Theme Author Date Access Document ID                 Title Evaluation & Assessment of Smart Instruments Used in Safety – Practical Experiences   Abstract Smart instruments are commercial off-the-shelf process instruments that contain microprocessors. The use of firmware in these microprocessors presents challenges to the nuclear industry, particularly in safety applications. […] This paper examines the practicalities of smart instrument selection, substantiation, specification and use. It also describe experiences along the way and recommends some future developments. The paper also offers some egalitarian solutions to everyday problems encountered in the inexorable move to smart instrument use.   Author Tom S. Nobes, Mr.   Company Sellafield Ltd. Date Language Fee Document ID 03/25/2009 English Free Access PN090001       Title How to select a Safety PLC   Abstract This paper will present a systematic methodology for selecting a Safety PLC platform. It will describe the evaluation of Safety PLC’s based upon both technical requirements (i.e. safety requirements) and commercial requirements (i.e. availability and Life Cycle Cost analysis).   Author Bud Adler, Mr. Mike Scott, Mr., PE, CSFE   Company Applied Engineering Solutions Date Language Fee Document ID 11/05/2007 English Free Access PN070004       Title What’s the Safety Integrity Level of my existing Burner Management System?   Abstract Many facilities have existing legacy Burner Management Systems that utilize a General Purpose Safety Configured PLC as the logic solver. Most of these systems were installed prior to the development and finalization of ANSI/ISA 84.01, IEC 61511 and / or IEC 61508. This paper will discuss the issues, decisions, and challenges encountered when attempting to apply the concepts of the Safety Lifecycle per ANSI/ISA 84.01, IEC 61508 and / or IEC 61511 to the design of an existing BMS for a single burner natural gas fired installation. In addition, development of a Markov model for a General Purpose Safety Configured PLC, identification of some typical BMS Safety Instrumented Functions (SIF) and subsequent Safety Integrity Levels (SIL) determination will be discussed in detail. When considering SIL 2 level applications, extra validation steps are required to ensure the suitability of the logic solver for that Safety Integrity Level.   Author Bud Adler, Mr. Mike Scott, Mr., PE, CSFE Iwan van Beurden, Mr.   Company Applied Engineering Solutions Date Language Fee Document ID 11/05/2007 English Free Access PN070003       Title Case study : Safety Instrumented Burner Management System (SI-BMS)   Abstract This case study will discuss the application of the Safety Lifecycle as defined by ANSI / ISA 84.00.01-2004 (IEC 61511 mod) to two (2) single burner multiple fuel boilers. Each boiler is capable of firing natural gas, oil and / or waste gas in order to supply the plant header with 1365 psig steam at a maximum capacity of 310,000 lb/hr. The project team included the end client task force at the manufacturing facility, the engineering firm with design / procurement responsibility, the boiler OEM, the Burner / Gas Train OEM, and the safety instrumented system consultant. This paper will include the following: Development of the concept of a SIS Front End Loading package Project cost savings realized attributed to following the Safety Lifecycle Challenges encountered during the design process associated with implementation of the Safety Lifecycle with the diverse project team   Author Bud Adler, Mr. Mike Scott, Mr., PE, CSFE   Company Applied Engineering Solutions Date Language Fee Document ID 11/05/2007 English Free Access PN070002       Title Designing a Burner Management System to comply with NFPA 85 & ANSI/ISA 84   Abstract This paper will explore and contrast the system implementation requirements for a Burner Management System mandated by NFPA 85 – The Boiler and Combustion System Hazards Code 2001 Edition - and those mandated by ANSI/ISA 84.00.01-2004. Perceived complexities have prevented some users from trying to apply both standards simultaneously to a BMS application. Even though there are a few fundamental differences between the two documents, most of the requirements mandated by ANSI/ISA 84.00.01-2004 are also invoked in NFPA 85. This paper will explore the similarities and the differences and describe the benefits of overlaying the performance-based requirements of S84 in combination with the prescriptive requirements contained in NFPA 85. It will be shown that combining the performance mandates of ANSI/ISA 84 with the prescriptive requirements of NFPA 85 will reduce risk of ownership while maximizing Return On Investment (ROI) for BMS installations.   