Combining field failure data with new instrument design margins to predict failure rates for SIS Verification. Abstract

Similar documents
Criteria for the Application of IEC 61508:2010 Route 2H

A NEW APPROACH FOR VERIFICATION OF SAFETY INTEGRITY LEVELS ABSTRACT

Uncertainty Analysis for Target SIL Determination in the Offshore Industry

Logic Solver for Tank Overfill Protection

Quality Control Products

Automation 2013 Mumbai 2013 Fieldbus Foundation

Reliability/availability methods for subsea risers and deepwater systems design and optimization

DeltaV SIS Logic Solver

Faculty of Science and Technology MASTER S THESIS. Faculty supervisor: Prof. Eirik Bjorheim Abrahamsen (University of Stavanger)

Educational Courses 2016

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Your Global Automation Partner. IMX12-DI01 Isolating Switching Amplifier. Safety Manual

PCI Express Receiver Design Validation Test with the Agilent 81134A Pulse Pattern Generator/ 81250A ParBERT. Product Note

Electrical and Automation Engineering, Fall 2018 Spring 2019, modules and courses inside modules.

An expanded role. ABB s 800xA Simulator is now being used throughout the complete life cycle of an automation system

PLAN... RESPOND... RESTORE! Utility Automation & Information Technology... Automation Rising

Owner Operator Guide to Emerging Smart Technology

Functional safety for semiconductor IP

I&C Status in France & Recommendations to IAEA

18th World Conference on Non-destructive Testing, April 2012, Durban, South Africa

UNIT-4 POWER QUALITY MONITORING

Offshore Wind Risks - Issues and Mitigations

Introduction. AC or DC? Insulation Current Flow (AC) 1. TECHNICAL BULLETIN 012a Principles of Insulation Testing. Page 1 of 10 January 9, 2002

PRIMATECH WHITE PAPER COMPARISON OF FIRST AND SECOND EDITIONS OF HAZOP APPLICATION GUIDE, IEC 61882: A PROCESS SAFETY PERSPECTIVE

Instrumentation and Control Technician A Guide to Course Content Implementation Beginning with Level 1 April 2013

New concepts are emerging frequently in various fields such as: microprocessor sensors,

GENERATOR TESTING APPLICATION GUIDE. reliable. precision.

MarketsandMarkets. Publisher Sample

Agilent Highly Accurate Amplifier ACLR and ACPR Testing with the Agilent N5182A MXG Vector Signal Generator. Application Note

SITRANS SCSC, TCSC. With SIL qualification. Safety Manual

Agilent NFA Noise Figure Analyzer

Solution of Pipeline Vibration Problems By New Field-Measurement Technique

Keeping Your House in order?

Instrumentation, Controls, and Automation - Program 68

Cisco Smart SFP Network Interface Device

TAKING DIAGNOSTICS TO THE NEXT LEVEL ENDRESS+HAUSER

Evaluation and Limitations of Corona Discharge Measurements An Application Point of View

Identification and Reduction of Risks in Remote Operations of Offshore Oil and Gas Installations

Implementing FPSO Digital Twins in the Field. David Hartell Premier Oil

TEST REPORT IEC Information technology equipment Safety Part 1: General requirements

ACK. Menue. Channel 1 Alarm Channel 2 Ch 2. Outputs. Filter constant. Output: Current limit 0.11 A ± 10 % Int. voltage drop 2.5 V at max.

AUTOMATED BEARING WEAR DETECTION. Alan Friedman

TPS 49 EDITION 2 JUNE 2009

Real-time Gas Lift Optimisation using Production Universe RTO

PREFERRED RELIABILITY PRACTICES. Practice:

Yolande Akl, Director, Canadian Nuclear Safety Commission Ottawa, Canada. Abstract

Three-Phase Transformer Test Systems

Fieldbus Foundation

Vibrating Switches SITRANS LVL 200S, LVL 200E. Safety Manual. Transistor (NPN/PNP) With SIL qualification

Learning from the Causes of Failures of Offshore Riser Emergency Shutdown Valves

Application of Lean Six-Sigma Methodology to Reduce the Failure Rate of Valves at Oil Field

ISA101, Human Machine Interfaces

Using Critical Zone Inspection and Response Monitoring To Prove Riser Condition. M Cerkovnik -2H Offshore

TECHNICAL DATASHEET #TDAX021901

Process Control Calibration Made Easy with Agilent U1401A

GA A25824 A NEW OVERCURRENT PROTECTION SYSTEM FOR THE DIII-D FIELD SHAPING COILS

Power Factor Insulation Diagnosis: Demystifying Standard Practices

TEK-TEMP 2100A. Explosion-Proof Temperature Transmitter. TEMPERATURE. Technology Solutions

Technical Data. General specifications. Rated operating distance s n 3 mm

CIRCUITS THAT ARE AVAILABLE ON LODAR RECEIVERS Features listed below are available on 92 Series and 93 Series

Identifying Gas Ultrasonic Meter Problems Using Advanced Techniques

Milano, 18 Aprile 2018 Auditorio TECNIMONT

DOW IMPROVES INSTRUMENT RELIABILITY 66% AND SAVES MILLIONS OF DOLLARS WITH REAL-TIME HART TECHNOLOGY

TECHNOLOGY QUALIFICATION MANAGEMENT

Instrumentation and Control

ISO/IEC TS TECHNICAL SPECIFICATION

Output performance: Analogue output accuracy check. Pulse output accuracy check.

