¥³zú¥âµÔ¨k ¡og#¡¨âµ© ͨlÄ©z ÝT¨ú ³o$ k|¨ú g#ÝzúA©# ú¨[Ä# ...
, 2011/9/2 Functional Safety DÈ ü Ä 3 [ ô M · T – Ï | ¨(Ken Meng) » " â ú . n µ â O 3...
Transcript of , 2011/9/2 Functional Safety DÈ ü Ä 3 [ ô M · T – Ï | ¨(Ken Meng) » " â ú . n µ â O 3...
© ABB Group September 5, 2011 | Slide 1
Functional Safety, CFSE, Senior Manager, ABB Taiwan; , 2011/9/2
– (Ken Meng)
Computer Engineering
/DCS/ 8 2
ABB Ltd DCS 12 ( 3 9 )
CFSE (Certified Functional Safety Expert)
E-mail: [email protected]: (02) 2299 3299 ext. 326Mobile: 0933 861 052
© ABB Group September 5, 2011 | Slide 4
(Risk)
… impossible!
IEC61508 … practicable!
(Functional Safety)
© ABB Group September 5, 2011 | Slide 7
Why Functional Safety?
!?
? ? ?(PFD)
IEC61508 & IEC61511
/ /
© ABB Group September 5, 2011 | Slide 9
Functional Safety
Risk: Functional Safety: IEC61508 / 61511: Functional SafetyLifecycle: SLC: Safety Life Cycle, Failure Rate: PFD: Probability of Failure on Demand, SIL: Safety Integrity Level, BPCS: Basic Process Control System, SIS: Safety Instrumented System, Proof Testing: TUV: Availability & Reliability: &
© ABB Group September 5, 2011 | Slide 10
HSE Study of Accident Causes:involving Control Systems
© A
BB
Aut
omat
ion
Tech
nolo
gies
-10
Specifications 44%
Changes after Commissioning 21%
Design & Implementation15%
Operation & Maintenance 14%
Installation & Commissioning 6%
HSE: Health and Safety Executive
© ABB Group September 5, 2011 | Slide 11
Refinery: Hydrogen Manufacturing Unit
Shell SIS SLC
© A
BB
Aut
omat
ion
Tech
nolo
gies
-11
49%Over Engineered
4%Under Engineered
47% No Change
Shell: SLC: Safety Life Cycle
© ABB Group September 5, 2011 | Slide 12
Total of 5319 loops are considered at 7 different plants
NAM SIS SLC ©
AB
B A
utom
atio
n Te
chno
logi
es -
12
37%Over Engineered
6%Under Engineered
57% No Change
NAM: SLC: Safety Life Cycle
© ABB Group September 5, 2011 | Slide 13
Functional Safety Applications
Emergency Shutdown Systems (ESD)Process Shutdown Systems (PSD)Fire & Gas Protection/Detection (F&G)Critical ControlBoiler/Burner ManagementHigh Integrity Pressure Protection Systems (HIPPS)Pipeline Protection Systems (PPS)
IndustriesOil & Gas companiesRefineriesPetrochemicals companiesPulp &paperMarineMetalsMachineryUtility Fossil/Nuclear Fuels
© ABB Group September 5, 2011 | Slide 14
USA
Inte
rnat
iona
lG
erm
any
UK
1995
IEC SC 65 IEC 61508
ISO 10418
DIN VDE 0801
DINVDE 19250
HSE PES
OHSA CFR1910.119
ISA dS84.01
API RP14C
1995Draft
1995Draft
1993
1991
1989
1987
1974
ANSI/ISAS84.01
1999
2005
IEC 61511 2003
1996
1992
ANSI/ISAS84.00.01 (IEC 61511 Mod)
2004
© ABB Group September 5, 2011 | Slide 15
IEC 61508 Safety Lifecycle Phases and Responsibilities
11 External RiskReductionFacilities
Realization
1 Concept
2 Overall Scope Definition
3 Hazard & Risk Analysis
4 Overall Safety Requirements
5 Safety Requirements Allocation
15 Overall Modification & Retrofit
16 Decommissioning
12 Overall Installation & Commissioning
13 Overall Safety Validation
14 Overall Operation& Maintenance
9 Safety-relatedsystems: E/E/PES
Realization
10 Safety-relatedsystems: Other Technology
Realization
Overall Installation & Commissioning Planning
6 7 8Overall Operation & Maintenance Planning
Overall Validation Planning
Overall Planning
Back to appropriate Overall Safety Lifecycle phase
“Analysis” Phase(End User / Consultant)
“Realization” Phase(Vendor /Contractor/End-User)
“Operation” Phase(End User / Contractor)
© ABB Group September 5, 2011 | Slide 16
IEC 61511 – Safety Lifecycle
Verif
icat
ion
Safe
ty li
fecy
cle
stru
ctur
e an
d pl
anni
ng
Man
agem
ent o
f fun
ctio
nal s
afet
y an
d fu
nctio
nal s
afet
y as
sess
men
t
S1
S2
S3
S4
S5
Decommissioning
Hazard and risk analysis
Modification
Operation and maintenance
Installation, commissioning and validation
Safety requirement specification
Design and engineering of
SIS
Allocation of safety function
Design and development
of other means of risk
reduction
Management of functional safetySafety life cycle model
Competency
Functional safety assessment
Planning
Configuration management
Verification
Validation
Standard content structured according to life cycle model
© ABB Group September 5, 2011 | Slide 17
Calculated Process Risk
What is Risk?
