Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
HAZOP
Directives (EU)
Functional Safety
Seveso II Directive
Aim
This Directive is aimed at the prevention of major accidents which
involve dangerous substances, and the limitation of their
consequences for man and the environment, with a view to ensuring
high levels of protection throughout the Community in a consistent
and effective manner.
MOL Plc.
Functional Safety
MOL Plc.
Functional Safety
Standards
Agnetha Fltskog
MOL Plc.
Functional Safety
MOL Plc.
Functional Safety
Safety standards
Safety Standards
Functional Standards
e.g. BMS:
IEC 61508
Manufacturers safeguarding
equipment (sub-systems) for
all industrial sectors (except from
the nuclear industry)
IEC 61511
End-users
&
System
integrators
in the
Process
industry
Burner
Manager
Systems:
Other sector
specific
Standard
e.g. EN 61513:
For nuclear
power plants
MOL Plc.
EN 676
EN 12952-8
EN 746-1
EN 746-2
EN 298
EN 1643
EN 230
EN 50156-1
Functional Safety
Functional Safety
MOL Plc.
Automatic burner control systems for burners and appliances burning gaseous or liquid fuel
Valve proving systems for automatic shut-off valves for gas burners and gas appliances
Pressure sensing devices for gas burners and gas burning appliances
Automatic shut-off valves for gas burners and gas appliances
Gas/air ratio controls for gas burners and gas burning appliances. Electronic types
Functional Safety
MOL Plc.
10
Functional Safety
EN 61511-1, 2, 3
Functional safety Safety instrumented
systems for the process industry sector
Part 1 : Framework, definitions, system, hardware
and software requirements
Normative
MOL Plc.
11
Functional Safety
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
12
Functional Safety
9. Verification
2. Allocation of safety
functions to
protection layers
10. Management Of functional safety and functional safety Assessment and auditing
2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
13
Functional Safety
9. Verification
Activities:
To determine the hazards of the process, the
sequence of events leading to the hazardous
event, the requirements for risk reduction and
the safety functions required to achieve the
necessary risk reduction
Allocation of safety functions to protection
layers and for each safety instrumented
function, the associated safety integrity level
Safety Requirements Specification (SRS):
To specify the requirements for each SIS, in
terms of the required safety instrumented
functions and their associated safety integrity,
in order to achieve the required functional
safety
10. Management Of functional safety and functional safety Assessment and auditing
2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
14
Functional Safety
9. Verification
Activities:
To design the SIS to meet the requirements
for safety instrumented functions (SIF) and
safety integrity (SIL). Design of the SIS in
conformance with the SIS safety
requirements specification (SRS)
SIS installation: Fully functioning SIS in
conformance with the SIS design results of
SIS integration tests (FAT, SAT)
To validate that the SIS meets in all respects
the requirements for safety in terms of the
required safety instrumented functions
(SIF) and the required safety integrity level
(SIL)
10. Management Of functional safety and functional safety Assessment and auditing
2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
15
Functional Safety
9. Verification
Activities:
To ensure that the functional safety of the
SIS is maintained during operation and
maintenance (Test.TestTest)
To make corrections, enhancements or
adaptations to the SIS, ensuring that the
required safety integrity level is achieved
and maintained (MoC: Management of
Change)
10. Management Of functional safety and functional safety Assessment and auditing
2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
16
Functional Safety
9. Verification
Activities:
To test and evaluate the outputs of a given
phase to ensure correctness and
consistency with respect to the products
and standards provided as input to that
phase
10. Management Of functional safety and functional safety Assessment and auditing
R
R
HR
HR
HR
HR
HR
Audit
Demonstratio
n
HR
HR
HR
HR
3. Safety
requirements
specification for SIS
HR
R
R
4. Design and
engineering of
SIS
Responsibility
I
P/R
I
P/R
P/R
L / V*
P/R
I
FSA
NR: Not recommended, R: Recommended, HR: Highly recommended, L: Lead, P: Participate, R: Review, A:
Approval, I: Inform, V: Verify, FSA: Functional Safety Assessment
MOL Plc.
