Reliability assessment of safety instrumented systems Lars Bodsberg SINTEF Technology and Society [email protected] Oseberg Field Centre, Photo Øyvind Hage NTNU, 18 November 2013 Technology for a better society 1 Oseberg Field Centre, Photo Kent-Eivin Austevoll Technology for a better society 2 Balance between Production and Protection Protection Reason (1998) Production Technology for a better society 3 Swiss cheese model Some holes due to active failures Losses Hazards Other holes due to latent conditions Successive layers of defences, barriers, & safeguards Reason Kilde: Reason 1997 Technology for a better society Technology for a better society Technology for a better society 5 Our vision: Technology for a better society Our role • Creating value by applying knowledge, research and innovation • Delivering solutions for sustainable development • Building and operating research laboratories • Providing premises for social debate and policy decisions Technology for a better society Close collaboration is the basis for innovation and high scientific quality Industrial relevance – Industrial involvement – Scientific methods Technology for a better society Since 1970, SINTEF and NTNU have established companies that have created 2000 jobs, with a combined annual turnover of EUR 650 million 12 10.3 10 8.7 8 6 3.6 4 2 1.1 0.1 0 1970-79 1980-89 1990-99 2000-09 2010-12 Evolution of number of new companies started annually from research environments in Trondheim Source: Impello Management (2012) Technology for a better society We sell research to customers all over the world The USA is our largest international market. Office in Houston. Extensive cooperation with European research partners. Leading participant in EU’s research programs. Part-owner of aquaculture research company in Chile. Environment projects in China. Petroleum and energy research. Offices in Rio. Projects on health and living conditions in Africa. Technology for a better society We have employees from 70 countries Technology for a better society 10 SINTEF Techonolgy and Society Dep. of Safety Research “Research for Improved Safety, Reliability and Cost Efficiency” • Contract research for the petroleum sector, onshore industry, transport (air, maritime and rail) and the public sector • Development of models, tools, databases and standards for the efficient treatment of safety and reliability matters • Expertise in engineering disciplines, mathematical statistics and social sciences • Close co-operation with other SINTEF business units and several departments at the Norwegian University of Science and Technology Technology for a better society PDS – Reliability of Safety Instrumented Systems "Pålitelighet av Databaserte Sikkerhetssystemer" PDS method PDS hand books PDS Tool PDS industry forum PDS research projects www.sintef.no/pds Technology for a better society 12 Rausand & Høyland, 2004 Technology for a better society 13 Technology for a better society NORMAL OPERATIONAL SITUATION HAZARD ACCIDENT CONSEQUENCE Accident external to process Normal equipment condition Mistake by personnel Loss of production Mechanical degradation Personnel injury Failure of control or safety system Facility damage Leak (Process equipment failure) Process upset (transient) Stable process PSV Fire or explosion Pollution FSV SELF-ACTING Function S Implementation (Example) M CONTROL PC SYSTEM CM Equipment S M Process function PSL Production PSD SYSTEM GD M FD Platform SHUTDOWN Detectable conditon Extent of shutdown action FGD/ESD SYSTEM CM:Condition Monitoring, S:Process sensor, PSV:Pressure relief, PSL:Pressure switch low, FSV:Check valve, GD:Gas detector, FD:Fire Detector, M:Manual Technology for a better society 15 NORMAL OPERATIONAL SITUATION HAZARD ACCIDENT FD Accident external to process Normal equipment condition CONSEQUENCE QRA Mistake by personnel Loss of production Mechanical degradation Personnel injury Failure of control or safety system Facility damage Leak (Process equipment failure) Process upset (transient) Stable process PSV Fire or explosion Pollution FSV SELF-ACTING Function S Implementation (Example) M CONTROL PC SYSTEM CM Equipment S M Process function PSL Production PSD SYSTEM GD M FD Platform SHUTDOWN Detectable conditon Extent of shutdown action FGD/ESD SYSTEM CM:Condition Monitoring, S:Process sensor, PSV:Pressure