Leif Mortensen, PA-4443-S-1, 2012-05-31 ABB Offshoredag 2012 800xA High Integrity – A Case Story © ABB Group June 4, 2012 | Slide 1 800xA High Integrity – A Case Story Agenda Preem – short introduction Preem requirements to safety systems and suppliers Implementation of Functional Safety Management at Preem Case 1 : Preemraf Gothenburg Case 2 : Preemraf Lysekil © ABB Group June 4, 2012 | Slide 2 Preemraff Sweden Private owned company Two refineries, Lysekil and Gothenburg 470 gasoline stations in Sweden Lysekil Refine 12 mill. ton crude per year 600 employees Current safety systems: ABB SafeGuard Emerson Delta-V Honeywell Gothenburg Refine 6mill. ton crude per year 300 employees Current safety system Honeywell © ABB Group June 4, 2012 | Slide 3 Preemraf – Case 1 Gothenburg Refinery © ABB Group June 4, 2012 | Slide 4 800xA High Integrity – A Case Story Agenda Preem – short introduction Preem requirements to safety systems and suppliers Implementation of Functional Safety Management at Preem Case 1 : Preemraf Gothenburg Case 2 : Preemraf Lysekil © ABB Group June 4, 2012 | Slide 5 800xA High Integrity – A Case Story Preem requirements to safety systems and suppliers Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instumented Functions According to Safety Integrity Level = 3 Integrated and standardized solutions for hardware and software (OGP REUSE) Online upgrade, online software modification, online hardware extension. 6 years between site turn around. Price competitive Local presence and competences Supplier should have responsive attitude to customer demands © ABB Group June 4, 2012 | Slide 6 Safety Standards History and evolution Germany International PRESCRIPTIVE STANDARDS 1995 IEC SC 65 ISO 10418 1995 Draft 2005 IEC 61508 1999 IEC 61511 1993 2003 DIN VDE 0801 1991 UK DIN VDE 19250 1989 1987 HSE PES © ABB Group June 4, 2012 | Slide 7 1996 1992 ISA dS84.01 1989, Pasadena 1988, Piper Alpha 1986, Chernoble 1984, Bhopal 1974 1976, Seveso API RP14C 1974, Flixborough USA OHSA CFR 1910.119 2004 1995 Draft ANSI/ISA S84.01 ANSI/ISA S84.00.01 (IEC 61511 Mod) PERFORMANCE STANDARDS Functional Safety Standards IEC 61508 and IEC 61511 Functional Safety is the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures and environmental changes. IEC61508 IEC 61800 Ed 2 released 2010-4-15 © ABB Group June 4, 2012 | Slide 8 EN50156: Furnaces EN50128: Railways IEC 61511 : Process Sector IEC60601 Medical Devices Adjustable Speed Electric Power Drives IEC 61513 : Nuclear Sector IEC 62061 : Machinery Sector Functional Safety Standards Relations between IEC 61508 and IEC 61511 © ABB Group June 4, 2012 | Slide 9 800xA High Integrity – A Case Story Preem requirements to safety systems and suppliers Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instrumented Functions According to Safety Integrity Level = 3 Integrated and standardized solutions for hardware and software (OGP REUSE) Online upgrade, online software modification, online hardware extension. 6 years between site turn around. Price competitive Local presence and competences Supplier should have responsive attitude to customer demands © ABB Group June 4, 2012 | Slide 10 Safety Instrumented System – SIS Safety Instrumented Function – SIF • A Safety Instrumented System (SIS) is a collection of sensors, controllers and actuators. • It executes one or more Safety Instrumented Functions (SIFs) that are implemented for a common purpose. Safety Instrumented System with multiple SIF’s Controller SIF A Solenoid Level Switch Pump SIF B SIF C SIF D © ABB Group June 4, 2012 | Slide 11 SIL is applicable for a LOOP System 800xA HI – Integrated Safety Customer value of integration – available today Same operations interface and engineering Process control and safety in the same HI controller Centralized Historian and Data Archiving Common system therefore reduced spare parts, training etc… Process control and Centralized safety running Historian and in separate controllers Data Archiving Common, integrated Centralized asset management Historian and strategy Data Archiving © ABB Group June 4, 2012 | Slide 12 Plant-wide Sequence of Events Certificates 800xA High Integrity – Meets Industry Standards AC800M HI Controller – SIL 1-3 / CAT PLe 1-4 certified S800 Safety I/O (AI, DI, DO) – SIL 1-3 / CAT PLe 1-4 certified I/O Communication – SIL 1-3 / CAT PLe 1-4 certified Standard I/O and communication modules – certified interference-free* (*Listed in safety manual) © ABB Group June 4, 2012 | Slide 13 800xA High Integrity – A Case Story Preem requirements to safety systems and suppliers Delivery according to Functional Safety Standards - IEC61508 and IEC61511 Compliance to implement hardware and software Safety Instrumented Functions According to Safety Integrity Level = 3 Integrated and standardized solutions for hardware and software (OGP REUSE) Online upgrade, online software modification, online hardware extension. 