Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Dangerous failures

Mod) limits the dangerous failure rate, in relation to a particular hazard, that can be claimed to 10 per hour unless the system is implemented according to the requirements of this standard. The reason for the limit is that if a lower dangerous failure rate is claimed, it would be in the range of failure rates within Table 4 of lEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 flEC 61511-1 Modi. The limit ensures that high levels of confidence are not placed on systems that do not meet the requirements of lEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (lEC 61511-1 Mod). [Pg.29]

When a safety function is aiiocated to a safety instrumented function, it wiii be necessary to consider whether the appiication is in demand or in continuous mode. The majority of appiications in the process sector operate in demand mode where demands are infrequent, in such cases, Tabie 3 in iEC 61511-1 ANSi/iSA-84.00.01-2004 Part 1 (iEC 61511-1 Mod) is the appropriate measure to use. There are some appiications where demands are frequent (for exampie, greater than one per year) and it is more appropriate to consider the application as continuous mode because the probability of dangerous failure will be primarily determined by the failure rate of the SIS. In such cases. Table 4 in IEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod) is the appropriate measure to apply. Continuous mode applications where failure would result in an immediate hazard are rare. Burner or turbine speed control may be continuous mode applications if protection systems are insufficient for all failure modes of the control system. [Pg.30]

The targets for average probability of failure on demand or frequency of dangerous failures per hour apply to the safety instrumented function, not to individual components or subsystems. A component or subsystem (for example, sensor, logic solver, final element) cannot have a SIL assigned to it outside its use in a specific SIF. However, it can have an independent maximum SIL capability claim. [Pg.30]

Where a failure of the common equipment can cause a demand on the SIS, then an analysis should be conducted to ensure the overall hazard rates satisfies the expectations. The overall hazard rate will be the sum of the dangerous failure rate of the common elements and the hazard rate from other sources of demand (including dangerous failure of the independent parts of the SIS). [Pg.36]

Where a single sensor is used for both a BPCS and SIS function, the requirements of 4 G-61511-1 ANSI/ISA-84.00.01-2004 Part 1 flEC 61511-1 Mod) will normally only be satisfied if the sensor diagnostics can reduce the dangerous failure rate sufficiently and the SIS is capable of placing the process in a safe state within the required time. In practice this is difficult to achieve even for SIL 1 applications. For a SIL 2, SIL 3 or SIL 4 safety instrumented function, separate SIS sensors with identical or diverse redundancy will normally be needed to meet the required safety integrity. [Pg.37]

Table 6 of lEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 flEC 61511-1 Modi defines the basic level of fault tolerance for sensors, final elements, and non-PE logic solvers having the required SIL claim limit in the first column. The requirements in Table 6 are based on the requirements in lEC 61508-2 for PE devices with a SFF between 60 and 90 %. The requirements are based on the assumption that the dominant failure mode is to the safe state or that dangerous failures are detected. [Pg.41]

Most of the techniques in Annex A of this standard require some quantification of the diagnostic coverage of the SIS. Diagnostics are tests performed automatically to detect faults in the SIS that may result in safe or dangerous failures. [Pg.48]

The overall SIS architecture may impose additional functional software requirements to the specified safety instrumented functions. A typical example is the 1oo2 selection logic for redundant sensors as well as a specified safe action on detection of a dangerous failure by sensor self-diagnostics. Examples given in Annex B list those requirements originated from the applied architecture. [Pg.53]

The required safety integrity level of the instrumented function shall be derived by taking into account the required risk reduction that is to be provided by that function. For those SILs, the target PFDj,yg on demand and the target frequencies of dangerous failure are hsted in Table 3.8 [ANSI/ISA-84.00.01(2004) Part 3] for each SIF. Several risk analysis methods ranging from qualitative to fully quantitative can be deployed based on the severity and complexity of the scope, as listed in Table 3.9. [Pg.82]

Table 3.8 Safety integrity levels probability of failure on demand, target risk reduction factor and target frequency of dangerous failure to perform the SIF. Table 3.8 Safety integrity levels probability of failure on demand, target risk reduction factor and target frequency of dangerous failure to perform the SIF.
During an annual inspection of a safety instrumented system, 5 of the 112 safety functions had dangerous failures on similar solenoid valves. What number should be assigned to the probability of dangerous failure for this collection of solenoid valves ... [Pg.58]

Some practitioners recognize that certain failures within equipment used in a safety instrumented function prevent the automatic diagnostics from correct operation. When reHabihty models are built, many account for the automatic diagnostics ability to reduce the probabihty of failure. When these diagnostics stop working, the probability of dangerous failure or false trip is increased. While these effects may not be significant, unless they are modeled, the effect is not known. [Pg.86]

