SIL 2 – The functionally safe option for oil and gas industry specifiers
17 April 2016
The world's oil and gas industry is a strictly regulated, multi-billion dollar enterprise that uses cutting edge technology to improve the performance of operations and eliminate random, systematic and common cause failures. Simon Rooks of Tyco Fire and Integrated Solutions explains how SIL2 is fast becoming a cornerstone of best engineering practice, and provides an insight into the journey of compliance.
The oil, gas and associated marine industries have worked extremely hard since the Seventies to radically improve their safety records. Yet as recent examples have shown so starkly, the ever-present risk of explosion and the enormous forces involved can cause significant loss of life and extensive physical damage. As the 20th April 2010 incident in in the Gulf of Mexico demonstrated, extracting and transporting oil involves the further risk of extreme environmental harm.
It is inevitable then that in all parts of the world where exploration takes place, that governments impose heavy restrictions on companies involved in these industries; and that international bodies responsible for regulation work strenuously to improve standards.
Fire detection and gas detection systems are critical technologies for protecting drilling platforms, FPSOs (Floating Production Storage & Offloading vessels) injection skids and other installations. As such, we are currently seeing Functional Safety Standards being implemented as the means of ensuring such systems work effectively.
What is SIL2?
Central to the adoption of SIL2 as the standard by which systems for the oil, gas and marine industries are judged is the philosophy of targeting Functional Safety – defined as the freedom from unacceptable risk. Risk management typically attempts to follow the ALARP – or as low as reasonably practicable – principle to define a tolerable level or risk. In fact, SIL2 sets a probability of failure on demand of 99.99 to 99.999% - a virtually fail safe standard.
Functional safety in effect aims to design or engineer out all common, random or systematic failures, which might cause injury to people or damage to property; as well as to the environment. There are a number of standards that define SIL Levels as a measure of reliability, or a means of risk reduction. The main reference standard is International Electro-technical Commission (IEC) 61508, which deals with the functional safety of electrical, electronic and programmable electronic safety related systems.
While the long established Quality Assurance standard, ISO 9001: 2008 demands meticulous record keeping and adherence to consistent methodology, IEC 61508 presents a wider emphasis on verification, with third party involvement to show processes have been properly adhered to. Importantly it categorises SIL2 into hardware safety and systematic integrity safety; however a device, sub-system or system must meet the requirements.
IEC 61511 covers safety instrumented systems for the process industry, and sets out practices for the engineering of systems to ensure the safety of an industrial process throughout its lifecycle: from Front End Engineering Design (FEED) to decommissioning. There are also a number of other standards, which can have further impact:
• ANSI/ISA S84 also addresses functional safety for safety instrumented systems for the process industry sector.
• IEC 61513 is specific to the nuclear industry.
• IEC 62061 covers the safety of machinery.
• EN50402 (fixed gas-detection systems) deals with defence standard 00-56 Issue 2 – accident consequences.
The significance of these standards, which are accepted as state-of-the-art and representing best engineering practice, means they will therefore – in the absence of any other standard – be enforceable in a UK court of law, forming the basis for judgements and consequently the setting of fines and compensation.
In a safety system, critical safety functions are defined to reduce risk – referred to as Safety Instrumented Functions - and comprise a single loop, made up of a series of sub-systems.
Forming part of a platform construction, or in some other application, a typical Addressable Fire & Gas Detection System should have between two and eight loops. Typically each loop should serve one deck or level to an installation with multiple fire zones, so that areas can be covered in a logical fashion providing the ability to connect up to 1,000 devices. That way the system can continually monitor its loops providing a rapid response in an alert situation. These alerts are then displayed on the fascia of an Addressable Fire & Gas Detection Panel and are also made available in the form of third party communications.
SIL2 compliant Addressable Fire & Gas Detection Systems that can provide third party communications with the primary control systems on board the installation are crucial. These can include the Distributed Control System (DCS), Process Control System (PCS), Emergency Shutdown System (ESD) and the main Fire & Gas Programmable Logic Controller (F&G PLC), therefore forming a critical part of the overall operational control, which in an emergency situation would report a fault in the system and mitigate any further danger.