Tolerable Level of Risk(Defined by user per application)
Risk
Process Design
Other Risk Reduction (Alarming, Exception Procedures, …)
Risk Reduction is the Highest PriorityALARP (As Low As Reasonable Practicable)
What can happen? How often? What is the consequence?
Risk = Consequence * Frequency
Safety Instrumented System (SIL-1, SIL-2, SIL-3, …)
SIL-1 SIL-2 SIL-3
0
High
© ABB Group September 5, 2011 | Slide 18
Probability of Failure on Demand (PFD)
PFD depends on failure rate ( ), failure mode and test interval
Failure rate is divided into failures that can cause a false trip versus those that failure on demand
An untested device’s PFD gets larger as the operational time interval increases
For devices subject to periodic inspection and test the average PFD can be used
PFDavg ~ ( t)/2
© ABB Group September 5, 2011 | Slide 19
SILSafety Integrity
Level
SIL 4
SIL 3
SIL 2
SIL 1
PFDProbability of Failure
on Demand(Low Demand mode of operation)
RRFRisk Reduction
Factor
>=10-5 to <10-4
>=10-4 to <10-3
>=10-3 to <10-2
>=10-2 to <10-1
>= 0.01 to < 0.1
100000 to 10000
10000 to 1000
1000 to 100
100 to 10
Safety Integrity Levels
PFD – Probability of Failure on Demand (Probability of Dangerous failure).
Example of safety designThe protection in 2 levels:
PrimarySecondary
Functionally different types
Control & Protection – Functional View
PSHHPT
LSHL
LT
PSV
Process Control System Protection System (Primary)
V-101
Protection System (Secondary) ESD
© ABB Group September 5, 2011 | Slide 21
Physical vs. Logical separation
Physical vs. Logical
S C
C S
Physical Separation
S C
C S
Logical Separation
Note: Logical separation can be provided by an internal firewall to provide protection from unintended, spurious, or unauthorized access from other controllers, applications, and operator/engineering stations
Safety System
Control System Control Functions
Combined ControllerSafety Functions
Example 1 – Calculations of function SIL2
Component No. of components
mnt
per 106 hrs
Total PFD
Logic 1 12 0.1 0.44 10-3 Transmitter 1 6 1.6 3.50 10-3 ESV / XV 1 6 1.3 2.85 10-3 Solenoid / pilot 1 6 1.4 3.07 10-3 Total Function - 0.00986 - Fault Rate
– Test Interval, in month
PFD – Probability of Failure on Demand
Logic SolverSensors Actuators
© ABB Group September 5, 2011 | Slide 23
Example 2 – SIL Calculations
II
I I
I
Flow Transmitter2oo3
Pressure Transmitter1oo2
Temp. Switch1oo2
Level Switch1oo2
Logic Solver
1oo2
© ABB Group September 5, 2011 | Slide 24
Example 2 – SIL Calculations ResultsSensor Voting MTTFDU PFDavg EquationFlow 2oo3 40 6.25 x E-4 PFD(2oo3)avg = ( DU)2 x TI2
Pressure 1oo2 50 1.33 x E-4
PFD(1002)avg = [ ( DU)2 x TI2 ] / 3Temperature 1oo2 15 1.48 x E-3
Level 1oo2 25 5.33 x E-4
Total 2.77 x E-3
Final Element Voting MTTFDU PFDavg EquationSolenoid Valve 50
Note: = (Sov) + (Block)Block Valve 50
SOV + Valve 1oo2 5.33 x E-4 PFD(1002)avg = [ ( DU)2 x TI2 ] / 3
Logic Solver PFDavg = 5 x E-3 (provided by Mfr.)
