Practical Industrial Safety, Risk Assessment and Shutdown Systems for Industry

Practical Industrial Safety, Risk Assessment and Shutdown Systems for Industry
اسم المؤلف
Dave Macdonald
التاريخ
10 يناير 2018
المشاهدات
التقييم
Loading...

Practical Industrial Safety, Risk Assessment and Shutdown Systems for Industry
Dave Macdonald
Contents
Preface xvi
1 Introduction 1
1.1 Definition of safety instrumentation 1
1.2 What is this book about? 2
1.3 Why is this book necessary? 2
1.4 Contents of the book 3
1.5 Introduction to hazards and risks 3
1.5.1 Risk reduction 4
1.6 Fatal accident rate (FAR) 5
1.7 Overview of safety systems engineering (SSE) 7
1.7.1 Introduction 7
1.7.2 What do we mean by safety functions? 7
1.7.3 Functional safety 7
1.8 Why be systematic? 8
1.8.1 UKHSE publication 9
1.8.2 HSE summary 9
1.8.3 Conclusion: It pays to be systematic 10
1.8.4 Scope 1 of safety systems engineering 11
1.9 Introduction to standards: IEC 61508 and ISA S84 11
1.9.1 Driving forces for management of safety 11
1.9.2 Evolution of functional safety standards 12
1.9.3 Introducing standard IEC 61508 13
1.9.4 Key elements of IEC 61508 13
1.9.5 Features of IEC 61508 13
1.9.6 Introducing Standard ANSI/S 84.01 15
1.9.7 Introducing Draft Standard IEC 61511 15
1.10 Equipment under control 16
1.11 The safety life cycle model and its phases (SLC phases) 17
1.11.1 Basic SLC 17
1.11.2 ISA SLC 18
1.11.3 IEC SLC versions 18
1.12 Implications of IEC 61508 for control systems 20
1.12.1 Some implications of IEC 61508 for control systems 20
1.12.2 Potential problems using IEC 61508 21vi Contents
1.13 Summary 21
1.14 Safety life cycle descriptions 21
1.14.1 Overview of the safety life cycle based on Table 1 of IEC 61508 part 1 24
1.15 Some websites for safety systems information 26
1.16 Bibliography and sources of information 27
1.16.1 Suggested books 28
1.16.2 Publications 28
1.16.3 Reports 29
1.17 Guidelines on sector standards 29
2 Hazards and risk reduction 33
2.1 Introduction 33
2.2 Consider hazards under some main subjects: 34
2.2.1 General physical 34
2.2.2 Mechanical plant 34
2.2.3 Materials 34
2.2.4 Electrical 34
2.2.5 Chemical and petroleum 34
2.2.6 Food processing 34
2.2.7 Bio-medical/pharmaceuticals 34
2.2.8 Nuclear power 35
2.2.9 Domestic 35
2.2.10 Industries where functional safety systems are common 35
2.3 Basic hazards of chemical process 35
2.3.1 Some causes of explosions, fire and toxic release 35
2.3.2 Logic diagram for an explosion 36
2.3.3 Fires: causes and preventative measures 37
2.3.4 Toxic material release 37
2.3.5 Failures of equipment 37
2.4 Introduction to hazard studies and the IEC model 38
2.4.1 Introduction to hazard studies 38
2.4.2 Alignment with the IEC phases 38
2.4.3 Box 1: Concept 39
2.4.4 Box 2: Scope definition 39
2.4.5 Box 3: Hazard and risk analysis 39
2.4.6 Conclusions 40
2.5 Process control versus safety control 40
2.5.1 Historical 40
2.5.2 Separation 41
2.5.3 Functional differences 42Contents vii
2.5.4 Specials: integrated safety and control systems 43
2.6 Simple and complex shutdown sequences, examples 45
2.6.1 Simple shutdown sequence 45
2.6.2 Complex shutdown sequences 47
2.7 Protection layers 49
2.7.1 Prevention layers 51
2.7.2 Mitigation layers 52
2.7.3 Diversification 52
2.8 Risk reduction and classification 52
2.9 Risk reduction terms and equations 56
2.9.1 Introducing the average probability of failure on demand…PFDavg 57
2.10 The concept of safety integrity level (SIL) 58
2.10.1 When to use an SIS and how good must it be? 58
2.10.2 How can we determine the required SIL for a given problem? 60
2.10.3 Quantitative method for determining SIL 60
2.10.4 Example application 60
2.10.5 Summary 61
2.11 Practical exercise 61
2.11.1 Example of SIL determination by quantitative method 61
2.11.2 Comparative SILs table 63
