27-08-2024

Various aspects of instrument safety that should be considered in a chemical plant

Safety is more than just SIL (Safety Integrity Level) but it comes up first in most discussions when Safety is mentioned. In fact, plant safety includes several factors such as hazardous approvals, occupational and process safety, cyber security on top of functional safety (eg SIL IEC 61508 / 61511).

Here is a brief overview of the International Electrotechnical Commission (IEC) Standards.

EC 61511 deals with proven in use equipment. For example, a vendor and/or an end user utilizes the data (eg failure rates) they have on hand for an instrument. Usually end users have a tremendous amount of valuable information for a particular instrument’s reliability in specific applications at their facility.

IEC 61508 deals with instruments that are designed for safety applications where a 3rd party equipment testing institution such as UL, TUV or EXIDA attests to having evaluated them for compliance. They provide a certificate for the instruments in question confirming they can be specified and used as part of a Safety Instrumented Function (SIF).

There are 2 main types of failures considered – safe and dangerous. Each failure developed during testing or operation is analyzed to identify whether it is safe or dangerous. The dangerous undetected (Du) failures are of particular interest as they are dangerous failures which  remain undetected. Therefore, Du failures are included in the Probability of Failure on Demand (PFD) calculation on the testing certificates.

When designing a SIF loop (which consists of sensor, logic solver and actuator), one needs to consider not only the individual items’ safety but also the availability of a SIF. For example, in a SIL rated Coriolis liquid flow application this may mean designing a system that has redundant sensors.  However, for each application, care should be taken on whether you opt to use a homogeneous-redundant-model or diverse-redundant-model. For example, if you opted for a homogeneous redundant model and both Coriolis meters are not capable of handling entrained gas then the SIF would experience numerous trips every time air or gas flow increased in the liquid line. The solution here would be to use a redundant Coriolis model where both meters, such as the OPTIMASS, can handle entrained gas.  In this fashion, you can operate with a 1 out of 2 voting (1oo2).

Alternatively, you might consider a diverse redundant model wherein 1 of the 2 Coriolis meters could handle entrained gas. In this case you would  have the SIF trip on 2oo2 for example.