IEC-61511---Whats-New-in課件(PPT 34頁(yè))

1、IEC 61511:Whats New in Edition Two Copyright exida Asia Pacific 2017第1頁(yè)，共34頁(yè)。2Managing Director / Senior Safety Consultant at exida Asia Pacific with extensive knowledge of process safety management and functional safety (IEC 61508 and IEC 61511 process risk analysis). Familiar with methodology like

2、 HAZID, HAZOP, CHAZOP, Alarm Management Studies, FMEA, FMEDA, FTA, LOPA, SIL classification, SRS development, SIL verification, SIS validation, Functional Safety Assessment, SIS maintenance procedure development. Credentials B.Eng (Electrical and Electronics Engineering), NTUCertified Functional Saf

3、ety Expert, CFSEAffiliationsMember of the International Society of Automation (ISA), (ISA84, ISA18, ISA96 and ISA99 standard committees member)American Institute of Chemical Engineers (AIChE) MemberNational Fire Protection Association(NFPA) MemberInstrumentation & Control Society of Singapore Member

4、International System Safety Society (ISSS) MemberThe Critical Thinking Community MemberDesmond Lee, CFSECopyright exida Asia Pacific 2017第2頁(yè)，共34頁(yè)。Functional Safety Standard History功能安全演變DIN V 19250IEC 61508 Ed 1IEC 61511 Ed 1Ed 2S84.01 1996S84.01 2004199019952000200520102017Ed 2Safety Loop“Functiona

5、l”Copyright exida Asia Pacific 2017第3頁(yè)，共34頁(yè)。4Copyright exida Asia Pacific 2017IEC 61511 StatusPart 1 released in Red Line Version (RLV) 2016-02-24Part 2 released in Red Line Version (RLV) 2016-07-28Part 3 released in Red Line Version (RLV) 2016-07-21Part 1 released Corrigendum 1 2016-09-15Part 1 rel

6、eased Amendment 1 2017-08-1第4頁(yè)，共34頁(yè)。5Copyright exida Asia Pacific 2017IEC 61511 Basics RemainIEC 61511標(biāo)準(zhǔn) 的基礎(chǔ)沒變Targets end users, engineering contractors and integratorsCovers the entire SIS LifecycleRisk analysisPerformance based designOperations and maintenancePerformance NOT PrescriptiveEnd user a

7、pplicationsNot typically certifiedIndependent functional safety assessmentsThree sectionsRequirementsGuidelinesSIL SelectionPrescriptive (Clear design, variable safety)Performance (Clear safety, optimal design) 第5頁(yè)，共34頁(yè)。Same Basic Relationship to IEC 61508與IEC 61508的基本關(guān)系沒變But now the 2nd Edition of

8、61508 from 2010 applies instead of the original 1st Edition6Copyright exida Asia Pacific 2017第6頁(yè)，共34頁(yè)。Same Basic IEC 61511 Safety Lifecycle相同的安全生命周期Copyright LLC 2000-20177測(cè)試安裝驗(yàn)證饋送概念功能安全管理和功能安全評(píng)估章節(jié)5安全生命周期結(jié)構(gòu)和規(guī)劃章節(jié)6.2為保護(hù)層分配安全功能章節(jié)9驗(yàn)證章節(jié)7 和章節(jié)12.7SIS安全要求規(guī)格章節(jié)10和12 危險(xiǎn)與風(fēng)險(xiǎn)分析 章節(jié)8SIS設(shè)計(jì)與工程章節(jié)11 & 12SIS安裝和調(diào)試章節(jié)14SIS

9、操作和維護(hù)章節(jié)16SIS安全驗(yàn)證章節(jié)15SIS修改章節(jié)17SIS退役章節(jié)18SIS現(xiàn)場(chǎng)驗(yàn)收測(cè)試章節(jié)13管理檢驗(yàn)測(cè)試設(shè)計(jì)與建造分析設(shè)計(jì)與實(shí)施運(yùn)作第7頁(yè)，共34頁(yè)。Copyright exida Asia Pacific 2017Same Basic Elements相同的基本要素Part 1 requirements about the same length as before (81 vs 83 pages)Differences expand both the safety lifecycle activity details as well as the documentation an