Author Bud Adler, Mr. Mike Scott, Mr., PE, CSFE   Company Applied Engineering Solutions Date Language Fee Document ID 11/05/2007 English Free Access PN070001       Title Partial Stroking on fast acting applications   Abstract Partial stroking is a widely used method to avoid sticking of a ball valve when it is not operated for some time. It is also used to reduce the actuator size and thus the total cost of the valve and actuator. Partial stroking should not be confused with Partial Stroke Testing or even Partial Stroke Monitoring. This article presents the various aspects and conditions for partial stroking on fast acting applications. Presented at the TÜV Rheinland Group's symposium June 9h, 2005 Cleveland, Ohio, USA   Author Willem-Jan Nuis, Mr. Rens Wolters, Mr.   Company Mokveld Valves Date Language Fee Document ID 10/01/2005 English Free Access PN050010       Title L’affidabilità dei sistemi di sicurezza: un modello markoviano   Abstract Le funzioni di sicurezza nei diversi settori industriali sono ormai quasi esclusivamente delegate a dispositivi elettrici od elettronici. Anche i controllori a logica programmabile, che inizialmente venivano utilizzati per funzioni operative, trovano sempre maggiore applicazione ai fini della sicurezza degli impianti. L’interesse verso lo studio dell’affidabilità dei sistemi di sicurezza (SIS, Safety Instrumented Systems) ha avuto come risultato la pubblicazione di norme internazionali (serie IEC 61508 e IEC 61511) ed europee (serie CEI EN 61508 pubblicati nel 2002). Tra gli obiettivi di tali norme c’è anche la definizione di metodologie per l’analisi di rischio dei sistemi con componenti E/E/PE (elettrici / elettronici / elettronici a logica programmabile) e la definizione di specifici requisiti necessari per il raggiungimento della sicurezza funzionale (SIL, Safety Integrity Level). Ciascuno dei metodi che vengono suggeriti può essere applicato per l’analisi di alcuni aspetti del comportamento di un sistema di sicurezza e pertanto l’applicazione contemporanea di tali metodi può portare a risultati diversi. [...] Un’analisi qualitativa dettagliata associata ad una quantificazione dei parametri affidabilistici, eseguita attraverso la teoria di Markov e gli alberi di guasto (FTA), ha consentito la definizione di un modello per la valutazione dell’affidabilità dei sistemi di sicurezza, nel rispetto dei requisiti delle norme. [...] Pubblicato sugli Atti del XXXI CONVEGNO NAZIONALE ANIMP OICE UAMI Monastier di Treviso (TV), 14-15 Ottobre 2004   Author Lucio Compagno, Sig., Prof. Ing. Diego D’Urso, Sig., Ing. Natalia. Trapani, Sigra., Ing.   Company Università degli Studi di Catania Dipartimento di Ingegneria Industriale e Meccanica Date Language Fee Document ID 09/30/2005 Italian Free Access PN050009       Title Effect of maintenance management system on the Safety Integrity Level in a petrochemical plant   Abstract The safety functions in industrial plants are more often delegated to electrical, electronic or programmable electronic (E/E/PEs) Safety Instrumented Systems (SIS). The international standard IEC61508 proposes guidelines which can be used in order to define the requirements for achieving a specified Safety Integrity Level (SIL) and in order to evaluate the actual availability of a SIS. Many factors can influence the value of SIL (system configuration, diagnostics, testing and restoration time) and the standard proposes simplified formulas for the evaluation of Probability of Failure on Demand (PFD) for different architectures but in some cases more detailed analyses are required. This situation is due to elements which in a simplified analysis cannot be evaluated, such as operability and maintenance requirements. In order to evaluate the impact of each parameter on PFD, a sensitivity analysis was executed. If a more accurate analysis is required, Monte Carlo simulation used together with Markov Analysis can help analysts to evaluate the SIL of complex Safety Instrumented Systems and to identify the best solution in order to comply with the system safety requirements. Published on Proceedings of 1st International Conference on Maintenance Management April 14th -15th, 2005 Venice, Italy   Author Lucio Compagno, Sig., Prof. Ing Diego D’Urso, Sig., Ing. Natalia. Trapani, Sigra., Ing.   