3 Hazard studies 65
3.1 Introduction 65
3.2 Information as input to the SRS 65
3.2.1 Information from hazard studies must be used 66
3.2.2 The process hazard study life cycle 66
3.2.3 Alignment of process hazard studies with IEC safety life cycle 68
3.2.4 History 69
3.2.5 Guideline documents 69
3.3 Outline of methodologies for hazard studies 1, 2 and 3 69
3.3.1 Process hazard study 1 69
3.3.2 Outline of hazard study 1 70
3.3.3 Timing 70
3.3.4 Topics 70
3.3.5 Environmental impact 71
3.3.6 IEC: concept 71
3.4 Process hazard study 2 71
3.4.1 Outline 72
3.4.2 Hazard study 2 – systematic procedure 72viii Contents
3.5 Risk analysis and risk reduction steps in the hazard study 73
3.5.1 Hazards of the EUC control system 74
3.5.2 Event sequences leading to a hazard 74
3.5.3 Hazardous event frequencies 74
3.5.4 Inherent safety solutions 74
3.5.5 Estimating the risk 75
3.5.6 Adding more protection 75
3.5.7 Typical protection layers or risk reduction categories 75
3.5.8 Key measures to reduce the risk 75
3.5.9 Process and operational safety measures 76
3.5.10 Alarm functions 76
3.5.11 Safety instrumented functions 77
3.6 Interfacing hazard studies to the safety life cycle 78
3.7 Evaluating SIS requirements 79
3.7.1 Tolerable risk frequency 80
3.7.2 Safe state of the process 80
3.7.3 Trip functional requirements 80
3.7.4 Action required to reach safe state 80
3.7.5 Process safety time 80
3.7.6 Tolerable rate of spurious trips 80
3.7.7 SIS preliminary estimate 81
3.7.8 Continuation to SRS 81
3.7.9 Hazard 2 report 81
3.8 Meeting IEC requirements 82
3.8.1 IEC requirements for hazard and risk analysis 82
3.9 Hazard study 3 82
3.9.1 Outline of methodology for HAZOP 83
3.9.2 Outline of HAZOP method 83
3.9.3 Concepts of change paths and elements 84
3.9.4 Generating deviations 85
3.9.5 Study procedure 87
3.9.6 Causes of deviations 88
3.9.7 Consequences of deviations 88
3.9.8 Adding protection layers 88
3.9.9 Recording of HAZOP results and safety functions 89
3.10 Conclusions 89
3.11 Fault trees as an aid to risk assessment and the development of
protection schemes 89
3.11.1 Fault trees 89
3.12 Hazard study 2 guidelines 95Contents ix
3.12.1 Introduction 95
3.12.2 Method 95
3.12.3 Review of hazard study 2 96
3.12.4 Hazard study 2 report contents 97
3.12.5 Diagrams and tables supporting hazard study 2 98
3.13 Hazard studies for computer systems 104
3.13.1 Examples of potential causes of failures 105
3.13.2 Guidelines 105
3.13.3 Outline of ‘Chazop’ 105
3.13.4 Hazard study 3 Chazop 106
3.14 Data capture checklist for the hazard study 106
4 Safety requirements specifications 108
4.1 Developing overall safety requirements 108
4.1.1 Components of the SRS 108
4.1.2 SRS input section 109
4.1.3 SRS functional requirements 109
4.1.4 SRS integrity requirements 109
4.2 Development of the SRS 110
4.2.1 General development procedure 110
4.2.2 The input requirements 112
4.2.3 Developing the functional requirements 112
4.2.4 Safety integrity requirements 115
4.2.5 Conclusions on the SRS development 116
4.3 Documenting the SRS 116
4.3.1 Checklist for SRS 116
4.3.2 Defining the functions 119
4.4 Determining the safety integrity 123
4.4.1 Diversity in SIL methods 123
4.4.2 Summary of methods for determination of SILs 123
4.4.3 Quantitative method 124
4.4.4 Design example 124
4.4.5 Summary of quantitative method 127
4.4.6 Risk graph methods 128
4.4.7 Defining parameters and extending the risk graph scope 129
4.4.8 Risk graph guidance from IEC 61511 130
4.4.9 Calibration of the risk graph 132
4.4.10 Software tools using risk graphs 132
4.4.11 The safety layer matrix method for SIL determination 132
4.4.12 The LOPA method for SIL determination 133x Contents
4.5 Summary of this chapter 134
5 Technology choices and the conceptual design
stage 135
5.1 Introduction 135