10、d functional safety management requirementsPart 2 has more and better clarifications to Part 1 than beforePart 3 has more risk analysis explanation / examples than before第8頁(yè)，共34頁(yè)。9Copyright exida Asia Pacific 2017Systematic and Random Failures are Better Defined對(duì)系統(tǒng)失效和隨機(jī)失效有更好的定義Random failuresDefined

11、 by a predictable failure rate but occur at unpredictable timesOnly involve the system, not a particular conditionQuantitative approach to manage random failuresSystematic failuresCan be eliminated when the cause is eliminated (unlike random failures)Typically reproducibleQualitative approach to man

12、age systematic failuresBoth random and systematic failures must be controlled to achieve SIL第9頁(yè)，共34頁(yè)。10Copyright exida Asia Pacific 2017Random vs. Systematic Failures隨機(jī)失效與系統(tǒng)失效The difference is important because the Functional Safety Standards state that probabilistic analysis only applies to random

13、failuresSome tend to classify many real failures as “systematic” and end up with very low and unrealistic “random” failure numbersFailure data collection programs should collect information on ALL failures and count ALL real failures as random until it is proven that systematic changes have eliminat

14、ed future failures of a given type第10頁(yè)，共34頁(yè)。11Copyright exida Asia Pacific 2017More Formal Competency Requirements正式的提出能力要求Old IEC 61511 only required that individuals be competent to carry out the activities for which they are accountableNew IEC 61511 requires a list of specific items to be “addres

15、sed and documented” when considering the competency of those involved in safety lifecycle activitiesA procedure must also be in place to manage the competency of all those involved in the SIS safety lifecyclePeriodic competency assessments are also now required第11頁(yè)，共34頁(yè)。12Copyright exida Asia Pacifi

16、c 2017Additional Supplier Requirements新的供應(yīng)商要求Old IEC 61511 Clause only required that suppliers of products or services to have adequate quality management systemNew IEC 61511 Clause adds the following:“If a supplier makes any functional safety claims for a product or service, which are used by the o

17、rganization to demonstrate compliance with the requirements of this part of IEC 61511, the supplier shall have a functional safety management system. Procedures shall be in place to demonstrate the adequacy of the functional safety management system.”第12頁(yè)，共34頁(yè)。13Copyright exida Asia Pacific 2017More

18、 Robust Functional Safety Assessment強(qiáng)化了的功能安全評(píng)估的要求“The use of functional safety assessment (FSA) is fundamental in demonstrating that a SIS fulfils its requirements” Part 2 Clause Same requirement to carry out a FSA after validation and before operationNew requirement to carry out a FSA periodically

19、during operations and maintenance phase (Clause .10)FSA on modifications specifically requires review of impact analysisMore details on auditing and revision with emphasis on management of change第13頁(yè)，共34頁(yè)。14Copyright exida Asia Pacific 2017Clearer Application Program SLC更清晰的應(yīng)用程序SLC第14頁(yè)，共34頁(yè)。15Copyri

20、ght exida Asia Pacific 2017More Extensive Process Hazards and Risk Assessment Guidance更廣泛的過程危害和風(fēng)險(xiǎn)評(píng)估指導(dǎo)Significant information on recommended methods in Part 2 Clause 8.2.1“A preliminary hazard and risk assessment should be carried out early during the basic process design”“A final hazard and risk ass

21、essment may therefore be necessary once the piping and instrumentation diagrams have been finalized formal and fully documented procedure such as hazard and operability study (HAZOP see IEC 61882)”“When considering the frequencyof demands, it may be necessary in some complex cases to undertakea faul