Company Università degli Studi di Catania Dipartimento di Ingegneria Industriale e Meccanica Date Language Fee Document ID 09/30/2005 English Free Access PN050008       Title A practical approach for the selection of Programmable Electronic Systems used for safety functions in the process industry   Abstract Recently published international standards, such as ISA-SP841 of the Instrument Society of America, and the IEC 61508 draft of the International Electrotechnical Commission2 establish performance-based criteria for the design, installation, operation, and decommissioning of Programmable Electronic Systems (PES) used for safety related functions. These criteria address specifications for the necessary function of these systems, and requirements about their appropriate Safety Integrity Levels, as well as issues of hardware, and software design, testing, management, maintenance and documentation. The present paper demonstrates, through specific examples, an approach for the evaluation of the Safety Integrity Level (SIL) of Programmable Electronic Systems performing specific safety functions in accordance with the aforementioned standards. This approach addresses the definition of PES architectures in terms of the interaction of PES components, their failure modes and associated failure rates. Also, it addresses the impact of the imbedded software quality, the significance of the coverage factor of diagnostic systems of fault tolerant PES, and the significance of common cause failures. The use of appropriate tools for the evaluation of SIL, such as reliability block diagrams, fault trees, and Markov models is discussed and demonstrated. 9th International Symposium on Loss Prevention and safety Promotion in the Process Industries. Barcelona, Spain, May 1998   Author Michel Houtermans, Mr., Dr. D.M. Karydas, Mr.   Company Risknowlogy Factory Mutual Date Language Fee Document ID 09/30/2005 English Free Access PN050007       Title Introduction to diagnostic systems of Programmable Electronic Safety Systems   Abstract This paper will focus on Programmable Electronic Safety Systems (PES’) and their diagnostic systems. A PES is defined as a system for control, protection or monitoring based on one or more programmable electronic devices, including elements of the system such as power supplies, sensors and other input devices, data highways and other communication paths, and actuators and other output devices. The diagnostic systems of PES’ comprise hardware and software elements that identify and reveal on-line PES covert failures, when they occur. Thus, immediate repair of the PES safety system is performed before an upset condition of the safeguarded process occurs. A measure of the effectiveness of diagnostic systems is the so called "coverage factor". This expresses the fraction of the total number of possible covert failures of the safeguarding PES that will be revealed by the diagnostics. Our examination will cover the basic elements of PES’ and address practical questions, such as the nature of diagnostic systems, how diagnostics are realized and examples for the different PES components, what level of diagnostic efficiency can be achieved by different approaches and systems, and methods of evaluation of the diagnostic coverage factor.   Author Michel Houtermans, Mr., Dr. D.M. Karydas, Mr. A.C. Brombacher, Mr.   Company Risknowlogy Factory Mutual Eindhoven University of Technology Date Language Fee Document ID 09/30/2005 English Free Access PN050006       Title The Influence of design parameters on the Probability of Failure on demand (PFD) performance of Safety Instrumented Systems (SIS)   Abstract The purpose of this paper is to show the influence of design parameters on the performance of safety systems. The performance is measured in terms of the Probability of Failure on Demand (PFD). This attribute is important in the safety world as its values represent a measurement for the safety introduced. The required PFD is expressed in national and international standards as the safety integrity level [1,2]. These safety integrity levels (SIL) represent discrete levels of reliability depending on the severity of the process or the equipment under control (EUC).   Author Michel Houtermans, Mr., Dr. J.L. Rouvroye, Mr.   