A Rebirth in the North Sea or simply a False Dawn

This is a preview - click here to buy the full publication

A Tale of Tearouts: Web Supplement

This document is a preview generated by EVS

Quality Management for Advanced Classification. David Wright Senior Munitions Response Geophysicist CH2M HILL

TECHNICAL DATASHEET #TDAX QUAD VALVE CONTROLLER P/N: AX SERIES

Confidently Assess Risk Using Public Records Data with Scalable Automated Linking Technology (SALT)

Technology Qualification Program Integrated with Product Development Process

TROUBLESHOOTING A TECHNICIAN S GUIDE 2ND EDITION. William L. Mostia, Jr., P. E. ISA TECHNICIAN SERIES

Application Information Magnetic Sensor ICs Offer Integrated Diagnostics for ASIL Compliance

TEST REPORT IEC Information technology equipment Safety Part 1: General requirements

This document is a preview generated by EVS

MPU 200 Series B. Ultrasonic Gas Flowmeter. Specifications. Features. Principle of Operation

By Mark Hindsbo Vice President and General Manager, ANSYS

Usability and ergonomics in medical equipment

IBC Information and Communication Committee, Nils Andreas Masvie 27 January Paris Marriott Opera Hotel. Ungraded

AN AIDED NAVIGATION POST PROCESSING FILTER FOR DETAILED SEABED MAPPING UUVS

2600T Series Pressure Transmitter Model 264DS Differential Pressure Transmitter. Kent-Taylor

P&ID (PIPING & INSTRUMENTATION DIAGRAM) & ENGINEERING DRAWINGS INTERPRETATION

CPET 575 Management Of Technology. Patterns of Industrial Innovation

ETSU V/06/00187//REP; DTI Pub/URN 01/799 (for Ove Arup reference:

DEFERRING REPLACEMENT OF A 600 MVA, 345GRD Y/138GRD Y/ 13.8 kv SHELL TYPE WESTINGHOUSE AUTOTRANSFORMER

Software Aging by D. L. Parnas

M&M MANUFACTURING COMPANY 4001 Mark IV Parkway, Fort Worth, TX Voice (817) Fax (817)

33 rd International North Sea Flow Measurement Workshop October 2015

Passive Acoustic Leak Detection

2-WiRE LEvEL TRansmiTTER PRELEvEL 5343 ConTEnTs

Smart City Indicators

Blade Tip Timing Frequently asked Questions. Dr Pete Russhard

EMIT. RF Cosite and Coexistence RFI Modeling and Mitigation

Cathodic Protection & Monitoring

Vantage? with. Is there an advantage. Test Bench

Model R86 26 GHz Pulse Burst Radar Level Transmitter

Transcription:

Combining field failure data with new instrument design margins to predict failure rates for SIS Verification. Website: www.exida.com Iwan van Beurden, Dr. William M. Goble exida 64 N Main St. Sellersville, PA 18960 Abstract Performance based functional safety standards like IEC 61511 offer many advantages including the opportunity to optimize and upgrade Safety Instrumented System (SIS) designs. But performance calculation depends upon realistic failure data for instruments used. A predictive analysis technique called Failure Modes Effects and Diagnostic Analysis (FMEDA) has been developed along with a component failure rate database that can predict failure rates of instruments based on their design strength and the expected stress environment. This method has been calibrated with over 150 billion unit operating hours of field failure data over the last 15 years. V1.4 12/10/2014 Page 1 of 8

