Beruflich Dokumente
Kultur Dokumente
Regional Offices
United Kingdom Netherlands New Zealand / Aus US Gulf Coast +44 1926 676 125 +31 318 414 505 +64 3 472 7707 +1 713 382 7170
OEM
System Designer
Engineering Contractor
Automotive Nuclear
End User
SIL + device selection SIL verification Tools
2/20/2014
Webinar Objective
Present ten tips to ensure you get the maximum value from your risk analysis
Common mistakes to avoid
2/20/2014
Analyse Risk Specify Design & Build Test Install Validate Proof Test Manage
Clause 7 & Clause 12.7
Clause 5
Clause 6.2
2/20/2014
Failure Probabilities
Standard Objective
Identify process hazards, estimate their risks and decide if the risk is tolerable
GOAL:
Validate vs Spec
2/20/2014
Risk
Risk Risk
Tolerable?
10
2/20/2014
No way
10
-3/yr
Intolerable Region
10
-4/yr
(workers)
(public)
If its worth it
10-6/yr
We accept it
Copyright exida.com LLC 2001-2014
The difference between per hazard and per site can be up to a factor of 100!
Copyright exida.com LLC 2001-2014
12
2/20/2014
A chemical or physical condition that has the potential for causing damage to people, property, or the environment (e.g., a pressurized tank containing 500 tons of ammonia)
CCPS, Guidelines for CPQRA
Copyright exida.com LLC 2001-2014
13
14
2/20/2014
15
16
2/20/2014
Failure
Intermediate Event
Failure
Intermediate Event
Circumstance
Incident Outcome
Accident
Consequence
Pump Fails
Alarm Fails
Relief Fails
Break the problem into generic events which are more likely to have supporting data Calculate likelihood using probability logic
Copyright exida.com LLC 2001-2014
17
Semi-quantitative or quantitative tool Requires hazard identification input from HAZOP or equivalent
Copyright exida.com LLC 2001-2014
18
2/20/2014
Initiating Event
failure
Undesired but tolerable outcome Undesired but tolerable outcome Consequences exceeding criteria
failure
failure
19
C O N S E Q U E N C E
Safety layer
Process shutdown
Process value
Normal behaviour
L I K E L I H O O D
20
10
2/20/2014
Specific
Independent
must be completely independent from all other protection layers
Dependable
must be capable of acting dependably to prevent the consequence from occurring (systematic and random faults)
Auditable
must be tested and maintained to ensure risk reduction is continually achieved
21
22
11
2/20/2014
Get direct Operator confirmation. (They know best and often are the ones at risk.)
PFD < 0.1 possible with Human Response Analysis (HRA)
Copyright exida.com LLC 2001-2014
23
24
12
2/20/2014
LOPA MUST INCLUDE BOTH the SMALL CONSEQUENCE when the system works AND the LARGE CONSEQUENCE when it fails since BOTH CASES ARE RISKS!
Risk is usually minimized when mitigation RRF equals the ratio of large to small consequence frequency target
Copyright exida.com LLC 2001-2014
25
Time of Occupancy
Be Careful! Total Time Occupancy correlates with both initiating events and other protection layer failures.
(People usually go towards a hazard to try to fix it.)
Copyright exida.com LLC 2001-2014
P=
26
13
2/20/2014
A B A B
Ignoring event correlation can easily cause more than a 10X error in risk estimates!
Copyright exida.com LLC 2001-2014
27
P = 0.1
P = 0.03
P = 0.01
28
14
2/20/2014
SIF?
Relief?
Alarms?
29
Flammable Material
Flammable Material
30
15
2/20/2014
10-3 10-4
D-101 D-102
10-5
V-101
V-102
Manage personnel risk by controlling where the people are: control room, work areas and pathways
Copyright exida.com LLC 2001-2014
31
Increasing Risk
Consequence
Copyright exida.com LLC 2001-2014
32
16
2/20/2014
L i k e l i h o o d
Consequence Reduction, e.g., material reduction, containment dikes, physical protection SIS Risk Reduction
Increasing Risk
SIL 1-3
Consequence
Copyright exida.com LLC 2001-2014
33
Systematic Failures
A failure coming from a direct cause, which can only be eliminated by changing the design, manufacturing process, operational procedures, documentation, or other relevant factors (so statistical methods fail and functional safety management is needed).
34
17
2/20/2014
35
36
18
2/20/2014
37
38
19
2/20/2014
39
Objective
Specify all requirements of SIS needed for detailed engineering and process safety information purposes Functional Requirements
Description of the functions of the SIF How it should work
Integrity Requirements
The risk reduction and reliability requirements How well it should work How quickly it should work
40
20
2/20/2014
Complete
Consistent
All modifications should be evaluated against the SRS, the better the background information provided, the better informed the change impact assessment
Copyright exida.com LLC 2001-2014
41
Hazard Information
Integrity
Hazard Frequencies
System
Procedures
Hazard Consequences
Target SIL
Information & Revision
42
21
2/20/2014
Review
1. 2. 3. 4. 5. Get the Safety Lifecycle Context Right Define Risk and Risk Tolerance Properly Go All the Way from Hazard to Harm Use LOPA Properly Use Independent Protection Layers (IPLs) Properly
43
Review Continued
6. Avoid Independent Event Errors 7. Look at All the Options 8. Manage Risk for Both Kinds of Failure 9. Consider Cost Benefit Analysis 10.Consider the Safety Requirements Specification
44
22
2/20/2014
45
23