22、t tree analysis”第15頁(yè)，共34頁(yè)。16Copyright exida Asia Pacific 2017Clause 8.2.4: “A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS”Includes security against both intentional attacks and unintended errorsIncludes requirement to determine what is needed for

23、 additional risk reduction with respect to security threatsSIS design must provide “the necessary resilience against the identified security risks”New Cyber Security Requirements新的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估要求第16頁(yè)，共34頁(yè)。17Copyright exida Asia Pacific 2017Consider High Demand / ContinuousModes in Risk Analysis考慮風(fēng)險(xiǎn)分析中的高需

24、求/連續(xù)模式Clause 9.2.2 OLD: “The required safety integrity level of a safety instrumented function shall be derived by taking into account the required risk reduction that is to be provided by that function”Clause 9.2.2 NEW: “The required SIL shall be derived taking into account the required PFD or PFH

25、that is to be provided by the SIF”第17頁(yè)，共34頁(yè)。18Copyright exida Asia Pacific 2017New Requirement for Single Hazards with Multiple SIFs具有多個(gè)SIF的危害的新要求Clause 9.2.4 Note 4 OLD: “It is possible to use several lower safety integrity level systems to satisfy the need for a higher level function (for example,

26、 using a SIL 2 and a SIL 1 system together to satisfy the need for a SIL 3 function)”Clause 9.2.8 NEW: “If the risk reduction required for a hazardous event is allocated to multiple SIFs in a single SIS, then the SIS shall meet the overall risk reduction requirement”第18頁(yè)，共34頁(yè)。19Copyright exida Asia

27、Pacific 2017Clearer Guidance on BPCS Credit對(duì)BPCS有更清晰的指導(dǎo)Clause 9.3.4 NEW: “No more than one BPCS protection layer shall be claimed for the same sequence of event leading to the hazardous event when the BPCS is the initiating source for the demand on the protection layer”“No more than two BPCS protect

28、ion layers shall be claimed for the same sequence of even leading to the hazardous event when the BPCS is not the initiating source of the demand”Clause 9.3.5 NEW: “Each BPCS protection layer shall be independent and separate from the initiating source and from each other to the extent that the clai

29、med risk reduction of each BPCS protection layer is not compromised”第19頁(yè)，共34頁(yè)。20Copyright exida Asia Pacific 2017Example - BPCS Independence RequirementBPCS的獨(dú)立要求-示例Part 2 Clauses 9.3.4 and 9.3.5第20頁(yè)，共34頁(yè)。21Copyright exida Asia Pacific 2017New Safety RequirementsSpecification Considerations新的安全要求規(guī)范 C

30、lause 10.3.2 has 29 requirements for the SRSNew I/O list requirementMore SIS process measurement requirements for range & accuracy as well as trip pointsMore specifics on bypass requirementsApplication program requirements moved from OLD Clause 12.2 to NEW SRS Clause 10.3 with some software planning

31、 aspects moved to Clause 6第21頁(yè)，共34頁(yè)。22Copyright exida Asia Pacific 2017New Process Safety Time 過程安全時(shí)間注意事項(xiàng)Old IEC 61511 only referred to a system response time which simply needed to be specified and metNow process safety time (Clause ) is “time period between a failure occurring in the process or th

32、e basic process control system (with the potential to give rise to a hazardous event) and the occurrence of the hazardous event if the SIF is not performed”Interestingly, the guidance in Part 2 Clause 11.9.2 is that “the sum of the diagnostic test interval and the time to perform the specified actio

33、n to achieve or maintain a safe state is less than the process safety time”This is more aggressive than the generally accepted target response in less than half the process safety time第22頁(yè)，共34頁(yè)。23Copyright exida Asia Pacific 2017Additional Design Requirements增加的設(shè)計(jì)要求Must now alarm energise to trip (E

