Client name
Rev.
27/01/2020
Date
First review
2
1
0
ApprovedPrepared Reviewed
Refinery Expansion
SIL Verification Report
JBAHT AHT
Description
Sample Project
Project: Refinery Expansion Rev.1 by JB
SIL verification of Safety Instrumented Functions
1
Client name
Project: Refinery Expansion Rev.1 by JB
SIL verification of Safety Instrumented Functions
1. OBJETIVE & STANDARDS
The purpose of this report is the verification study of the Safety Instrumented Functions defined in the Process Hazardous
Analysis (PHA).
The recommendations of the following Standards have been taken into account:
-IEC 61508:2010
-IEC 61511:2016
-ISA-S84.01
2. CALCULATIONS & VERIFICATION
As calculation tool "SILcet 5.2" has been used
The following three requirements of the IEC 61511/61508 has been checked:
-Systematic Capability (SIL certification or proven in use/prior use justification).
-Architectural Constraints (minimum redundancy) based on the routes of the Standards.
-Compliance of the PFDavg/PFH according with the Standards.
3. PROJECT INFORMATION
Project name:
Project description:
Safety Requirement Specification reference: SRS-1200-01
4. GENERAL DATA
The following general parameters have been used.
Note 1: These values have been used only when there were no other values duly documented.
Parameter Sensor subsystem Logic Solver Actuator subsystem
Life Time (LT) 15 years 15 years 15 years
Operation mode Low demand Low demand Low demand
MTTRDD 48 hours 48 hours 48 hours
Beta factor 5% 2% 10%
Proof test coverage (Cpt) 90% 95% 70%
Test interval (TI) 1 year 4 years 1 year
Start-up time 24 hours 24 hours 24 hours
2
Client name
Project: Refinery Expansion Rev.1 by JB
SIL verification of Safety Instrumented Functions
5. VOTING DEGRADATION OF TRANSMITTERS
The most common voting scenarios utilized in the SIS are: One out of One (1oo1), One out of Two (1oo2), Two out of
Two (2oo2), and Two out of Three (2oo3).
The following table shows the configuration of the transmitters and the behaviour of the PLC on a Dangerous Detected
Failure (DD). In this project the philosophy is to keep reliability high.
SIFs with unique voting schemes not defined by 1oo1, 1oo2, 2oo2, or 2oo3 are to be considered on a case-by-case basis.
1oo2 Process Trip
2oo3 High Over Range Yes Yes 1oo2 Process Trip
2oo3 Low Under Range Yes Yes
1oo1 Process Trip
2oo2 High Over Range Yes Yes 1oo1 Process Trip
2oo2 Low Under Range Yes Yes
1oo1 Process Trip
1oo2 High Under Range Yes No 1oo1 Process Trip
1oo2 Low Over Range Yes No
No Alarm --
1oo1 High Under Range Yes No Alarm --
1oo1 Low Over Range Yes
2nd failure
Architecture degradation
PLC software
Transmitter
setting
Out of range
diagnostic
Channel
Trip
1st failure
Process
TripLogic
3
Client name
Pr. AC SC SFF (1H) DC SFF (1H) DC
1 1 2 1H 87,0% 52,5%
2 2 2 1H 87,0% 52,5%
2 2 3 1H 81,1% 52,5%
2 2 3 61511 0,0% 0,0%
2 2 3 1H 91,4% 52,5%
2 2 2 1H 92,8% 52,5%
1 1 3 1H 84,2% 52,5%
3 2 3 1H 81,1% 57,8%
Possible changes to SIFs not achieving the target values: Pr: Probability of failure
AC: Architectural Constraints
SC: Systematic Capability
SFF: Safe Failure Fraction
DC: Diagnostic Coverage=DD/(DD+DU)
MTTFS in years: Mean Time To Fail Spuriously
RRF: Risk Reduction Factor
SIL & RRF targets are not achieved
MTTFS target is not achieved
Achieved
SIL ACTUATOR
Lowest value for
SENSORS
Project: Refinery Expansion Rev.1 by JB
SUMMARY OF SIL VERIFICATION
TARGETSIF Tag
Ro
ute
M4-LT-1111-01
M4-LT-1212-01
M4-PT-2312-06
M4-PS-1112-10
ACHIEVED
SIL RRF PFDavg MTTFS
SIL-1
SIL RRF
SIL-1 20 56 1,79E-02 71
SIL-2 200 10
10
MTTFS
SIL-2 459 2,18E-03 44
SIL-2 200 10 SIL-2 459 2,18E-03 49
45
10 SIL-2 4285
SIL-2 130 10 SIL-1
SIL-2 200 10 SIL-2 239 4,19E-03 46
SIL-2 200 10 SIL-2 244 4,11E-03 28
No.
