High Integrity Systems and Safety Management in Hazardous Industries - J.R Thomson

High Integrity Systems and Safety Management in Hazardous Industries (eBook)

J.R Thomson (Autor)

eBook Download: PDF | EPUB

2015 | 1. Auflage
360 Seiten
Elsevier Science (Verlag)
978-0-12-802034-0 (ISBN)

This book is about the engineering management of hazardous industries, such as oil and gas production, hydrocarbon refining, nuclear power and the manufacture of chemicals and pharmaceuticals. Its scope includes an overview of design standards and processes for high integrity systems,safety management processes as applied to hazardous industries and details best practices in design, operations, maintenance and regulation. Selected case studies are used to show how the complex multidisciplinary enterprises to design and operate hazardous plant can sometimes fail. This includes the subtlety and fragility of the robust safety culture that is required. It is aimed at professional engineers who design, build and operate these hazardous plants. This book is also written for business schools and university engineering departments where engineering management is studied. - An overview of design standards and processes for high integrity systems - An overview of safety management processes as applied to hazardous industries - Best practices in design, operations, maintenance and regulation

JR (Jim) Thomson, BSc(Eng), PhD, CEng, FIET, FIMechE, FNucI is an independent consultant, www.safetyinengineering.com, specializing in high integrity systems and safety management. He has worked in plant operations management, engineering management and safety management, and has previously held executive director posts in two international safety consultancies. He has been chair of two international conferences on high-integrity safety systems, and was awarded the Nuclear Institute's Pinkerton Prize 2013

Chapter 2

The Design of High-integrity Instrumentation and Control (I&C) Systems for Hazardous Plant Control and Protection

Abstract

Modern digital control and protection equipment is radically different from older analog equipment. The use of software in safety systems poses different management challenges because software is not readily amenable to inspection, and because all input signals in each channel of a control system go through a single microprocessor. These differences place emphasis on the importance of the correct specification of safety functional requirements, the traceability of those functional requirements from specification through to testing, change control, and quality assurance in the production of high-integrity microprocessor-based systems. For very high-integrity systems, the causes of, and defences against, common-mode failure also need to be considered carefully, which leads to consideration of “architectural” (or high-level system design) aspects of I&C systems. Consideration is also given to alternatives to microprocessors in high-integrity logic solver applications, and the quality management of software suppliers.

Keywords

high integrity I&C

front end engineering design (FEED)

project safety lifecycle

design intent

software quality management

functional specifications

reliability requirements

traceability

common mode failure (CMF)

I&C architecture

logic elements

change control

safety integrity levels (SIL)

failure modes and effects analysis (FMEA)

verification

validation

aging failure modes

cyber-security

smart sensors

commercial off-the-shelf (COTS)

statistical testing

beta factors

single failure criterion

microprocessors

FPGAs

The design of high-integrity I&C systems for hazardous plant is an area that has seen truly enormous changes in the last 30 years or so with the widespread introduction of digital (computer-based) systems. Before the 1980s or 1990s, all plant control systems and control rooms used analog sensors, analog logic based on discrete electronic components, and simple control systems, with alarm annunciator panels consisting of rows of lamps lit by incandescent bulbs. By comparison, modern computer-based plant control systems now have intelligent (“smart”) sensors sending digital signals to distributed control computers which connect back to an all-digital control room consisting of a few flat screen displays, where plant mimic diagrams are shown, alarms are displayed, and the operator can make plant changes using touch screens.

These changes are now irrevocable, since the supply chain for I&C systems and components has moved with the times, and few manufacturers now supply older analog control system equipment.

This revolution in plant control has been led largely by the aviation industry, which was ahead of process plant in the adoption of digital control systems. For that reason, the design of digital plant control systems for hazardous process plant can learn a great deal from the experiences, incidents and accidents in the aviation sector as it changed to digital systems, as we shall see.

Particular attention must be given to the design of digital equipment where the early conceptual design (or front end engineering design, FEED) has identified the need for high reliability (or “high-integrity” systems) to protect against major hazards.

This chapter provides an overview of the design considerations for high-integrity I&C systems including the following aspects.

