E-Book, Englisch, 360 Seiten
Thomson High Integrity Systems and Safety Management in Hazardous Industries
1. Auflage 2015
ISBN: 978-0-12-802034-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 360 Seiten
ISBN: 978-0-12-802034-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
This book is about the engineering management of hazardous industries, such as oil and gas production, hydrocarbon refining, nuclear power and the manufacture of chemicals and pharmaceuticals. Its scope includes an overview of design standards and processes for high integrity systems,safety management processes as applied to hazardous industries and details best practices in design, operations, maintenance and regulation. Selected case studies are used to show how the complex multidisciplinary enterprises to design and operate hazardous plant can sometimes fail. This includes the subtlety and fragility of the robust safety culture that is required. It is aimed at professional engineers who design, build and operate these hazardous plants. This book is also written for business schools and university engineering departments where engineering management is studied. - An overview of design standards and processes for high integrity systems - An overview of safety management processes as applied to hazardous industries - Best practices in design, operations, maintenance and regulation
JR (Jim) Thomson, BSc(Eng), PhD, CEng, FIET, FIMechE, FNucI is an independent consultant, www.safetyinengineering.com, specializing in high integrity systems and safety management. He has worked in plant operations management, engineering management and safety management, and has previously held executive director posts in two international safety consultancies. He has been chair of two international conferences on high-integrity safety systems, and was awarded the Nuclear Institute's Pinkerton Prize 2013
Autoren/Hrsg.
Weitere Infos & Material
Chapter 2 The Design of High-integrity Instrumentation and Control (I&C) Systems for Hazardous Plant Control and Protection
Abstract
Modern digital control and protection equipment is radically different from older analog equipment. The use of software in safety systems poses different management challenges because software is not readily amenable to inspection, and because all input signals in each channel of a control system go through a single microprocessor. These differences place emphasis on the importance of the correct specification of safety functional requirements, the traceability of those functional requirements from specification through to testing, change control, and quality assurance in the production of high-integrity microprocessor-based systems. For very high-integrity systems, the causes of, and defences against, common-mode failure also need to be considered carefully, which leads to consideration of “architectural” (or high-level system design) aspects of I&C systems. Consideration is also given to alternatives to microprocessors in high-integrity logic solver applications, and the quality management of software suppliers. Keywords
high integrity I&C front end engineering design (FEED) project safety lifecycle design intent software quality management functional specifications reliability requirements traceability common mode failure (CMF) I&C architecture logic elements change control safety integrity levels (SIL) failure modes and effects analysis (FMEA) verification validation aging failure modes cyber-security smart sensors commercial off-the-shelf (COTS) statistical testing beta factors single failure criterion microprocessors FPGAs The design of high-integrity I&C systems for hazardous plant is an area that has seen truly enormous changes in the last 30 years or so with the widespread introduction of digital (computer-based) systems. Before the 1980s or 1990s, all plant control systems and control rooms used analog sensors, analog logic based on discrete electronic components, and simple control systems, with alarm annunciator panels consisting of rows of lamps lit by incandescent bulbs. By comparison, modern computer-based plant control systems now have intelligent (“smart”) sensors sending digital signals to distributed control computers which connect back to an all-digital control room consisting of a few flat screen displays, where plant mimic diagrams are shown, alarms are displayed, and the operator can make plant changes using touch screens. These changes are now irrevocable, since the supply chain for I&C systems and components has moved with the times, and few manufacturers now supply older analog control system equipment. This revolution in plant control has been led largely by the aviation industry, which was ahead of process plant in the adoption of digital control systems. For that reason, the design of digital plant control systems for hazardous process plant can learn a great deal from the experiences, incidents and accidents in the aviation sector as it changed to digital systems, as we shall see. Particular attention must be given to the design of digital equipment where the early conceptual design (or front end engineering design, FEED) has identified the need for high reliability (or “high-integrity” systems) to protect against major hazards. This chapter provides an overview of the design considerations for high-integrity I&C systems including the following aspects. • The safety lifecycle for I&C equipment • Reliability requirements for high-integrity systems • Software quality management • Functional specifications and traceability • Setting up a high-integrity software project • Common-mode failure • I&C architecture • The selection of logic elements and vendors • The quality management of software suppliers. The Safety Lifecycle for the Development of I&C Systems
The “safety development lifecycle” concept is enshrined in an international standard called IEC 61508 [1]. This is intended as a “standard of standards”, for use across all process industries, the energy sector, and rail, automobile and aviation. Other standards have then been written which put the IEC 61508 requirements into an industry-specific framework. These include IEC 61511 (process industries), IEC 61513 (nuclear industries), and Do-178 (aircraft), although their scopes may vary. IEC 61508 “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems” is a very large and detailed standard. IEC 61508 aims to ensure that, in any project involving I&C systems for protection against hazards (i.e., accidents), the functional and safety requirements are correctly identified at the outset, and then implemented properly in the final realization of the design. • Functional requirements mean both the logical requirements of what the I&C system must do (such as “only permit drive X to operate if conditions Y and Z are satisfied”), and any other physical requirements such as screen formats, voltages, etc. • Safety requirements mean the reliability requirements of safety-related functions, e.g., “the rate of failure of a given function must be better than 10-2 per annum.” Systems response time and processor loadings are also safety requirements. IEC 61508 tries to achieve this by: • mandating a project safety lifecycle to ensure that safety issues are properly identified before design begins, and are then tested properly after manufacture, coding and system integration, • recommending methodologies for determining the required reliabilities, (i.e., the safety integrity levels or SILs) for the safety functions in the E/E/PES, • recommending techniques to ensure that the required software SIL levels are achieved, and • recommending techniques for assessing hardware reliabilities. The project safety lifecycle for the design, operation and eventual decommissioning of a hazardous plant is summarized in Fig. 2.1. The most important purposes of the safety lifecycle are to ensure that (a) design work is properly planned, and (b) safety requirements are traceable from beginning to end. Figure 2.1 The safety lifecycle for instrumentation and control systems. From an overall plant definition (the conceptual plant design), safety requirements can be assigned to safety-instrumented systems, other safety systems, and other measures such as procedural controls. The safety-instrumented systems must then be designed, implemented, tested and commissioned, while maintaining strict design change controls and ensuring traceability between functional requirements and testing requirements. Finally, once operational, any modifications must be subject to strict controls to ensure that any changes are made with an equivalent level of consideration as the original design. The first step in a new major project is overall concept design: what do we expect the plant to look like? A front end engineering design (FEED) project stage then develops an overall concept, including the definition of the plant hazards (i.e., what accidents are conceivable) and their necessary prevention and mitigation measures (which are sometimes confusingly called “controls”). Overall safety risk criteria should have been defined by the client organization (perhaps indirectly from the safety regulator) and, from these criteria, technical safety specialists can then define the functional and safety requirements for the high-integrity safety systems. (We shall return to the FEED process and risk criteria in Part 3 (Chapter 10).) A key requirement is that, having defined a schedule of functional and safety requirements, these requirements must remain traceable throughout the construction project, to make sure that eventual commissioning tests actually do test the right things. Also, the schedule of functional and safety requirements must itself remain subject to rigorous change control; i.e., elements in the schedule can only be changed subject to careful consideration, e.g., a revision of the original safety analysis done in the FEED stage. Reliability Requirements for High-integrity Systems
IEC 61508 deals with both low-integrity (“non-safety” or “safety-related”) and high-integrity (“safety systems”) applications. Reliability requirements are defined in a series of bands called Safety Integrity Levels (SILs). Here we shall be focusing on high-integrity safety systems, which in this book is taken to mean SIL 3 and SIL 4 systems (see Table...