1
3
6
10
2,33E-04 34
55 1,82E-02 32
SIL-1 2061
SIL-2 200 10
30
40
45
M5-FT-2312-30
M5-BE-82412-01
M5-TT-21022-01-PVST
M5-PT-2312-G-01
SIL-2 439 2,28E-03
4
Client name
SIF: M4-LT-1111-01
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: U.R. Channel Trip: No
LOGIC SOLVER
ESD-1
1oo1 1oo1
LT-1 1oo2D XV-1
Input Input Output Output
voting Safety PLC voting
group Model: Generic group
actuator SIL-1 1,72E-02 125
10 MTTFS (y) 71 other -- -- --
On High High Level (LT-1) [1oo1] in Tank 100-1111 close valve XV-1 [1oo1]
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-1 SIL SIL-1 PFDavg SIL-1 sensor SIL-1 5,77E-04 836
20 RRF 56 Arch. C. SIL-1 logic solver SIL-3 1,65E-04 209
Route 1H PFDavg 1,79E-02 SC SIL-2
5
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-LT-1111-01
Tags
Tags
Tags
act_part isolator -- 0 114 0 0 A 100,0%
act_part actuator -- 0 286 0 199 A 59,0%
act_part solenoid -- 0 516 0 188 A 73,3%
actuator XV-1 1oo1 0 916 0 829 A 52,5%
act_part valve -- 0 0 0 442 A 0,0%
logicsolver ESD-1 1oo2D 11617 129 3815 241 B 98,5%
sen_part process -- 0 0 0 0 A 0,0%
sen_part interface -- 29 0 143 45 A 79,4%
sensor LT-1 1oo1 53 84 377 77 B 87,0%
sen_part transmitter -- 24 84 234 32 B 91,4%
Subsystem Logic SD SU DD DU Type SFF
act_part solenoid --
act_part isolator --
act_part valve --
act_part actuator --
actuator XV-1 1oo1 73% 1,0 15 0 24
sen_part interface --
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
sen_part transmitter --
sen_part process --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor LT-1 1oo1 95% 1,0 15 48 24
1,72E-02 1 0 3 1 125
-- 3 -- --
-- 3 -- --
5,77E-04 3 0 2 1 836
-- 3 -- --
-- -- --
PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)Logic
act_part valve --
actuator XV-1 1oo1
sen_part interface --
act_part solenoid --
act_part actuator
logicsolver ESD-1 1oo2D
sen_part transmitter --
sen_part process --
-- 2 -- --
1,65E-04 3 1 3 3 209
--
act_part isolator --
-- 3 -- --
-- 3 -- --
sensor LT-1 1oo1
Subsystem
6
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-LT-1212-01
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: U.R. Channel Trip: No
LOGIC SOLVER
LT-1A ESD-1 XV-1A
Input 1oo2 1oo2 Output
1oo2D
Input Output
LT-1B voting Safety PLC voting XV-1B
Input group Model: Generic group Output
Route 1H PFDavg 2,18E-03 SC SIL-2 actuator SIL-2 1,98E-03 66
10 MTTFS (y) 44 other -- -- --
On High High Level (LT-1A/B) [1oo2] in Tank 100-1111 close valve XV-1A/B
[1oo2]
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-2 PFDavg SIL-2 sensor SIL-2 2,90E-05 429
200 RRF 459 Arch. C. SIL-2 logic solver SIL-3 1,70E-04 204
7
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-LT-1212-01
Tags
Tags
Tags
100,0%
0 0 A 0,0%
29 0 143 45 A 79,4%
11804 133 3920 247 B 98,5%
--
-- 3 -- --
-- 3 -- --
--
-- 2 -- --
1,70E-04 3 1 3 3 204
sen_part process --
sen_part transmitter --
sen_part interface --
-- 3 --
-- --
actuator XV-1 1oo2
act_part valve --
logicsolver ESD-1 1oo2D
1,98E-03 2 1 3 2 66
-- 3 -- --
--