Introduction Functional Safety Standards [1,2] have provided a logical framework for the lifecycle management of automatic protection functions called Safety Instrumented Functions (SIF) in the process industries. From the pioneering document done by ISA [3] in 1996 through the latest updates of the IEC standards, these methods have grown to become global common practice. One of the essential concepts in these standards is the use of probabilistic analysis to provide a measure of performance for any specific design. An SIS designer creates an instrumentation design then obtains all failure rates for all devices in a SIF. Probabilistic failure analysis using that data will determine if the given design meets risk reduction targets. The failure rate data obtained must be realistic or even conservative. Failure Rate Sources Failure data can be obtained from several sources: Industry Databases, Committee Estimates, Manufacturer Warranty Analysis, and Company Failure Databases. Industry databases gather field failure data and publish aggregated results. One of the most useful for the process industries is the Offshore Reliability Data (OREDA)[4]. Failure data is gathered from member operating companies in the North Sea, analyzed by SINTEF in Norway, and published. SINTEF publishes the PDS Data Handbook [5] based on a number of sources including the OREDA data. The PDS Data Handbook presents generic data that is not product specific which includes safe failure rate, dangerous failure rate, diagnostic coverage, factors, and common cause estimates. The data collection process is quite thorough with all failures recorded, both product related failures and site related failures such as maintenance errors [6]. Many organizations / companies have also created their own list of failure rates. In some examples, a committee meets and estimates failure rates based on the experience of the committee members. The methods used are rarely published yet those numbers are useful for comparison purposes as they represent an experienced opinion. Some manufacturers will analyze their warranty return failure data and publish failure rates. This data can be useful for some purposes but definitions and limitations cause problems. Manufacturers tend to use a narrow definition of a "failure" that excludes many of the returned items. Hence a detail review shows many returns classified as "not a failure" or "no problem found" or "customer abuse." Given the limitations of not knowing what percentage of failed units are returned and the inability to know field operational hours, failure rates tend to be quite V1.4 12/10/2014 Page 2 of 8

optimistic and not likely suitable for SIF verification. However the data can be used to generate upper bound and lower bound numbers that are useful for comparison purposes. Company Failure Databases represent great potential to provide realistic failure data. Although data collection process audits [7] have shown substantial differences in methods used to collect data, the biggest issue is the definition of "failure." That varies substantially from site to site with resulting differences of 2X to 20X in the resulting failure rates. Given good definitions of failure as used by SINTEF and clear definitions of what is included in the data, the analysis results can be the most valuable source of data. DOW published a study of their field failure data collection system [8]. The methods used were reviewed with exida during a series of meetings with DOW in the Netherlands and the details of the included devices were described. In the author's opinion, this study represents clearly defined, realistic data for product failures. Failure Modes Effects and Diagnostics Analysis One significant problem with all field failure data gathering techniques is that often a product will become obsolete before enough data is gathered to obtain a failure rate. It was clear when the functional safety standards were being debated that a predictive method was needed both for new products and for products where little data had been gathered. The FMEDA technique was developed by engineers from exida to provide a means to predict not only failure rates but failure rates per failure mode, diagnostics coverage factors, and useful life. The method is based on the complexity and design strength of a product. The FMEDA method accounts for the automatic diagnostics being developed at the time. The technique was first published in 1992 as "Coverage Analysis" in Chapter 6 of [9] and later named FMEDA [10, 11]. The FMEDA method examines each component in a product design. For each component, all failure modes are listed and analysis is done to determine the impact of that component failure mode on the product. An FMEDA is verified by a set of sample fault simulation / injection tests which are done to simulate the component failure mode in the actual product. Failure data for each component is required. This component data comes from a component database that must include failure rates and failure mode distributions of each component as a function of environmental operating profile (expected stress conditions) [12]. The useful life of each component should also be listed as a function of operating profile. Both electronic and mechanical components must be included [13]. An FMEDA can provide realistic predictions of failure rates for each failure mode and useful life. However, the FMEDA method can also V1.4 12/10/2014 Page 3 of 8

generate nonsense if the analyst does not have a good component failure data handbook. Therefore it is essential that such component failure rates be constantly compared with actual field failure data. Comparison of results with field failure data Consider a pressure transmitter. Most designs are microcomputer based with complex electronics as well as mechanical parts. Figure 1 shows several total failure rate numbers from s compared to the DOW field data [8]. The average of the FMEDA results from several different transmitter designs equals 5.02E-07 compared to the DOW number of 4.96E- 07. This is extremely close given the uncertainty of the results. 9.00E 07 8.00E 07 7.00E 07 6.00E 07 5.00E 07 4.00E 07 3.00E 07 2.00E 07 1.00E 07 0.00E+00 Failures per hour OREDA Field Data Analog Old Analog, Pre IC Smart Gen 2 Smart Safety Cert 1 Safety Cert 2 DOW Field Data exida FMEDA Average 0 2 4 6 8 Pressure Transmitter Total Failure Rate Figure 1: Pressure Transmitter Total Failure Rate Comparison The PDS Handbook based on OREDA states clearly that their pressure transmitter numbers include "the sensing element, local electronics and process isolation valves / process connections." So that number cannot provide any useful comparison as none of the above V1.4 12/10/2014 Page 4 of 8

