Beruflich Dokumente
Kultur Dokumente
Honeywell Field Instruments are ready for the new safety standards for the process industries
Background
In 1996, the Instrument Society of America published standard ANSI/ISA S84.011996 Application of safety instrumented systems for the process industries. This standard was accepted by the American National Standards Institute (ANSI) in March of 1997, and thus became enforceable under OSHAs process safety management (PSM) and the EPAs risk management program (RMP). During 1998 through 2000, the International Electrotechnical Commission (IEC) published the IEC 61508 and IEC 61511 standards. The IEC 61508 standard, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems, is for suppliers of microprocessor-based instrumentation to the process, medical, and avionics industries. The IEC 61511 standard, Functional Safety: Safety Instrumented Systems for the Process Industry Sector, is for end users and engineering firms detailing the requirements for design and implementation of safety instrumented systems (SIS) for the process industries. IEC and ISA are working together to standardize on IEC 61511 as the global SIS standard, which would make IEC 61508 the global standard for manufacturers.
so RRF = 1/PFD. IEC 61508 defines SIL levels 1 through 4, with SIL level 1 representing the lowest acceptable risk level, and SIL level 4 representing the highest acceptable risk level.
Safety Integrity Level 4 3 2 1 Availability Required >99.99% 99.9099.99% 99.00 99.90% 90.00 99.00% Probability to Fail on Demand E-005 to E-004 E-004 to E-003 E-003 to E-002 E-002 to E-001 1/PFD (RRF) 100,000 to 10,000 10,000 to 1,000 1,000 to 100 100 to 10
Diagnostic Coverage: The fraction of the failure rate detected by the operation of internal diagnostic tests. This fraction is expressed as the ratio of the failure rates that are associated with the detected failures to the total failure rate in any mode. For this device, it is assumed that options are set so that detected failures cause the unit to go to under-range. Fail Dangerous Detected: Failure that is potentially dangerous but that is detected by internal diagnostics and converted to the selected fail-safe state. Fail Dangerous Undetected: Failure that is dangerous and that is not being diagnosed by internal diagnostics. Fail Dangerous: Failure that deviates the measured input state or the actual output by more than 2% of span and that leaves the output within active scale. Fail High: Failure that will result in an output current that is higher than 20 mA. Fail Low: Failure that will result in an output current that is lower than 4 mA. Fail Safe Detected: Failure that leads to a safe state and that is detected by internal diagnostics. Fail Safe Undetected: Failure that leads to a safe state and that is not detected by internal diagnostics. Fail Safe: Failure that results in the presentation of the selected fail-safe input or output condition independent of the actual input state. Safe Failure Fraction: The fraction of the overall failure rate of a device that results in either a safe fault or a diagnosed unsafe fault.
For example, the end user can define a process as a SIL 1 SIS, accepting the risk that the SIS will be available 90% of the time (for a 10% chance of failure). For instance, a low water level on a storage tank will normally (90% of the time) be expected to trip a sensor, which in turn will control a valve to refill the tank. 10% of the time, the SIS is expected to fail, and the tank will not be refilled.
The failure rates, safe failure fraction and PFDavg calculation for the ST 3000 pressure transmitter with DE Protocol operating in a clean service are as follows*: H L DU SFF PFDavg = = = = = 47.88 * 10-9 failures per hour 292.60 * 10-9 failures per hour 139.74 * 10-9 failures per hour 70.90% 6.14E-4 for a one year time interval.
Based on a 35% PFDavg budget for the sensor subsystem, both transmitters would meet the PFDavg requirements of SIL2 in a single configuration. Both transmitters would meet the architectural constraint requirements in IEC61508 at a level of SIL1 for a single configuration.
Summary
As the process industry moves toward adopting the newer safety standards, Honeywell Field Instruments are poised to meet the challenge. The FMEDA certificate, available for the ST 3000 pressure transmitters and the HART temperature transmitter (STT25H), are only a part of what Honeywell has to offer. Honeywells TPS system is the industry leader in building plant safety, with the Fail Safe Control (FSC) safety system. In addition, the FSC SafeCalc is a software tool that was specially developed by Honeywell Safety Management System to perform SIL validation
calculations in accordance with the international IEC 61508 standard. It helps users carry out a quantitative analysis of the reliability (safety integrity) of the designed safety-instrumented functions. It can carry out complicated reliability calculations fast and accurately. Further information about the TPS system can be found at http://www.acs.honeywell.com/ichome/
ST 3000 and FSC are registered trademarks of Honeywell International Inc. *HART is a trademark of the HART Communications Foundation.
U.S.A.: Honeywell Industrial Measurement and Control, 16404 North Black Canyon Hwy., Phoenix, AZ 85053 Canada: The Honeywell Centre, 155 Gordon Baker Rd., North York, Ontario M2H 3N7 Latin America: Honeywell Inc., 480 Sawgrass Corporate Parkway, Suite 200, Sunrise, Florida 33325 Japan: Honeywell K.K. 14-6 Shibaura 1-chome, Minato-ku, Tokyo, Japan 105-0023 Asia: Honeywell Pte. Ltd., Honeywell Building, 17 Changi Business Park Central 1, Singapore 486073 Pacific Division: Honeywell Pty Ltd., 5 Thomas Holt Drive, North Ryde NSW Australia 2113 Europe and Africa: Honeywell S.A., Avenue du Bourget 3, 1140 Brussels, Belgium Eastern Europe: Honeywell Praha,s.r.o. Budejovicka 1, 140 21 Prague 4, Czech Republic Middle East: Honeywell Middle East Ltd., Technology Park, Cert Complex, Block Q, Murror Rd., Abu Dhabi, U.A.E.