RELIABILITY ENGINEERING

MODULE 4
LOPA / SIS / SIL

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 1

JANUARY 28, 2014

R&I Management Framework

Modifications
Replacements

Asset Register

Rules & regulations

Criticality Analysis

Compliance analysis

RBI

SIL

RCM

Risk Based Maintenance

strategies
Run to failure; Fixed
interval; Condition based
Maintenance tasks/ plans
Work planning

Adapt RBM
strategies

Adapt task frequencies

maintenance methods

Asset

Execute maintenance plans

Breakdown maintenance
Data logging

Maintenance Efficiency
Schedule compliance
Breakdown analysis RCA
Proactive analysis FRACAS
Condition monitoring/analysis
SOW analysis
ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 2

JANUARY 28, 2014

Training Program
Asset knowledge

LOPA
LAYERS OF PROTECTION ANALYSIS

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 3

JANUARY 28, 2014

Layered protection
Background

Piper Alpha
Bhopal
Seveso
Texas City

Accidents with catastrophic consequence that cost many lives,

made it clear that for safe operation of high risk plants it is
not enough to rely on proper design and operation of plants
and to rely on normal process controls and alarms.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 4

JANUARY 28, 2014

LOPA
What is it?
Layer of Protection Analysis (LOPA) is a Process Hazard Analysis
tool.
The method utilizes the hazardous events, event severity,
initiating causes and initiating likelihood data developed
during the Hazard and Operability analysis (HAZOP).

ASSET LIFECYCLE INTEGRITY PARTNER

Process Design
Basic Process Control
Alarms, manual intervention
Safety Instrumented Systems
Active protection layer
Passive protection layer
Emergency response layers

PAGE 5

JANUARY 28, 2014

LOPA
How do we use it?
LOPA allows us to determine the risk associated with the
various hazardous events by utilizing their severity and the
likelihood of the events occurring.
LOPA analyzes the risk reduction that can be achieved from
various layers of protection. If additional risk reduction is
required after the reduction provided by process design, the
basic process control system (BPCS), alarms and associated
operator actions, pressure relief valves, etc., a Safety
Instrumented System (SIS) may be required.
The safety integrity level (SIL) of the SIS can be determined
directly from the additional risk reduction required.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 6

JANUARY 28, 2014

LOPA
What does it all mean?

Intrinsic safety embedded in the design

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 7

JANUARY 28, 2014

LOPA
Referenced Standards
IEC 61508 Functional Safety of
Electrical/Electronic/Programmable Electronic Safetyrelated Systems
IEC 61511 Functional safety Safety instrumented systems
for the process industry sector
ANSI/ISA S84 Functional safety of safety instrumented
systems for the process industry sector
IEC 62061 Machinery systems

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 8

JANUARY 28, 2014

SIS
SAFETY INSTRUMENTED SYSTEM

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 9

JANUARY 28, 2014

Safety Instrumented Systems

SIS
A Safety Instrumented System is a set of hardware and
software controls specifically engineered and used to put a
safety critical process into a "Safe State" to avoid adverse
Safety, Health and Environmental(SH&E) consequences.
Safety Instrumented Systems must be independent from all
other control systems that control the same equipment in
order to ensure SIS functionality is not compromised.
The specific control functions performed by a SIS are called
Safety Instrumented Functions (SIF). They are implemented
as part of an overall risk reduction

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 10

JANUARY 28, 2014

Safety Instrumented System

Example

In accordance with
IEC 61508
IEC 61511

HIPPS High Integrity Pressure Protection System

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 11

JANUARY 28, 2014

SIL
SAFETY INTEGRITY LEVEL

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 12

JANUARY 28, 2014

SIL level determination

Risk graph

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 13

JANUARY 28, 2014

What do the SIL levels mean?

PFD and RRF
PFD Probability of Failure on Demand
What is the probability that it will not do what it is supposed
to do.

RRF Risk Reduction Factor

The risk will be reduced RRF times

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 14

JANUARY 28, 2014

Probability of Failure on Demand

Hidden failure
Probability of Failure on Demand is a hidden failure. We will
only find out that the SIS is not doing what it is supposed to do
when we need it.
This of course is not acceptable.
For all the components that make up a SIS we will have to
calculate a test frequency and describe a test procedure to
reduce the probability of an undetected failure in the SIS that
would result in Failure to Function on Demand.
Formula according to IEC61508:

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 15

JANUARY 28, 2014

SIL tests
Implementation and record keeping
After having calculated the test frequencies and having
described the test scenarios, the test activities have to be
implemented in CMMS or a dedicated software program in
order to schedule and execute these activities.
SIL testing activities are considered compliance tasks.
Through the CMMS or a dedicated software program timely
execution of the tasks must be monitored.
Test date and findings must be recorded in CMMS or
dedicated software for reference in audits or RCAs.
Axiom: IF IT ISNT RECORDED, IT WASNT DONE !

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 16

JANUARY 28, 2014

SIL
Reliability aspects not covered by IEC 61508
It is important to understand that IEC 61508 and similar
standards are only concerned with the safety aspects
regarding Probability of Failure on Demand.
For reliability we also have to look at the consequence and
probability of spurious trip. (unjustified trip, false
alarm).
For this reason relying on SIL testing alone may not be
enough and an RCM or FMEA may be needed to identify risks
and mitigating actions related to spurious trip.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 17

JANUARY 28, 2014

SIL rated
instruments and final elements
Electric and electronic devices can be certified for use in
Functional Safety applications according to IEC 61508,
providing application developers with the evidence required
to demonstrate that the application including the device is
also compliant with IEC 61508.

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 18

JANUARY 28, 2014

SIS/SIL testing and maintenance

Building block of the Asset Management Concept
Asset Management Concept
Criticality Analysis

Maintenance
Concept

Compliance &
Integrity
Concept

Data &
Document
Concept

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 19

JANUARY 28, 2014

R&I Management Framework

Modifications
Replacements

Asset Register

Rules & regulations

Criticality Analysis

Compliance analysis

RBI

SIL

RCM

Risk Based Maintenance

strategies
Run to failure; Fixed
interval; Condition based
Maintenance tasks/ plans
Work planning

Adapt RBM
strategies

Adapt task frequencies

maintenance methods

Asset

Execute maintenance plans

Breakdown maintenance
Data logging

Maintenance Efficiency
Schedule compliance
Root Cause Analysis
Proactive analysis FRACAS
Condition monitoring/analysis

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 20

JANUARY 28, 2014

Training Program
Asset knowlegde

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 21

JANUARY 28, 2014

RELIABILITY ENGINEERING
MODULE 4
THANK YOU FOR YOUR
ATTENTION

ASSET LIFECYCLE INTEGRITY PARTNER

PAGE 22

JANUARY 28, 2014