6 years between site turn around. Price competitive Local presence and competences Supplier should have responsive attitude to customer demands © ABB Group June 4, 2012 | Slide 14 OGP REUSE Solutions Typical solutions for efficient engineering and operation Typical solutions originating from the North Sea O&G experience with almost a decade of refinement throughout number of customer projects and installations Building blocks for application engineers enabling them to “tailor” applications by using ready and well proven sw modules and features OGP REUSE includes functionality and features widely applicable in OGP customer projects Libraries of Control Module Types (CMT) Features for Engineering and Operational efficiency Customizable Workplace and Graphical templates © ABB Group June 4, 2012 | Slide 15 OGP REUSE Solutions Control Module Libraries The Control Module types are grouped in libraries according to the main functionality. Signal: Analog Input, Analog Input with voting, Analog Input for Fire and Gas, Digital Input, Digital Output etc. Final Elements: Valve (On/Off), Valve (Choke) PID Control, Motor Control, Circuit Breaker etc. Fire and Gas: Fire Area, Fire Overview, HVAC, Deluge, Watermist etc. Function elements: Latching, Totilizer, Function XY etc. Common logic elements: Add, AND, OR, Ton, etc. There are 25+ “device” and function objects © ABB Group June 4, 2012 | Slide 16 OGP REUSE Solutions Type of Libraries Types of libraries © ABB Group June 4, 2012 | Slide 17 Library name Description Examples REUSEcommon Common small Types for Logic and Data type conversions AND, OR, SPLIT, KS, HSO, MSO REUSEElectroLib Electro Types for interfacing Circuit Breakers and Motors SBC_CB, SBC_IB, SBE_IM REUSEfg Fire & Gas Types as Area, Watermist and Deluge AREA, BLOCKING, HVAC, DELUGE, MA_FG, MB_FG REUSEfgCommonLib Common Fire & Gas Types such as OR2_ISW and VOTE2_ISW OR2_ISW VOTE2_ISW REUSEflowelmentlib Flow Types as Valve and Motor SBV, SBE, SBC_F, SBC_I, SBE_VSD, REUSEFuncElmentLib Function Types for Shutdown Level and Calculation LB, YA, FL, HM, QA REUSEsignallib Main Signal Types for Analog and Digital Input/Output MA, MB, CA, CS, MAV, MA_SI, OA REUSESystemStatusLib Type for presenting the System status SystemStatusAC800 OGP REUSE Solutions Engineering and Operational Efficiency 1. GDS Group Display Status Process A W F S B H 4. Display Templates PCS, ESD, PSD F&G 2. Operator Workplace Overview Displays PCS, ESD, PSD, F&G Detailed Displays Left screen Right screen 3. Trip & Interlock Display Navigation Maintenance Displays © ABB Group June 4, 2012 | Slide 18 OGP REUSE Solutions Ergonomic Display Templates Less bright colors when everything is Normal state Secures operator attention during alarm situation © ABB Group June 4, 2012 | Slide 19 Dimmed Screen OGP REUSE Solutions Guidelines Alarm Handling, Application Guideline AC 800M Application Guideline Library Programming Guideline Process Displays Guideline © ABB Group June 4, 2012 | Slide 20 OGP REUSE Solutions Compliance to standards and Best Practices 1 Registration required for access NORSOK Standards: SCD System Control Diagram (I-005) – extends the IEC 61804 control applications levels SAS Safety and Automation Systems (I-002) Bringing this concept further to become an IEC standard (standardization committee 65B) EEMUA 191:2007 Alarm Systems, a Guide to Design, Management and Procurement YA-711 Principals for Alarm System Design by the Norwegian Petroleum Directorate Safety Compliance to IEC61508 IEC61511 API 14C1 for Process safety in Gulf of Mexico operations © ABB Group June 4, 2012 | Slide 21 What is the scope of TÜV Certification? 