IEC-61511---Whats-New-in课件(PPT 34页)

1、IEC 61511:Whats New in Edition Two Copyright exida Asia Pacific 2017第1页，共34页。2Managing Director / Senior Safety Consultant at exida Asia Pacific with extensive knowledge of process safety management and functional safety (IEC 61508 and IEC 61511 process risk analysis). Familiar with methodology like

2、 HAZID, HAZOP, CHAZOP, Alarm Management Studies, FMEA, FMEDA, FTA, LOPA, SIL classification, SRS development, SIL verification, SIS validation, Functional Safety Assessment, SIS maintenance procedure development. Credentials B.Eng (Electrical and Electronics Engineering), NTUCertified Functional Saf

3、ety Expert, CFSEAffiliationsMember of the International Society of Automation (ISA), (ISA84, ISA18, ISA96 and ISA99 standard committees member)American Institute of Chemical Engineers (AIChE) MemberNational Fire Protection Association(NFPA) MemberInstrumentation & Control Society of Singapore Member

4、International System Safety Society (ISSS) MemberThe Critical Thinking Community MemberDesmond Lee, CFSECopyright exida Asia Pacific 2017第2页，共34页。Functional Safety Standard History功能安全演变DIN V 19250IEC 61508 Ed 1IEC 61511 Ed 1Ed 2S84.01 1996S84.01 2004199019952000200520102017Ed 2Safety Loop“Functiona

5、l”Copyright exida Asia Pacific 2017第3页，共34页。4Copyright exida Asia Pacific 2017IEC 61511 StatusPart 1 released in Red Line Version (RLV) 2016-02-24Part 2 released in Red Line Version (RLV) 2016-07-28Part 3 released in Red Line Version (RLV) 2016-07-21Part 1 released Corrigendum 1 2016-09-15Part 1 rel

6、eased Amendment 1 2017-08-1第4页，共34页。5Copyright exida Asia Pacific 2017IEC 61511 Basics RemainIEC 61511标准 的基础没变Targets end users, engineering contractors and integratorsCovers the entire SIS LifecycleRisk analysisPerformance based designOperations and maintenancePerformance NOT PrescriptiveEnd user a

7、pplicationsNot typically certifiedIndependent functional safety assessmentsThree sectionsRequirementsGuidelinesSIL SelectionPrescriptive (Clear design, variable safety)Performance (Clear safety, optimal design) 第5页，共34页。Same Basic Relationship to IEC 61508与IEC 61508的基本关系没变But now the 2nd Edition of

8、61508 from 2010 applies instead of the original 1st Edition6Copyright exida Asia Pacific 2017第6页，共34页。Same Basic IEC 61511 Safety Lifecycle相同的安全生命周期Copyright LLC 2000-20177测试安装验证馈送概念功能安全管理和功能安全评估章节5安全生命周期结构和规划章节6.2为保护层分配安全功能章节9验证章节7 和章节12.7SIS安全要求规格章节10和12 危险与风险分析 章节8SIS设计与工程章节11 & 12SIS安装和调试章节14SIS

9、操作和维护章节16SIS安全验证章节15SIS修改章节17SIS退役章节18SIS现场验收测试章节13管理检验测试设计与建造分析设计与实施运作第7页，共34页。Copyright exida Asia Pacific 2017Same Basic Elements相同的基本要素Part 1 requirements about the same length as before (81 vs 83 pages)Differences expand both the safety lifecycle activity details as well as the documentation an

10、d functional safety management requirementsPart 2 has more and better clarifications to Part 1 than beforePart 3 has more risk analysis explanation / examples than before第8页，共34页。9Copyright exida Asia Pacific 2017Systematic and Random Failures are Better Defined对系统失效和随机失效有更好的定义Random failuresDefined

11、 by a predictable failure rate but occur at unpredictable timesOnly involve the system, not a particular conditionQuantitative approach to manage random failuresSystematic failuresCan be eliminated when the cause is eliminated (unlike random failures)Typically reproducibleQualitative approach to man

12、age systematic failuresBoth random and systematic failures must be controlled to achieve SIL第9页，共34页。10Copyright exida Asia Pacific 2017Random vs. Systematic Failures随机失效与系统失效The difference is important because the Functional Safety Standards state that probabilistic analysis only applies to random

13、failuresSome tend to classify many real failures as “systematic” and end up with very low and unrealistic “random” failure numbersFailure data collection programs should collect information on ALL failures and count ALL real failures as random until it is proven that systematic changes have eliminat