5.1.1 What does the conceptual design stage mean? 135
5.2 What the standards say? 136
5.2.1 ISA conceptual design stage 136
5.2.2 IEC 615108 on conceptual design 138
5.2.3 Skills and resources 138
5.2.4 Conceptual design stage summary 138
5.3 Technologies for the logic solver 139
5.3.1 Basic SIS configuration 139
5.3.2 Shared functions 140
5.3.3 Technology choices 141
5.3.4 Pneumatics 141
5.3.5 Relays 141
5.3.6 The safety relay 143
5.3.7 Solid-state systems 144
5.3.8 Programmable systems for the logic solver 149
5.4 Development of safety PLCs 150
5.4.1 Why not use general purpose PLCs for safety functions? 150
5.4.2 Upgrading of PLCs for safety applications 155
5.4.3 Characteristics of safety PLCs 155
5.4.4 Hardware characteristics of a safety PLC 156
5.4.5 Software characteristics of a safety PLC 156
5.4.6 Design of safety PLCs 157
5.4.7 Triple modular redundant or TMR systems 161
5.4.8 Safety PLC with 1oo3 architecture 162
5.4.9 Communication features of safety controllers 164
5.4.10 New developments in communications 166
5.5 Classification and certification 167
5.6 Summary 168
5.7 SIS architecture conventions 168
6 Basic reliability analysis applied to safety systems 171
6.1 Introduction 171
6.1.1 Design objectives 172
6.2 Design process 172
6.3 Failure modes 173Contents xi
6.3.1 Overt failure mode 174
6.3.2 Covert failure mode 174
6.4 Reliability formulae 175
6.5 Analysis models and methods 178
6.5.1 Analysis method 179
6.5.2 Calculations for spurious trips 185
6.5.3 Conclusions on analysis models 187
6.6 Some design considerations 187
6.6.1 Proof testing basics 187
6.6.2 Reliability in a high demand mode 191
6.6.3 Comparison of protective systems 191
6.6.4 Markov models 192
6.6.5 Diagnostic coverage 194
6.6.6 Reliability calculation software tools 195
6.6.7 Summary 195
6.7 Summary of parameters used in the reliability analysis of the safety
systems 196
6.8 Some sources of reliability data for instrumentation 197
6.9 Safety performance calculation packages and reliability databases 199
7 Safety in field instruments and devices 200
7.1 Introduction 200
7.2 Objectives 201
7.3 Field devices for safety 201
7.3.1 Key points about sensors and actuators 201
7.3.2 Sensors and actuators dominate reliability issues 202
7.4 Sensor types 202
7.4.1 Using transmitters with trip amplifiers 204
7.4.2 A list of potential causes of failures in sensors 206
7.4.3 Failure modes 207
7.4.4 Actuator types 207
7.5 Guidelines for the application of field devices 210
7.5.1 Design techniques to minimize failures 210
7.5.2 Design for fail-safe operation 210
7.5.3 Separation of sensors from BPCS 211
7.5.4 Sensor diagnostics 214
7.5.5 Valve diagnostics 215
7.5.6 Redundancy in sensors and actuators 216
7.5.7 Diversity 220
7.6 Design requirements for field devices 221xii Contents
7.6.1 Proven in use 221
7.6.2 Instrument selection 222
7.6.3 Installation design features 223
7.7 Technology issues 224
7.7.1 Intelligent field devices: advantages and disadvantages 224
7.7.2 Application examples 224
7.7.3 Safety critical transmitters and positioners 226
7.8 Summary of field devices for safety 229
8 Engineering the safety system: hardware 230
8.1 Introduction 230
8.2 Project engineering 230
8.2.1 Project problems 230
8.2.2 IEC requirements 231
8.2.3 Functional safety assessment 231
8.2.4 Project engineering responsibilities 231
8.3 Activities in box 9 233
8.3.1 Developing SIL for each application 234
8.4 ISA clause 7: SIS detailed design 236
8.4.1 Clause 7.2 general requirements 236
8.4.2 ISA clause 7.3 logic solver 238
8.4.3 ISA clause 7.4 field devices 238
8.4.4 Clause 7.5 interfaces 239
8.4.5 Clause 7.6 power sources 240
8.4.6 Clause 7.7 system environment 240
8.4.7 Clause 7.8 application logic 241
8.4.8 Clause 7.9 maintenance or testing design requirements 241