relief, PSL:Pressure switch low, FSV:Check valve, GD:Gas detector, FD:Fire Detector, M:Manual Technology for a better society 16 Rausand & Høyland, 2004 Technology for a better society 17 PDS Hand books 2000 2010 Technology for a better society 18 IEC 61508: Functional safety of electrical/electronic/programmable electronic (E/E/PE) safetyrelated systems“ • Generic standard, i.e.: – Providing general framework, covering a wide range of complexity, hazards and risk potentials – Conceived with a rapidly developing technology in mind - framework sufficiently robust and comprehensive • Major objective: – – – – Facilitate development of sector specific standards Provide consistency within and across application sectors Provide a generic approach for all lifecycle activities Provide qualitative and quantitative safety requirements to safety systems Technology for a better society 19 Risk reduction in IEC 61508 - General concept Residual risk EUC risk Tolerable risk Increasing Necessary risk reduction risk Actual risk reduction Partial risk covered by other technology safety-related systems Partial risk covered by E/E/PE safety-related systems Partial risk covered by external risk reduction facilities Risk reduction achieved by all safety-related systems and external risk reduction facilities Source: IEC 61508 Technology for a better society 20 Development of Safety System Requirements EUC Hazard Over pressure Safety requirements Allocation & Safety Integrity Level EUC risk Design, etc Risk Req. E/E/PES R Isolate and depressurize vessel 9999 out of 10000 times Tolerable risk h/w s/w Other Safety-related systems Not part of IEC 61508 External facilities Technology for a better society 21 IEC 61508 implications on safety and reliability modelling • The IEC 61508 standard sets out a risk-based approach for deciding the Safety Integrity Level (SIL) for systems performing safety functions – On-going R&D to improve QRAs in Norway. • The IEC 61508 standard requires evaluation of reliability performance of the safety instrumented systems – The PDS method Technology for a better society 22 Means for improving reliability • Fault avoidance • Fault tolerance – Functional test – Self-test – Redundancy Technology for a better society Three Failure Modes Considered in the PDS Model • Fail To Operate (FTO) – Safety system/module does not operate on demand (e.g. sensor stuck upon demand) • Spurious Operation (SO) – Safety system/module operates without demand (e.g. sensor provides signal without demand) • Non-Critical (NC) – Main functions not affected (e.g. sensor imperfection which has no direct effect on control path) Technology for a better society Safety vs. cost Alt. voting logic for redundant sensors (1, 2 or 3) Probability of failure on demand 0.006 2oo2 voting Primary Investment 0.005 0.004 1oo1 voting 0.003 0.002 2oo3 voting 0.001 1oo2 voting Technology for a better society 25 Safety vs. LCC – Low Unavailability Cost pr Trip Probability of failure on demand 0.006 0.005 Primary Investment 2oo2 voting Acceptance criteria Operation and maintenance cost Unavailability cost pr trip 0.004 1oo1 voting 0.003 0.002 2oo3 voting 0.001 1oo2 voting 100 200 400 300 500 LCC in 1 000 Norwegian kroner Technology for a better society 26 Safety vs. LCC – High Unavailability Cost pr Trip Probability of failure on demand 0.006 0.005 2oo2 voting Primary Investment Acceptance criteria Operation and maintenance cost Unavailability cost pr trip 0.004 1oo1 voting 0.003 0.002 2oo3 voting 1oo2 voting 0.001 100 200 400 300 500 LCC in 1 000 Norwegian kroner Technology for a better society 27 PDS-Method Characteristics • “Conventional model” – “ /2 ” – Typically not all failure modes/failure causes taken into account • PDS-method: – Physical as well as functional failures included – Failures not detectable by functional testing included – Coverage of automatic self-test taken into account – Models dependency between redundant modules Technology for a better society PDS Failure Taxonomy Failure Random hardware failure Systematic failure Aging failure Software faults - Random failures due to natural (and foreseen) stressors - Programming error - Compilation error - Error during software update Installation failure - Gas detector cover left on after commisioning - Valve installed in wrong direction - Incorrect sensor location