基于检验测试策略的PFD模型建立与分析*

为制定合理检验测试策略,提高安全仪表系统（SIS）在低要求运行模式下的安全性,提出要求平均失效概率(PFDavg)通用计算模型,引入检验测试分布因子和共因失效修正因子,表征部分和完全检验测试对SIS安全性的影响。结果表明:该模型适用于所有同构koon架构系统,可应用于周期性、非周期性部分检验测试及共因失效影响较大的场景,可以为企业制定检验测试策略提供理论依据。     

安全仪表系统的开发与要求

综述安全仪表系统的发展过程;对其主要组成、特点以及其各自要求进行研讨;给出安全仪表系统开发的简化流程;探讨安全仪表系统的经济性分析和仪表选择方法;对安全仪表系统整体生命周期中的计划编制、设计、实施、运行、维护和确认等各阶段活动的关键要求进行了讨论和研究。该研究对安全仪表系统的深入理解有指导作用,并为安全仪表系统的分析、设计、实施、运行和维护等活动提供参考。     

基于SIL评估的LNG加气站安全仪表系统问题分析及改进建议*

为分析LNG加气站安全仪表系统的功能完备性与可靠性,以3座典型的三级LNG加气站为研究对象,全面开展安全仪表功能辨识、安全完整性等级（SIL）定级与验证,进而提出针对性的改进建议。结果表明:3座LNG加气站的安全仪表系统均存在功能不完备、设备组件缺少失效数据的问题;为满足风险控制要求,三级LNG加气站需设置15个安全仪表功能,其中1个应达到SIL2等级,14个应达到SIL1等级;LNG加气站的安全仪表系统应选用获得功能安全认证的设备组件,并在设计阶段开展SIL评估工作。研究结果可为今后LNG加气站安全仪表系统的设计与管理提供重要参考。     

Integration of safety instrumented system with automated HAZOP analysis: An application for continuous biodiesel production

Integration of a human-machine interface (HMI) with hazard and operability (HAZOP) analysis is proposed in this work. This concept can potentially lead to the identification of some unexpected deviations, and radically decreases the time necessary for hazard identification. A continuous biodiesel production was simulated. This can be divided into two cases, covering both conventional and reactive distillation. Soybean oil (trioleic, trilinoleic and tripalmitic) at 1000 kg/h as raw material is converted to 99 wt% pure biodiesel. The HMI was designed to improve these processes by combining automatic HAZOP analysis. With this approach, users can receive sufficient information from the simulation to analyze the optimum operation and safety. Severity levels are also provided to classify the actions in the process. Severity levels 1 and 2 are concerned with operating conditions, which are 58-64 °C, and 50-150 kPa. If the analysis shows severity level 3, the safety instrumented system (SIS) will automatically manage the operation in order to reduce/restrain the amount of damage at this level. This proposed system could minimize the damage and also improve the overall quality of the process.     

基于人因可靠性的间歇装置SIL分析与改进

IEC 61508和IEC 61511等标准针对连续工艺装置提出了安全仪表系统安全完整性等级评估方法。但对于间歇装置的SIL评估，受人因因素影响水平并未明确，且没有提出相应计算模型。以某六氟磷酸锂间歇生产装置典型SIS为例，采用HAZOP结合LOPA方法对其进行风险分析，在明确间歇生产装置存在人员中毒、窒息及燃烧爆炸风险的基础上，确定并验证其安全仪表系统的SIL，再依据间歇生产装置人工依赖性高，即部分安全仪表系统未接入自动联锁且需人工手动触发的特点，建立人因可靠性模型，来分析人因可靠性对安全仪表系统SIL的影响，并进行改进研究。研究结果表明:人因因素对安全仪表系统SIL有显著影响；可通过改变SIS元件冗余结构、测试策略并结合改进人因管理措施来提高SIL。     

安全仪表系统的应用及发展

探讨安全仪表系统在过程工业中的必要性与重要性,以ISA/S84.01安全仪表系统生命周期为基本框架,介绍安全仪表系统的基本组成和生命周期各阶段的主要工作,阐述安全仪表系统与过程控制系统的异同。研究安全仪表系统设计过程中风险分析与安全完整性水平等的关键技术;总结了目前安全仪表系统所呈现出的新特点、新趋势;指出安全仪表系统未来发展的方向;同时认为安全仪表系统作为一种有效的安全保障措施,应当以风险与危害分析为基础,按照最低合理可行原则,根据对象的不同特点,确定适当的安全完整性水平。该应用研究成果对于安全仪表系统的设计与应用具有一定的指导意义。     

