Forum Topic

07. junio 2008 13:35:53

I am a new to safety and I have a few questions about safety systems:

1. When we talk about the SIL, it means we are considering complete safety loop i.e. SIF (SIS Sensor, SIS Logic solver and SIS Actuating device)- my question is in order to implement a SIL –rated loop we need to have a SIL –rated transmitters, actuating devices, logic solvers? Or we could implement SIL-rated loop using non SIL – rated or certified instruments?

2. If for example I say, we have a SIL-3 rated Logic solver but all transmitters and the actuating devices ( solenoids, actuator, valve body etc) are not SIL- rated/certified- is it okay for the SIL level implementation or I can say we only have SIL at logic solver level?

3. What is the use of line-monitoring function – is it an IEC Standard requirement or it is usually added by SIS System designer/manufacturer to increase the integrity of the SIS Systems?

4. What is meant by architectural constraints - please explain it to me with example so that I could understand it better.

09. junio 2008 10:29:46

1. The subsystems (sensor/logic/terminator) that are used to implement the safety functions all have to 'rated', but do not need to be 'certified'. Rating means that you have a source or reliability data that supports the PFD calculation for the devices you use. Vendors will often have FMEDA reports giving you the base reliability data, and I often use generic reliability data from the Exida Equipment Reliability Handbook. IEC 61508 Part 6 Annex B gives you some detailed calculations and explains the terms that are used. You can find simpler calculations and other explanations on-line.

2. SIL 3 if difficult to achieve and may mean using voting architectures (1oo2/1oo3). All the subsystems (sensor/logic/terminator) need to be SIL 3 rated in terms of PFD and their Architectural Constraints (see 4). You probably need equipment with good reliability data (probably certified) so that you do not end up with 2 or 3 sensor or valves. The better the reliability the less equipment you need to achieve the PFD. The logic solver makes up a small part of the loop PFD, which is usually dominated by the valves.

3. Reliability data is often expressed as ‘Dangerous Failures’ (revealed and unrevealed) and ‘Safe Failures’ (revealed and unrevealed). The calculation of PFD is effectively based on the dangerous unrevealed failures. Therefore if you can reduce this value you improve the PFD. Line monitoring turns some of the unrevealed failure (i.e. due to short circuit) to revealed failures, improving the calculated PFD.

3. This is explained in IEC 61508 Part 2 clause 7.4.3. This identifies Type A (simple) and Type B (complex/programmable) equipment, and gives their maximum SIL levels based on their Hardware Fault Tolerance (HFT) and Safe Failure Fraction (SFF). For Example Type B devices with a SFF of >60% and <90% can be used up to SIL 1 when used as a single channel (HFT = 0). A Type A device with the same SFF and HFT can be used up to SIL 2. If you want to use the device at a higher SIL then you need to use voting (i.e. increase the HFT).

23. julio 2008 11:56:18

I work for a major EPC Contractor.

We have an specific requirement from our Client to have manual reset at the final elements.

The final element in this case is a solenoid valve for oil-dumping.

The trouble is that we have found so far only one valve that meets the criteria (by ASxx).

We have asked the manufacturer to provide us with the respective reliability figures but there is no data for it.

So I would like to know if anybody came accross a case like this before.
We obviously need these figures to complete the SIL Verification process.