Safety & Security SIL always in mind

REMBE® GmbH Safety + Control

Bild: Kuzma
28.05.2015

The issue of Safety Integration Level (SIL) is as complex as it is topical. It has been proved by a large number of committee activities. Therefore it is high time to look at the issue in terms of explosion protection while at the same time considering the wider picture, looking beyond electric, electronic and programmable electronic systems.

Sponsored Content

For the first time, manufacturers and operators are being enabled to meet existing as well as even tighter future requirements with regard to assessments of the safety of protection systems in explosion-prone environments. Rembe is the first company worldwide to offer SIL-equivalent parameters for mechanical (flameless) explosion venting products and the relevant signallers.

When assessing the functional safety of a protection system, it is above all important to ensure that its reliability matches the risks of a plant that is in danger. Such a SIL classification is based on a risk assessment that covers the probability of failure in a safety setup within a given scenario and the potential severity of any resulting damage. The defined tables and values, which can be found, for instance, in EN ISO 13849, lead to the required SIL level for the relevant (electronic) component. The higher the probability of occurrence and/or the potential severity of damage, the higher the requirements should be on the electronic componentry and also on the necessary SIL level. Any facilities with­ SIL level 4 certification thus offer the best risk minimisation and must be provided wherever probability and potential severity are especially high.

The risk assessment then forms the basis for an evaluation of measures designed to help reduce those two factors: probability of occurrence and potential severity of damage. The former is mitigated through preventive action, (e.g. inertisation devices to prevent the occurrence of hazardous explosion-prone atmospheres). The severity of damage can be reduced through measures (e.g. explosion suppression systems).

SIL and “passive” explosion protection

SIL looks at the source which produces the functional safety of (E/E/PE) systems. The overall regulatory framework on which all certification is based is IEC 61508. Statements on the “average probability of failure of the protective function at the point of requirement” have been available for quite a while as active protection systems, e.g., for Rembe’s Q-Bic suppression systems. Mechanical protection systems are not covered in this directive and therefore cannot be certified under it. This has been the theory up to now. In practice, something else is required; many plant manufacturers and operators feel committed to SIL and demand that reliability parameters also be available for mechanical protection systems, as they are often used in combination with (E/E/PE) systems and can only produce a consistent protection policy in its “overall effect”. Moreover a number of standards such as TRBS 2152-5 will expressly require certain SIL levels for protection systems in the future.

These practical requirements prompted Rembe to take action: “Based on our close collaboration with customers and their planning and engineering offices, we are well aware that massive practical problems are likely to occur unless attention is paid to the safety gap of mechanical protection systems when reviewing the functional safety of explosion protection. With this in mind, we have set ourselves the task of finding a practical solution to the problem. After all, we are well aware of the vehement debates on the pros and cons of SIL outside electric, electronic and programmable electronic systems,” says Johannes Lottermann, PhD (Eng), Senior Consultant on Explosion Safety at Rembe.

Based on these findings and its readiness for change, Rembe has worked with IQZ, a German Institute of Quality and Reliability Management. Together, they have developed a transparent and legally sound methodology to assign SIL equivalents to Rembe products despite their purely mechanical functions. The resulting PFD values (Probability of Failure on Demand) can thus be translated into “SIL language” under IEC 61508. It turned out that the company’s bursting disks had a SIL equivalent of 4, and the flameless venting devices a SIL had an equivalent of 2, due to the integrated electronic components of this SIL level.

Johannes Lottermann says: “As we worked with renowned experts on the development of transparent methods in setting up PFDs, we are confident that the PFDs will be accepted in practice. Rembe can be proud that, for the first time, this innovative approach is finally shedding some light into the darkness when it comes to assessing the functional safety of overall plant protection.
In a recent project, thanks to the SIL-equivalent parameters of our bursting disks, we helped a customer in New Zealand calculate the overall failure probability of their vented system which was protected by electronically controlled extinguishing barriers. This was a requirement specified by the relevant authority, and it was possible to complete the approval documents which, otherwise, would probably still be outstanding.”

“The results of the relatively high SIL equivalents did not actually surprise us all that much,” says Stefan Penno, CEO of REMBE. “It should be plausible to every engineer that a simple mechanical functional principle – like that of a bursting disk – is naturally more reliable than an electronic control circuit, despite all its sophistication and redundant backup systems.”

hall 9.1 booth C26

Bildergalerie

  • Bursting disk: a simple mechanical functional principle is naturally more reliable than an electronic control circuit.

    Bursting disk: a simple mechanical functional principle is naturally more reliable than an electronic control circuit.

    Bild: Rembe Safety + Control

Firmen zu diesem Artikel
Verwandte Artikel