17
Functional Safety
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
HR
HR
HR
HR
HR
10. Management Of functional safety and functional safety Assessment and auditing
Name / Company
MOL Co.
MOL Co.
OTF
Haldor Topsoe
OLAJTERV
PROCOPLAN
MOL Co. Refinery
OLAJTERV / YEW / PCP
YOKOGAWA
OTF
PETROSZOLG
SIL4S
HR
HR
HR
HR
HR
HR
9. Verification
Description of Responsible
Customer / End-user
HSE Representative
Main Contactor
Process Designer / Licensor
Process Designer
Functional Safety Engineer / SIS specialist
Plant Operation
SIS Detail Designer
SIS Vendor
SIS Installer
SIS Maintenance
Functional Safety Assessor
HR
HR
HR
Test
Simulation
Inspection
HR
HR
HR
HR
HR
HR
HR
HR
HR
HR
HR
HR
HR
HR
Analysis
Checklist
Review
2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
18
Functional Safety
9. Verification
Activities:
To ensure that the functional safety of the
SIS is maintained during operation and
maintenance (Test.TestTest)
To make corrections, enhancements or
adaptations to the SIS, ensuring that the
required safety integrity level is achieved
and maintained (MoC: Management of
Change)
10. Management Of functional safety and functional safety Assessment and auditing
Process Designer /
Licensor:
Haldor Topsoe
Process Designer:
OLAJTERV Co.
SIS vendor:
YOKOGAWA
Realization
Phase
PHA / FS Engineering:
ProCoPlan Ltd.
Detail Designer:
OLAJTERV Co.
SIS
Design
PHA / SRS
Analysis
Phase
Operation
Phase
SIS maintenance:
PETROSZOLG Ltd.
4. Design and
engineering of
SIS
Operation/
Maintenanc
e
Installation /
Commissioning
3. Safety
requirements
specification for SIS
Design and
development of other
means of
risk reduction
5. Installation,
commissioning
and validation
6. Operation and
maintenance
7. SIS modification
8. Decommission
MOL Plc.
19
Functional Safety
Functional Safety
Assessor:
SIL4S Ltd.
10. Management Of functional safety and functional safety Assessment and auditing
Main Contactor:
OTF
9. Verification
Customer / End-User:
MOL Co.
Functional
Safety
Management
Safety Book
Management Of
functional safety
Hazard and risk
assessment
(H&RA)
Allocation of safety
functions to
protection layers
Safety requirements
specification for SIS
Safety Plan
Responsibility Matrix
Operation and
maintenance
HAZOP report
LOPA report (preliminary)
PFD, P&ID + IPL, SIF-el
SIS modification
SIS
decommissioning
LOPA report
SIS C-E Matrix
Trip-diagram
Safety Requirements
Specification(SRS)
SIF components specifications
Detail design of SIS
Operation Manual
Maintenance Manual
Test protocol
Application software design
FAT/SAT protocol
Validation Plan
Design and
engineering of
SIS
Installation,
commissioning
and validation
FAT/SAT report
Validation plan
As built plans
MOL Plc.
20
Test report
HSE report
Functional Safety
Abbreviation
BPCS:
DC:
DCS:
EUC:
H&RA:
LS:
MooN:
MOS:
MTTF:
MTTR:
MTBF:
PFDavg:
S(I)F:
SIL:
SIS:
SFF:
SLC:
SRS:
RR(F):
MOL Plc.
21
Functional Safety
Definitions
MOL Plc.
22
Functional Safety
Risk
Safety integrity of protection layers shall meet the
required risk reduction!
Concequency
of hazardous
event
Non SIS
risk
reduction
(BPCS)
SIS Safety
Instrumented
System
Frequency
Frequency of
hazardous
event
MOL Plc.
Other
safety
system
23
Functional Safety
Tolerable
risk
Hazard
Class
Major
Unacceptably
high risks!