• The safety lifecycle for I&C equipment

• Reliability requirements for high-integrity systems

• Software quality management

• Functional specifications and traceability

• Setting up a high-integrity software project

• Common-mode failure

• I&C architecture

• The selection of logic elements and vendors

• The quality management of software suppliers.

The Safety Lifecycle for the Development of I&C Systems

The “safety development lifecycle” concept is enshrined in an international standard called IEC 61508 [1]. This is intended as a “standard of standards”, for use across all process industries, the energy sector, and rail, automobile and aviation. Other standards have then been written which put the IEC 61508 requirements into an industry-specific framework. These include IEC 61511 (process industries), IEC 61513 (nuclear industries), and Do-178 (aircraft), although their scopes may vary.

IEC 61508 “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems” is a very large and detailed standard. IEC 61508 aims to ensure that, in any project involving I&C systems for protection against hazards (i.e., accidents), the functional and safety requirements are correctly identified at the outset, and then implemented properly in the final realization of the design.

• Functional requirements mean both the logical requirements of what the I&C system must do (such as “only permit drive X to operate if conditions Y and Z are satisfied”), and any other physical requirements such as screen formats, voltages, etc.

• Safety requirements mean the reliability requirements of safety-related functions, e.g., “the rate of failure of a given function must be better than 10-2 per annum.” Systems response time and processor loadings are also safety requirements.

IEC 61508 tries to achieve this by:

• mandating a project safety lifecycle to ensure that safety issues are properly identified before design begins, and are then tested properly after manufacture, coding and system integration,

• recommending methodologies for determining the required reliabilities, (i.e., the safety integrity levels or SILs) for the safety functions in the E/E/PES,

• recommending techniques to ensure that the required software SIL levels are achieved, and

• recommending techniques for assessing hardware reliabilities.

The project safety lifecycle for the design, operation and eventual decommissioning of a hazardous plant is summarized in Fig. 2.1. The most important purposes of the safety lifecycle are to ensure that (a) design work is properly planned, and (b) safety requirements are traceable from beginning to end.

Figure 2.1 The safety lifecycle for instrumentation and control systems. From an overall plant definition (the conceptual plant design), safety requirements can be assigned to safety-instrumented systems, other safety systems, and other measures such as procedural controls. The safety-instrumented systems must then be designed, implemented, tested and commissioned, while maintaining strict design change controls and ensuring traceability between functional requirements and testing requirements. Finally, once operational, any modifications must be subject to strict controls to ensure that any changes are made with an equivalent level of consideration as the original design.

The first step in a new major project is overall concept design: what do we expect the plant to look like? A front end engineering design (FEED) project stage then develops an overall concept, including the definition of the plant hazards (i.e., what accidents are conceivable) and their necessary prevention and mitigation measures (which are sometimes confusingly called “controls”). Overall safety risk criteria should have been defined by the client organization (perhaps indirectly from the safety regulator) and, from these criteria, technical safety specialists can then define the functional and safety requirements for the high-integrity safety systems. (We shall return to the FEED process and risk criteria in Part 3 (Chapter 10).)

A key requirement is that, having defined a schedule of functional and safety requirements, these requirements must remain traceable throughout the construction project, to make sure that eventual commissioning tests actually do test the right things. Also, the schedule of functional and safety requirements must itself remain subject to rigorous change control; i.e., elements in the schedule can only be changed subject to careful consideration, e.g., a revision of the original safety analysis done in the FEED stage.

Reliability Requirements for High-integrity Systems

IEC 61508 deals with both low-integrity (“non-safety” or “safety-related”) and high-integrity (“safety systems”) applications. Reliability requirements are defined in a series of bands called Safety Integrity Levels (SILs). Here we shall be focusing on high-integrity safety systems, which in this book is taken to mean SIL 3 and SIL 4 systems (see Table...

Erscheint lt. Verlag	9.1.2015
Sprache	englisch
Themenwelt	Naturwissenschaften ► Chemie
	Technik
	Wirtschaft
ISBN-10	0-12-802034-2 / 0128020342
ISBN-13	978-0-12-802034-0 / 9780128020340

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 31,3 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

EPUB (Adobe DRM)
Größe: 22,0 MB

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Print-Ausgabe

Buch | Softcover

CHF 157,10