34、TT) systems when utility (power) is lostMust now provide “the necessary resilience against the identified security risks”FVL and LVL programmable devices shall have diagnostic coverages 60 %Must define maximum bypass time and provide compensating measures during bypass第23頁(yè)，共34頁(yè)。24Copyright exida Asi

35、a Pacific 2017Consistent Low / High Demand & Continuous Modes Definitions低 / 高要求和連續(xù)模式的定義Previously, there was a definition mismatch with IEC 61508 since IEC 61511 did not define a high demand modeNow, all three modes are defined in new IEC 61511 Clause 3.2.43Low demandHigh demandContinuousNote that

36、the one demand per year point defines the difference between low and high demand modeThis can cause problems when proof testing is done frequently on “high demand” applications since low demand better defines the correct way to calculate SIF performanceMore consideration for high demand and continuo

37、us mode SIFs throughout the standard第24頁(yè)，共34頁(yè)。25Copyright exida Asia Pacific 2017Mode Summary模式概要Low DemandHigh DemandContinuousUse PFDavg TableUse PFH TableUse PFH TableTake Credit for Proof TestingNO Credit for Proof Testing unless HFT0NO Credit for Proof Testing*Take Credit for Automatic Diagnost

38、ics*Take Credit for Automatic DiagnosticsNO Credit for Automatic Diagnostics* If fast enough (Part 2 Clause 11.9.2 recommends 100 diagnostic cycles per demand)第25頁(yè)，共34頁(yè)。Systematic Capability Better Defined系統(tǒng)能力現(xiàn)已被明確定義Determined with reference to the requirements for the avoidance of systematic faults

39、 in 61508-2 and 61508-3SC N means the Systematic Capability of the device meets the requirements of SIL NStill requires device to be applied in accordance with the instructions specified in the device safety manual for SC N26Copyright exida Asia Pacific 2017第26頁(yè)，共34頁(yè)。27Copyright exida Asia Pacific 2

40、017Different Hardware Fault Tolerance / Architectural Constraints硬件故障裕度 /結(jié)構(gòu)約束New table of requirementsNo more safe failure fraction calculations requiredMatches IEC 61508-2 Clause Routh 2HStill have three requirements for SILPFDavg / PFHHardware Fault ToleranceSystematic Capability第27頁(yè)，共34頁(yè)。28Copyri

41、ght exida Asia Pacific 2017More Robust Reliability Data Requirements更明確的可靠性數(shù)據(jù)要求Random failure rate data “shall be credible, traceable, documented and justified” (Clause 11.9.3)“End users should organize relevant reliability data collections in accordance with IEC 60300-3-2 or ISO 14224 to improve th

42、e implementation of the IEC 61511 standard” (Clause 11.9.3)“Reliability data uncertainties shall be assessed and taken into account when calculating the failure measure” (Clause 11.9.4)70% minimum confidence limit recommended in IEC 61511 Part 2 and in IEC 61508第28頁(yè)，共34頁(yè)。29Copyright exida Asia Pacif

43、ic 2017New Application Program SLC Details新的應(yīng)用程序SLC細(xì)節(jié)第29頁(yè)，共34頁(yè)。30Copyright exida Asia Pacific 2017Validation確認(rèn) New specific requirement to plan validation throughout the SLC (Clause 15.2.1)Special mention of planning “how validation activities can be performed, without putting the plant and process

44、at risk of the hazardous events the SIS is to protect against”Application software validation must include documented “traceability of the SIF from inception during the H&RA through the final installed SIF”Specific item to validate there are no negative SIS effects from “BPCS fault conditions for an

45、y interfaces between the SIS and BPCS” or from “executing unused software functionality, i.e. functionality not defined in the specificationSpecific emphasis to resolve any discrepancies between expected and actual results第30頁(yè)，共34頁(yè)。31Copyright exida Asia Pacific 2017Specific O&M ItemsO&M的特定事項(xiàng)Specific SIS Maintenance Plan is required (Clause 16.2.1)Specific response plans for