Professional Documents
Culture Documents
• Functional Safety
• Good planning if specifications are not right?
• What is the difference between a normal safety and SIL3 loop?
• How do systems achieve safety?
• Layers of protection
• Are you safe if you buy a SIL3 PLC?
• Safety & non safety in one application or separate safety and non-safety
• Cyber security
2
Introduction : HIMA helps to prevent:
HIMA
SIS
3
Introduction HIMA
HIMA
Others
SIS
4
Introduction HIMA
5
Safety ?
6
Functional Safety Standards
7
Safety Integrity Level - SIL
8
SIL levels
Risk reduction
9
SIL levels
10
Functional Safety
11
Common cause does not happen?
12
Good planning if specifications are not right?
13
Good planning if specifications are not right?
14
Good planning if specifications are not right?
15
A red car with a horse
16
A red car with a horse
17
What is the difference between a normal safety and SIL3 loop?
NORMAL LOOP
18
What is the difference between a normal safety and SIL3 loop?
SIL 3 LOOP
• Redundancy requirements for sensing and final elements
Required by Tables 2 and 3 of 61508-2. Based on SFF
Safe Failure Fraction = A measure of the effectiveness of the fail safe design and/or the built-in diagnostic tests
19
What is the difference between a normal safety and SIL3 loop?
• The higher the SIL the more techniques and measures are required to
detect, control and avoid human error
• SIL 1 Typically easy to achieve using a standard QMS system with added
competence requirements
• SIL 2 requires an “advanced” system with competence management and
reliance on testing
• SIL 3 has stringent requirements governing diversity in design,
competence of a high order and stringent testing requirements
20
How do systems achieve safety?
21
How do systems achieve safety?
1oo3
22
How do systems achieve safety?
Input Input
Diag. Diagnostics
µP µP Diagnostics
A B C
Diagnostics
Diagnostics
2oo3 Voting
Diagnostics
2oo3 1oo2D
Output Output
23
How do systems achieve safety?
24
Layers of protection
mitigate
prevent
25
Layers of protection
Specific
• must be specifically designed to be capable of preventing the consequences of the
potentially hazardous event
Independent
• must be completely independent from all other protection layers
Dependable
• must be capable of acting dependably to prevent the consequence from occurring
(systematic and random faults)
Auditable
• must be tested and maintained to ensure risk reduction is continually achieved
26
Layers of protection – The 3 “ENOUGHS”
• Big Enough
• Must be big enough to cope the with the potential hazard
• Fast Enough
• Must be fast enough to sense and react to prevent the potential
• Strong Enough
• Must be able to survive all arising situations when preventing the hazardous
event.
27
Are you safe if you buy a SIL3 PLC?
• NO!!!
• Need to consider Sensing and final elements
• Need to consider Systematic Capability
This applies to the integrator of the Logic Solver – important to look at their
quality system
Apples to the installer of the Safety Integrated Functions – important to look
at their quality system
• Need to carefully consider Proof Test Intervals and Proof test coverage
Short proof test intervals should be avoided as the testing requirements
often require plant shutdown
Incorrect to assume that the proof test is perfect
This can have a profound effect on the result because we are dealing with
very small numbers
28
Safety & non safety in one application or separate
safety and non-safety
29
Safety & non safety in one application or separate
safety and non-safety
mitigate
prevent
30
Safety & non safety in one application or separate
safety and non-safety
31
Security is a foundation for safety.
World
Sys.
Cyber security
+
Risksecurity = threat * vulnerability * potential of the damage
World
Sys.
World
Safety Sys.
32
Compartmentalize.
Avoid universal
Internet
Conduit
access. Enterprise
Plant DMZ
Conduit
Control
Center
SIS BPCS
Conduit
Plant
33
Security is a process.
React
Internet
Conduit
Risk Enterprise
Detect
analysis
Plant DMZ
Protect
Conduit
Security is a process to reduce the risk Control
of damage due to external influence. Center
This process can be supported by
technical measures.
SIS BPCS
Both the IEC 61511 (safety) and the
Conduit
draft of the IEC 62 443 (security)
demand to build systems in multiple
layers of protection. (Defense in the
Depth) Plant
34
Segregation of non safe networks.
Safety-Net Field Net DCS-Net Besides the usage of VLAN HIMax offers a
complete segregation. This interference free
implementation guarantees segregated
networks even for non safe protocols.
RJ45 RJ45
35
Security is supported by HIMA Products:
36
Be reluctant to trust.
37
Always the right solution ?
38
38