You are on page 1of 108

Safety Instruments Systems New Emergency Shutdown Approach

Safety Instrumented Systems
Introduction to Safety Instrumented Systems (SIS) Hazards, Risks & their analysis Failures & Reliability Safety Systems Engineering Safety Integrity Level SIS Standards Safety Control System Typical SIS Solution
ENG. HAMDY NABAWY 2

INTRODUCTION

ENG. HAMDY NABAWY

3

Introduction
Working Definition of a Process What Is Measurement and Control?

ENG. HAMDY NABAWY

4

Working Definition of a Process

A process is anything that changes

ENG. HAMDY NABAWY

5

Process level control (Example)

ENG. HAMDY NABAWY

6

Open loop control

ENG. HAMDY NABAWY

7

Closed Loop control

ENG. HAMDY NABAWY

8

ENG. HAMDY NABAWY

9

What Is Measurement and Control? Measurement and control is the brain and nervous system of any modern plant Measurement and control systems monitor and regulate processes

ENG. HAMDY NABAWY

10

automation
A system or method in which many or all of the processes of production, movement, and inspection of parts and materials are automatically performed or controlled by selfoperating machinery, electronic devices, and so on.
ENG. HAMDY NABAWY 11

Instrument
Any of various devices for indicating or measuring conditions, performance, position, direction, and the like, or sometimes for controlling operations.

ENG. HAMDY NABAWY

12

measurement
Extent, quantity, or size as determined by measuring.

ENG. HAMDY NABAWY

13

Types of Control

Continuous Control Sequential Batch

ENG. HAMDY NABAWY

14

Control system structure

ENG. HAMDY NABAWY

15

Control system structure

ENG. HAMDY NABAWY

16

Control system structure

ENG. HAMDY NABAWY

17

Centralized Control

ENG. HAMDY NABAWY

18

Distributed Control

ENG. HAMDY NABAWY

19

Distributed control system levels

ENG. HAMDY NABAWY

20

(1) Introduction to Safety Instrumented Systems

INTRODUCTION
Emergency Shutdown system (ESD) defined as: Instrumentation and controls that are installed for the purpose of taking the process, or specific equipment in the process, to a safe state

ENG. HAMDY NABAWY

22

Emergency shutdown systems may include electrical, electronic, pneumatic, mechanical, and hydraulic systems

ENG. HAMDY NABAWY

23

INTRODUCTION
Safety interlock system, safety instrumented system, safety shutdown system, emergency shutdown system, protective instrument system the assorted names go on and on!

ENG. HAMDY NABAWY

24

What is a Safety Instrumented System (SIS)?
System comprised of sensors, logic solvers, and final control elements for the purpose of taking a process to a safe state when predetermined conditions are violated.
ENG. HAMDY NABAWY 25

An SIS is designed to:
respond to conditions in the plant which may be hazardous in themselves or, if no action was taken, could eventually give rise to a hazard, and to respond to these conditions by taking defined actions that either prevent the hazard or mitigate the hazard consequences.

Input ---- Logic Solver ---- Output
ENG. HAMDY NABAWY 26

Examples of Safety Instrumented Systems
High fuel gas pressure furnace initiates shutdown of main fuel gas valves. High reactor temperature initiates fail open action of coolant valve. High column pressure initiates fail open action of pressure vent valve

ENG. HAMDY NABAWY

27

Process Control: Active/Dynamic
Need to Make (and Ease in Making) Frequent Changes

Safety Control. Passive/Dormant

ENG. HAMDY NABAWY

28

BPCS and SIS
Within the control system, the safety protection equipment is frequently separated from the control equipment The control equipment is called the basic process control system (BPCS), and the protection equipment is called the safety instrumented system (SIS)

ENG. HAMDY NABAWY

29

The BPCS reads process sensors, does control and sequencing calculations, and commands actuation devices (typically valves or motors) The SIS reads sensors, does calculation and logic required to identify potentially dangerous conditions, and generates outputs to actuators designed to mitigate the dangerous situation An SIS may protect personnel, equipment, the environment, or any combination of the three
ENG. HAMDY NABAWY 30

BPCS and SIS

Safety Instrumented System (SIS)
Inputs Outputs

Basic Process Control System (BPCS)
Inputs Outputs

PT 1A

PT 1B I/P

FT

Reactor

ENG. HAMDY NABAWY

31

ENG. HAMDY NABAWY

32

All domestic and international standards, guidelines, and recommended practices, however, clearly recommend the separation of the two systems.