Undergoing a Failure Mode Effects Analysis (FMEA) is one way those responsible can ensure the correct assessment parameters are in place for measuring manufacturer devices in typical applications. An FMEA investigates the occurrence of random failures in operation with the clear objective of establishing accurate predictive data. This would then form the basis for meeting the requirements set by assessment bodies such as the IEC or the IEC 61508 and 61511 standards.
This is a detailed and rigorous process, and it is crucial that technicians and engineers work through every relevant system diagram to determine all the components that each device is made up of, in order to calculate what the cumulative failure on demand will be. The purpose of this is to establish where the most dangerous, otherwise undetectable failures might occur; and then to use the information to manage the risk throughout the lifetime of the product or system.
This means it is possible to ensure that if a failure does occur, then it will be detected and the necessary action taken and the time to repair or replace is documented.
What SIL2 will effectively mean for the wider customer base in practice is that they can specify the use of compliant detection systems from leading safety systems providers and thereby demonstrate compliance for their own part; or greatly reduce the work involved in doing so.
Case study: A practical example of a SIL2 strategy
Tyco has put together a SIL2 compliant system or package featuring existing, well-proven products from its range of addressable fire and gas detection devices. The company also consulted extensively with key stakeholders from across the industry, including established customers, in order to determine a list of devices that they would wish to see made available as SIL2 compliant. These organisations included Holta & Haland Norway, Offshore UK customers and various internal Installation & Service experts and project groups.
After responses and requirements were reviewed, rationalised and refined, all interested parties agreed on a core list of devices, which were essential for specification as a prerequisite for entry into specific markets or regions.
FMEA and random failures assessments were completed in the spring of this year, basing the figures on the industry recognised work originally undertaken by leading international electronics experts, after examining all commonly used types of component available on the market.
The company also backed up and confirmed the theoretical predictions from the FMEA process, by also adding ‘proven in use’ evidence, based on the actual performance of its installed product base. Crucially, this too shows that the failure rate is below the acceptable threshold for SIL2 compliance.
Over the months that the team of technicians has been working on the SIL2 compliance project, a full forensic examination of its own sales and service records was undertaken so that any instances of component failure could be identified. This process has provided raw data on any returns, and captured such parameters as the mean time between failures occurring.
Although customers will have to create their own Safety Analysis Report for the overall system, crucially, the service provider has been able to generate a standard SAR for a variety of configurations possible across its addressable detection range. These can be adopted and help to make the process of producing the overall safety system more effective.
One of the oil and gas industry’s most respected risk management and safety consultants, ESC, was also brought in to guarantee the auditing programme was carried out correctly and transparently. This ensures that the verified safety management checks and procedures are in place to give clients total confidence in the findings.
One of the key drivers behind Tyco’s determination to establish its SIL2 credentials was the desire to further expand business in the Norwegian market where this is considered a prerequisite. Now with the work done and the certification obtained, the company’s technical sales personnel are already in negotiation with potential clients – including the engineering procurement and construction companies (EPCs) who are the main decision makers when building a new installation or asset. This is evidence that SIL2 certification is pivotal for companies wanting to expand into previously restricted markets.
Significantly, no changes were necessary to any of the systems or constituent components as the company’s hardware offers high availability and reliability. This performance on demand stems in parts from the SIL2 compliant system incorporating full backwards and forwards loop monitoring, as well as full line isolation being built into safe area detectors: so that if one fails, it will not compromise any other in the loop.
Obtaining SIL 2 compliance demonstrates commitment to safety and quality, representing a further investment in not merely complying with a fit-for-purpose standard, but undertaking a process that will promote ever improving standards of performance and reliability for facilities operating in what are often the most challenging of environments.
By adopting and adhering to the best possible safety standards, those responsible for the wellbeing of life safety assets on drilling platforms, FPSOs, injection skids and other installations are not only ensuring that the safety record across the oil, gas and marine industries continues to improve, it sets the bar high for other areas of commerce also.
Fundamentally, SIL2 compliance gives those involved in the industry assurances that the most rigorous procedures have been carried out to ensure that safety related systems are tested against failsafe standards and will protect what matters most.
Contact Details and Archive...