Hardware related failure - Inadequate specificaton - Inadequate implementation - Design not suited to operational conditions Operational failure - Valve left in wrong position - Sensor calibration failure - Detector in override mode Excessive stress failure - Excessive vibration - Unforeseen sand prod. - Too high temperature Technology for a better society 29 Systematic failure Failures that can be related to a particular cause other than natural degradation and foreseen stressors. The failure can normally be eliminated by a modification, either of e.g. the design or manufacturing process, the operating procedures or documentation. Technology for a better society 30 Contributions to CSU A = Inadequate functional test B = Inadequate design / location Critical safety unavaliability ( CSU ) Time dependent CSU Average CSU A B T T T T T T T Functional test interval Revealed in functional test ( / 2 ) Unrevealed in functional test ( TIF ) Time Technology for a better society Functional Testing and Test Independent Failures (TIF) • An ideal functional test is perfect (i.e. detects all failures present) • In practice; not perfect due to: – Design errors (present from day 1 of operation) (e.g. software errors, lack of discrimination for sensors, wrong location, shortcomings in the functional testing) – Human errors during functional testing (e.g. maintenance crew forgets to test specific sensor, test performed erroneously, maintenance personnel forgets to reset by-pass of component) Introduction of Test Independent Failures - TIF: – “The probability that a component that has just been tested (by a manual/functional test) will fail to carry out its intended function by a true demand” Technology for a better society Common cause failures Standard beta-factor model: • Rate of common cause failures: 𝛽 ∙ 𝜆𝐷𝑈 • All components fail enter samtidig PDS beta-factor model: • All componets do not necessarily fail • Beta-factor depends on voting (MooN) 𝛽 𝑀𝑜𝑜𝑁 = 𝐶𝑀𝑜𝑜𝑁 ∙ 𝛽 Technology for a better society 33 Formulas PFD (low demand systems) Technology for a better society 34 Technology for a better society 35 PDS Forum 25 industry partcipants Main objective: Maintain a professional meeting place for exchange of experience between vendors and users of control and safety systems. The primary focus is on safety and reliability aspects of such systems. Topics: • Exchange of experience and ideas related to design and operation of safety instrumented systems • Exchange of information on new field developments and SIS application areas • Use of new standards for control and safety systems • Development of guidelines for the use of these standards • Exchange and use of reliability field data Technology for a better society 36 PDS Tool Office 2010 Technology for a better society 37 Monitoring SIL in operations What about new knowledge obtained by failure recording in the operational phase Evaluate data basis Input data Operational experience/ recorded failures Sufficient amount of operational data available? Updated failure rates Yes ˆDU (based on operational experience alone) No New knowledge Failure rates from design (Prior Knowledge) Experienced failure rate determined by Byesian estimate Recalculate DU (based on operational experience AND prior knowledge) Prior knowledge Technology for a better society 38 PDS Tool – Operational follow up • Operational follow up • estimate updated failure rates based on operational experience • evaluate the possibility of changing the test interval based on operational experience • update the safety function calculations with the new updated failure rates Technology for a better society 39 PDS-BIP 2012-2015 Hovedaktiviteter og Resultater Verktøy og retningslinjer for helhetlig barrierestyring og reduksjon av storulykkesrisiko i petroleumsvirksomheten 1. Utvikle helhetlig metode for barrierestyring 2. Utvikle modeller og data for avhengighet mellom barrierer og barriereelementer 3. Vurdere hvordan ny teknologi påvirker godheten av barrierene Definisjons- og metoderapport Rapport med modeller og data Rapport 4. Utvikle retningslinje for barrierestyring 5. Publisering / informasjonsspredning Retningslinje (praktisk veiledning) Publikasjoner, rapporter, osv. Technology for a better society 41 PDS webben www.sintef.no/pds Technology for a better society 42
© Copyright 2026 Paperzz