IEC61511标准及在石化行业安全管理中的应用

功能安全的定量评定技术已成为确保石化行业安全生产的重要手段。针对石化行业普遍存在的功能安全问题,笔者以国际电工学会(IEC)专门制定的功能安全评定标准IEC61508及IEC61511为指导,介绍其标准制定的背景、目的、体系结构以及如何利用标准开展石化行业安全联锁系统(Safety Instrumented System,SIS)的安全与误跳车定量分析。通过对SIS开展定量安全评估,可发现联锁功能存在的安全不足与误跳车现象,对于提高我国石化行业安全生产水平具有重要的促进作用,标准中有关寿命周期功能安全管理方法及重要的工程经验也对提高我国石化安全生产水平具有借鉴作用。     

基于危险工艺装置设置安全联锁系统的研究

针对危险工艺装置设置安全联锁系统(SIS)问题进行分析和研究,提出在装置建设和改造中,应合理设置独立的SIS,并根据生产装置的安全度等级选择合适的联锁回路,并具有一定的冗余能力,以避免由于硬件随机失效或系统故障时造成联锁功能无法执行;指出SIS在设计时应遵循独立原则、故障安全型原则、共享原则、可靠性原则等。研究结果表明:SIS可提高化工装置的本质安全度,保障生产过程的安全、稳定运行,最大限度地减少由于过程失控造成的人身伤害和设备损坏。     

Reliability assessment of safety instrumented systems subject to different demand modes

Safety instrumented systems (SISs) are commonly used in the process industry, to respond to hazardous events. In line with the important standard IEC 61508, SISs are generally classified into two types: low-demand systems and high-demand systems. This article explores this classification by studying the SIS reliability for varying demand rates, demand durations, and test intervals. The approach is based on Markov models and is exemplified by two simple system configurations. The SIS reliability is quantified by the probability of failure on demand (PFD) and the frequency of entering a hazardous state that will lead to an accident if the situation is not controlled by additional barriers. The article concludes that very low-demand systems are similar and may be treated as a group. The same applies to very high-demand system. Between these group, there is a rather long interval where the demand rate is neither high-demand nor low-demand. These medium-demand systems need a specific treatment. The article shows that the frequency of entering into a hazardous state increases with the demand rate for low-demand systems, while it is nearly independent of both the demand rate and the demand duration for high-demand systems. The PFD is an adequate measure for the SIS reliability for low-demand systems, but may be confusing and difficult to interpret for high-demand systems.     

The role of component arrangement in complex safety instrumented systems—A case study

The arrangement of components plays a key role in the performance of complex Safety Instrumented Systems (SIS), in which a SIS logic solver is interlocked with other logic solvers, to share a final element, for instance. The position of the components and the way they are utilized affects the reliability characteristics, such as the Probability of Failure on Demand (PFD), Spurious Trip Rate (STR), architectural sensitivity and model uncertainty. This case study uses quantitative and qualitative approaches to elaborate on various aspects of component arrangement in complex SIS. Numerous simplified models are analyzed; new classification is introduced for SIS components based on their response to demand; a set of guidelines are developed for SIS architecture design, with a focus on component arrangement; and the use of these guidelines is demonstrated in a real-life example, where an existing turbine SIS is modified to incorporate a new over-speed protection system. The simplified models and the turbine upgrade project are also used to explain the issue of unknowns and uncertainties in reliability analysis and how these issues can be addressed in SIS architecture by optimizing component arrangement.     