act_part isolator --
act_part actuator --
act_part solenoid --
3 --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor LT-1 1oo2 95% 1,0 15 5% 48 24
sen_part transmitter --
sen_part process --
sen_part interface --
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
act_part actuator --
actuator XV-1 1oo2 73% 1,0 15 10% 0 24
act_part isolator --
SD SU
act_part solenoid --
Subsystem Logic
sensor LT-1 1oo2
act_part valve --
sen_part interface --
logicsolver ESD-1 1oo2D
sensor LT-1 1oo2
sen_part transmitter --
53 84
24 84
0 0
actuator XV-1 1oo2 0 916 0 829 A 52,5%
act_part valve --
act_part actuator --
0 0 0 442 A 0,0%
0 286 0 199 A 59,0%
act_part solenoid --
act_part isolator --
0 516 0 188 A 73,3%
0 114 0 0 A
PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)
2,90E-05 4 1 2 2 429
--
DD DU Type SFF
377 77 B 87,0%
234 32 B 91,4%
sen_part process --
Subsystem Logic
8
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-PT-2312-06
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes
PT-6A
Input LOGIC SOLVER
ESD-1 XV-6A
2oo3 1oo2 Output
PT-6B 1oo2D
Input Input Output
voting Safety PLC voting XV-6B
group Model: Generic group Output
PT-6C
Input
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-2 PFDavg SIL-2 sensor SIL-2 5,25E-05 3866
On High High Pressure (PT-6A/B/C) [2oo3] in Vessel 100-2312 close valves
XV-6A/B [1oo2]
Route 1H PFDavg 2,18E-03 SC SIL-3
200 RRF 459 Arch. C. SIL-2 logic solver SIL-3 1,73E-04 201
actuator SIL-2 1,95E-03 66
10 MTTFS (y) 49 other -- -- --
9
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-PT-2312-06
Tags
Tags
Tags
-- --
Subsystem Logic
sen_part transmitter --
sen_part seal -- -- 3
act_part valve --
act_part actuator --
1,73E-04 3 1 3 3 201
actuator XV-6 1oo2 1,95E-03 2 1 3 2 66
-- 3 -- --
-- 3 -- --
act_part solenoid --
act_part isolator --
-- 3 -- --
sensor PT-6 2oo3 94% 1,0 15 5% 48 24
sen_part transmitter --
sen_part seal --
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
XV-6 1oo2 73% 1,0 15 10% 48 24
act_part valve --
PT-6
-- 3 -- --
Subsystem Logic SD SU DD DU Type SFF
act_part actuator --
act_part solenoid --
actuator
sen_part transmitter -- 279 94 0 41 B 90,1%
sen_part seal -- 0 0 0 46 A 0,0%
logicsolver ESD-1 1oo2D 11852 136 3968 250 B 98,5%
actuator XV-6 1oo2 0 916 0 829 A 52,5%
act_part valve -- 0 0 0 442 A 0,0%
act_part actuator -- 0 286 0 199 A 59,0%
act_part solenoid -- 0 516 0 188 A 73,3%
act_part isolator -- 0 114 0 0 A 100,0%
HFT SC SIL (arch) MTTFS (y)PFDavg SIL (pfd)
5,25E-05 4 1 3 2 3.866
0 87 B 81,1%
-- 3 -- --
act_part isolator --
logicsolver ESD-1 1oo2D
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor 2oo3 279 94
sensor PT-6 2oo3
10
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-PS-1112-10
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
LOGIC SOLVER
ESD-1 XV-6A
1oo1 1oo2 Output
PSHH-6 1oo2D
Input Input Output
voting Safety PLC voting XV-6B
group Model: Generic group Output
On High High Pressure [1oo1] in Vessel close valves XV-6A/B [1oo2]
