1 / 29

TÜV SIL2 approved IEC 61508 /ISA S84.01

600T Safety Pressure Transmitters. TÜV SIL2 approved IEC 61508 /ISA S84.01. Summary:. Safety - Applicable Std & Rules. 600T Safety Transmitters - General concepts. Saturation & Alarms levels. Key points for determining the “Safety Integrity Level”. OSHA 1910. TÜV. ANSI ISA S84

Jimmy
Download Presentation

TÜV SIL2 approved IEC 61508 /ISA S84.01

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 600T Safety Pressure Transmitters TÜV SIL2 approved IEC 61508 /ISA S84.01

  2. Summary: Safety - Applicable Std & Rules 600T Safety Transmitters - General concepts Saturation & Alarms levels Key points for determining the “Safety Integrity Level”

  3. OSHA 1910 TÜV ANSI ISA S84 IEC61511 HAZOP PHA Safety Life Cycle IEC61508 SIS SIL Applicable Std & Rules

  4. NFPA 8501 DIN VDE 0116 IEC 61511 EN 298 NFPA 8502 Application standards HSE PES ISO 10418 EN 54-2 API RP14C ISA S84.01 IEC 61508 DIN V VDE 0801 Functional Safety DIN V 19250 EN 50081-2 EN 61131-2 Basic safety/low voltage/Ex prot./EMC EN 50082-2 Basic Quality requirements ISO 9000

  5. IEC 61508 Applicable for all industries ISA S84.01 Process Industry IEC 61511 Process Industry IEC 61513 Nuclear Industry IEC 1131 Programming Languages for PLC This specification plays and important role on programmable system for safety applications IEC 615YY Transportation IEC 615ZZ Other industries

  6. Safety - Base Concept Safety integrity can be expressed by: “Ability by system for carrying the safety operation in satisfactory way on demand” The evaluation of the performances of the system should be done according to the international stds (SIL in IEC) and national rules (AK in DIN). The certification can only be performed by authorized institute like TÜV.

  7. Safety - Base Concept Safety integrity Level (SIL)- “ Safety Probability achievable through the loop (system) on safety demand.”” A safety loop or system includes all hardware , software and all the necessary components for achieving the needed safety functions.

  8. Safety - Base concept Safety Loop 35% 15% 50% Transducer & transmitter Actuator , valve Safety System

  9. Safety Integrity Levels (SIL) Protection of environment & comunity Human protection Protection of ownership and manufacturing Protection of plants “SIL 4”“SIL 3” “SIL 2” “SIL 1” Nuclear PFD: E-005 to< E-004 RRF: 100,000 to 10,000 yrs.PFD: E-004 to< E-003 RRF: 10,000 to 1,000 yrs.PFD: E-003 to < E-002 RRF: 1,000 to 100 yrs. PFD: E-002 to < E-001RRF: 100 to 10 yrs. PFD = Probability of Failure on Demand RRF = Risk Reduction Factor (1/PFD)

  10. Safety Integrity Levels, Target Failure Measures Cont/High Demand Low Demand Mode of Operation Safety Mode of Operation Integrity Level Probability of failure to perform its Probability of a dangerous failure design function on demand per year -5 -4 -5 -4 >=10 to <10 >=10 to <10 SIL 4 -4 -3 -4 -3 >=10 to <10 >=10 to <10 SIL 3 -3 -2 -3 -2 >=10 to <10 >=10 to <10 SIL 2 -2 -1 -2 -1 >=10 to <10 >=10 to <10 SIL 1 35 % 15 % 50% E/ E/ PE Sensor-Transmitter Safety Controller Actuator

  11. Safety Lifecycle - “ Sequence of the activities involved for implementing the safety system from the engineering design until the commissioning”

  12. Overall Planning 6 7 8 Overall Operation & Maintenance Planning Overall Validation Planning 1 Concept Safety analysis: -Identify the safety functions Determine the minimum safety integrity to which the safety fuction should be carried out . Overall Scope Definition 2 Hazard & Risk Analysis 3 Overall Safety Requirements 4 Safety Requirements Allocation 5 Safety-related systems: E/E/PES Safety-related systems: Other Technology External Risk Reduction Facilities 9 10 11 Overall Installation & Commissioning Planning Realization Realization Realization Overall Installation & Commissioning 12 Back to appropriate Overall Safety Lifecycle phase Overall Safety Validation 13 Overall Operation & Maintenance Overall Modification & Retrofit 14 15 Decommissioning 16

  13. 9.1 E/E/PES Safety Requirements Specification 9.1 9.1.1 9.1.2 Safety Functions Requirements Specification Safety Integrity Requirements Specification 9.1 9.2 E/E/PES Validation Planning 9.3 E/E/PES Design & Development 9.4 E/E/PES Integration 9.5 E/E/PES Operation & Maintenance Procedures To Box 14 9.6 E/E/PES Safety Validation To Box 12 Block 9:

