Background Overview Hazard & Risk IEC 61508 & 61511 Layer of Protection Analysis (LOPA) in determining Safety Integrity Level (SIL) Part 1 - Introduction Heru Wandira PT. AT Solusi 7 Oktober 2014 HW LOPA
Sep 18, 2015
Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis
Layer of Protection Analysis (LOPA)in determining
Safety Integrity Level (SIL)Part 1 - Introduction
Heru Wandira
PT. AT Solusi
7 Oktober 2014
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis
Daftar Isi
1 Background
2 Overview
3 Hazard & Risk
4 IEC 61508 & 61511IEC 61508IEC 61511IEC 61508 & 61511 RelationshipRelationship of SIF & other
5 Risk AnalyisisRA in SISLOPAThe Concept of LOPAEvaluation of LOPA
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis
Background
Figure: Safety life Cycle [1]
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis
Overview
Safety Integrity Level (SIL) determined by target Probability ofFailure on Demand (PFD) set on demand mode or dangerousfailure rate (continuous mode) set by :
Process RiskTolerable Riskother mean of protection
One of the popular risk analysis in determining SILs level isusing Layer Of Protection Analysis (LOPA). LOPA isquantitative method for determining risk hazard in industriallevel published in 1993 by CCPS
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk Analyisis
Hazard & Risk in Industry
Figure: Protection Layers for Hazard & Risk in Industry [2]
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisIEC 61508 IEC 61511 IEC 61508 & 61511 Relationship Relationship of SIF & other
IEC 61508 Functional Safety of E/E/PE safety-relatedsystems
Figure: Functionality of IEC 61508[2]
Functional Safety Of Electri-cal/Electronic/ ProgrammableElectronic Safety-RelatedSystems
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisIEC 61508 IEC 61511 IEC 61508 & 61511 Relationship Relationship of SIF & other
IEC 61511 - Functional Safety - SIS for ProcessIndustry
Figure: Functionality of IEC 61511 [2]
Functional Safety - Safety Instru-mented Systems For The Pro-cess Industry Sector
Part 1 : Framework,definitions, system,hardware and softwarerequirementsPart 2 : Guidelines For TheApplication Of IEC 61511-1Part 3 : Guidance For TheDetermination Of TheRequired Safety IntegrityLevels
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisIEC 61508 IEC 61511 IEC 61508 & 61511 Relationship Relationship of SIF & other
Relationship between IEC 61511 & 61508
Figure: Relationship between IEC 61511 & 61508
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisIEC 61508 IEC 61511 IEC 61508 & 61511 Relationship Relationship of SIF & other
Relationship between SIFs and other Functions
Figure: Relationship between SIFs and other Functions
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Risk Analysys in determining SIL
Suggested methods in IEC 61508 & 61511 for calculate targetSIL value of SIF :
Qualitative : Risk matriks, and Risk GraphQuantitative : LOPA, Failure Mode, and Effect Analysis(FMEA) or MARKOV modelling
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Layer Of Protection Analysis (LOPA) - Overview
LOPA is a quantitative tool which is readily applied after the Pro-cess Hazard Analysis (PHA) on determinig SILs level. The con-cept of LOPA published by CCPS, and proposed in IEC 61511standard
Guidelines for Safe Automation of Chemical Process(CCPS, 1993)IEC 61511-3 Annex F : Provides An Overview Of A MethodUsing A Layer Of Protection Analysis (LOPA) Approach ToSelect The Required SIL
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Layers of Protections
Figure: Layers of protection to lower the frequency of a specificaccident scenario [5]
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
The Concept of LOPA
LOPA is used to identify multiple Independent Protection Layers(IPLs) that mitigate a potential hazard [3].
Figure: The concept of LOPA [2]
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
The Concept of LOPA
Independent Protection Layers (IPLs) are devices, systems, oractions that are capable of preventing a scenario from develo-ping into an undesired consequence. All these layers are inde-pendent from one another so that any failure of the layer will notaffect the functioning of the other layers [3].Each company that chooses to use LOPA needs its own speci-fic procedure. The Procedure must include tables for initiatingcause likelihoods and PFDs for various types of IPLs [3]. TheLOPA procedure must have clear rules with which to evaluatesafeguards to determine if they qualify as IPLs.
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Team composition and training of LOPA facilitators
LOPA team composition and training that company should al-so establish had the minimum requirements. The team shouldconsist of the [3]:
Operator with experience operating the process underconsiderationEngineer with experience in the processManufacturing managementProcess control engineerInstrument / Electrical maintenance person withexperience in the process under considerationRisk analysis (LOPA) specialist
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
LOPA processThe LOPA process consist 6 steps :
1 Identify the consequence to screenthe scenarios
2 Select an accident scenario3 Identify the initiating cause of the
scenario and determine the initiatingcause frequency (event per year)
4 Identify the IPL and estimate thePFD of each IPL
5 Estimate the risk of the scenario bymathematically combining theconsequence, initiating event andIPL data
6 Evaluate the risk and giverecommendations
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Benefits of LOPA
LOPA advantages[3] :Simple risk assessment tools with less time and resourcesthan for a QRA but more rigorous than HAZOPIt facilitate the determination for more precisecause-consequence pairsIt identifies operations, practices, system and processesthat do not have adequate safeguards and help in decidingthe PLs required on the most critical safety systemsIt avoids the generalities of the safety layer matrix methodby including its own calibrationEven though more time-consuming than Risk graph, itallow a better understanding of the safety system in thefunctional safety of the overall designIt requires much less work than FTAProvide due credit to all PLs and helps in estimating thespecific risk level of the unit or equipment
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Benefits of LOPA
It removes subjectivity while providing clarity andconsistency to risk assessment and helps to compare riskbased on a common ground if it is used throughout a plantIt is useful for making risk-based decision during stageslike design, management of change, etcProvide due credit to all PLs and helps in estimating thespecific risk level of the unit or equipmentIt removes subjectivity while providing clarity andconsistency to risk assessment and helps to compare riskbased on a common ground if it is used throughout a plant
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Benefits of LOPA
Limitation of using LOPA[3] :It is not intended to be a hazard identification toolCriteria for risk tolerance must be established for LOPAexercise before process startsLOPA offers flexibility to the user in the areas of selectingIPLs and PFDs, this brings in subjectivity in theassessment process and depends on the expertise of theuserLOPA is a simplified approach and should not be applied toall scenarios.LOPA analysis tends to drive initiating cause likelihoods tohigher levels than actual field experience
HW LOPA
Background Overview Hazard & Risk IEC 61508 & 61511 Risk AnalyisisRA in SIS LOPA The Concept of LOPA Evaluation of LOPA Ref
Daftar Pustaka
IEC 61508 - 1998 Functional Safety Of Electrical/Electronic/Programmable Electronic Safety-Related Systems
IEC 61511 - 2003 Functional safety Safety instrumentedsystems for the process industry sector
B. R. Hanniken, Applicability of Layer of Protection Analysisto determine Safety Integrity Levels in the ProcessIndustry, NTNU, Norwegia : 2007
ANSI ISA S84.01 - 1996 Application of Safety InstrumentedSystems for the Process Industries
D. A. Crowl, Chemical Process Safety : Fundamental withApplications 2nd Edition, Prentice Hall, New Jersey : 2001
HW LOPA
BackgroundOverviewHazard & RiskIEC 61508 & 61511IEC 61508IEC 61511IEC 61508 & 61511 RelationshipRelationship of SIF & other
Risk AnalyisisRA in SISLOPAThe Concept of LOPAEvaluation of LOPA