200 RRF 239 Arch. C. SIL-2 logic solver SIL-3
IEC61511 PFDavg 4,19E-03 SC SIL-3 actuator SIL-2 1,95E-03 66
10 MTTFS (y) 46 other -- -- --
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-2 PFDavg SIL-2 sensor SIL-2 2,13E-03 892
1,07E-04 190
11
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M4-PS-1112-10
Tags
Tags
Tags
Logic
sen_part process --
sen_part switch -- -- 3 -- --
Subsystem
act_part isolator --
act_part actuator --
act_part solenoid --
actuator XV-6 1oo2
logicsolver ESD-1 1oo2D
act_part valve --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor PSHH-6 1oo1 90% 1,0 15 24
sen_part switch --
sen_part process --
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
--
actuator XV-6 1oo2 73% 1,0 15 10% 24
-- 3 -- --
-- 3 -- --
sensor PSHH-6 1oo1 0 128 0 203 A 0,0%
act_part valve --
act_part actuator
-- 0 128 0 203 A 0,0%
sen_part process -- 0 0 0 0 A 0,0%
sen_part switch
logicsolver ESD-1 1oo2D 11412 154 3371 165 B 95,3%
actuator XV-6 1oo2 0 916 0 829 A 0,0%
act_part valve -- 0 0 0 442 A 0,0%
A 0,0%
act_part actuator -- 0 286 0 199 A 0,0%
act_part solenoid -- 0 516 0 188 A 0,0%
1,95E-03 2 1 3
HFT SC
3 66
-- 3 -- --
-- 3 -- --
sensor PSHH-6 1oo1
act_part solenoid
SIL (arch) MTTFS (y)
2,13E-03 2 0 3 2 892
-- -- --
1,07E-04 3 1 3 3 190
PFDavg SIL (pfd)
Subsystem Logic SD SU DD DU Type DC
--
act_part isolator --
act_part isolator -- 0 114 0 0
12
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-FT-2312-30
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes
[FG] XV-30
1oo2 Output
FT-30A
Input LOGIC SOLVER Output
ESD-1 voting [FG] XV-31
2oo3 2oo2 group Output
FT-30B 1oo2D
Input Input Output
voting Safety PLC Group [NG] XV-32
group Model: Generic 1oo2 Output
FT-30C
Input Output
voting [NG] XV-33
group Output
actuator SIL-2 3,90E-03 33
10
SIL-2 logic solver SIL-3 1,78E-04 197
-- --
On Low Low Air Combustion Flow (FT-30A/B/C) [2oo3] in Incinerator 100-
2312 closes Fuel Gas Valves (1oo2 XV-30/31) & Natural Gas Valves (1oo2
XV-32/33) [2oo2 of FG & NG]
MTTFS (y) 28 other --
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-2 PFDavg SIL-2 sensor SIL-3 2,54E-05 4176
Route 1H PFDavg 4,11E-03 SC SIL-3
200 RRF 244 Arch. C.
13
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-FT-2312-30
Tags
Tags
Tags
197
actuator [FG] XV-30/31 1oo2
actuator [NG] XV-32/33 1oo2
1,95E-03 2 1 3 2 66
1,95E-03 2 1 3 2 66
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor FT-30 2oo3 90% 1,0 15 5% 48 24
sen_part transmitter --
sen_part process --
actuator [FG] XV-30/31 1oo2 73% 1,0 15 10% 48 24
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
actuator [NG] XV-32/33 1oo2
sen_part transmitter -- 258 84 0 32 B 91,4%
--
MTTFS (y)
2,54E-05 4 1 3 3
sensor FT-30 2oo3 258 84 0 32 B 91,4%
logicsolver ESD-1 1oo2D 12130 138 4082 256 B 98,5%
actuator [FG] XV-30/31 1oo2 0 916 0 829 A 52,5%
actuator [NG] XV-32/33 1oo2 0 916 0 829 A 52,5%
sen_part transmitter --
logicsolver ESD-1 1oo2D 1,78E-04
FT-30 2oo3
3 1 3 3
-- --
-- --
73% 1,0 15 10% 48 24
