Practical Industrial Safety, Risk Assessment and Shutdown Systems for Industry Titles in the series Practical Cleanrooms: Technologies and Facilities (David Conway) Practical Data Acquisition for Instrumentation and Control Systems (John Park, Steve Mackay) Practical Data Communications for Instrumentation and Control (Steve Mackay, Edwin Wright, John Park) Practical Digital Signal Processing for Engineers and Technicians (Edmund Lai) Practical Electrical Network Automation and Communication Systems (Cobus Strauss) Practical Embedded Controllers (John Park) Practical Fiber Optics (David Bailey, Edwin Wright) Practical Industrial Data Networks: Design, Installation and Troubleshooting (Steve Mackay, Edwin Wright, John Park, Deon Reynders) Practical Industrial Safety, Risk Assessment and Shutdown Systems for Instrumentation and Control (Dave Macdonald) Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems (Gordon Clarke, Deon Reynders) Practical Radio Engineering and Telemetry for Industry (David Bailey) Practical SCADA for Industry (David Bailey, Edwin Wright) Practical TCP/IP and Ethernet Networking (Deon Reynders, Edwin Wright) Practical Variable Speed Drives and Power Electronics (Malcolm Barnes) Practical Industrial Safety, Risk Assessment and Shutdown Systems for Industry Dave Macdonald BSc(Eng) Newnes An imprint of Elsevier Linacre House, Jordan Hill, Oxford OX2 8DP 200 Wheeler Road, Burlington, MA 01803 First published 2004 Copyright 2004, IDC Technologies. All rights reserved No part of this publication may be reproduced in any material form (including photocopying or storing in any medium by electronic means and whether or not transiently or incidentally to some other use of this publication) without the written permission of the copyright holder except in accordance with the provisions of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, England W1T 4LP. Applications for the copyright holder’s written permission to reproduce any part of this publication should be addressed to the publisher British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 07506 58045 For information on all Newnes publications, visit our website at www.newnespress.com Typeset and Edited by Vivek Mehra, Mumbai, India ([email protected]) Printed and bound in Great Britain Contents Preface xvi 1 Introduction 1 1.1 Definition of safety instrumentation 1 1.2 What is this book about? 2 1.3 Why is this book necessary? 2 1.4 Contents of the book 3 1.5 Introduction to hazards and risks 3 1.5.1 Risk reduction 4 1.6 Fatal accident rate (FAR) 5 1.7 Overview of safety systems engineering (SSE) 7 1.7.1 Introduction 7 1.7.2 What do we mean by safety functions? 7 1.7.3 Functional safety 7 1.8 Why be systematic? 8 1.8.1 UKHSE publication 9 1.8.2 HSE summary 9 1.8.3 Conclusion: It pays to be systematic 10 1.8.4 Scope 1 of safety systems engineering 11 1.9 Introduction to standards: IEC 61508 and ISA S84 11 1.9.1 Driving forces for management of safety 11 1.9.2 Evolution of functional safety standards 12 1.9.3 Introducing standard IEC 61508 13 1.9.4 Key elements of IEC 61508 13 1.9.5 Features of IEC 61508 13 1.9.6 Introducing Standard ANSI/S 84.01 15 1.9.7 Introducing Draft Standard IEC 61511 15 1.10 Equipment under control 16 1.11 The safety life cycle model and its phases (SLC phases) 17 1.11.1 Basic SLC 17 1.11.2 ISA SLC 18 1.11.3 IEC SLC versions 18 1.12 Implications of IEC 61508 for control systems 20 1.12.1 Some implications of IEC 61508 for control systems 20 1.12.2 Potential problems using IEC 61508 21 vi Contents 1.13 Summary 21 1.14 Safety life cycle descriptions 21 1.14.1 Overview of the safety life cycle based on Table 1 of IEC 61508 part 1 24 1.15 Some websites for safety systems information 26 1.16 Bibliography and sources of information 27 1.16.1 Suggested books 28 1.16.2 Publications 28 1.16.3 Reports 29 1.17 Guidelines on sector standards 29 2 Hazards and risk reduction 33 2.1 Introduction 33 2.2 Consider hazards under some main subjects: 34 2.2.1 General physical 34 2.2.2 Mechanical plant 34 2.2.3 Materials 34 2.2.4 Electrical 34 2.2.5 Chemical and petroleum 34 2.2.6 Food processing 34 2.2.7 Bio-medical/pharmaceuticals 34 2.2.8 Nuclear power 35 2.2.9 Domestic 35 2.2.10 Industries where functional safety systems are common 35 2.3 Basic hazards of chemical process 35 2.3.1 Some causes of explosions, fire and toxic release 35 2.3.2 Logic diagram for an explosion 36 2.3.3 Fires: causes and preventative measures 37 2.3.4 Toxic material release 37 2.3.5 Failures of equipment 37 2.4 Introduction to hazard studies and the IEC model 38 2.4.1 Introduction to hazard studies 38 2.4.2 Alignment with the IEC phases 38 2.4.3 Box 1: Concept 39 2.4.4 Box 2: Scope