{"title":"Properly crediting diagnostics in safety instrumented functions for high demand processes","authors":"J. Bukowski, W. Goble","doi":"10.1109/RAM.2017.7889648","DOIUrl":null,"url":null,"abstract":"According to certain safety standards [1, 2, 3], when assessing the safety performance of a safety instrumented function (SIF) operating in high demand mode, full credit can be given for the positive effects of SIF automatic self-diagnostics (ASD) provided the frequency of self-diagnostic execution is 100 times (100X) or more the demand rate on the SIF and the SIF is configured to convert dangerous failures into safe failures via an automatic shutdown. However, no credit may be given for the positive safety effects of SIF ASD if the frequency of ASD execution is less than 100X the demand rate. This paper shows that the 100X requirement is excessive and that significant positive safety effects accrue even when the ASD frequency is much smaller than the 100X stipulation. The theory, which provides reasonable justification for assigning some degree of partial diagnostic credit (PDC) for SIF ASD based on the ratio of ASD frequency to demand rate, is developed under two different assumptions: Scenario 1 which is extremely conservative and Scenario 2 which is realistic. It is shown that even under the conservative assumption, a frequency of ASD execution of as little as 2X the rate of demand on the SIF deserves at least 60% credit. Under the realistic assumption, the 2X frequency of ASD execution deserves at least 78% credit! Further, ASD execution frequencies of 10X deserve at least 90% credit under the conservative assumption and at least 95% credit under the realistic assumption. These findings suggest that a SIF operating in high demand mode which currently is not receiving credit for its ASD may be reassessed at a lower PDF(t)/hr (a safety metric for SIF in high demand mode) and perhaps a higher safety integrity level (SIL). Furthermore, manufacturers that may have been reluctant to include ASD in equipment used in SIF construction because of the likelihood that the ASD execution frequency would not qualify for PDC in a SIL assessment, may wish to reconsider given that reasonable justification for assigning at least some PDC for the positive effects of ASD is now possible.","PeriodicalId":138871,"journal":{"name":"2017 Annual Reliability and Maintainability Symposium (RAMS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Annual Reliability and Maintainability Symposium (RAMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RAM.2017.7889648","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
According to certain safety standards [1, 2, 3], when assessing the safety performance of a safety instrumented function (SIF) operating in high demand mode, full credit can be given for the positive effects of SIF automatic self-diagnostics (ASD) provided the frequency of self-diagnostic execution is 100 times (100X) or more the demand rate on the SIF and the SIF is configured to convert dangerous failures into safe failures via an automatic shutdown. However, no credit may be given for the positive safety effects of SIF ASD if the frequency of ASD execution is less than 100X the demand rate. This paper shows that the 100X requirement is excessive and that significant positive safety effects accrue even when the ASD frequency is much smaller than the 100X stipulation. The theory, which provides reasonable justification for assigning some degree of partial diagnostic credit (PDC) for SIF ASD based on the ratio of ASD frequency to demand rate, is developed under two different assumptions: Scenario 1 which is extremely conservative and Scenario 2 which is realistic. It is shown that even under the conservative assumption, a frequency of ASD execution of as little as 2X the rate of demand on the SIF deserves at least 60% credit. Under the realistic assumption, the 2X frequency of ASD execution deserves at least 78% credit! Further, ASD execution frequencies of 10X deserve at least 90% credit under the conservative assumption and at least 95% credit under the realistic assumption. These findings suggest that a SIF operating in high demand mode which currently is not receiving credit for its ASD may be reassessed at a lower PDF(t)/hr (a safety metric for SIF in high demand mode) and perhaps a higher safety integrity level (SIL). Furthermore, manufacturers that may have been reluctant to include ASD in equipment used in SIF construction because of the likelihood that the ASD execution frequency would not qualify for PDC in a SIL assessment, may wish to reconsider given that reasonable justification for assigning at least some PDC for the positive effects of ASD is now possible.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