PFDSIF = PFDSensor + PFDLogic Solver + PFDFinal Element
= 2.77 x E-3 + 5 x E-3 + 5.33 x E-4= 8.3 x E-3 Meet the Requirement of
SIL-2 System
Assume:Test Interval = 1 yr
© ABB Group September 5, 2011 | Slide 29
ABB Safety System Offerings
AC800M HI: 1 oo (1oo2D)Released at 20084 cpu run on parallelSIL 1-3
Plantguard (TMR, 2oo3)Released 20043-2-0 & 3-2-3-2-0 degradationSIL 1-3
AC800M HI
Plantguard
800xA High IntegrityRedundant / Quad Configuration
SM811 BC810 PM865
Optical Modulebus
RCU LinkCEX bus
Redundant I/OTB 840
© ABB Group September 5, 2011 | Slide 31
800xA HI – ABB Safety Certificates
TÜV Product Service, the foremost independent certification agency in the business, has certified all product components on the 800xA Safety offering
Product Safety Certificate
Development Department Safety Certificate
Safety Manual
Safety Certificate for Persons
CFSE (Certified Functional Safety Expert)CFSE: Certified Functional Safety Expert
10 years of safety related + Exam + Case Study
CFSP: Certified Functional Safety Professional2 years of safety related + Exam
Certified by eXida
Taiwan: CFSE: 7; CFSP: 9
TUV FS (Functional Safety Program)TUV FS Expert
8 years + Document assessment
TUV FS Engineer3 years + Training course
Certified by TUV Rheinland
Taiwan: Expert: 0; Engineer >20
© ABB Group September 5, 2011 | Slide 33
ABB 800xA High Integrity System Architecture
Power DistributionPower Management
Process ElectrificationLV & MV
Ethernet Control Network
Remote Operator andEngineering Clients
System Servers
Process Automation
Operation EngineeringMaintenance
Safety
Knowledge Portals as Thin ClientsMES and Business Systems
ECS, ISA-95, OPC…
3rd party PLC’s
Serial, OPC.. Operation
LocalPanels
ProcessInstrumentation
- Switchgears- Smart MCC’s- Frequencyconverters
- Multi-drive
- Network control & protection
- Load Shedding
TCP/IPIEC61850
- Boiler Protection- Burner Management
Extended Operator Workplace
Situation TodayIslands of AutomationSystem 800xA Extended Automation System The Power of Integration
PLC
PLC, SCADADCS 1DCS 2
PLC, Panel
PLC, SCADA
PLC
DCS 3
PLC, SCADAPLC
PLC
PLC, ScadaPLCDCS 1DCS 2
PLC, PanelPLC, Scada
PLC DCS 3 PLC, SCADA
PLC
PLC
System 800xA
• One rich harmonized user interface including all control systems
• One integration point for all related applications
© ABB / BU PIP / OCS 3BSE064772 en BSeptember 5, 2011 | Slide 34
System 800xA
System 800xAOver 6000 systems sold since launch in January 2004
Over 24,000 operator stations
Over 30,000 AC800M controllers
Over 20 Million I/O points
Systems sold in a wide range of industries and geographies
Safety – HI ControllersOver 1,800 HI controllers since launch in January 2005
© ABB / BU PIP / OCS 3BSE064772 en BSeptember 5, 2011 | Slide 35
Plant Network/ Internet
Firewall
Smart Client Server
Smart Client Desktops
Plant overview and information in real time Promotes collaboration and optimization
© ABB / BU PIP / OCS 3BSE064772 en BSeptember 5, 2011 | Slide 36
800xA
Improved visualization for the operators -complete overview of the recovery boiler Common engineering for AC 800m and 800xA High Integrity
Increased flexibility and simplified maintenanceEasier to maintain engineering competence
Increasing demands from authorities will put demands on further changes in safety systemsKorsnäs has ordered 800xA High Integrity for the second recovery boiler as well!