Medium
Minor
Acceptably
low risks!
LOW
MOL Plc.
MEDIUM
24
HIGH
Functional Safety
Frequency
of occurrence
Hazard
Class
Major
PL3
PL1
Medium
PL4
PL2
Minor
LOW
MOL Plc.
MEDIUM
25
HIGH
Functional Safety
Frequency
of occurrence
Major
ML
1
ML
2
Medium
ML
3
Mitigation
Hazard
Class
ML
4
Minor
LOW
MOL Plc.
MEDIUM
26
HIGH
Functional Safety
Frequency
of occurrence
Major
PL2
PL1
Medium
Mitigation
Hazard
Class
ML1
ML3
Minor
LOW
MOL Plc.
MEDIUM
27
HIGH
Functional Safety
Frequency
of occurrence
Tolerable risk
Risk cannot be justified
except in extraordinary
circumstances
Intolerable region
The ALARP or
tolerability region
ALARP:
(Risk is undertaken
only if a benefit is
desired)
It is necessary to maintain
assurance that risk remains at
this level
Negligible risk
MOL Plc.
28
Functional Safety
ALARP process
1. Identify & assess hazards
2. Confirm minimum acceptance criteria are
met
3. Identify complete range of possible
risk reduction measures
4. Implement each measure unless proven to
be not reasonably practicable
MOL Plc.
29
Functional Safety
Typical Risk
Risk
5*10-2
10-2
R > 10-3
1. 3*10-4
10-4
10-4-10-3
1*10-4
10-5-10-4
10-5
10-6-10-5
R < 10-6
10-7-10-6
MOL Plc.
Description
Risk of Smoking
Risk of average illness
Not acceptable
Road accident
ALARP
Work accident (mining)
Average work accident
Work accident (Refinery)
ALARP
Work accident (light industry)
Acceptable by average individual
Risk of lighting
30
Functional Safety
Individual Risk (IR): Individual risk is the annual risk of death or serious
injury to which specific individual are exposed in a given location. (the
risk to a person in a vicinity of a hazard) Individual risk criteria are
intended to show that workers or members of the public are not exposed
to excessive risk. They are largely independent of the number of people
exposed and hence may be applied to a broad range of activities.
Social Risk (SR): Part of the population likely to be victims as a
consequence of an accident and the associated frequency
IR
IR
I
I
Risk source
Risk source
LAH
1
LAH
1
IRa = IRb
SRa < SRb
IR
MOL Plc.
31
Functional Safety
IR
Design
intent
Not acceptable
1.0E-4
1.0E-5
ALARP
1.0E-6
Acceptable
1.0E-7
1.0E-8
MOL Plc.
32
Functional Safety
1.0E-2
F<(10-5xN-2)
(10-5xN-2)< F<(10-3xN-2)
1.0E-3
F>(10-3xN-2)
1.0E-4
Not acceptable
1.0E-5
ALARP
1.0E-6
1.0E-7
1.0E-8
1.0E-9
Acceptable
1
10
100
1000
33
Functional Safety
10000
Protection Layers
Risk
Initial risk without
protection
Risk reduction by
BPCS (DCS)
Risk reduction by
Alarm & operators
response
Risk reduction by
SIS
Acceptable risk
Risk reduction by
Mechanical protection
Other risk reduction
Residual Risk
Protection Layers
IPL1
MOL Plc.
IPL2
IPL3
34
IPL4
IPL5
Functional Safety
IPL6
Layers of protection
COMMUNITY EMERGENCY REPSONSE
PLANT EMERGENCY REPSONSE
PROCESS
DESIGN
LAH
1
MOL Plc.
35
Functional Safety
SIS (ESD)
PHISICAL PROTECTION
PROCESS DESIGN
HAZARDOUS EVENT
ACCIDENT
LAH
1
MITIGATION
PREVENTION
INIT.
