FUNCTIONAL SAFETY TRAINING

03 – IEC61508 / IEC61511 STANDARDS

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 1

 SOME MAJOR DISASTERS IN CHEMICAL INDUSTRY
September
p 21,, 1921: Oppau
pp explosion
p in Germany.y 4500 tonnes of a mixture of ammonium sulfate and ammonium nitrate fertilizer
exploded at a BASF plant, killing 500–600 people and injuring about 2000 more.

1932-1968: Minamata Bay disaster, Japan, was caused by the dumping of mercury compounds. The Chisso Corporation, petrochemical
company, was found responsible for polluting the bay for 37 years. Over 3,000 people suffered various deformities, severe mercury
poisoning symptoms or death
death.

April 16, 1947: Texas City Disaster, Texas. explosion occurred aboard a docked ship. The explosion is referred to as the worst industrial
disaster in America. 578 people lost their lives and another 3,500 were injured as the blast.

1948 The
1948: Th explosion
l i off a ttank
k wagon within
ithi a BASF site
it lloaded
d d with
ith chemicals,
h i l iin Ludwigshafen,
L d i h f G
Germany, causes 207 fatalities.
f t liti

June 1, 1974: Flixborough disaster, UK. An explosion at a chemical plant kills 28 people and seriously injures another 36.

July
y 10, 1976: Seveso disaster, in Seveso, Italy,
y in a chemical manufacturing
g plant of ICMESA. 193 people in the affected areas suffered
from chloracne and other symptoms.

December 3, 1984: The Bhopal disaster in India is the largest industrial disaster on record. A faulty tank containing poisonous methyl
isocyanate leaked at a Union Carbide plant and left nearly 4,000 people dead on the first night of the gas leak and at least 15,000 later from
related illnesses
illnesses.

June 28, 1988: Auburn, Indiana, US: improper mixing of chemicals kills four workers at a local metal-plating plant in the worst confined-
space industrial accident in U.S. history; a fifth victim died two days later.

O t b 23,
October 23 1989:
1989 Phillips
Philli Di
Disaster.
t Explosion
E l i and
d fifire kill
killed
d 23 and
d iinjured
j d 314 iin Pasadena,
P d T
Texas. Registered
R i t d3 3.5
5 on th
the Richter
Ri ht scale.
l

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 2

 A CLOSER LOOK AT SEVESO ACCIDENT

July 10, 1976: in Seveso, Italy, in a chemical plant of ICMESA

Due to the
D h release
l off di
dioxins
i iinto the
h atmosphere
h 3
3,000
000 pets andd
farm animals died and, later, 70,000 animals were slaughtered to
prevent dioxins from entering the food chain
chain.

193 p
people
p suffered from chloracne and other symptoms.
y p

The disaster lead to the Seveso Directive, which was issued by

th European
the E Community
C it and
d iimposed
d muchhhharsher
h iindustrial
d ti l
regulations.

Functional Safety Training ‐ 01 Dr. Ing. Carlo Lebrun 3

 STANDARDS AS LEGAL REQUIREMENTS IN EU

These EC Directives are legal requirements for

process plants in EU:

- Seveso Directive II
- ATEX: Appareils destinés à être utilisés en ATmosphères
Explosibles
- Machinery Directive
- PED: Pressure Equipment Directive

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 4

 SEVESO DIRECTIVE REQUIREMENTS
The Seveso Directive II (9 December 1996) is aimed at the
prevention of accidents related to dangerous substances, and the
limitation of their consequences. It applies to sites where
dangerous substances stored or used.

The owner/operating company shall develop a safety report to show that:

- hazards have been identified and measures to prevent accidents and/or to
limit the consequence have been set up
- implementation,
implementation construction
construction, installation and operation of the plant is
adequately safe and reliable.

Public
P bli authorities
th iti mustt sett up iinspections
ti tto regularly
l l check
h k operation,
ti
organization and management of the plant to confirm that the user can show:
a) he has undertaken measures to prevent severe accidents
b) he has provided adequate measures to limit the results of any accident.
Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 5
 (INDIPENDENT) LAYERS OF PROTECTION
Community Emergency Response

Plant Emergency Response

MITIGATION
Mechanical Segregation & Containment

Mechanical Protection (PSV)

Safety Instrumentation Systems

C t l&M
Control Monitoring,
it i Al
Alarms

Process Design PREVENTION

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 6

 PROTECTIONS AGAINST RISK

Protections are implemented to reduce risk:

reducing frequency of exposure

and / or

reducing possible damage

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 7

 PROTECTIONS AGAINST RISK
Frequency

g
Damage Remote Rare Unlikely Possible Likely

Catastrophe Many deads 5 6 6 6 6

Major
Some deads 4 4 5 5 5
Damage
Local
Injury, 1 dead 2 4 4 5 5
Damage
Minor
Minor
Mi Injury
I j 1 1 2 3 3
Damage

Harmless No dead 0 0 0 0 0

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 8

 WHAT SYSTEMS DOES IEC 61508 COVER?