Subsystem Logic
sensor
sen_part process --
4.176
-- 3
sen_part process -- 0 0 0 0 A 0,0%
PFDavg SIL (pfd) HFT SC SIL (arch)
Subsystem Logic SD SU DD DU Type SFF
14
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
Groups: [Fuel-Gas] XV-30/31 & [N.Gas] XV-32/33
Tags
Tags
Tags
act_part driver -- -- 3 -- --
act_part actuator -- -- 3 -- --
act_part solenoid -- -- 3 -- --
actuator [NG] XV-32/33 1oo2 1,95E-03 2 1 3 2 66
act_part valve -- -- 3 -- --
act_part driver -- -- 3 -- --
act_part actuator -- -- 3 -- --
act_part solenoid -- -- 3 -- --
actuator [FG] XV-30/31 1oo2 1,95E-03 2 1 3 2 66
act_part valve -- -- 3 -- --
Subsystem Logic PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)
act_part solenoid --
act_part driver --
act_part valve --
act_part actuator --
actuator [NG] XV-32/33 1oo2 73% 1,0 15 10% 48 24
act_part solenoid --
act_part driver --
act_part valve --
act_part actuator --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
actuator [FG] XV-30/31 1oo2 73% 1,0 15 10% 48 24
act_part driver -- 0 114 0 0 A 100,0%
act_part actuator -- 0 286 0 199 A 59,0%
act_part solenoid -- 0 516 0 188 A 73,3%
actuator [NG] XV-32/33 1oo2 0 916 0 829 A 52,5%
act_part valve -- 0 0 0 442 A 0,0%
0 516 0 188 A 73,3%
act_part driver -- 0 114 0 0 A 100,0%
Subsystem Logic SD SU DD DU Type SFF
actuator [FG] XV-30/31 1oo2 0 916 0 829 A 52,5%
act_part valve -- 0 0 0 442 A 0,0%
act_part actuator -- 0 286 0 199 A 59,0%
act_part solenoid --
15
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-BE-82412-01
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes
BE-40A BE-40M 8oo24
BE-40B BE-40N LOGIC SOLVER
BE-40C BE-40O Input ESD-1 XV-40A
BE-40D BE-40P voting 1oo2 Output
BE-40E BE-40Q group 1oo2D
BE-40F BE-40R Output
BE-40G BE-40S Safety PLC voting XV-40B
BE-40H BE-40T Model: Generic group Output
BE-40I BE-40U
BE-40J BE-40V
BE-40K BE-40W
BE-40L BE-40X
actuator SIL-2 1,95E-03 66
10 MTTFS (y) 45 other -- -- --
If flame is lost in 8 or more flame detectors (BE-40A/…/X) [8oo24] close
Fuel-Gas Valves XV-40A/B
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-2 PFDavg SIL-2 sensor SIL-2 9,66E-05 2419
200 RRF 439 Arch. C. SIL-2 logic solver SIL-3 2,32E-04 153
Route 1H PFDavg 2,28E-03 SC SIL-2
16
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-BE-82412-01
Tags
Tags
Tags
act_part driver -- 0 114 0 0 A 100,0%
act_part actuator -- 0 286 0 199 A 59,0%
act_part solenoid -- 0 516 0 188 A 73,3%
actuator XV-40 1oo2 0 916 0 829 A 52,5%
act_part valve -- 0 0 0 442 A 0,0%
logicsolver ESD-1 1oo2D 12860 199 4976 313 B 98,3%
sensor BE-40 8oo24 877 67 0 73 B 92,8%
Subsystem Logic SD SU DD DU Type SFF
act_part solenoid --
act_part driver --
act_part valve --
act_part actuator --
actuator XV-40 1oo2 73% 1,0 15 10% 48 24
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor BE-40 8oo24 64% 1,0 15 5% 48 24
act_part driver -- -- 3 -- --
act_part actuator -- -- 3 -- --
act_part solenoid -- -- 3 -- --
actuator XV-40 1oo2 1,95E-03 2 1 3 2 66
act_part valve -- -- 3 -- --