numbers included isolation valves or process connections. OREDA Volume 1 [4] states that the mean failure rate for pressure transmitters (Taxonomy 4.2.3) is 4.2E-07 failures per hour. That is also very close to the FMEDA results but may indicate that FMEDA failure rate numbers are slightly and conservatively high. The FMEDA technique can be used for mechanical devices as well [13, 14]. A comparison of total failure rate numbers for solenoid valves is shown in Figure 2. FMEDA results distinguish the difference between solenoid valve designs. The difference in complexity between a poppet design and a spool design is significant and shows up in the predicted failure rates. DOW engineers did confirm that their data aggregates different types of solenoid valves including both poppet and spool. The FMEDA average of two poppet types and two spool types is higher than the DOW number but well within a reasonable range. The OREDA data book provides failure rate data only for final element assemblies. Therefore no information applicable to a solenoid valve was found. It is important to compare published failure rates to realistic field studies. Some published data points appear to be unrealistic. Two data points, a manufacturer warranty data point [15], is well below all other data points. Other "FMEA" based numbers published for a solenoid valve are quite low [16]. V1.4 12/10/2014 Page 5 of 8

1.00E 06 9.00E 07 8.00E 07 7.00E 07 6.00E 07 5.00E 07 4.00E 07 3.00E 07 2.00E 07 1.00E 07 0.00E+00 Manufacturer Warranty Data TÜV Certificate Data Average Spool Solenoid 1 Poppet Solenoid 1 Spool Solenoid 2 Poppet Solenoid 2 Solenoid Valve Total Failure Rate Spool Solenoid 3 DOW Field Data Figure 2: Solenoid Valve Total Failure Rate Comparison. V1.4 12/10/2014 Page 6 of 8

Conclusion There is a strong indication that a predictive FMEDA with a good component data handbook [12] generates realistic failure data for any product type based on analysis of the design and the operational stress conditions. It is expected that recent emphasis on field failure data collection will aid in the generation of quality data for future refinement of the component database used to generate FMEDA results. References 1. IEC 61508, Functional Safety of electrical / electronic / programmable electronic safetyrelated systems, Geneva, Switzerland, 2000. 2. IEC 61511, Application of Safety Instrumented Systems for the Process Industries, Geneva, Switzerland, 2003. 3. ISA 84.01-1996 (now called ANSI / ISA 84.00.01-2004 (IEC 61511)), International Society of Automation, Research Triangle Park, NC, 1996. 4. OREDA, Offshore Reliability Data, 5th Edition, Volume 1 - Topside Equipment, Det Norske Veritas, Trondheim, Norway, 2009. 5. Reliability Data for Safety Instrumented Systems, PDS Data Handbook, 2014 Edition, SINTEF Technology and Society, Trondheim, Norway, 2010. 6. Aarø, Ragnar, Use of failure data from analysis and operational experience, IFEA Seminar on IEC 61508/61511, Sandefjord, Norway, 7th 8th March, 2012. 7. Goble, W. M., Field Failure Data the Good, the Bad and the Ugly, exida, Sellersville, PA, www.exida.com/resources/whitepapers. 8. Skweres, Patrick and Thibodeaux, John, Establishing a Instrument and Analyzer Reliability Program in Support of Independent Protection Layers, Proceedings of the 63rd Annual Instrument Symposium for the Process Industries, Texas A&M, January 29-31, 2008. 9. Goble, W. M., Evaluating Control Systems Reliability, Techniques and Applications, NC: Research Triangle Park, Instrument Society of America, 1992. V1.4 12/10/2014 Page 7 of 8

10. Goble, W.M., The Use and Development of Quantitative Reliability and Safety Analysis in New Product Design, University Press, Eindhoven University of Technology, Netherlands: Eindhoven, 1998. 11. W. M. Goble and A. C. Brombacher, Using a Failure Modes, Effects and Diagnostic Analysis (FMEDA) to Measure Diagnostic Coverage in Programmable Electronic Systems, Reliability Engineering and System Safety, Vol. 66, No. 2, November 1999. 12. Electrical & Mechanical Component Reliability Handbook, 4th Edition, exida, Sellersville, PA, 2014. See www.exida.com 13. W.M. Goble and J.V. Bukowski, Development of a Mechanical Component Failure Database, 2007 Proceedings of the Annual Reliability and Maintainability Symposium, NY: NY, IEEE, 2007. 14. Bukowski, J. V., Goble, W. M., "Validation of a Mechanical Component Constant Failure Rate Database," Proceedings Annual Reliability and Maintainability Symposium, January 2009, Fort Worth, TX, pp. 338-343. 15. IEC 61508 Component Assessment, FP10, AEAT/61508/LRSB/10738/A03, AEA Technology, 28 June 2005. 16. Report No. V372 2010 S1, TÜV Rheinland Energie and Umwelt GmbH, 2011. V1.4 12/10/2014 Page 8 of 8

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback