1 / 27

Introduction to the IEC Nuclear family of standards William M. Goble exida, USA

2. Functional Safety Standards. In many industries engineers were asking:Can I use these new digital (software based) controllers in my critical safety applications?How can I evaluate the quality of the software design?What are the failure modes of this class of equipment?. A number of Functiona

bond
Télécharger la présentation

Introduction to the IEC Nuclear family of standards William M. Goble exida, USA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. 2

    3. 3

    4. 4

    5. 5 Major Issues Addressed A key objective of of IEC61508 was to address accident causes by creating a system to manage safety, to assure proper technical requirements and to assure competant personnel. Users will require certification bodies to use IEC61508 to certify equipment per technical requirements, processes (Functional Safety Managment), and personnel - certified safety engineer.A key objective of of IEC61508 was to address accident causes by creating a system to manage safety, to assure proper technical requirements and to assure competant personnel. Users will require certification bodies to use IEC61508 to certify equipment per technical requirements, processes (Functional Safety Managment), and personnel - certified safety engineer.

    6. 6 Fundamental Concepts A key objective of of IEC61508 was to address accident causes by creating a system to manage safety, to assure proper technical requirements and to assure competant personnel. Users will require certification bodies to use IEC61508 to certify equipment per technical requirements, processes (Functional Safety Managment), and personnel - certified safety engineer.A key objective of of IEC61508 was to address accident causes by creating a system to manage safety, to assure proper technical requirements and to assure competant personnel. Users will require certification bodies to use IEC61508 to certify equipment per technical requirements, processes (Functional Safety Managment), and personnel - certified safety engineer.

    7. 7 Safety Integrity Level

    8. 8 IEC 61508 Safety Integrity Level These target failure measures appear in the NORMATIVE part 1 of IEC61508. For the process industry, only the demand mode of operation column is relevant as this is the nature of any normal ESD type system which is dormant most of the time, and is only called into action when something goes wrong with the regular control system. Target failure measures are also presented for continuous/high demand mode of operation in IEC61508, but this column is not shown here. The risk reduction factor is the direct reciprocal of the PFDaverage presented above.These target failure measures appear in the NORMATIVE part 1 of IEC61508. For the process industry, only the demand mode of operation column is relevant as this is the nature of any normal ESD type system which is dormant most of the time, and is only called into action when something goes wrong with the regular control system. Target failure measures are also presented for continuous/high demand mode of operation in IEC61508, but this column is not shown here. The risk reduction factor is the direct reciprocal of the PFDaverage presented above.

    9. 9 Safety Integrity Levels Hardware Failure Probability These target failure measures appear in the NORMATIVE part 1 of IEC61508. For the process industry, only the demand mode of operation column is relevant as this is the nature of any normal ESD type system which is dormant most of the time, and is only called into action when something goes wrong with the regular control system. Target failure measures are also presented for continuous/high demand mode of operation in IEC61508, but this column is not shown here. The risk reduction factor is the direct reciprocal of the PFDaverage presented above.These target failure measures appear in the NORMATIVE part 1 of IEC61508. For the process industry, only the demand mode of operation column is relevant as this is the nature of any normal ESD type system which is dormant most of the time, and is only called into action when something goes wrong with the regular control system. Target failure measures are also presented for continuous/high demand mode of operation in IEC61508, but this column is not shown here. The risk reduction factor is the direct reciprocal of the PFDaverage presented above.

    10. 10 Solenoids and pressures switches are simple devices that meet the IEC61508 definition of a Type A device. Therefore, looking at the Type A chart, a SFF of 0% with no redundancy (Hardware Fault Tolerance = 0) meets SIL1. Unfortunately, the target SIL was SIL2. This design must be improved.Solenoids and pressures switches are simple devices that meet the IEC61508 definition of a Type A device. Therefore, looking at the Type A chart, a SFF of 0% with no redundancy (Hardware Fault Tolerance = 0) meets SIL1. Unfortunately, the target SIL was SIL2. This design must be improved.

    11. 11 Safety Integrity Level

    12. 12 61508 can be applied at many levels Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.

    13. 13 Example: Operating System Certification Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.

    14. 14 Example: Pressure Transmitters Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.

    15. 15 Example: Controllers Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.Conceptual design begins with identification of the equipment to be used in the SIS. The criteria used to select equipment for process control (such as the materials, accuracy, environmental conditions, etc.) also completely apply to safety applications. In addition, failure rate data should be available to assist in the design. For equipment certified to a particular SIL level, obtain the equipments Safety Manual. That manual includes essential information for proper application of the equipment. For equipment not safety certified, the user is responsible for proper application. Instructors Note: For application assistance on particular equipment, contact the process safety engineer.

    16. 16 IEC 61508 Certification The end result of the certification process should be a: Certificate listing the SIL level for which a product is qualified and the standards that were used for the certification Certification report listing test and analysis methods with references to evidence documents Safety Case full set of documentation showing all requirements, arguments and evidence. A full certification can be done to IEC 61508. The end result of the a certification process is certificate and a report. The certificate lists the SIL level for which the product is qualified. However it must be understood that products can receive full certification with restrictions. These are listed in the product Safety Manual.A full certification can be done to IEC 61508. The end result of the a certification process is certificate and a report. The certificate lists the SIL level for which the product is qualified. However it must be understood that products can receive full certification with restrictions. These are listed in the product Safety Manual.

    17. 17

    18. 18

    19. 19 Because of the significant requirements associated with personnel competency, training, staff experience, qualifications, and assessments should also feature in the overall FSM plan and be included in the documentation.Because of the significant requirements associated with personnel competency, training, staff experience, qualifications, and assessments should also feature in the overall FSM plan and be included in the documentation.

    20. 20 IEC 61513

    21. 21 IEC 61513 compared to IEC 61508 NPP Safety 61513 System Design 61226 Classification 60880 Cat A SW 62138 Cat B&C SW Functional Safety (61508) Parts 1, 2 and 4 Parts 1 & 5 SIL levels Part 3 (along with parts 1 & 2)

    22. 22 IEC 61508 Safety Life Cycle Overall, the Safety Lifecycle is a subset of the activities done to manage safety. These activities apply specifically to the design and maintenance of SIS and are integrated into an overall process. The overall objective is to achieve higher levels of safety where needed and not to waste effort where it is not needed. Overall, the Safety Lifecycle is a subset of the activities done to manage safety. These activities apply specifically to the design and maintenance of SIS and are integrated into an overall process. The overall objective is to achieve higher levels of safety where needed and not to waste effort where it is not needed.

    23. 23 IEC 61513 Safety Life Cycle Overall, the Safety Lifecycle is a subset of the activities done to manage safety. These activities apply specifically to the design and maintenance of SIS and are integrated into an overall process. The overall objective is to achieve higher levels of safety where needed and not to waste effort where it is not needed. Overall, the Safety Lifecycle is a subset of the activities done to manage safety. These activities apply specifically to the design and maintenance of SIS and are integrated into an overall process. The overall objective is to achieve higher levels of safety where needed and not to waste effort where it is not needed.

    24. 24 IEC 61513

    25. 25 Experience with Requirements

    26. 26 Experience with the Safety Case Much experience has been gained in multiple industries Instrumentation and Process Control Embedded automotive control Embedded machine control Elevator control Mining equipment control Techniques to assure design integrity with hardware and software are similar

    27. 27 Experience with the Safety Case Compliance with IEC 61513, IEC 61508 or other standard can be shown clearly with a Safety Case Often arguments (Solutions) for one standard are fully applicable to other standards Hence products certified to IEC 61508 with a Safety Case can be shown compliant with IEC 61513, etc. with a reduced effort. Instrumentation manufacturers are getting IEC 61508 certification for many markets. This will benefit the Nuclear industry if these results are used.

    28. 28

More Related