definition 39 2.4.5 Box 3: Hazard and risk analysis 39 2.4.6 Conclusions 40 2.5 Process control versus safety control 40 2.5.1 Historical 40 2.5.2 Separation 41 2.5.3 Functional differences 42 Contents vii 2.5.4 Specials: integrated safety and control systems 43 2.6 Simple and complex shutdown sequences, examples 45 2.6.1 Simple shutdown sequence 45 2.6.2 Complex shutdown sequences 47 2.7 Protection layers 49 2.7.1 Prevention layers 51 2.7.2 Mitigation layers 52 2.7.3 Diversification 52 2.8 Risk reduction and classification 52 2.9 Risk reduction terms and equations 56 2.9.1 Introducing the average probability of failure on demand...PFDavg 57 2.10 The concept of safety integrity level (SIL) 58 2.10.1 When to use an SIS and how good must it be? 58 2.10.2 How can we determine the required SIL for a given problem? 60 2.10.3 Quantitative method for determining SIL 60 2.10.4 Example application 60 2.10.5 Summary 61 2.11 Practical exercise 61 2.11.1 Example of SIL determination by quantitative method 61 2.11.2 Comparative SILs table 63 3 Hazard studies 65 3.1 Introduction 65 3.2 Information as input to the SRS 65 3.2.1 Information from hazard studies must be used 66 3.2.2 The process hazard study life cycle 66 3.2.3 Alignment of process hazard studies with IEC safety life cycle 68 3.2.4 History 69 3.2.5 Guideline documents 69 3.3 Outline of methodologies for hazard studies 1, 2 and 3 69 3.3.1 Process hazard study 1 69 3.3.2 Outline of hazard study 1 70 3.3.3 Timing 70 3.3.4 Topics 70 3.3.5 Environmental impact 71 3.3.6 IEC: concept 71 3.4 Process hazard study 2 71 3.4.1 Outline 72 3.4.2 Hazard study 2 – systematic procedure 72 viii Contents 3.5 Risk analysis and risk reduction steps in the hazard study 73 3.5.1 Hazards of the EUC control system 74 3.5.2 Event sequences leading to a hazard 74 3.5.3 Hazardous event frequencies 74 3.5.4 Inherent safety solutions 74 3.5.5 Estimating the risk 75 3.5.6 Adding more protection 75 3.5.7 Typical protection layers or risk reduction categories 75 3.5.8 Key measures to reduce the risk 75 3.5.9 Process and operational safety measures 76 3.5.10 Alarm functions 76 3.5.11 Safety instrumented functions 77 3.6 Interfacing hazard studies to the safety life cycle 78 3.7 Evaluating SIS requirements 79 3.7.1 Tolerable risk frequency 80 3.7.2 Safe state of the process 80 3.7.3 Trip functional requirements 80 3.7.4 Action required to reach safe state 80 3.7.5 Process safety time 80 3.7.6 Tolerable rate of spurious trips 80 3.7.7 SIS preliminary estimate 81 3.7.8 Continuation to SRS 81 3.7.9 Hazard 2 report 81 3.8 Meeting IEC requirements 82 3.8.1 IEC requirements for hazard and risk analysis 82 3.9 Hazard study 3 82 3.9.1 Outline of methodology for HAZOP 83 3.9.2 Outline of HAZOP method 83 3.9.3 Concepts of change paths and elements 84 3.9.4 Generating deviations 85 3.9.5 Study procedure 87 3.9.6 Causes of deviations 88 3.9.7 Consequences of deviations 88 3.9.8 Adding protection layers 88 3.9.9 Recording of HAZOP results and safety functions 89 3.10 Conclusions 89 3.11 Fault trees as an aid to risk assessment and the development of protection schemes 89 3.11.1 Fault trees 89 3.12 Hazard study 2 guidelines 95 Contents ix 3.12.1 Introduction 95 3.12.2 Method 95 3.12.3 Review of hazard study 2 96 3.12.4 Hazard study 2 report contents 97 3.12.5 Diagrams and tables supporting hazard study 2 98 3.13 Hazard studies for computer systems 104 3.13.1 Examples of potential causes of failures 105 3.13.2 Guidelines 105 3.13.3 Outline of ‘Chazop’ 105 3.13.4 Hazard study 3 Chazop 106 3.14 Data capture checklist for the hazard study 106 4 Safety requirements specifications 108 4.1 Developing overall safety requirements 108 4.1.1 Components of the SRS 108 4.1.2 SRS input section 109 4.1.3 SRS functional requirements 109 4.1.4 SRS integrity requirements 109 4.2 Development of the SRS 110 4.2.1 General development procedure 110 4.2.2 The input requirements 112 4.2.3 Developing the functional requirements 112 4.2.4 Safety integrity requirements 115 4.2.5 Conclusions on the SRS development 116 4.3 Documenting the SRS 116 4.3.1 Checklist for SRS 116 4.3.2 Defining the functions 119 4.4 Determining the safety integrity 123 4.4.1 Diversity in SIL methods 123 4.4.2 Summary of methods for determination of SILs 123 4.4.3 Quantitative method 124 4.4.4 Design example 124 4.4.5 Summary of quantitative method 127 4.4.6 Risk graph methods 128 4.4.7 Defining parameters and extending the risk graph scope 129 4.4.8 Risk graph guidance from IEC 61511 130 4.4.9 Calibration of the risk graph 132 4.4.10 Software tools using risk graphs 132 4.4.11 The safety layer matrix method for SIL determination 132 4.4.12 The LOPA method for SIL determination 133
Description: