During a Layers of Protection Analysis (LOPA), the study team may credit existing Safety Instrumented Functions (SIFs) as independent protection layers (IPLs), and/or recommend new SIFs to provide the necessary risk reduction and close the LOPA gap. How the team credits these SIFs in the LOPA depends on the Safety Integrity Level (SIL) rating of each particular SIF. Whether or not the desired SIL rating of each SIF is actually achieved depends on a multitude of factors which are specified during the SIL assignment, SIF design, and SIL verification processes. If these factors are incorrectly specified or assumed, they can drastically inflate the calculated SIL rating, giving a false sense of security and will result in insufficient risk reduction. Such reasons include, but are not limited to:
- Optimistic estimates of a site’s competence in executing the required SIF proof tests
- Optimistic estimates of the effectiveness of proof tests in discovering potentially dangerous faults
- Use of reliability data for SIF components which is outside of typical industry limits
- Specifying insufficient robustness/redundancy in the SIF design architecture
- Unrealistic expectations of equipment life/mission time
This paper will analyze the results of a sensitivity analysis of a SIL Verification performed on a hypothetical SIF, in which common input factors such as proof test intervals, proof test coverage, mission time, component reliability, and design architecture are manipulated to examine the effect of each on the calculated SIL level. Understanding the importance of these input factors will result in more pragmatic SIF design and SIL verification, with the ultimate benefit being a SIF which delivers the advertised SIL rating over the desired mission time.
Presenter(s)
Once the content has been viewed and you have attested to it, you will be able to download and print a certificate for PDH credits.
If you have already viewed this content,
please click here
to login.