Company Risknowlogy Eindhoven University of Technology Date Language Fee Document ID 09/01/2005 English Free Access PN050005       Title The Influence of design parameters on the Probability of Fail-Safe (PFS) performance of Safety Instrumented Systems (SIS)   Abstract The purpose of this paper is to show the influence of design parameters on the performance of safety systems. The performance is measured in terms of the Probability of Fail-Safe (PFS) or spurious trip. The attribute is important in the safety world as its value represent a measurement for the financial loss caused by the safety system because of spurious trips. For the PFS a similar measure as the SIL level for PFD failures does not exist at the moment.   Author Michel Houtermans, Mr., Dr. J.L. Rouvroye, Mr.   Company Risknowlogy Eindhoven University of Technology Date Language Fee Document ID 09/01/2005 English Free Access PN050004       Title The Effect of Diagnostic and Periodic Testing on the Reliability of Safety Systems   Abstract The purpose of this paper is to show the effect online diagnostic and periodic proof testing have on the performance of the safety function in terms of the PFD. For three different architectures the influence of the diagnostic coverage, the proof test coverage, and the proof test interval on the PFD are determined. A performance indicator is used to express this influence and show the effect.   Author Michel Houtermans, Mr., Dr. W. Velten-Philipp, Mr., Dipl.-Ing   Company Risknowlogy TÜV Industrie Service GmbH, Automation, Software, Information Teschnology (ASI) Date Language Fee Document ID 09/01/2005 English Free Access PN050003       Title Safety Considerations   Abstract A considerable amount of data is required in order to be able to assess safety systems properly. One of the most important criteria is consideration of the distribution of failures over a system’s life cycle. In considering such failures, a basic distinction is made between safe and dangerous failures. […] In the event of dangerous detectable failures, however, the safety system, provided it is appropriately designed, can bring the entire system or plant into a safe state. It is undetectable, dangerous failures that constitute a critical state. No safety system is able to detect such failures when they occur. They may be present in the system until it switches off or, in the worst-case scenario, until it fails dangerously without the user being aware of it. […]   Author Josef Börcsök (Boercsoek), Mr., Dr.-Ing. habil.   Company HIMA Date Language Fee Document ID 06/01/2005 English Free Access PN050002       Title Safety Critical Software   Abstract This paper discusses the methodical analysis of hardware architectures used in safety-related applications. It provides an excursus on a safe computer system’s software technology and specifies the overview in greater details. This integrates the last sections presenting the required test procedures. The excursus cannot, however, be complete because studies and methods have increased rapidly, particularly with respect to object oriented software system’s design and programming design.   Author Josef Börcsök (Boercsoek), Mr., Dr.-Ing. habil.   Company HIMA Date Language Fee Document ID 06/01/2005 English Free Access PN050001       Title Better Alarm Handling A practical application of human factors   Abstract This paper is based on a presentation given at the IBC Alarms Conference, June 2000. Its purpose is to provide practical information for designers and users of alarm systems. This paper provides practical examples and advice and sets alarm handling problems in a safety management system (SMS) context. Appendix 1 gives a summary of the ‘Texaco’ incident and Appendix 2 reports on a case study. This article was originally published in the Measure & Control Journal, Vol. 35, March 2002 The Institute of Measurement and Control, UK   Author John Wilkinson, Mr., HM Specialist Inspector Debbie Lucas, Ms. Dr., Principal Psychologist Human Factors Team Health and Safety Executive Hazardous Installations Directorate   Company Health and Safety Executive The Institute of Measurement and Control Date Language Fee Document ID 08/31/2004 English Free Access PN040003       Title Considerations in designing HIPPS   Abstract HIPPS is an abbreviation for High Integrity (Pressure) Protection System, which is a specific application of a Safety Instrumented System (SIS) designed in accordance with IEC 61508. The function of a HIPPS is to protect the downstream equipment against over-pressure by closing the source. Usually this is done by timely closing one or more dedicated safety shut-off valves to prevent further pressurisation of the piping downstream of those valves.   Author Willem-Jan Nuis, Mr. Rens Wolters, Mr.   