ENG. HAMDY NABAWY

33

Failure Mode Comparison of BPCS and SIS

ENG. HAMDY NABAWY

34

SIS Operating Conditions

ENG. HAMDY NABAWY

35

SIS Engineering Requirements
Design to fail-safe Design diagnostics to automatically detect fail-danger Design manual test procedures to detect fail-danger Design to meet international and local standards
ENG. HAMDY NABAWY 36

(2) Hazards, Risks & their analysis

Risks are everywhere

Hazard
Hazard is an inherent physical or chemical characteristic that has the potential for causing harm to people, property, or the environment.

ENG. HAMDY NABAWY

39

Risk is usually defined as
the combination of the severity and probability of an event.

ENG. HAMDY NABAWY

40

RISK
More realistically, risk can be categorized as being either negligible, tolerable or unacceptable. The foundation for any modern safety system, then, is to reduce risk to an acceptable or tolerable level. safety can be defined as freedom from unacceptable risk. RISK = HAZARD FREQUENCY x HAZARD CONSEQUENCE

ENG. HAMDY NABAWY

41

Safety Methods employed to protect against or mitigate harm/damage to personnel, plant and the environment, & reduce risk include:
Changing the process or engineering design Increasing mechanical integrity of the system Improving the Basic Process Control System (BPCS) Developing detailed training and operational procedures Increasing the frequency of testing of critical system components Using a safety Instrumented System (SIS) / ESD Installing mitigating equipment
ENG. HAMDY NABAWY 42

Reducing risk with multiple protection layers

ENG. HAMDY NABAWY

43

Basics of Safety and Layers of Protection

Safety is provided by layers of protection. These layers start with safe and effective process control, extend to manual and automatic prevention layers, and continue with layers to mitigate the consequences of an event.
ENG. HAMDY NABAWY 44

ENG. HAMDY NABAWY

45

Layered Protection
Prevention Layer :
1- Process Design: The Basic Process Control System (BPCS) provides safety through proper design of process control. This level consists of basic controls, alarms, and operator supervision. 2- Critical Alarms: This layer of protection provides critical alarms which alert operators to a condition that a measurement has exceeded its specified limits and may require intervention. 3- Automatic SIS/ESD: The SIS operates independently of the BPCS to provide safety rather than process control. The SIS performs shutdown actions when previous layers cannot resolve an emergency. 4- Relief Devices: This active protection layer employs valves, pressure relief devices, or a flare system (if combustibles are present) to prevent a rupture, spill or other uncontrolled release.
ENG. HAMDY NABAWY 46

Layered Protection
Mitigation layer
5-Plant Response: This passive protection layer consists containment barriers for fire or explosions as well as procedures for evacuation. (Some models combine this and the next layer into one mitigation layer. ) 6-Community Response: The final (outermost) level of protection is the emergency response action taken by the community and consists of fire fighting and other emergency services According to IEC standards,
ENG. HAMDY NABAWY 47

the methods that provide layers of protection should be: Independent Reliable Auditable Risk-specific in design. The IEC definition of protective layers is rigorous because it supports the use of safety layers in the determination of Safety Integrity Level Overall safety is determined by how these layers work together.
ENG. HAMDY NABAWY 48

Layered Protection.

ENG. HAMDY NABAWY

49

Layered Protection

ENG. HAMDY NABAWY

50

(3) Failures & Reliability

Random versus Systematic Failures

ENG. HAMDY NABAWY

53

Failure Modes

ENG. HAMDY NABAWY

54

Reliability Modeling Issues
PFDavg1oo1 = (lDU x TI) / 2 Where, PFDavg Probability of Failure on Demand Average lDU Failure Rate Dangerous Undetected TI Test Interval

ENG. HAMDY NABAWY

55

Failure Modes
De-Energize-To-Trip Versus Energize-To-Trip Failure Modes
# 1 Failure Mode
Open Circuit Cut Wire associated with BSH-201 or UA-203

De-Energize-ToTrip
Safe Detected Failure

Energize-To-Trip

Dangerous Undetected Failure

2

Logic Solver Output stuck OFF

Safe Detected Failure

Dangerous Undetected Failure

3

Logic Solver Output stuck ON

Dangerous Undetected Failure

Safe or Dangerous Detected Failure

ENG. HAMDY NABAWY

56

The Impact of Redundancy

ENG. HAMDY NABAWY

58

(4) Safety Systems Engineering

Safety systems engineering (SSE) comprises all the activities associated with the specification and design of systems to perform safety functions

Safety Lifecycle (SLC)
The Safety Lifecycle (SLC) is an engineering process that contains all the steps needed to achieve high levels of functional safety during conception, design, operation, and maintenance of instrumentation systems.