EVENT 1
PROTECTION LAYERS
PL
1A
INIT. EVENT
2
INITEVENT 3
PL
1B
PL
2B
PL
3A
PL
1C
ML1
PL
1D
HAZARDOUS
EVENT
PL
2C
PL
3C
CONSEQUENCE 1
CONSEQUENCE 2
CONSEQUENCE 3
CONSEQUENCE 4
PL
3D
ML2
36
Functional Safety
TYPE OF RISK
CENSEQUENCY
FOR PERSON
ENVIROMENT ACCIDENT
CONSEQUENCE FOR
POPULATION
CAUSE
SYSTEM
INCIDENT
(FAILURE)
CONSEQUENCY FOR
ENVIROMENT
HAZARD
CONSEQUENCY FOR
ECONOMY
MOL Plc.
37
Functional Safety
HAZARD
HAZARD:
ENERGY OF POSITION
PROTECTION
INCIDENT
GRAVITY
ACCIDENT
RISK
REDUCTION
MOL Plc.
38
Functional Safety
Major accident 1.
On March 23, 2005, a hydrocarbon vapour cloud explosion occurred at the
ISOM isomerization process unit at BP's Texas City refinery in Texas City,
Texas, killing 15 workers and injuring more than 170 others
MOL Plc.
39
Functional Safety
Major accident 2.
Bruncefield, UK
Cause: Overfilling of tank and
delayed ignition + Vapor
Cloud Explosion
MOL Plc.
40
Functional Safety
Major accident 3.
Piper Alpha
MOL Plc.
41
Functional Safety
MOL Plc.
42
Functional Safety
OTHER PROCEDURES:
MOL Plc.
43
Functional Safety
QRA: VCE
SITE DATA:
Location: SZAZHALOMBATTA, HUNGARY
Building Air Exchanges Per Hour: 0.50 (enclosed office)
Time: March 22, 2010 0907 hours DST (using computer's clock)
CHEMICAL DATA:
Chemical Name: HYDROGEN
Molecular Weight: 2.02 g/mol
TEEL-1: 65000 ppm TEEL-2: 230000 ppm TEEL-3: 400000 ppm
LEL: 40000 ppm UEL: 750000 ppm
Ambient Boiling Point: -252.8 C
Vapor Pressure at Ambient Temperature: greater than 1 atm
Ambient Saturation Concentration: 1,000,000 ppm or 100.0%
ATMOSPHERIC DATA: (MANUAL INPUT OF DATA)
Wind: 4 meters/second from 315 true at 25 meters
Ground Roughness: urban or forest
Cloud Cover: 5 tenths
Air Temperature: 15 C
Stability Class: C
No Inversion Height
Relative Humidity: 50%
SOURCE STRENGTH:
Leak from hole in vertical cylindrical tank
Flammable chemical escaping from tank (not burning)
Tank Diameter: 1.2 meters
Tank Length: 3.09 meters
Tank Volume: 3.5 cubic meters
Tank contains gas only
Internal Temperature: 15 C
Chemical Mass in Tank: 20.3 kilograms
Internal Press: 68 atmospheres
Circular Opening Diameter: 1 centimeters
Release Duration: 7 minutes
Max Average Sustained Release Rate: 9.06 kilograms/min
(averaged over a minute or more)
Total Amount Released: 19.6 kilograms
THREAT ZONE:
Threat Modeled: Overpressure (blast force) from vapor cloud explosion
Type of Ignition: ignited by spark or flame
Level of Congestion: congested
Model Run: Gaussian
Red : 21 meters --- (100000 pascals)
Orange: 40 meters --- (16500 pascals)
Yellow: 77 meters --- (5400 pascals)
MOL Plc.
44
Functional Safety
Origin of HAZOP
Bert Lawley
MOL Plc.
45
Functional Safety
Flowsheet of HAZOP
0. Data gathering
HAZOP
1. Partition of process
2. Intentions of design
Determine deviations
(parameter + guideword)
7. Recommendations, actions
8. Documentations
NO
Finish?