© ABB / BU PIP / OCS 3BSE064772 en BSeptember 5, 2011 | Slide 37
800xA
Maintain what needs to be maintained (predictive maintenance)
Increased opportunities for an effective maintenance plan
© ABB / BU PIP / OCS 3BSE064772 en BSeptember 5, 2011 | Slide 39
© ABB Group September 5, 2011 | Slide 40
Electrical Integration ( )
Electrical Integration is the integration of Process Automation and Power Automation into one system
Process InstrumentationMeasurement and control of pressure, temperature, flow…
Process ElectrificationMonitoring and control of motors, pumps, fans…
Substation AutomationProtection, monitoring and control of generators, transformers, switchgear…
Power ManagementAdvanced control of power distribution
Process Automation Power Automation
© ABB Group September 5, 2011 | Slide 41
&
Many protocols, lack of global standard
Separate system for power automation
Organizational barriers among process and power department
Device specific solutions for integration into DCS
A lot of hardwiring needed
Lack of information from electrical devices
© ABB Group September 5, 2011 | Slide 42
System 800xA
Electrical Integration Based on Open Standards
Full Plant Integration with System 800xA
Complete Portfolio from ABB
© ABB Group September 5, 2011 | Slide 43
Common information
management
Centralized Historian and Data Archiving
Common asset management
Common system architecture
Common engineering Common operations
System 800xA
© ABB Group September 5, 2011 | Slide 44
Customer BenefitsImproved Operator Effectiveness
Power groupProcess group
© ABB Group September 5, 2011 | Slide 45
Integrated Process and Power AutomationSummary
Reduced Investment Costs
Improved Operator Effectiveness
Reduced Maintenance Costs
Increased Plant Availability
Reduced Energy Costs
© ABB Group September 5, 2011 | Slide 47
Outstanding overview
All information is synchronized for faster operator interaction
Personalized workplaces for safe and efficient operation
Efficient tools and navigation features for faster operator actions
© ABB Group September 5, 2011 | Slide 48
ABB Instrumentation
SIL compliant or conforming instrumentation for use in safety applications
SIL rated instrumentation completes the safety instrumented function/solution
HART sensors for pass-throughconnection into S800 AI880 module for use in non-safety critical functions and asset optimization.
“Declaration of Conformance” vs. TUV certification
© ABB Group September 5, 2011 | Slide 49
Installed Systems Review
•SIL assessment•Benchmarking
IEC 61508/IEC 61511 Compliance
•Compliance Management
SIL Determination•Analysis•TRAC
•Training•Mentoring
Alarm Management•Benchmarking •EEMUA 191
•Training•Support
ABB Total Safety Offering
Full Scope Supplier
SIS Systems•TUV Certified
•Flexible and Scalable•System 800xA
•SafeGuard•PlantGuard
Safety Requirements
Design and Installation
Maintain Safety
Performance
Field Instrumentation•SIL rated Instrumentation
•ValvesProof Testing Support
TRAMsProof test period
MaintenanceLifecycle Support
© ABB Group September 5, 2011 | Slide 50
Anti-virus Server
Fiber Optics (Star)
Redundant Client/Server Network (Ethernet)
GAS
: (12” DRAM) R1
Chemical
ERC
Clean Room HVAC
FMCS
Operator Stations x 4 (Dual screens)
• 2oo3 Redundant Aspect Servers (AS)
• Dual Domain Controller (DC)
• Dual Info. Management Server (IM)
Office Network for Firewall, EDMS, and Info-Center PC
VESDA, PA, FACCTV, Access
EngineeringStation (ES)
Red. CS
LED Ticker
OS x 3OS x 3 OS x 1 OS x 1
Core Switch
Edge Switch
Edge Switch
OS x 2
Controllers & I/Os not shown!
Controllers & I/Os not shown!
Red. CS
Edge Switch
WTS
Red. CS
Controllers & I/Os not shown!
OS x 2Red. CS x 2
Edge Switch
Red. CS
Controllers & I/Os are not in FMCS scope.
Firewall
AO Server File backup Server
Red. CS
To 12D & Office network
OPC(by Others)
UPW/PCW/WWT
Edge Switch
Prof
ibus
-DP
Red. AC800HI Controllers & Safety I/O
PLC-2
PLC-n
PLC-1
Edge Switch
Prof
ibus
-DP