3-Parameters SPW technique: A new method for evaluation of target safety integrity level

Introduced by IEC-61508 standard, safety integrity levels (SIL) have been used for assessing the reliability of safety instrumented functions (SIF) for protection of the system under control in abnormal conditions. Different qualitative, semi-qualitative and quantitative methods have been proposed by the standard for establishing target safety integrity levels amongst which “Risk Graph” has gained wide attention due to its simplicity and easy-to-apply characteristics. However, this method is subject to many deficiencies that have forced industry men and experts to modify it to fit their demands. In this paper, a new modification to risk graph parameters has been proposed that adds more flexibility to them and reduces their subjective uncertainties but keeps the method as simple as before. Three parameters, namely severity (S), hazard avoidance probability (P), and demand rate (W) are used instead of former four parameters. Hence, the method is named SPW. The outcome results of this method can be directly converted to probability of failure on demand (PFD) or risk reduction factor (RRF). The proposed method has been tested on an example case that has been studied before with conventional risk graph and LOPA techniques. The results show that new method agrees well with LOPA and reduces costs imposed by conservative approximations assumed during application of conventional risk graph.     

基于FFTA-LOPA的化工装置安全仪表系统SIL确定方法

为了优化确定化工装置安全仪表系统（SIS）安全完整性等级（SIL）,分析了现有确定SIL的不足,针对化工装置的失效数据缺失和不确定性特点,提出模糊事故树-保护层（FFTA-LOPA）模型计算安全仪表系统SIL。以某低密度聚乙烯反应釜为例,建立了该反应釜爆炸事故树,运用模糊理论定量分析顶上事件发生的概率,最终确定其安全仪表系统安全完整性等级为SIL 1。结果表明:该方法结合两种风险分析理论,分析结果与实际和理论统计结果符合性较好,具有一定地准确性和实用性,可以为定量确定系统SIL提供理论指导。     

石化装置安全仪表系统KooN表决结构的误跳车率定量分析

为了更准确量化安全仪表系统的误跳车率，基于联锁回路SIF中传感器、逻辑解算器、执行机构引发误跳车的不同失效机理和模型，考虑共因失效对误跳车率的影响，提出1种更符合实际并适用于异型KooN结构的新子系统误跳车率计算模型（STR of Non-identical Redundant System，SNRS）。针对SIF回路的误跳车率计算，建立了1种分析安全联锁SIF回路误跳车率（Reliability based Spurious Trip，RST）的计算框架。研究结果表明:以某聚丙烯装置第三反应器保护系统为例，将SNRS和RST方法与目前主流的多种计算方法进行数值计算对比，验证了方法的有效性，能够有效进行定量分析。     

New considerations for SIL verification of functional safety fieldbus communication

Safety integrity level (SIL) verification of functional safety fieldbus communication is an essential part of SIL verification of safety instrumented system (SIS), and it requires quantifying residual error probability (RP) and residual error rate of function safety communication. The present quantification method of residual error rate uses RP of cyclic redundancy check (CRC) to approximately replace the total RP of functional safety communication. Since CRC only detects data integrity-related errors and CRC has intrinsically undetected error, some other residual errors are not being considered. This research found some residual errors of the present quantification method. Then, this research presents an extended new approach, which takes the found residual errors into account to determine more comprehensive and reasonable RP and residual error rate. From perspective of the composition of safety message, this research studies RPs of those controlling segments (sequence number, time expectation, etc.) to cover the found residual errors beyond CRC detection coverage, and the influences of insertion/masquerade errors and time window on RP are investigated. The results turn out these residual errors, especially insertion/masquerade errors, may have a great influence on quantification of residual error rate and SIL verification of functional safety communication, and they should be treated seriously.     

Advanced process control system with MPC as a new approach for layer of protection analysis

Layer of protection analysis (LOPA) is a widely used method to support process safety in the chemical industries. In the LOPA, the process is classified into many layers, one of such layers considers the basic process control system (BPCS) which commonly uses PID controllers. This kind of controllers cannot deal with constraints. For this reason, the main purpose of this work is to provide a framework to enhance the control layer in the LOPA, which consists of a model predictive control (MPC) with safety features. These features include: sublayers in the controller system (such as real time optimization, target calculation, and MPC), safety constraints, and guarantee of stability by adopting an Infinite Horizon MPC (IHMPC). Here, we propose an approach for control-inspired view to process safety, replacing the BPCS by an Advanced Process Control System (APCS). Moving forward with these concepts, first, a literature review emphasizes the content, showing two perspectives for the APCS. The APCS is designed for two varieties of controllers, a basic IHMPC and IHMPC with zone control to compare the performance. In this framework, the first sublayer consists of a real time optimization (RTO) structure, that calculates the optimal operating condition for the process controller, which computes the control action. Besides, RTO has an additional constraint called the safety index, based on the protection of process operational. RTO and basic IHMPC communicate directly, while for IHMPC with zone control there is an inner sublayer called Target Calculation, it computes a feasible target to the controller, working as another safety strategy in APCS. After that, we demonstrate both structures applied to a CSTR reactor. From the case study, we compared both controllers, and evaluated the effect that the safety index constraint causes in the setpoints, outputs, and control actions. The use of safety constraint in RTO proved to be a safe strategy for the control layer, as well as IHMPC with zone control presented a safer profile than basic IHMPC. Furthermore, the results show that safety constraint affect the economic goal, decreasing its value.     