• IEC 61508 applies to safety-related

safety related systems when one or
more of such systems incorporate electrical and/or electronic
and/or programmable electronic (E/E/PE) devices.

• It covers p
possible hazards caused by
y failures.

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 9

 IEC61508 MAY APPLY TO:

• Emergency Shut-Down Systems, Fire and Gas Systems,

Burner Management System
• Crane safe-load indicators
• Emergency systems for machinery
• Medical Devices
• Dynamic Positioning (control of a ship's movement),
• Railway Signalling
• Variable Speed Motor Drives
• Automobile Indicator Lights

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 10

 IEC 61508 SCOPE IS:

• To improve in safety requirements definition

• To improve both safety performance of electrical / electronic /
programmable electronic technology
• To provide a risk-based approach for determining the required
performance of safety-related systems

FUNCTIONAL SAFETY IN SIMPLER WORDS:

q p
• Equipment failure must not become the cause of
a danger for persons or for the environment

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 11

 THE CONCEPT OF LIFECYCLE

IEC61508 applies the concept of lifecycle:

Equipment
q p functional safety
y is not an intrinsic and static
feature.
It is variable depending on all phases of a system life: design,
inspection, installation, operation, maintenance, etc.

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 12

 IEC61508 SAFETY LIFECYCLE: ANALYSIS
1 - CONCEPT

2 – SCOPE
DEFINITION

3 – HAZARD & RISK

ANALYSIS

4 – SAFETY
REQUIREMENTS

5 – SAFETY REQUIREMENTS
ALLOCATION

TO REALIZATION PHASE

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 13

 IEC61508 SAFETY LIFECYCLE: IMPLEMENTATION
FROM ANALYSIS PHASE

6 – OPERATION & 7– 8– 9 – E/E/PES 10 – REALIZATION OF SAFETY 11 – EXTERNAL RISK

MAINTENANCE VALIDATION INSTALLATION SYSTEM RELATED SYSTEMS WITH OTHER REDUCTION
PLANNING PLANNING PLANNING REALIZATION TECHNOLOGIES FACILITIES

12 – INSTALLATION &
COMMISSIONING

13 – SAFETY VALIDATION

TO OPERATION PHASE

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 14

 IEC61508 SAFETY LIFECYCLE: OPERATION

FROM IMPLEMENTATION PHASE

14 – 15 –
OPERATION & MODIFICATIONS AND
MAINTENANCE UPGRADES

16 –
DECOMMISSIONING

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 15

 IEC61508 AND OTHER SAFETY STANDARDS

IEC 61800-5-2 IEC 61508 EN/IEC 13849-1

Variable Speed Machinery
Electrical Drives

IEC 61513 EN/IEC 62061

Nuclear Industry Machinery

EN 60601 EN 50156
Medical Devices Fired Heaters

IEC 61511 EN 50128

Railway
Process
Industry

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 16

 IEC61511

This standard has been developed as a process sector implementation of

IEC 61508. It applies to a wide variety of industries including chemicals, oil
refining oil and gas production,
refining, production pulp and paper,
paper non-nuclear
non nuclear power
generation, etc.

IEC61511 gives
i requirements
i t for
f the
th specification,
ifi ti design,
d i installation,
i t ll ti
operation and maintenance of a safety instrumented system.

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 17

 IEC61508 AND IEC61511

IEC61508
commonly applies to Manufacturers

IEC61511
commonly applies to Designers, Integrators, Users, Owners

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 18

 USE OF IEC61508 AND IEC61511

HARDWARE
Development of new hardware IEC61508
Integration of IEC61508 validated hardware IEC61511
g
Integration of p
proven in use hardware IEC61511

SOFTWARE
D
Development
l t off embedded
b dd d software
ft IEC61508
Development of application software
by full variability languages IEC61508
Development of application software
by limited variability languages IEC61511

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 19

 ACTIVITIES OF NOTIFIED BODIES

- Certification of Functional Safety Management implementation, by

manufacturers designers
manufacturers, designers, integrators
integrators, end-users
end-users, etc
etc.

- Certification of Functional Safetyy Experts

p

- Support concerning understanding and interpretation of Functional

S f t Requirements
Safety R i t

- Certification of Safety Instrumented Systems (or Review /

Validation of certification by others)

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 20

 IEC61508 CERTIFICATE:
SENSOR

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 21

 IEC61508 CERTIFICATE:
ACTUATOR

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 22

 IEC61511 CERTIFICATE:
DEVELOPMENT, DESIGN
AND ENGINEERING

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 23

 http://www.ecisgroup.it/

END OF PRESENTATION

Functional Safety Training ‐ 03 Dr. Ing. Carlo Lebrun 24