SIS Life Cycle Safety Management

1
SIS Life Cycle Safety Management

• Botlek Studiegroep -15 december
• Jan Wiegerinck
• Shell Global Solutions

2
Status of IEC 61508 /61511

• Both are published and official international
  standards.
• Accepted by ANSI and ISA SP84.01-2003
• Regarded by authorities as best practice.
• E.g. to comply to Seveso II directive (EC), IEC
  61511 will be regarded as best practice.
• Same for OSHA directive 29 CFR 1910.119 (USA)

3
All about Risk

• Instrument Protective Functions (IPF) are used to
  reduce risk
• If there is no process risk, there is no need for
  an IPF.
• If the risk is high, the risk need to be reduced
  a lot,if small, the risk is only to be reduced a
  little.
• The IPFClass or Safety Integrity Level (SIL) is a
  measure for the amount of risk reduction required.

2
4
A Risk Assessment Matrix (RAM example only)
Broadly acceptable risks
The required SIL (to make the risk broadly
acceptable) can directly be entered in the cell
that represents the initial risk.
Tollerable risk
Intollerable risks
1
2
3
4
High Risk
1
a
1
2
3
Likelihood (y-1)
10-1
a
a
1
2
10-2
-
a
a
1
Low Risk
Consequence
5
Layers of Protection (the onion model)
the bowtie
consequences
threats
(independant)
6
Fundamentals of IEC 61508 / 61511

• Know your hazardous situations
• Evaluate the acceptability of the risks of those
  hazardous situations.
• Classify the required Safety Integrity of the
  protective measures (establish the Safety
  Integrity Level, SIL)
• Implementation and testing to be based on SIL
• Implement and maintain a Safety Management System
• Documentation
• Auditing (assessment and verification)
• Procedures Planning
• Control of Human Factors

7
Life Cycle Safety model
8
IPF Management
Start
HAZOP
IPF study
IPF design realisation
PM tasks WIs TI
Competence mngt
Verification auditing
Documentation
Standards tools
Scheduling
Change?
y
Execute
CM tasks WIs
Scope definition
Report Historise
Incident analysis
Reliability analysis
KPIs failure rates overdue bad actors
9
Syndicate exercise

• Indicate FOR YOUR ORGANISATION on the following
  list per item, related to SIF
• Does it exist
• Who is responsible
• Is it up-to-date
• Where the description
• Where are the outputs (results) filed

10
Functional Safety- an overview
Set SIL standards and procedures to be used
HAZOP SIL studies
Update maintenance strategy . review procedures
and competence etc.
Define and design SIFs and testing freq.
Analyse. Detect bad-actors
Repairs and testing . Collect data.
Generic asset management cycle
11
IPF/SIF Management System elements
Company wide elements
Asset specific
Standards Tools
Register of hazards
Key Documentation / SRS
SIL assessment/ SIS design Method Assumptions
Project Procedures
Work Procedures
Anomaly tracking/correction
Plant Change Procedures
Incident Investigation
Competence
Reliability Monitoring
Auditing Verification
Plan gt Do gt Check gt Improve
12
Company wide elements- status in Shell

• Shell uses DEPs, SIFpro, etc.
• Work procedures often not formalised / incomplete
• Not enough competent people, difficult to
  maintain routine / competence

13
Asset specific - status in Shell

• New plants (1998) are reasonably OK.
• Register of hazards (as built HAZOP) is mostly
  neglected, incomplete and fragmented
• Maintenance of SRS is difficult. Tends to become
  inconsistent, incomplete and fragmented over
  time. Often not recognised as a key document.

14
Anomaly tracking/correction in Shell

• Incident investigation often ignores spurious and
  real trips.
• Failure rate data collection and analysis is only
  now emerging. Tools are still primitive.
• Auditing Verification often ignored. Only done
  in projects (pre-start-up safety reviews).

15
SIS Lifecycle management tools
Maintenance Management System
Tag data
SIFpro
Tag data
Failure codes
Failure codes
Failure records
Failure reports
Failure codes
ü
ü
Analyse
ü
ü
ü
Failure data
ü
For combinations of Instrument type and Operating
service
Test intervals Test coverage
Plant Trip Reports
Demand Rates
16
SIS realisation in a project
Start
SIF narratives Site Level
Automation Contractor
PMC/Owner
Logic Solver specification
MAC info
Hazards analysis (HAZOP /PHA)
SIS Requirements specification
Contractor
SIF definition
SIF LS application development
PIDs / PEFS
CE Diagrams
SIF narratives Unit level
Risk analysis (SIL assessment)
SIS design
Recycle/update
Assign tags / SFC to subsystems
SIF narratives Function group level
Safe failure assessment
Also used to verify the final SIS functionality
Test intervals calcs
ALARP assessment
Detailed Logic diagrams
Recycle/update
Contractor
Test Procedures
Execute Tests (inspections)
Analyze results (e.g. yearly)
Owner