logicsolver ESD-1 1oo2D 2,32E-04 3 1 3 3 153
2.419
Subsystem Logic PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)
sensor BE-40 8oo24 9,66E-05 4 16 2 4
17
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-TT-21022-01-PVST
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes
XV-43
1oo2 Output
TT-43A 2oo10
TT-43B LOGIC SOLVER Output
TT-43C Input ESD-1 voting XV-44
TT-43D voting 2oo2 group Output
TT-43E group 1oo2D
TT-43F Output
TT-43G Safety PLC Group 1oo1
TT-43H Model: Generic XV-45
TT-43I Output Output
TT-43J voting
group
Route 1H PFDavg 1,82E-02 SC SIL-3 actuator SIL-1 1,79E-02 42
10 MTTFS (y) 32 other -- -- --
On High Temperature in Bed 1 of Reactor TT-43A/…/J (2oo10) open valves
XV-43/44 (1oo2) and close valve XV-45 (1oo1) [2oo2 with 2 groups]
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-2 SIL SIL-1 PFDavg SIL-1 sensor SIL-3 1,31E-04 665
130 RRF 55 Arch. C. SIL-1 logic solver SIL-3 1,94E-04 180
18
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-TT-21022-01-PVST
Tags
Tags
Tags
act_part solenoid -- 0 516 0 188 A 73,3%
act_part driver -- 0 114 0 0 A 100,0%
act_part valve -- 0 0 0 442 A 0,0%
act_part actuator -- 0 286 0 199 A 59,0%
actuator XV-43/44 1oo2 0 962 0 665 A 59,1%
actuator XV-45 1oo1 0 916 0 829 A 52,5%
logicsolver ESD-1 1oo2D 12327 158 4361 274 B 98,4%
sen_part process -- 1600 0 0 400 A 80,0%
sensor TT-43 2oo10 2356 34 0 448 B 84,2%
sen_part transmitter -- 756 34 0 48 B 94,3%
act_part driver --
Subsystem Logic SD SU DD DU Type SFF
act_part actuator --
act_part solenoid --
actuator XV-45 1oo1 73% 1,0 15 48 24
act_part valve --
actuator XV-43/44 1oo2 90% 1,0 15 10% 48 24
logicsolver ESD-1 1oo2D 99% 4,0 15 2% 48 24
sen_part transmitter --
sen_part process --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
sensor TT-43 2oo10 98% 1,0 15 5% 48 24
act_part solenoid -- -- 3 -- --
act_part driver -- -- 3 -- --
act_part valve -- -- 3 -- --
act_part actuator -- -- 3 -- --
actuator XV-43/44 1oo2 7,30E-04 3 1 3 2 62
actuator XV-45 1oo1 1,72E-02 1 0 3 1 125
logicsolver ESD-1 1oo2D 1,94E-04 3 1 3 3 180
665
sen_part transmitter -- -- 3 -- --
sen_part process -- -- 3 -- --
sensor TT-43 2oo10 1,31E-04 3 8 3 4
Subsystem Logic PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)
19
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-PT-2312-G-01
Arch. Constraints: Route 1H of IEC61508 with few exceptions
based on IEC 61511.
Factors for Maintenance Capability:
Cpt=1 TI=1
Out of range diagnostic: ON Sensor Fault: -- Channel Trip: Yes
XV-6A
1oo2 Output
PT-6A
Input LOGIC SOLVER Output
voting XV-6B
2oo3 1oo2 group Output
PT-6B 1oo2D
Input Input Output
voting Safety PLC Group 1oo1
group Model: Generic Pump-61
PT-6C Output Output
Input voting
group
Required Achieved Achieved Achieved PFDavg MTTFS (years)
SIL-1 SIL SIL-2 PFDavg SIL-3 sensor SIL-2 5,25E-05 3866
20 RRF 4.285 Arch. C. SIL-2 logic solver SIL-3 1,75E-04 199
On High High Pressure (PT-6A/B/C) [2oo3] close valves XV-6A/B [1oo2] OR
stop Pump 61.