8.5 Information flow and documents at the engineering stage 242
8.6 Conclusion 243
9 Engineering the application software 244
9.1 Introduction 244
9.1.1 The problem with software 244
9.1.2 End user position 246
9.1.3 Basics of the software life cycle 246
9.1.4 Clause 7: Software safety life cycle 248
9.1.5 Application software 248
9.1.6 IEC 61511 provides guidance for end users 248
9.1.7 Benefits of limited variability languages 249
9.1.8 Programming tools 251Contents xiii
9.2 Application software activity steps 252
9.2.1 Application software activities 253
9.2.2 Software quality management system 253
9.2.3 Certification of operating systems 253
9.2.4 Summary of software engineering 254
10 Overall planning: IEC phases 6, 7 and 8 255
10.1 Introduction 255
10.1.1 Benefits of planning at the design stage 256
10.2 Maintenance and operations planning 256
10.2.1 What should we cover in maintenance and operation planning? 256
10.2.2 IEC 61508 phase 6: overall operation and maintenance planning 256
10.3 Validation planning 260
10.3.1 What should we cover in validation planning? 260
10.3.2 IEC box 7: overall validation planning 260
10.4 Installation and commissioning planning 261
10.4.1 What should we cover in installation and commissioning planning? 261
10.5 IEC phase 8: installation and commissioning planning 261
10.6 Summary 263
11 Installation and commissioning (IEC phase 12) 264
11.1 Introduction 264
11.1.1 Flow chart of activities 264
11.1.2 Procedures 264
11.1.3 Standards 264
11.2 Factory acceptance tests 265
11.2.1 Scope and benefits of FATs 265
11.2.2 Test methods for the FAT 266
11.2.3 Simulation issues 267
11.2.4 FAT supports functional test specs 269
11.2.5 Test facilities in development systems 269
11.3 Installation 269
11.3.1 Management of the installation phase 269
11.3.2 Installation checks 271
11.3.3 Installation complete 273
11.3.4 Pre-start-up acceptance tests (PSAT) 274
11.3.5 Documentation for the PSAT 274
11.3.6 Validation 275
11.3.7 Training of technicians and operators 275
11.3.8 Handover to operations 276
11.3.9 Start up 276
11.4 Summary 277xiv Contents
11.5 Documentation required for the pre-start up acceptance test 277
12 Validation, operations and management of change
(IEC phases 13, 14 and 15) 279
12.1 Introduction 279
12.2 Verification, validation and functional safety assessment 279
12.2.1 Verification 279
12.2.2 Validation 282
12.2.3 Functional safety assessment 282
12.3 Operations, maintenance and repair 284
12.3.1 Operator’s viewpoint 284
12.3.2 ISA requirements for operating procedures 286
12.3.3 Maintenance program 286
12.4 Functional testing 288
12.4.1 Why test? 288
12.4.2 Testing guidelines 289
12.4.3 Practical functional testing 290
12.5 Management of change 293
12.5.1 When is MOC required? 294
12.5.2 When is MOC not required? 294
12.5.3 IEC modifications’ procedure model 294
12.5.4 Impact analysis 294
12.5.5 Software changes 295
12.5.6 MOC summary 295
12.6 Summary 295
13 Justification for a safety instrumented system 296
13.1 Introduction 296
13.1.1 Justification issues 297
13.2 Impact of safety system failures 297
13.2.1 Mode 1: dangerous undetected failures of the SIS 297
13.2.2 Mode 2: dangerous detected failures of the SIS 298
13.2.3 Mode 3: degraded mode of a redundant SIS 298
13.2.4 Mode 4: nuisance trip failures of the SIS 299
13.3 Justification 299
13.3.1 Responsibilities 299
13.3.2 Life cycle cost method 299
13.3.3 Costing example 301
13.3.4 PFD comparisons 303
13.3.5 Nuisance trip comparisons 303
13.3.6 Cost comparisons 303
13.3.7 Conclusion 305Contents xv
Appendix A – Practical exercises 306
Appendix B – Glossary 34
كلمة سر فك الضغط : books-world.net
The Unzip Password : books-world.net

التعليقات

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *

Time limit is exhausted. Please reload CAPTCHA.