Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
On API RP 14C
Hi,
I just want to share about my problem to define between Safety Instrumented System
(SIS) and Emergency Shutdown System (ESD). Is there any deferences? I read ANSI/ISA
5.1 2009 to find right symbol for ESD but I got nothing, I also asked to my mentors but still
didn't get enough information to know. And enlightenment came when I asked to Google
and found forum with subject "ESD vs SIS". From what I know after read information from
that forum "ESD is a manual input for SIS" and another informed we should read API RP
14C to know clearly about ESD. So I tried to find that standard and found it. So here is ESD
definition I cited from that standard:
An Emergency Shutdown (ESD) system is a system of manual control stations strategically
located on a platform that, when activated, will initiate shutdown of all wells and other
process stations. This system may include a number of independent process shutdown
systems that can also be actuated separately. Activation of the ESD system should result in
the termination of all production activity on the platform, including the closing of all pipeline
SDVs. The ESD system should be designed to permit continued operation of electric
generating stations and fire fighting systems when needed in an emergency.
The ESD system provides a means for personnel to manually initiate platform shutdown
when an abnormal condition is observed. Fusible elements of the fire loop may be
integrated with the ESD control loop.
So now I know that ESD is part of SIS for safety purpose to protect either plant or people
and ESD will active when there is someone activated (manually).
That's all.
Yusuf Mian
Mr. Tao Zhu, You mean SIS is simply a layer of protection and it is normally integrated with
BPCS (Basic Process Control System such as PLC or DCS) while ESD is a separate PLC for
shutting down system to protect equipment/people when emergency occurs.
It also means that both SIS & ESD don't increases availability of process system but both
systems enhance safety of process.
I also request other peoples to participate and give more clear explanation.
il y a 10 mois
Ian Gibson
Sorry folk - The first rule of IEC61511 (a.k.a. ANSI/ISA 84.00.01) is that the SIS is NOT part of
the BPCS (unless you build and operate the BPCS under the requirements of 61511, which
would be a nightmare! No operators changing setpoints, etc.) . The ESD system is inherently
a manual input (hence unreliable) to the SIS, which relies on automated sensors for most of
its logic. Advantage of the manual input is the opportunity to detect and suppress the faults
that haven't been automatically detected - ~40% of HC leaks in North Sea on old statistics.
The BPCS is there to control the plant, and warn the operator if it is failing to do so. Under
61511, this is not rated as providing better than a 90% reduction in hazard (less than SIL1).
The SIS is there to prevent such excursions from escalating to cause damage to persons, the
environment, or assets or (if prevention fails), to mitigate the resulting hazards. This can
provide risk reduction between 10 &100 (SIL1) thru 100 to 1000 (SIL2) and up to 1000 thru
10000 (SIL3). The higher the SIL the more expensive it is to maintain, so you really dont
want many SIL3 systems - it is likely less costly to design out the problem rather than try to
tao zhu
Thanks for the correction Ian, following is what I have found today, hope it will help yusuf a
little more ..
ESD is a traditionally defined as "shutdown system/equipment in emergency to prevent
damage to people and equipment/system." A simplest ESD system can be implemented with
mechanical or electronic relays provide shutdown protection. e.g. A ESD pushbutton to
shutdown a booster pump directly.
SIS is clearly defined in IEC 61511 as a instrumented system used to implement one or
more safety instrumented functions. Its composed of any combination of sensors, logic
solvers and final elements. Base on this definition , SIS provides automatic detection,
verification and control functionality . The function of SIS includes shutdowns but not limited
to shutdown. It helps to enhance the safety integrity of whole system.
Most popular safety platform in the market today call themselves "SIS", such as Honeywell
safety manager, Invensys tricon, and mention ESD as one of their typical application.
When I was in a refinery plant 6 years ago, everyone called our Honeywell FSC the ESD
system... maybe because the major function of it is shutdown part of or all process. Now I
know its not accurate.
il y a 10 mois
Yusuf Mian
Mr. Ian Gibson and Tao Zhu, Thank you very much for providing very good explanation. I
want you to give some explanation about SIF with some examples. I am working on
integrated steel making plant which is very old and whole plant has not a single SIS loop
implemented. What are the main applications of SIS system?
il y a 10 mois
Alan Bryant
Sounds like folks agree. ESD is a manually activated system (as defined in API RP 14C)
whereas the SIS or IPS in an instrumented system that acts automatically to provide risk
reduction. Correct? Would you ever take risk reduction credit for an ESD function in that
case?
il y a 10 mois
tao zhu
Alan, thanks for specify API spec #, it's helpful. The definition of "ESD" in RP 14C is accurate,
I didn't find it yesterday.
ISA-TR84.00.05-2009 mentioned that "SIF including all actions required to achieve or
maintain a safe state; Each SIF provide risk reduction against a set or subset of the initiating
events that can cause the hazard."
According to these two statements, if one ESD is initialized to achieve a safe state (it's true
in most cases), then the action of the final element of that ESD can be counted as one SIF,
and it will provide risk reduction credit.
Yusuf, ISA-TR84.00.04 explains SIS in detail; ISA-TR84.00.05 provides information of SIF with
example of BMS.
My understanding is the main applications of a SIS is case by case and should cover all the
safety functions required to achieve the necessary risk reduction which have been described
in the PHA meeting.
il y a 10 mois
Yusuf Mian
Thanks to all participants, Nice feedback and valuable comments. ESD and SIS are both
independent systems but both reduce risk factor and ensure controlled and safe shutdown.
What is about safety PLC and TMR? Are they essential components of SIS or ESD?
il y a 10 mois
Ian Gibson
Detailed requirements for a safety PLC can be found in IEC61131.6, which is derived from
IEC61508. The essential requirement is that the logic solver (doesnt necessarily need to be a
PLC!) should provide a negligable contribution(<5%) to the probability of failure of each SIF
in the SIS. That is, the sensor(s) and the final actuator(s) should be the limiting factors in the
reliability of the SIF. So if you only have SIL1 and SIL2 SIFs, then you MAY be able to get by
with a logic solver rated as 'suitable for SIL2 applications'. TMR systems are rated suitable
for continued SIL3 operation while having a unrepaired fault! That may be overkill as against
a system which just fails safe - there are a multitude of designs with various levels of
redundancy and diagnostics. Just dont get painted into a corner with a system which is only
just suitable for the current worst case - Murphy's Law is still valid.
il y a 10 mois
Yusuf Mian
Ian Gibson, very nice explanation. anybody want to add more information.