Route 1H PFDavg 2,33E-04 SC SIL-3 actuator SIL-2 5,52E-06 41
10 MTTFS (y) 34 other -- -- --
20
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF: M5-PT-2312-G-01
Tags
Tags
Tags
act_part [1oo1] Pump 61 -- 0 1050 0 606 A 63,4%
actuator 1oo2 (see CF-A) 1oo2 A 57,8%
act_part [1oo2] XV-6A/B -- 0 916 0 829 A 52,5%
logicsolver 1oo2D 11991 137 4025 253 B 98,5%
sen_part transmitter -- 279 94 0 41 B 90,1%
sen_part seal -- 0 0 0 46 A 0,0%
Subsystem Logic SD SU DD DU Type SFF
sensor PT-6 2oo3 279 94 0 87 B 81,1%
act_part [1oo2] XV-6A/B -- 73% 1,0 15 10% 48 24
act_part [1oo1] Pump 61 -- 95% 1,0 15 48 24
actuator 1oo2 (see CF-A) 1oo2
sen_part seal --
logicsolver 1oo2D 99% 4,0 15 2% 48 24
sensor PT-6 2oo3 94% 1,0 15 5% 48 24
sen_part transmitter --
Subsystem Logic Cpt TI (y) LT (y) Beta MTTRdd Startup(h)
act_part [1oo1] Pump 61 -- -- 3 -- --
actuator 1oo2 (see CF-A) 1oo2 5,52E-06 4 1 3 2 41
act_part [1oo2] XV-6A/B -- -- 3 -- --
5,25E-05 4 1 3 2 3.866
sen_part transmitter -- -- 3 -- --
sen_part seal -- -- 3 -- --
Subsystem Logic PFDavg SIL (pfd) HFT SC SIL (arch) MTTFS (y)
sensor PT-6 2oo3
logicsolver 1oo2D 1,75E-04 3 1 3 3 199
21
Client name
Rev.1 by JBProject: Refinery Expansion
SIL verification of Safety Instrumented Functions
SIF tag: CF-A
Subsystem: actuator
Group 1 XV-6
Group 2 Pump-61
Group 3
Group 4
Group 5
Combined
Achieved :
Tags
Tags
Tags
1oo2 0 1050 0 829
1oo2 0% 0% 0 0
Logic SD SU DD DU
1oo2 5,52E-06 41 1 15
Logic Cpt Beta MTTRdd Startup
actuator Pump-61 1oo1 4,50E-03 109 1 15
1oo2 Final Element used in SIF with tag M5-PT-2312-G-01
-- [1oo2] of XV-6A/B [1oo2] & Pump-61 [1oo1]1oo1
Logic PFDavg MTTFS
1oo2 5,52E-06 41
Subsystem
actuator
actuator
actuator
XV-6 1oo2 73% 10% 48 24
Pump-61 1oo1 95% 0% 48 24
Combined
Subsystem
actuator
actuator
Combined
Subsystem
SIL-4
Logic PFDavg MTTFS (y) TI (y) LT (y)
XV-6 1oo2 1,98E-03 66 1 15
XV-6 1oo2 0 916 0 829
Pump-61 1oo1 0 1050 0 606
Combined
22
Description Vendor Fail-High Fail-LowFail-
DetectedSD SU DD DU Type SC
DEVICES OF SENSOR SUBSYSTEM
3051 Pressure Transmitter (Coplanar Absolute) Emerson 29 28 222 0 94 0 41 B 3
3051 Pressure Transmitter (Coplanar Differential) Emerson 24 27 207 0 84 0 32 B 3
YTA710 Temperature Transmitter Yokogawa 65 65 626 0 34 0 48 B 3
1199 Remote Seal, High Trip, normal service Rosemount 0 0 0 0 0 0 46 A 3
Generic clean process connection 0 0 0 0 0 0 0 A
IS Isolator AI/AI P+F 28,5 143 0 0 0 0 45 A 2
Generic RTD 2/3 wires 600 1000 0 0 0 0 400 A 3
Absolute Pressure Switch series M, B, A, D, PC, PX Ettore Cella 0 0 0 0 128 0 203 A 3
X2200 Flame Detector, 4-20 mA output Det-Tronics 10 121 746 0 67 0 73 B 2
DEVICES OF FINAL ELEMENTS
Floating Ball Valve, C series, Full Stroke, Clean Service Mogas 0 0 0 442 A 3
Actuator VL series, spring cylinder, Air-to-Retract Flowserve 0 286 0 199 A 3
Solenoid series 327, De-energize to trip ASCO 0 516 0 188 A 3
DO interface, Solenoid Driver P+F 0 114 0 0 A 3
MODULES OF GENERIC SIL-3 PLC
CPU 7430 75 2370 125 B 3
Power Supply 2250 0 250 0 B 3
AI module 990 10 900 100 B 3
AI channel 48 3 48 3 B 3
DI module 570 30 380 20 B 3
DI channel 124 7 67 4 B 3
DO module - output low 760 40 190 10 B 3
DO channel - output low 139 1 57 3 B 3
DO module - output high 760 40 190 10 B 3
DO channel - output high 277 3 114 6 B 3
FAILURE RATES (FITS)
Project: Refinery Expansion
SIL VERIFICATION - LIST OF PRODUCTS
Rev.1 by JB
23