Generalized analytical expressions for safety instrumented systems' performance measures: PFDavg and PFH

Safety Instrumented Systems (SIS) constitute an indispensable element in the process of risk reduction for almost all of nowadays' industrial facilities. The main purpose of this paper is to develop a set of generalized and simplified analytical expressions for two commonly employed metrics to assess the performance of SIS in terms of safety integrity, namely: the Average Probability of Failure on Demand (PFD_avg) and the Probability of Dangerous Failure per Hour (PFH). In addition to the capability to treat any K-out-of-N architecture, the proposed formulas can smoothly take into account the contributions of Partial Stroke Testing (PST) and Common Cause Failures (CCF). The validity of the suggested analytical expressions is ensured through various comparisons that are carried out at different stages of their construction.     

An evaluation approach using a HARA and FMEDA for the hardware SIL

Safety instrumented systems (SIS) are becoming increasingly complex, and form a growing proportion of programmable electronic parts. The IEC 61508 global standard was established to ensure the functional safety of SIS; however, it was expressed in highly macroscopic terms. The safety integrity level (SIL) is a criterion describing whether a component meets the safety requirements of a SIS. The safety requirements give a target SIL for the expected risks using hazard analysis and risk assessment (HARA). The SIL must correspond to the safety requirements. This study introduces an evaluation process for determining the hardware SIL through failure modes, effects, and diagnostic analysis (FMEDA). First, the components of the SIS subsystem are defined in terms of failure modes and effects, and then the failure rate and failure mechanism distribution are assigned to each component. The safety mode and detectability of each failure mode are determined for each component and, finally, the hardware SIL is evaluated. We perform a case study to evaluate the hardware SIL of the flame scanner system using HARA and FMEDA, where the safety requirement of the flame scanner was determined using the risk graph method. We verified that the hardware SIL of the flame scanner corresponded to the safety requirement.     

关于安全经济学的探讨

本文主要论述了如下基本概念问题: 1、安全的主要经济功能是保障社会经济的增值和有效地减少事故的经济损失。本文试图构造增值函数I(S)和损失函数L(S)来描述其功能。 2、安全经济学的基本任务是研究安全的经济效益和安全的经济利益规律,使其有效地调整和协调安全与经济的关系,指导安全经济决策。 3、本文试提出发展安全经济学应遵循的三个基本原理。 4、为综合揭示安全经济规律,本文还探讨了安全经济的功能函数F(S)、成本函数C(S)、负担函数B(S)和效益函数E(S)。 5、针对实际应用,本文还提出了一种安全投资的评价方法及其优化理论。     

安全仪表系统的性能维护及指标值计算

安全仪表系统（SIS）作为保障工业生产安全的重要措施,需要在危险发生时正确地执行其安全功能,采取有效措施维持安全仪表系统在运行阶段的性能是保障系统功能安全的关键。详细阐明了SIS在运行阶段应遵循风险评估分析、安全功能分配文件、安全要求规范、安全分析报告、安全完整性等级符合性等重要文档中的要求,给出了维持SIS安全完整性的主要活动,并在加强旁路、禁止和超驰控制管理,对SIS失效的响应、记录和分析,进行定期检查、维护和功能测试以及安全仪表系统的变更管理等方面提出了要求。提出了SIS的安全性能指标及目标值的简易计算方法,给出失效率更新流程、计算方法和功能安全测试间隔调整技术。所提的技术方法为如何保证安全仪表系统运行阶段的安全性能提供了有力指导,其可操作性强,便于在实际工程中进行应用。