  14. * NA = No SIS required * Numbers in boxes are SIL levels for SIS Example for determining the Safety Integrity Level, (ISA S84.01) SIL 1 SIL 1 SIL 1 NA NA SI 1 Level of effect against dangerous event SIL 2 SIL 2 SIL 2 NA NA NA High SIL 1 SIL 1 SIL 2 High SIL 3 SIL 3 SIL 3 NA SIL 1 NA Medium SIL 2 SIL 2 SIL 3 Medium Efficiency of other means towards a risk reduction SIL 1 SIL 1 SIL 2 Low Low Low Medium High Probability of dangerous event

  15. Comparison between classifications 0.00001 AK8 8 99.99999 AK7 7 99.9999 0.0001 4 AK6 6 99.999 0.001 3 3 AK5 5 AK4 4 99.99 0.01 2 2 AK3 3 AK2 2 99.90 0.1 1 1 AK1 1 Availability Percentage P.F.D. (Probability of Failure on Demand) ANSI/ISA S84.01 IEC 61508 Class TÜV (AK) Din V 19250 SIL

  16. Safety - Philosophy • It require analysis of risks and consequent evaluation of integrity according to the SIL (Safety Integrity Levels) • “Think ” safety during all the life cycle of your plant • “Think ” safety not only for the safety controller but for all the safety loop : • Sensor/Transmitter • Actuator

  17. Safety Transmitter The 600T Safety Transmitter has been designed according to IEC 61508. “Functional safety of electrical/electronic/ programmable electronic safety-related systems” per Safety Integrity Level 2 (SIL2)

  18. Safety Transmitter SIL2 means that the transmitter should detect every internal hardware failure giving an external alarm and programming the analogue output level at a predetermined value. The 600T Safety is intrinsically redundant either for hardware that for software . This has been achieved with a supplementary stage and through an improvement of the internal diagnostic software .

  19. Saturation Levels • If input signal 105%  High Saturation = 20.8 mA • If input signal -1.25% Low Saturation = 3.8 mA Alarm Levels • UP Scale = 22 mA • Down Scale = 3.7 mA Saturation Limits and UP/DOWN scale (alarms) according to NE43 (NAMUR).

  20. Normal Operation 3.7 3.8 20.8 22 Analogue output saturated Malfuntioning Saturation Limits and UP/DOWN (alarm) scale

  21. Even if the SIL2 approval is valid only for the analog output being the Hart Communication Protocol not certifiable, the 600T Safety Pressure Transmitters perform the Hart communication and keeps all the Hart features with improved diagnostic information. The SIL2 approval is valid only for the analog output.

  22. Principle of operation 600T Safety Transmitters take advantage of the intrinsic redundancy of the highly reliable 600T series differential inductive sensor which provides two independent signals proportional to input pressure The two inductive signals are separately detected by two independent ASICs and separately elaborated internally the electronics. Calculations follow independent flows and they are compared in the microcontroller in order to validate the output pressure signal.

  23. Principle of operation Internal diagnostic algorithms are implemented to check correctness and validity of all processing variables and the correct working of memories. A supplementary shut down circuitry provides a safe shut down when a fault occurs in the analog section of the electronics.

  24. Principle of operation The output stage is also checked by reading back the analog output signal. The feedback loop is obtained by an additional A/D converter put at the end of the output stage, which translates the 4-20 signal into a digital form suitable to be compared by the microcontroller.

  25. Summary of Key Points for Safety Integrity Excitation and reading integrity Sensor integrity CPU integrity

  26. Summary of Key Points for Safety Integrity Analog Output stage integrity CPU working - software sequences Clock integrity Power Supply monitoring

  27. Hardware and software redundancy TÜV SIL2 Approved IEC 61508 - ISA S84.01 Dual element Sensor Microprocessor A/D Power supply & analog output COMPARATOR CLOCK 1 CLOCK 2 WATCHDOG PRESSURE DETECTION ELEMENT 1 LINEARIZATION & COMPENSATION VOTING HART VALIDATION D / A FAIL SAFE ENABLE 420 mA OUTPUT 1 420 mA SAFE OUTPUT 420 mA COMPARATOR Temperature sensor VERIFYSUPPLY PRESSURE DETECTION ELEMENT 2 LINEARIZATION & COMPENSATION OUTPUT 2 VERIFY OUTPUT A / D Base schematic Redundancy Diagnostic Previous Redundancy Diagnostic Benefits

  28. 600T Inductive Sensor Feedthrough Measuring diaphragm Ferrite Plate Coil Ferrite Pot-Core

  29. End of slide show.

More Related