Company Mokveld Valves Date Language Fee Document ID 07/01/2004 English Free Access PN040002       Title Failure rates – Analysis and calculations as per IEC 61511   Abstract With the adoption of IEC 61511 Functional Safety – Safety Instrumented Systems for the Process Industry Sector by many companies, the question of which standard to follow in designing Safety Instrument Systems (SIS) has been answered. However, a more challenging question is where to find quality failure rate data, and how to use it to comply with the intent of IEC 61511. ACM Facility Safety reviewed OREDA failure rate data and applied the IEC 61511 standard to this data source to calculate the value of the failure rate. Specifically, the issue of how to determine the failure rate such that it demonstrates the mean time to failure on a statistical basis to a single sided lower confidence limit of at least 70%, which is specified in IEC Standard 61511–1, Section 11.9.2–C., was addressed. The selection of failures rate from data sources in order to use it in PFD calculations is not as simple as one might think. The user needs to understand the assumptions made in the IEC standard and in data sources like OREDA in terms of accuracy, uncertainty, modeling, and values. Correctly applying the IEC standards means that instrumentation (valves, transmitters, logic solvers, etc.) is optimized and results in significant lifecycle savings. A mathematical solution is offered to help select accurate and reasonable failure rate data, not too conservative and yet compliant with the IEC standard. This is a great starting point for system designers. Conclusions – Using the recommended calculation, based on λMTTF, the PFD for a SIL loop is approximately 20% higher than using the λ mean. Care should be practiced when using failure rate data sources, especially for those looking to meet IEC 61511 requirements. The recommended calculation provides designers a value for the failure rate that complies with the IEC requirements.   Author Mohammed Al–Sayed, Mr. Ken Bingham, Mr.   Company ACM Facility Safety a division of ACM Automation Date Language Fee Document ID 02/27/2004 English Free Access PN040001       Title How Often Do I Need to Test My SIS Logic Solver?   Abstract There are very clear testing requirements for safety instrumented systems (SIS) outlined in ANSI/S84.01, dTR84.03, IEC-61511 and IEC-61508. What is not clearly explained however, are the methodologies for optimum testing of each device in the safety instrumented function (SIF). Most safety practitioners are familiar with vendor or TUV technical reports, which among other things indicate time restrictions for certification after a fault in a logic solver is diagnosed. Some reports indicate indefinite operation and no time restrictions after a single fault. This would suggest that the logic solvers are being designed to be so available and reliable, we may take advantage of their attributes, especially in testing methods. This paper will discuss how the new logic solvers and their I/O may be scheduled for testing at a much lower interval than the other SIF devices. There are other factors that dictate testing intervals such as target safety integrity level (SIL), mean time to repair (MTTR), and the ability to test the logic solver and its associated I/O on-line, and these will be discussed.   Author Robert S. Adamski, Mr., Director   Company Premier Consulting Services Date Language Fee Document ID 05/12/2003 English Free Access PN020001       Title Easily Assess Complex Safety Loops   Abstract Many safety instrumented systems rely on dissimilar redundant field devices, and this can complicate required analyses. The discussed equations will enable field personnel to handle such situations readily.   Author Lawrence V. Beckman, Mr., Dr.   Company Safeplex Systems, Inc. Date Language Fee Document ID 03/21/2003 English Free Access PN030001       Title Confined spaces: the devil’s snare   Abstract On March 3, 1984, two workers entered a 66-inch diameter sewer line that was under construction. Their mission: to refuel a gasoline-engine-powered pump [ ]. The pump was about a half mile from where the workers had entered. One of the workers died from carbon monoxide poisoning; the co-worker escaped. But a state inspector who entered from another point along the sewer line died in a rescue attempt.   Author Verne R. Brown, Mr.   Company Enmet Corporation Date Language Fee Document ID 01/05/2000 English Free Access PN000001 Visit Members’ Domains   FAQLegalContact UsSite MapHelp