Scribd Logo
Upload

Welcome to Scribd!

  • Control Engineering SIL3 Needs

    Uploaded by

    Fausto Luraschi
    5 views2 pages

    Original Title

    Control Engineering SIL3 needs

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    Control Engineering SIL3 Needs

    Uploaded by

    Fausto Luraschi

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 2
    Control Engineering Asia: Printer Friendly 11.11.08 10:6 Does your safety-instrumented system really require SIL EY nt, 142008, ‘aul Gntn LAM Ergrearg ad Dare Reyna, MTL. Opn Systm Tecate “Toro safety intogriy level (SIL were described in he ANSUISA-84.00.01-1008 ‘standard. Revised standard ANSIISA 8¢ 0001-2004 (EC 6151-1 mod) now nudes ‘hehigher SIL 4. SiLsare a measure of system performance: he higher the number, ‘he beter the eafety performance, suchas ower probabil offalure on demand. What the standerd provides is a raonal,uriform way fo assess and mga risks. Properiy ‘used, the standard chanrels spending where its necessary, allowing savings ‘lsownhore. With tis in ming, why use ahighorperformanco safety ystom its not ‘ooded? ree Serene Cas ‘IL-3 logle-solver? SIL system Many end-users spect certfed fo use in SIL 3" redundantlogi solvers. There are ‘numerous, redundant, programmable ogio-solvers—cften rofrred as “satety PLCs'—hatare ceified for use up i SIL 3. However, meray using one ofthese cered logic solvers doesnot create a SL 3 system A system includes sensors and {inal elements, Many have implemented redundant ogi solves using nor-edundant {eld devices. The rsultis probably a SL. 1 systrm ar alla chain is ony as stong as ie weakest nk ‘Oniyin vary spacial cases can redundancy be avoided in tuo, SIL3 stot systoms, ‘nt input sensors, the loge solver and he nal element (or acwato) wl almost cerainiy need to be redundantina SIL design. Spectying a SIL 3 logic solver does ‘notyield a SIL3 system: and if SIL 3s not needed, why pay the enka cot? ‘Section 11.4 ofthe standard stats: *A hardware foul tolerance of means tha hare ‘are, for example, wo devices and the architecture is such hat the dangerous failure of ‘one ofthe two components or subeyetoms does not prevent the safety acton fom cccurting® Rules orhow much faut tolerance must be applied t ld instuments atany even ‘SIL level are cearydetined within te sandara's Secon 11.4.1 Note 2, see tote and below “The minimum hardware felt tolerance has been defined alleviate potntl ‘shortcomings in SI safety insrumentod function design that may result duo tothe ‘numibr of assumptions made inthe design ofthe SIF slong wth uncertainty inthe {allure ate ofcomponents or subsystems used in various process applications” In omer words, mandating a minimum ove of fault tolerance wil prevent he use of ‘uneaistcall low fiure rates. Ane a short manual ost in calculaons uses to venty hup:/ fen ceasiamag,com/printasprarticleld=1556 Pagina 1 di 2 Control Engineering Asia: Printer Friendly 11.11.08 10:6 ‘urealstcall low tallure rates. Anda shor manual tes in calculations use6t venty the pertommance ota proposed conceptual design “The standard describes cases where fault olerance equirements—cefined in the {able—may be decressed by one. also depicts cases where the numbers need io be Increased by one. Feaultclerance requirements canbe relaxed where he fold instumentis carted as having a pariculary low level of dangerous fallure modes o where there is detalee Information about he hardware, such af ‘ale rates, failure modes, and levels of internal diagrostcs. The simplifed able was included in IEC 61511 because twas {oitmost end-users would nothave such detailed information and, in many cases, eld Inseurens cried te have ow levels of dengorousfallure modes aro simply not avaiable, ‘Satistying thse requirements fo final elomant, typically valves, can be parielary problomatcand expansive. An incroased eat ntgiy lovel has a signitantimpact ‘on the number of aves required and the intalinon's complexity allow proper ‘maintenance and proo testing, Much hes been dane to improve diagnostics by lechniques suc as partial svoke testing, butte valve remains a major contibutr'o {allure probability for any top, contol or safely. ‘Ate SI.9 sytem typically requires epiate tranemiters,atiplcate (two-out of ‘tree) or 10020 (one-outof:wo wit dlagnostcs)logie-sover and eer throe valves In series, or dual valves in eres incorporating arial svoketesting—or ver frequent {ul stoke testing, which usually is notpossibe. Adding Wo SL-9 systems’ righer costs ‘are exra vansmiters, valves, and the Ike. There are also operational consiceratons ‘suchas insurance, avalabilily, maintenance, and s0.on. Compare this toa typical SIL- 2 yetom, wt a less complex loge-slver and single- or dua-ransmitorsand valves depending on tho type chosen, ‘Sensible solution ‘Vien SIL determination techniques are efectvelyutlized, St. 3 requirements should ‘be extremely ae. n many cases, tis more efectve to redesign the process tobe less is than tis o require IL-0 safely sytem SIL 2 wll fen be most applications bighest tue uirement ‘Gonera-purpote PLCs are only suitable for use in SL t applications. Tiplicato—and 10020—SI.-3 approved safely PLCs ae overdesigned and unnacossarly expensive {or SL 2, nour experience. So. iste sensible resoluton a SIL 2 solution? ‘Specivng@ SIL logic box snot ne magic key toa sate acy. Merely specying a

    You might also like