Chemical Technology July 2015

First page Previous page 14 Next page Last page

Figure 2: Example of a tank filling situation with no protection

Figure 1: Layers of protection

Table 1 - Acceptable design target frequencies Severity Catastrophic Critical

Table 2 Safety integrity level

Probability of failure on demand

Marginal

Negligible

> 10 -2 up to 10 –1

SIL 1

Financial effect

R100m

R50m

R1m

R100 000

> 10 -3 up to 10 –2

SIL 2

Environmental damage

Permanent

Long term

Medium

Short

Health effect

Fatal

Irreversible

Major

Minor

> 10 -4 up to 10 –3

SIL 3

Safety Target Frequency

> 1 death

1 death / injuries

Disabling injuries

Minor injuries

> 10 -5 up to 10 –4

SIL 4

1 per year

I

I

I

II

1 per 10 years

I

I

II

III

1 per 100 years

I

II

III

III

1 per 1000 years

II

III

III

IV

1 per 10 000 years

III

III

IV

IV

1 per 100 000 years

IV

IV

IV

IV

a probability of no more than 1 in 1 000 chance per year. This provides one with a design target. Evaluating initial protection required Evaluation of the initial protection necessitates one’s knowing the initiating event frequency (IEF). In the example above this could be the number of times it is expected that the operator will overfill the tank, say once a year. Thus to achieve a target frequency (TF) of once in a 1 000 years, the risk reduction required, or the risk reduction factor RRF, is given by

related system satisfactorily performing its safety function under all conditions within a stated period of time, (IEC 61508 Ed 2 Part 4). This includes both hardware reliability and systematic safety integrity, the latter requiring that all forms of human error in specification, design and software engineering are minimised. Hence the quality of the design process as well as the design features and reliability of the hardware are all equally important. A simplification was introduced through the international standard IEC 61508 by classifying safety integrity perfor- mance into four distinct levels, known as Safety Integrity Levels (SIL). These levels are defined by their ranges of achievable average PFDs as shown in Table 2. Thus, in the example above, a PFD of 1 x 10 -3 is > 10 -3 up to 10 -2 and therefore equivalent to a SIL2. This will indicate to the designer that protection with a reliability or integrity of SIL2 must be incorporated in the design to meet the speci- fied safety standard. In most cases the first choice would be to add a safety instrumented system (SIS), which, in the above example of a tank, would be the high t level trip LSH, which closes the actuated valve on the filling line. Such a trip would be specified to the designer as a SIL2. Implementation of protection Protection may take place in many forms, such as operator actions, alarms, controls, trips and interlocks, relief devices,

Initiating event frequency IFF

1

RRF =

= = = 1 000

Target frequency

TF

0,001

This is by how much the initiating event frequency must be reduced to meet the target. Then the probability of failure on demand (PFD) of the protection needed is determined as

1

1

PFD = = = 0,001 = 1 x 10 -3

RRF

1 000

PFD is sometimes referred to as the safety gap in the design and is also a measure of the reliability or safety integrity required from the protection to achieve the safety target. Safety integrity Safety integrity is defined as the probability of a safety

12

Chemical Technology • July 2015

Made with