RISK
ASSESMENT
46
Functional Safety
Aims of HAZOP
Hazard & Risk Analysis:
47
Functional Safety
HAZOP glossary
HAZOP worksheet entries:
48
Functional Safety
HAZOP glossary
HAZOP worksheet entries:
MOL Plc.
49
Functional Safety
HAZOP members
Practically in the HAZOP procedure the following members should be
present as participants:
Operator (MOL)
Functional Safety Engineer (FSE) and /or SIS expert (PROCOPLAN Ltd)
Technologist
HSE
MOL Plc.
50
Functional Safety
HAZOP leader
HAZOP leader responsibilities:
Ensures that the study is completed in the time and follows the progress
of HAZOP study
51
Functional Safety
HAZOP guidewords
The basic HAZOP guide-words are:
Guide Words
Meaning
No (not, none)
Part of
Reverse
Early / late
Before / after
Faster / slower
Where else
MOL Plc.
52
Functional Safety
HAZOP documentation
Input documentation:
Process Flow Diagram (PFD)
Piping and Instrumentation Diagram (P&ID)
Detailed technological description
Operational manual
Safety Material Data Sheets (SMDS)
Risk criterias for people, public, business and environment. Tolerable
risks (part of HSE policy)
Logic Narrative, ESD system description
Cause and Effect matrix (C&E)
Output documentation:
Introduction, methodology
System definition and delimitation
Documents (on which the analysis is based)
Methodology
Team members, sessions, attendance
HAZOP report
Recommendations
MOL Plc.
53
Functional Safety
HAZOP worksheet 1.
MOL Plc.
54
Functional Safety
HAZOP worksheet 2.
MOL Plc.
55
Functional Safety
HAZOP worksheet 3.
MOL Plc.
56
Functional Safety
HAZOP worksheet 4.
Enabled Initial Event
Frequency
Initial Event Frequency
Unmitigated Event
Frequency
Mitigated Event
Frequency
Tolerate Event
Frequency
Risk Reduction Factor
MOL Plc.
57
Functional Safety
HAZOP worksheet 5.
MOL Plc.
58
Functional Safety
NODE-1
Subnode
2.7
Subnode
2.9
Subnode
2.2
Subnode
1.5
Subnode
2.8
Subnode
2.3
Subnode
2.4
Subnode
2.10
Subnode
2.11
Subnode
2.1
Subnode
1.1
Subnode
1.2
NODE-2
PLDA
Subnode
2.12
Subnode
1.3
Subnode
1.6
MOL Plc.
Subnode
2.5
Subnode
1.4
59
Functional Safety
Subnode
2.13
TAHH
2103
Subnode-1:
GSO
2601
Feed of H111
GSC
2601
I
FALL
2302
TN
201
GUDRON BE
TN
208
Subnode-3:
PALL
2205
Firing Chamber
H111
FNC
2302
TAHH
2104
P351
1/2
TN
211
GUDRON KI
NAL
3511
TNC
2102
BXL
2701
PALL
2234
PAL
2233
Ignition
PAHH
2232
PAH
2231
Subnode-2:
Fuelgas supply
DPAH
3205
Out of
Service
Operation
FG
PAL
2239
PALL
2240
PAH
2237
MOL Plc.
FNC
2305
60
PAHH
2238
Functional Safety
PNC
2214
Example
LOPA
RISK RANKING
INITIATING EVENT
DEVIATION
INITIATING EVENT
FREQUENCY
FREQUENCY OF
COUSES
CAUSES
FSQA
RISK
MATRIX
SEVERITY OF
CONSEQUENCE
CONSEQUENCES
FSQA
EXISTING PROTECTION
CONSEQUENCES
SEVERITY OF
CONSEQUENCE
ALARM + OPERATORS
ACTION IPL & PFD
TOLERABLE EVENT
FREQUENCY
MECHANICAL
PROTECTIONIPL & PFD
PROPOSED PROTECTION
SAFETY REQUIREMENT
SPECIFICATION SRS
MOL Plc.
61
SIL?