14、ed future failures of a given type第10页，共34页。11Copyright exida Asia Pacific 2017More Formal Competency Requirements正式的提出能力要求Old IEC 61511 only required that individuals be competent to carry out the activities for which they are accountableNew IEC 61511 requires a list of specific items to be “addres

15、sed and documented” when considering the competency of those involved in safety lifecycle activitiesA procedure must also be in place to manage the competency of all those involved in the SIS safety lifecyclePeriodic competency assessments are also now required第11页，共34页。12Copyright exida Asia Pacifi

16、c 2017Additional Supplier Requirements新的供应商要求Old IEC 61511 Clause only required that suppliers of products or services to have adequate quality management systemNew IEC 61511 Clause adds the following:“If a supplier makes any functional safety claims for a product or service, which are used by the o

17、rganization to demonstrate compliance with the requirements of this part of IEC 61511, the supplier shall have a functional safety management system. Procedures shall be in place to demonstrate the adequacy of the functional safety management system.”第12页，共34页。13Copyright exida Asia Pacific 2017More

18、 Robust Functional Safety Assessment强化了的功能安全评估的要求“The use of functional safety assessment (FSA) is fundamental in demonstrating that a SIS fulfils its requirements” Part 2 Clause Same requirement to carry out a FSA after validation and before operationNew requirement to carry out a FSA periodically

19、during operations and maintenance phase (Clause .10)FSA on modifications specifically requires review of impact analysisMore details on auditing and revision with emphasis on management of change第13页，共34页。14Copyright exida Asia Pacific 2017Clearer Application Program SLC更清晰的应用程序SLC第14页，共34页。15Copyri

20、ght exida Asia Pacific 2017More Extensive Process Hazards and Risk Assessment Guidance更广泛的过程危害和风险评估指导Significant information on recommended methods in Part 2 Clause 8.2.1“A preliminary hazard and risk assessment should be carried out early during the basic process design”“A final hazard and risk ass

21、essment may therefore be necessary once the piping and instrumentation diagrams have been finalized formal and fully documented procedure such as hazard and operability study (HAZOP see IEC 61882)”“When considering the frequencyof demands, it may be necessary in some complex cases to undertakea faul

22、t tree analysis”第15页，共34页。16Copyright exida Asia Pacific 2017Clause 8.2.4: “A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS”Includes security against both intentional attacks and unintended errorsIncludes requirement to determine what is needed for

23、 additional risk reduction with respect to security threatsSIS design must provide “the necessary resilience against the identified security risks”New Cyber Security Requirements新的网络安全风险评估要求第16页，共34页。17Copyright exida Asia Pacific 2017Consider High Demand / ContinuousModes in Risk Analysis考虑风险分析中的高需

24、求/连续模式Clause 9.2.2 OLD: “The required safety integrity level of a safety instrumented function shall be derived by taking into account the required risk reduction that is to be provided by that function”Clause 9.2.2 NEW: “The required SIL shall be derived taking into account the required PFD or PFH

25、that is to be provided by the SIF”第17页，共34页。18Copyright exida Asia Pacific 2017New Requirement for Single Hazards with Multiple SIFs具有多个SIF的危害的新要求Clause 9.2.4 Note 4 OLD: “It is possible to use several lower safety integrity level systems to satisfy the need for a higher level function (for example,

26、 using a SIL 2 and a SIL 1 system together to satisfy the need for a SIL 3 function)”Clause 9.2.8 NEW: “If the risk reduction required for a hazardous event is allocated to multiple SIFs in a single SIS, then the SIS shall meet the overall risk reduction requirement”第18页，共34页。19Copyright exida Asia

27、Pacific 2017Clearer Guidance on BPCS Credit对BPCS有更清晰的指导Clause 9.3.4 NEW: “No more than one BPCS protection layer shall be claimed for the same sequence of event leading to the hazardous event when the BPCS is the initiating source for the demand on the protection layer”“No more than two BPCS protect

28、ion layers shall be claimed for the same sequence of even leading to the hazardous event when the BPCS is not the initiating source of the demand”Clause 9.3.5 NEW: “Each BPCS protection layer shall be independent and separate from the initiating source and from each other to the extent that the clai

29、med risk reduction of each BPCS protection layer is not compromised”第19页，共34页。20Copyright exida Asia Pacific 2017Example - BPCS Independence RequirementBPCS的独立要求-示例Part 2 Clauses 9.3.4 and 9.3.5第20页，共34页。21Copyright exida Asia Pacific 2017New Safety RequirementsSpecification Considerations新的安全要求规范 C

30、lause 10.3.2 has 29 requirements for the SRSNew I/O list requirementMore SIS process measurement requirements for range & accuracy as well as trip pointsMore specifics on bypass requirementsApplication program requirements moved from OLD Clause 12.2 to NEW SRS Clause 10.3 with some software planning

31、 aspects moved to Clause 6第21页，共34页。22Copyright exida Asia Pacific 2017New Process Safety Time 过程安全时间注意事项Old IEC 61511 only referred to a system response time which simply needed to be specified and metNow process safety time (Clause ) is “time period between a failure occurring in the process or th

32、e basic process control system (with the potential to give rise to a hazardous event) and the occurrence of the hazardous event if the SIF is not performed”Interestingly, the guidance in Part 2 Clause 11.9.2 is that “the sum of the diagnostic test interval and the time to perform the specified actio

33、n to achieve or maintain a safe state is less than the process safety time”This is more aggressive than the generally accepted target response in less than half the process safety time第22页，共34页。23Copyright exida Asia Pacific 2017Additional Design Requirements增加的设计要求Must now alarm energise to trip (E

34、TT) systems when utility (power) is lostMust now provide “the necessary resilience against the identified security risks”FVL and LVL programmable devices shall have diagnostic coverages 60 %Must define maximum bypass time and provide compensating measures during bypass第23页，共34页。24Copyright exida Asi

35、a Pacific 2017Consistent Low / High Demand & Continuous Modes Definitions低 / 高要求和连续模式的定义Previously, there was a definition mismatch with IEC 61508 since IEC 61511 did not define a high demand modeNow, all three modes are defined in new IEC 61511 Clause 3.2.43Low demandHigh demandContinuousNote that

36、the one demand per year point defines the difference between low and high demand modeThis can cause problems when proof testing is done frequently on “high demand” applications since low demand better defines the correct way to calculate SIF performanceMore consideration for high demand and continuo

37、us mode SIFs throughout the standard第24页，共34页。25Copyright exida Asia Pacific 2017Mode Summary模式概要Low DemandHigh DemandContinuousUse PFDavg TableUse PFH TableUse PFH TableTake Credit for Proof TestingNO Credit for Proof Testing unless HFT0NO Credit for Proof Testing*Take Credit for Automatic Diagnost

38、ics*Take Credit for Automatic DiagnosticsNO Credit for Automatic Diagnostics* If fast enough (Part 2 Clause 11.9.2 recommends 100 diagnostic cycles per demand)第25页，共34页。Systematic Capability Better Defined系统能力现已被明确定义Determined with reference to the requirements for the avoidance of systematic faults

39、 in 61508-2 and 61508-3SC N means the Systematic Capability of the device meets the requirements of SIL NStill requires device to be applied in accordance with the instructions specified in the device safety manual for SC N26Copyright exida Asia Pacific 2017第26页，共34页。27Copyright exida Asia Pacific 2

40、017Different Hardware Fault Tolerance / Architectural Constraints硬件故障裕度 /结构约束New table of requirementsNo more safe failure fraction calculations requiredMatches IEC 61508-2 Clause Routh 2HStill have three requirements for SILPFDavg / PFHHardware Fault ToleranceSystematic Capability第27页，共34页。28Copyri

41、ght exida Asia Pacific 2017More Robust Reliability Data Requirements更明确的可靠性数据要求Random failure rate data “shall be credible, traceable, documented and justified” (Clause 11.9.3)“End users should organize relevant reliability data collections in accordance with IEC 60300-3-2 or ISO 14224 to improve th

42、e implementation of the IEC 61511 standard” (Clause 11.9.3)“Reliability data uncertainties shall be assessed and taken into account when calculating the failure measure” (Clause 11.9.4)70% minimum confidence limit recommended in IEC 61511 Part 2 and in IEC 61508第28页，共34页。29Copyright exida Asia Pacif

43、ic 2017New Application Program SLC Details新的应用程序SLC细节第29页，共34页。30Copyright exida Asia Pacific 2017Validation确认 New specific requirement to plan validation throughout the SLC (Clause 15.2.1)Special mention of planning “how validation activities can be performed, without putting the plant and process

44、at risk of the hazardous events the SIS is to protect against”Application software validation must include documented “traceability of the SIF from inception during the H&RA through the final installed SIF”Specific item to validate there are no negative SIS effects from “BPCS fault conditions for an

45、y interfaces between the SIS and BPCS” or from “executing unused software functionality, i.e. functionality not defined in the specificationSpecific emphasis to resolve any discrepancies between expected and actual results第30页，共34页。31Copyright exida Asia Pacific 2017Specific O&M ItemsO&M的特定事项Specific SIS Maintenance Plan is required (Clause 16.2.1)Specific response plans for