The failure rate (X) for a pressure transmitter is 1.2 x 10 f/hr. The safe failure mode split is 50%. What is the dangerous failure rate ... [Pg.88]

ANSI/ISA-84.00.01-2004 (lEC 61511 Mod) requires that equipment used in safety instrumented systems be chosen based on either lEC 61508 certification to the appropriate SIL level or justification based on "prior use" criteria (ANSI/ISA-84.00.01-2004 (lEC 61511Mod), Part 1, Section 11.5.3). However the ANSI/ISA-84.00.01-2004 (lEC 61511 Mod) standard does not give specific details as to what the criteria for "prior use" means. Most agree however that if a user company has many years of documented successful experience (no dangerous failures) with a... [Pg.91]

In continuous mode, the demand is effectively always present. Dangerous conditions always exist and a dangerous failure of the safety instrumented function will immediately result in an incident. There are no safety benefits that can be claimed for manual proof testing or even automatic on-line diagnostics in a single channel system (Tool). By the time the diagnostics detect the fault and initiate action, it is too late. Therefore, in continuous demand mode probability evaluation cannot take credit for any diagnostics except in redundant systems. [Pg.96]

Remember that in continuous demand mode credit can be given for automatic diagnostics or for proof test procedures only for redundant systems. In addition, many of the calculation assumptions made for low demand mode do not apply. The "probability of dangerous failure per hour" must be calculated based on all dangerous failures. [Pg.102]

Safety Integrity Level Probability of dangerous failure per hour (Continuous mode of operation)... [Pg.102]

What SIL level is achieved by this design based on probability of dangerous failure per hour requirements ... [Pg.103]

Solution All dangerous failures will cause an incident because the dangerous condition is always present in the continuous mode. One second is not enough time to bring the process to a safe state. The total dangerous failure rate is 9 x 10 failures per hour. That meets the requirements for SIL1... [Pg.103]

SOLUTION The diagnostics operate rapidly and complete execution sixty times per expected demand period. The diagnostic test time plus the response time is within the process safety time. Therefore dangerous detected failures will be converted into safe failures. The remaining dangerous failure rate is 0.5 x 10 failures per hour. That meets the requirements for SIL2 per Figure 7-4. [Pg.104]

It can be seen that this metric is a ratio of failure rates and not dependent on the total failure rate. The result is always a number between zero and one. A high number is good. It measures the natural tendency of an instrument to fail safety or detect dangerous failures. [Pg.107]

Solution The sensor subsystem consists of one switch. Type A. It has hardware fault tolerance of 0 since one dangerous failure will fail the SIF. The SFF is 40%. According to Figure 7-8. Type A Architecture Requirements lEC 61508, the subsystem qualifies for SIL 1. [Pg.109]

There are a range of failure modes which affect large ranges of valve designs due to shared features. Care must be taken in the analysis of these failure modes. This limits the definition of a particular design as the "best" SIS valve. The dangerous failure modes can be simplified to two basic... [Pg.160]

A number of variations of this design have been done with different levels of instrumentation. The objective of the design is to detect the dangerous failures of the valve assembly. This can be very important especially in S1L3 applications. [Pg.170]

What is the primary dangerous failure mode in a baU valve REFERENCES AND BIBLIOGRAPHY... [Pg.172]

Safe versus dangerous failure rate of components... [Pg.173]

The sensor subsystem will also initiate a trip if either of the pressure transmitters (Gate G12) indicates an overpressure. The individual pressure transmitter failures are represented by Gates G18 and G19. G18 indicates that any dangerous failure of a pressure transmitter, its associated impulse line or the associated input circuit of the safety PLC will cause a gate failure. The PFD can be represented by approximate simplified equations. For Gate G18 ... [Pg.202]

See other pages where Dangerous failures is mentioned: [Pg.2606]    [Pg.2586]    [Pg.30]    [Pg.36]    [Pg.39]    [Pg.39]    [Pg.41]    [Pg.78]    [Pg.13]    [Pg.58]    [Pg.95]    [Pg.108]    [Pg.131]    [Pg.168]    [Pg.168]    [Pg.169]    [Pg.169]    [Pg.188]    [Pg.197]   
See also in sourсe #XX -- [ Pg.105 ]



SEARCH



Dangerous

Dangers

Failure to danger

Hardware redundancy to increase coverage of dangerous failures

© 2024 chempedia.info