Functional Safety
MITIGATED
EVENT FREQUENCY
Probability
Definition
Negligible, extremely
improbable
Possible (4 - 20 years)
Probable (1 - 4 years)
Example
MOL Plc.
62
Functional Safety
A
B
Consequence
Slight injury & harm to
health (first-aid)
Major injury (accident) &
harm to health
Multiple fatality
Definition
Capacity to work not affected, no lost time caused
(first-aid, medical attention).
Temporary (less than 3 days) loss of capacity to
work. Reversible, complete recovery possible.
Prolonged or partial loss of capacity to work. Not
reversible, complete recovery not possible, but does
not entail loss of life.
Fatal accident involving one person or a severe
group accident involving more than two persons.
Fatal accident involving more than one person,
catastrophe.
Example
MOL Plc.
63
Functional Safety
Category
Consequence
Definition
Minor loss
Major loss
Severe loss
Catastrophic loss
fuel
supply
Example
MOL Plc.
64
Functional Safety
Environmental consequences:
Category
Consequence
Minor effect
Major effect
Catastrophic effect
Definition
Local environmental impact, inconvenience (noise,
odor, waste generation). Flaring for less than a day.
Major environmental impact, emission above limits
(high-rate flaring of e.g. hydrogen sulfide. Periodical
environmental impact.
Local (internal) damage to the environment, spoiling
corporate image. Limited release of toxic substance.
Very severe effect damaging the environment, emission
exceeding limits significantly (toxic gas release).
External (outside the fence) and major internal damage
to the environment. Rehabilitation requiring significant
resources.
Large effect damaging the external environment with
catastrophic
consequences,
prolonged
emission
exceeding limits considerably (e.g. HF, ammonia,
hydrogen sulfide release or major living water
pollution). Rehabilitation requiring very significant
resources.
Example
MOL Plc.
65
Functional Safety
MOL Plc.
66
Functional Safety
6. Calculation of Unmitigated
event frequency
2. Determination of severity of
consequence
7. PFD of IPLs
8. Calculation of Mitigated
event frequency (MEF)
4. Frequency of cause
9. Determination of SIL
5. Enabling event and
conditional modifier
SIF/SRS
MOL Plc.
67
Functional Safety
Risk criteria:
Tolerable frequency for the health and safety of people:
Category
Consequence
Tolerable frequency
10-2 event/year
10-3 event/year
10-4 event/year
10-5 event/year *
More fatalities
10-6 event/year *
* Note: Tolerable frequency: 10-5 / N^2, where the N is the effected person.
Tolerable frequency for the business:
Category
Consequence
Tolerable frequency
10-1 event/year
10-3 event/year
10-4 event/year
10-5 event/year
MOL Plc.
68
Functional Safety
Protection Layers
BUMM
Mechanical Protection
Trip level HH
Alarm high: AH
High level
BPCS (DCS)
Process Variable (PV)
Normal operation
Low level
MOL Plc.
69
Functional Safety
Initial event
IPL1
IPL2
IPL3
BPCS
(DCS)
Alarm+
operator
SIS
Occurrence of consequence
Initial
event
fI
Success
safety
Success
Failed (PFD1)
f1=fI*PFD1
Success
Failed (PFD2)
f2=f1*PFD2
Failed (PFD3)
fC=f2*PFD3
1
f C f I PFD1 PFD2 PFD N f I PFDi f I
RRF
i 1
MOL Plc.
70
Functional Safety
IPL requirements
IPL Independent Protection Layer shall be (acc. to EN 61511-3/F.9.):
Specificity: An IPL is designed solely to prevent or to mitigate the
consequences of one potentially hazardous event (for example, a runaway
reaction, release of toxic material, a loss of containment, or a fire).
Multiple causes may lead to the same hazardous event; and, therefore,
multiple event scenarios may initiate action of one IPL;
Independence: An IPL is independent of the other protection layers
associated with the identified danger.
Dependability: It can be counted on to do what it was designed to do.