ENG. HAMDY NABAWY

63

Safety Lifecycle Model
Divided into three phases
Analysis Phase - the problem is identified and assessed Realization Phase the problem is solved and verified Operational Phase the solution is put into use

ENG. HAMDY NABAWY

64

Simplified Safety Lifecycle Diagram

ENG. HAMDY NABAWY

65

Planning Front End Engineering

Management of Change

Safety Lifecycle
Engineering Design

Operations & Maintenance Commissioning

ENG. HAMDY NABAWY

66

ENG. HAMDY NABAWY

67

Safety Lifecycle Phases

ENG. HAMDY NABAWY

68

(5) Safety Integrity Level SIL

Safety Function Definition
Function to be implemented by a SIS, ,which is intended to achieve or maintain a safe state for the process, with respect to a specific hazardous event
BSH 201 Logic Solver

UA 203

ENG. HAMDY NABAWY

70

Safety Instrumented Function
A Safety Instrumented Function (SIF) is a safety function with a specified Safety Integrity Level which is implemented by a SIS in order to achieve or maintain a safe state.

ENG. HAMDY NABAWY

71

Examples of potential safety instrumented functions
Close outlet valve in a separation unit to prevent high pressure from going downstream, which might result in vessel rupture and explosion. Cut off fuel flow in an industrial burner when fuel pressure is too low to sustain combustion, which might result in flameout and possible explosion due to fuel buildup in the combustion chamber. Open coolant flow valve to prevent column rupture due to over temperature.
ENG. HAMDY NABAWY 72

Examples of potential safety instrumented functions
Close connection valve to isolate reactants to prevent unit overpressure when reverse flow detected. Close valve to stop material flow into a tank to prevent spillage if high level is detected, which might result in environmental damage. Open sprinkler valve when a flame is detected in order to reduce the size of a fire.
ENG. HAMDY NABAWY 73

SIS & SIF Relationship
SIF (A) SIL I SIF (B) SIL II
LT15, PT20, FT4

FV43, FV 4 XV 13, XV 14

SIF (A) SIL I SIF (B) SIL II

IT38A PT37A IT38A PT37A

Logic Solver 1

XV 11, XV 12 XV 9

SIF (C) SIL III
XV 10

SIF (C) SIL III

PT39A PT31A PT31B PT39B

Logic Solver N

SIS
ENG. HAMDY NABAWY 74

Equipment Used in a SIF
Consider the example of a safety instrumented function to protect against vessel rupture due to overpressure.
When high pressure above the trip point is detected, the function will do three things:

ENG. HAMDY NABAWY

75

1. It will close a valve to stop material flow into a process unit. 2. It will turn off the pump used for this material. 3. It will close an outlet isolation valve to isolate the unit from the remainder of the plant.
ENG. HAMDY NABAWY 76

Safety Integrity Level
The safety integrity level (SIL) defines the level of performance that is needed to achieve a safety objective

ENG. HAMDY NABAWY

77

Safety Integrity Level
One of three possible discrete integrity levels (SIL 1, SIL 2, SIL 3) of Safety Instrumented Systems SIL s are defined in terms of Probability of Failure on Demand (PFD)
Safety Availability = 1-PFDavg Risk Reduction Factor = 1/PFDavg
ENG. HAMDY NABAWY 78

ENG. HAMDY NABAWY

79

ENG. HAMDY NABAWY

80

ENG. HAMDY NABAWY

81

ENG. HAMDY NABAWY

82

ENG. HAMDY NABAWY

83

ENG. HAMDY NABAWY

84

ENG. HAMDY NABAWY

85

(6) SIS Standards

Evolution of functional safety standards

Standard lEC 61508

Framework of lEC 61508 relevant to SLC

Standard ANSI/ISA S84.01 (USA) 1996

(7) SAFETY CONTROL SYSTEM

Typical SIS elements

ENG. HAMDY NABAWY

93

Logic Systems
Pneumatic systems Relay systems Solid state systems Software-based systems

ENG. HAMDY NABAWY

94

Field Devices
Sensors Final Elements

ENG. HAMDY NABAWY

95

Majority voting logic

ENG. HAMDY NABAWY

96

Typical Solid-state System

Simplified diagram for a programmable controller system

PLC languages

(8) Typical SIS Solutions

Breakdown of SIF Components

ENG. HAMDY NABAWY

102

SIL1 Safety Instrumented Function

ENG. HAMDY NABAWY

103

Process Application

ENG. HAMDY NABAWY

104

SIL1 Case 1 - Pressure Switch, Relay Logic, Solenoid Valve, and Trip Valve

ENG. HAMDY NABAWY

106

EMERGENCY POWER SYSTEMS
Pneumatic System Hydraulic System Electrical System

END

ENG. HAMDY NABAWY

108