Africa (3)
Sudan (5)
Tunisia (2)

MIDDLE EAST
Bahrain (3)
Iran (32)
Iraq (9)
Jordan (1)
KSA (78)
Kuwait (7)
Oman (39)
Qatar (10)
Syria (2)
Turkey (19)
UAE (51)
Yemen (11)

South
America

SOUTH AMERICA

ASIA
Australia (32)
Bangladesh (5)
Brunei (3)
China (138)
India (122)
Indonesia (35)
Japan (76)
Korea (41)

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

Malaysia (32)
Myanmar (1)
Pakistan (5)
Philippines (3)
Singapore (28)
Taiwan (10)
Thailand (71)
Vietnam (9)

Brazil (48)
Bolivia (4)
Chile (1)
Colombia (2)
Cuba (6)
Mexico (8)
Trinidad and Tobago (2)
Venezuela (6)
on the sea (7)
N/A (4)

- 44 -

Progressive Compatibility

Progressive compatibility

2013
CENTUM VP

2001

CENTUM CS 3000 R3

1998
1993
CENTUM CS
10 MBPS
Dual
PICS
Redundant EWS
Token Pass
V net

CENTUM V

CENTUM-XL
ENGS

CFCS2 CFCD2
CFFS

HIS
HIS

HIS

AVR
FFCS

PFCS

Vnet/IP
1Gbps
Dual
Redundant

FFCS

LFCS KFCS

EOPS

1975

COPS

CENTUM CS 3000

ABC

CENTUM has kept evolving,


driving productivity and
improving plant operations
while securing consistency
and a smooth migration
path

CENTUM

F-Bus
250 KBPS
Dual
Redundant
Token Pass

1988

COPS2
COPSV

HF-Bus
1MBPS
Dual
Redundant
Token Pass

1983

ICS

2005

CFCS EFCD

CFCS CFCD
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 45 -

Standard Maintenance Phasing

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 46 -

Service and Support

Spare Parts/Lead Time


Consignment Program is available for shipping within 24hrs
Typical parts ProSafe RS parts availability is 8 weeks

Service Organization YCA


Dedicated SIS engineers dedicated for Service
Options available for on-site long term support

240 Functional Safety Engineers & Experts Worldwide


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 47 -

Yokogawa ONE CALL

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 48 -

ProSafe-RS
Highlights

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 49 -

Prosafe-RS Safety Solutions

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 50 -

PCS Connection
Modbus, Redundant or Single
- TCP/IP
- RS-485
- RS-232

Process
Control
System

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 51 -

Single or Redundant, both SIL3 (IEC61508/61511)


Single module option
Input

CPU

Output

Circuit, MPU

MPU, memory

Circuit, MPU

Circuit, MPU

MPU, memory

Circuit, MPU

Redundant module option:


- Proven redundant technology from CENTUMs architecture
- For Higher Availability
Input

CPU

Output

Circuit, MPU

MPU, memory

Circuit, MPU

Circuit, MPU

MPU, memory

Circuit, MPU

Input

CPU

Output

Circuit, MPU

MPU, memory

Circuit, MPU

Circuit, MPU

MPU, memory

Circuit, MPU

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 52 -

Security

Secure Control Communications at


the Speed of Light

Network
Topology
Control Protocol
Open Protocol
Distance
Trans. Speed

IEEE 802.3z gigabit Ethernet


Star Network
UDP/IP (V-Net/IP)
TCP/IP
100 m to 5 Km (typical) 100,000 m (maximum)

1 Gbps

100 Mbps for Ethernet NICs


Yokogawa VI-701/702 Control Firewall Interface Card (NIC)

Yokogawa manufactured
Encryption, random changing keys, bandwidth partitioning.

Time synchronized to 1 ms
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 53 -

Vnet/IP Data Network Security


Achilles Controller Level One+ certification tests the security and
reliability of a controller. The controller must pass all of the 30
million+ tests to achieve the certification.

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 54 -

Remote I/O
CPU Rack

31 mi
Fiber Optic Cable

Remote I/O Rack


SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 55 -

Racks and Modules


I/O Modules

To Field Termination Board

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 56 -

Terminal Boards
Analog (I & O)

Digital (I & O)

Relay Board

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 57 -

Cabinet - Termination Example

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 58 -

Cabinet - Termination Example

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 59 -

I/O Modules
Analog In
SAI143
SAV144
SAT145

16 ch.
16 ch.
16 ch.

SAR145

16 ch.

Digital In
SDV144

16 ch.

24Vdc, 1 msec SOE. Line monitoring.

Digital Out
SDV541
SDV531
SDV521
SDV526
SDV53A

16 ch.
8 ch.
4 ch.
4 ch.
8 ch.

24Vdc, 0.2 A, each channel. +20%/-10% Field Supply


24Vdc, 0.6 A, each channel. +20%/-10% Field Supply
24Vdc, 2.0 A, each channel. +20%/-10% Field Supply
100-120Vac, 0.5 A, each channel. +10%/-15%
48Vdc, 0.6 A, each channel. +20%/-10% Field Supply

Analog Out
SAI533

8 ch.

4 -20mA 2/4 wire configurable per channel.


1-10V/1-5V configurable per channel.
TC; Type J, K, E, T, S, R, N, B
mV; -100mV150mV, -2080mV, -525mV
Pt50, Pt100, Pt200, Pt500, Pt1000
Ni100, Ni120

4 20mA.

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 60 -

Thank you for your attention

Jan N. de Breet
Technical Solutions Consultant
Yokogawa Corporation of America
info@us.yokogawa.com
1-800-449-2637

SIS ISA84 Compliance


Copyright Yokogawa Electric Corporation
January 27th, 2015

- 61 -

Thank You
SIS ISA84 Compliance
Copyright Yokogawa Electric Corporation
January 27th, 2015

- 62 -