Both random and systematic failures modes are addressed in the design.
Auditability: It is designed to facilitate regular validation of the protective
functions. Proof testing and maintenance of the safety system is
necessary.
71
Functional Safety
Typical PFD
A
MOL Plc.
72
Functional Safety
Typical PFD
A
MOL Plc.
73
Functional Safety
LOPA calculation
fUMF f I PE PC
Initial event
fUMF
SW
fI
IPL1
IPL2
IPL3
IPLN
fMEF
Veszlyes
esemny
f I f Ii
i
PE
ENABLING
EVENT
M
PE PEi
i
PC
PFD1
PFD2
PFD3
PFDN
fT
CONDITIONAL
MODIFIER
RRF
PC PCi
RRFSIF
N
fUEF N
f MEF
fI
PFDi PE PC PFDi
fT
fT i1
fT
i 1
PE
TBASE
TE
TBASE
Time
(t)
TE
PC
AEFF
MOL Plc.
Severity of
consequence
74
ATOT
Functional Safety
p fatality V
AEFF
ATOT
SIL
SIL, RRF
RR(F):
SIL:
MOL Plc.
Avarage Probability of
Failure on Demand
(PFDavg)
>=10-1
<= 100
>=10-2 - <10-1
>=10-3 - <10-2
>=10-4 - <10-3
>=10-5 - <10-4
75
Functional Safety
Example
MOL Plc.
76
Functional Safety
SIF1
SIF1
SIF2
S1
S1
SIF2
S2
S3
Logic
Solver
(LS)
FE
2
S2
Logic
Solver
(LS)
S3
SIF3
FE
2
FE
3
S3
S4
MOL Plc.
FE
1
77
Functional Safety
SIF3
Typical SIF
MBAL-001-004
(main burner 1.)
PSL
2oo3
1oo2
LOGIC
SOLVER:
Safety PLC
BSL
1oo2
MUV-002A/B/C
(main burner 1.)
1oo2
MUV-003A/B/C
(main burner 2.)
1oo2
MUV-002A/B/C
(main burner 1.)
1oo2
MUV-003A/B/C
(main burner 2.)
1oo3
MUV-004A/B/C
(pilot burner)
8oo8
MUV-011..018
(pilot burner)
BSL
LOGIC
SOLVER:
Safety PLC
MOL Plc.
GSC
2oo3
LOGIC
SOLVER:
Safety PLC
78
3oo3
Functional Safety
Realization of SIF
Example
MOL Plc.
79
Functional Safety
Example
MOL Plc.
80
Functional Safety
Example
MOL Plc.
81
Functional Safety
Example
MOL Plc.
82
Functional Safety
Example
MOL Plc.
83
Functional Safety
Example
MOL Plc.
84
Functional Safety
Example
MOL Plc.
85
Functional Safety
Example
MOL Plc.
86
Functional Safety
Failure mode
Safety failure:
close
Safety
Detected
Detected by
limit switch
Safety
Undetected
Failure
Detected by
PST
Dangerous failure:
Stuck open
MOL Plc.
87
Functional Safety
Dangerous
Detected
Dangerous
Undetected
Failure mode
Safety Failure:
Close
Pressure
PSHH
Dangerous failure
High Pressure
Time
Spurious shutdown
Failed
shutdown
shutdown
(safety)
(dangerous)
MOL Plc.
88
Functional Safety
Failure mode
SD
SU
HIBAMENTES
Safety
Detected
Safety
Undetected
DD
DU
Dangerous
Detected
Dangerous
Undetected
D U DD DU SD SU
MOL Plc.
89
Functional Safety
Failure rate
Failures
Constant:
(t)=
Time
Normal operation (lifetime)
Wearing
Wear in
MOL Plc.