800xA High Integrity – ABB Safety Certificates Product Safety Certificate © ABB Group June 4, 2012 | Slide 22 Development Department Safety Certificate ABB A/S Certificate 800xA High Integrity – A Case Story Agenda Preem – short introduction Preem requirements to safety systems and suppliers Implementation of Functional Safety Management at Preem Case 1 : Preemraf Gothenburg Case 2 : Preemraf Lysekil © ABB Group June 4, 2012 | Slide 23 Functional Safety Management Preem FSM has management attention Preem has started a project to implement FSM into their organization. Preem have today procedures, standards, routines, instructions etc. that in some cases fulfill FSM, but in most of the cases they need to be rewritten or created. Top of Safety Life Cycle is implemented, due to handling as a project, and involvement of relatively few people Challenge is bottom of Safety Life Cycle, requires involvement of more people and a “complex” organization © ABB Group June 4, 2012 | Slide 24 IEC 61511 Safety Lifecycle Phases Analysis phase 1-2 Design & Installation Commissio ning Phase 3-5 Operation phase 6 - 8 Activities Identify hazards, specify requirements Responsibilities End user / operator Configure to requirements Engineering / Equipment Supplier Operate, maintain & modify End user / operator Phase 9-11 , responsible - ALL © ABB Group June 4, 2012 | Slide 25 Risk Assessment Options - Examples Hazardous Event Severity Matrix SIL Risk Graph (Qualitative) Scenario and Case Number Scenario Description LOPA Target Factor Initiating Enabling Event Factor Factor Independent Protection Layers Process Design Protection Gap Notes Operator Other SIS BPCS responds to SIS Pressure safety Target is 0 Function Function Control alarms and Relief related A or less B Action written Device protection procedures systems Safety Analysis 0 Business Analysis 0 Safety Analysis 0 Business Analysis 0 Layers of Protection Analysis (LOPA) © ABB Group June 4, 2012 | Slide 26 Fault Tree Analysis (Quantitative) IEC 61511 Safety Lifecycle Phases Analysis phase 1-2 Design & Installation Commissio ning Phase 3-5 Operation phase 6 - 8 Activities Identify hazards, specify requirements Configure to requirements Operate, maintain & modify Phase 9-11 , responsible - ALL © ABB Group June 4, 2012 | Slide 27 Responsibilities End user / operator Engineering / Equipment Supplier End user / operator Safety Requirement Specification (SRS) For every loop The SRS contains two types of requirements Functional Requirements Description of the functions of the SIF How it should work Integrity Requirements The risk reduction and reliability requirements How well it should work Solenoid © ABB Group June 4, 2012 | Slide 28 Safety Requirement Specification Communication © ABB Group © ABB Group June 4, 2012 | Slide 29 Safety Instrumented System - SIS Purpose of Safety Instrumented System Reduce the risk that a process may become hazardous to a tolerable level The SIS does this by decreasing the frequency of unwanted accidents SIS senses hazardous conditions and then takes action SIS moves the process to a safer state, preventing an unwanted accident from occurring. © ABB Group June 4, 2012 | Slide 30 Safety Instrumented System - SIS The amount of risk reduction that a SIS can provide is represented by its Safety Integrity Level (SIL) which is defined as a range of Probability of Failure on Demand (PFD), Safe Failure Fraction (SFF) Avoidance of Systematic Failures © ABB Group June 4, 2012 | Slide 31 AC800M High Integrity Redundant Controller Configuration SM811 BC810 PM865 TB 840 Redundant I/O Optical Modulebus CEX bus © ABB Group June 4, 2012 | Slide 32 RCU Link Engineering Responsibilities Competence Architectural Design to meet target SIL requirements PFD Calculations using appropriate reliability data for the desired loop configuration SIL capability SIS Design Hardware and Software Integration Verification and Validation Functional Safety Assessments Information on operation and maintenance requirements - Building on Manufacturers supplied data Instructions for testing Installation and commissioning Functional Safety Management for Design and Built activities Source: IEC 61511 © ABB Group June 4, 2012 | Slide 33 IEC 61511 Safety Lifecycle Phases Analysis phase 1-2 Design & Installation Commissio ning Phase 3-5 Operation phase 6 - 8 Activities Identify hazards, specify requirements End user / operator Configure to requirements Engineering / Equipment Supplier Operate, maintain & modify End user / operator Phase 9-11 , responsible - ALL © ABB Group June 4, 2012 | Slide 34 Responsibilities Activities FAT SIS Installation and commissioning SIS Safety Validation. SAT SIS Operation and Maintenance SIS modification SIS decommissioning Information and documentation required © ABB Group June 4, 2012 | Slide 35 Documentation Why should safety be documented ? We work in lifecycle phases, we need to pass on information to different engineering disciplines We need traceability We need up to date information / version control What is documentation ? Anything we can store and which can be properly identified © ABB Group June 4, 2012 | Slide 36 Typical Documentation Hazop reports Safety Requirement Specification Functional Design Specification/Safety Analysis Report Safety plan/ Safety Lifecycle Management Plan Test documents (Specifications & Records) Competence (Role descriptions & Competence requirements for each role) SIL Compliance report / SIL verification report © ABB Group June 4, 2012 | Slide 37 Competence requirement and roles in a safety project The competence of people involved in safety projects is normative according to the IEC61511 Competence Role descriptions Competence requirements for each role Education Training Experience If not in-house, use consultants and mentoring Example of safety roles in a project Functional Safety Manager Safety Lead Engineer Safety Assessor © ABB Group June 4, 2012 | Slide 38 800xA High Integrity – A Case Story Agenda Preem – short introduction Preem requirements to safety systems and suppliers Implementation of Functional Safety Management at Preem Case 1 : Preemraf Gothenburg Case 2 : Preemraf Lysekil © ABB Group June 4, 2012 | Slide 39 Preemraf – Case 1 Gothenburg Refinery Application: Modernization of the oil refinery’s safety system - ESD Exchange of obsolete Honeywell FSC safety system Since this is to be done during turn around (every 6 years) or regenerating stop (every third year part of site stop), this is a long term project. Automation from ABB: System 800xA 5.1-based safety solution comprised of two (2) AC 800M HI controllers (PM 865) in redundant configuration. Safety assessed solution that meets SIL 3 Preem design Risk evaluation not performed Based on generic safety functions Application to be based on SIL2 FSM plan Implement FSM /SLC in to operations, maintenance and project organization. © ABB Group June 4, 2012 | Slide 40 Preemraf – Case 1 Gothenburg Refinery Project set-up Hardware delivery – ABB Sweden IEC61508 and IEC61511 compliance of hardware and software – ABB Denmark © ABB Group June 4, 2012 | Slide 41 Preemraf – Case 1 Gothenburg Refinery © ABB Group June 4, 2012 | Slide 42 AC800M High Integrity Redundant Controller Configuration SM811 BC810 PM865 TB 840 Redundant I/O Optical Modulebus CEX bus © ABB Group June 4, 2012 | Slide 43 RCU Link Preemraf – Case 1 Gothenburg Refinery © ABB Group June 4, 2012 | Slide 44 800xA High Integrity – A Case Story Agenda Preem – short introduction Preem requirements to safety systems and suppliers Implementation of Functional Safety Management at Preem Case 1 : Preemraf Gothenburg Case 2 : Preemraf Lysekil © ABB Group June 4, 2012 | Slide 45 Preemraf – Case 2 Lysekil Refinery Application: Modernization of the oil refinery’s safety system for Gas burning Oven - ESD Exchange of obsolete ABB safety solution Replace non SIL equipment to fulfill SIL classification Replace MP200 controllers (13pcs “interlock controllers”), with safety system Move non SIL signals to DCS system and SIL classified signals that today is installed in DCS is to be moved to safety system. Automation from ABB: System 800xA 5.1-based safety solution comprised of one (1) AC 800M HI controllers (PM 865) in redundant configuration. Safety assessed solution that meets SIL 3 Preem design specification Risk evaluation and SIL classification of existing units performed Defined Safety Functions for Non SIL, SIL1 and SIL2 functions Implement FSM /SLC in to operations, maintenance and project organization. Preem is using exSILentia as SIL classification software and Risk Matrix for SIL classifications. In case of a high SIL level on a SIF, SIL3 or in some cases SIL2, LOPA (Layers of Protection Analysis) is used on the specific SIF. © ABB Group June 4, 2012 | Slide 46 Preemraf – Case 2 Lysekil Refinery Project set-up Hardware delivery – ABB Sweden IEC61508 and IEC61511 compliance of hardware and software – ABB Denmark © ABB Group June 4, 2012 | Slide 47 Preemraf – Case 2 Lysekil Refinery © ABB Group June 4, 2012 | Slide 48 AC800M High Integrity Redundant Controller Configuration SM811 BC810 PM865 TB 840 Redundant I/O Optical Modulebus CEX bus © ABB Group June 4, 2012 | Slide 49 RCU Link Functional Safety Management – Why ? Jan/Feb– 20 of April 21:49 - 2010 © ABB Group June 4, 2012 | Slide 50 Total Safety Offering Field Instrumentation •SIL rated •Instrumentation •Actuators SIS Systems •TUV Certified •Flexible and Scalable •System 800xA Alarm Management •Benchmarking •EEMUA 191 •Training •Support SIL Determination •Analysis •TRAC •Training •Mentoring © ABB Group June 4, 2012 | Slide 51 Proof Testing Support •TRAMs •Proof test period •Maintenance •Lifecycle Support Installed Systems Review •SIL assessment •Benchmarking IEC61508/IEC61511 Compliance •Compliance Management •FSMS © ABB Group June 4, 2012 | Slide 52
© Copyright 2026 Paperzz