90
Functional Safety
PFD
PFD: (Probability of Failure on Demand):
1
Probability
PFD (t )
Dangerous failure
t
PFDD (t ) FD (t ) 1 e
D t
D t
S t
PFS (t )
PFDS (t ) FS (t ) 1 e
91
Functional Safety
PFDavg
PFDavg: (Average Probability of Failure on Demand):
1
Probability
PFDAVG: average
t
TI: TEST INTERVAL
1
1
D TI
D t
PFD D (t ) dt
1 e
dt
TI 0
TI 0
2
TI
PFD AVG
MOL Plc.
TI
92
Functional Safety
MooN voting
Safety
1oo3
1oo2
1oo1
2oo4
2oo3
2oo2
Reliability
Safety
3oo3
Reliability
Architecture
HFT
1oo1
2oo2
1oo2
2oo3
1oo3
2oo4
93
Functional Safety
2oo2 voting
MOL Plc.
94
Functional Safety
Continous:
PFDavg
PFH
>=10-1
<= 100
>=10-2 - <10-1
>=10-6 - <10-5
>=10-3 - <10-2
>=10-7 - <10-6
>=10-4 - <10-3
>=10-8 - <10-7
>=10-5 - <10-4
>=10-9 - <10-8
SENSOR
LOGIC
SOLVER
FINEL
ELEMENT
Energize to trip
POWER
SUPPLY
95
Functional Safety
SIL verification
Failure
mode
DIAGNOSTIC
DC
Failure rate
Architecture
PROOF TEST
NooM
PTI
H&RA
lDU, lDD
lSU, lSD
SRS
SFF
HFT
Target SIL
PIU
SILAC
SIL
ARCHITECTURE
Constraint
MSZ EN 61511
SILPFD
MIN
SIL
Achieved
SIL
MOL Plc.
SILTAR
96
Functional Safety
>
OK
NOT
OK
SIL certificate
97
Functional Safety
SIL verification
98
Functional Safety
SIL verification
MOL Plc.
99
Functional Safety
Standards
Seveso II Directive [96/082/EEC]
18/2006. (I. 26.) Korm. Rendelet: a veszlyes anyagokkal kapcsolatos slyos balesetek elleni vdekezsrl
MSZ EN 61508:
Functional safety of electrical/electronic/programmable electronic safety-related systems,
Parts 1-7.
MSZ EN 61511:
Functional safety: Safety Instrumented Systems for the Process Industries. Parts 1-3.
EEMUA 191:
Alarm systems, a guide to design, management and procurement No. 191 (Engineering
Equipment and Materials Users Association)
IEC 61882
Hazard and operability studies (HAZOP studies)
IEC 60812
A rendszer-megbzhatsg elemzs mdszerei. A hibamd- s hatselemzs (FMEA)
eljrsa
IEC 61025
Hibafa-elemzs (FTA: Fault Tree Analysis)
AZ EURPAI PARLAMENT S A TANCS 1999/92/EK IRNYELVE (ATEX137):
A robbansveszlyes lgkr kockzatnak kitett munkavllalk biztonsgnak s
egszsgvdelmnek javtsra vonatkoz minimumkvetelmnyekrl
3/2003. (III. 11.) FMM-ESzCsM egyttes rendelet:
A POTENCILISAN ROBBANSVESZLYES KRNYEZETBEN LEV MUNKAHELYEK
MINIMLIS MUNKAVDELMI KVETELMNYEIRL
MSZ EN 1127-1:
Robbankpes kzegek. Robbansmegelzs s robbansvdelem.
MSZ EN 746-2:1998 Ipari htechnikai berendezsek 2. rsz:Tzel s tzelanyag ellt rendszerek biztonsgi
kvetelmnyei
NYOMSTART BERENDEZSEK MSZAKI-BIZTONSGI SZABLYZATA: a 63/2004. (IV. 27.) GKM rendelet
s a 23/2006. (II. 3.) Kormnyrendelet vgrehajtshoz szksges rszletes mszaki
kvetelmnyek
Layer of Protection Analysis: Simplified Process Risk Assessment (Center for Chemical Process Safety (CCPS)
Concept Book)
MOL Plc.
100
Functional Safety
MOL Plc.
101
Functional Safety