Mary Ann Lundteigen

Reliability performance of safety instrumented systems: A common approach for both low- and high-demand mode of operation

Safety instrumented systems (SISs) are usually divided into two modes of operation, low-demand and high-demand. Unfortunately, this classification is not easy to justify and the available formulas that are used to quantify the reliability performance in these two modes of operation are unable to capture combined effects of functional testing, spurious activations, and successful responses to demands. This article discusses some important modeling issues for SIS reliability performance quantification, and demonstrates their implementation in a Markov model. The accuracy of the Markov model for a simple case study of a pressure transmitter is verified through comparison with a scenario-based formula, and it is shown that the Markov approach gives a sufficiently accurate result for all demand rates, covering both low- and high-demand modes of operation.

Spurious activation of safety instrumented systems in the oil and gas industry : Basic concepts and formulas

Spurious activation of safety instrumented systems in the oil and gas industry may lead to production loss, stress on affected components and systems, and hazards during system restoration. This article defines and clarifies concepts related to spurious activation. A clear distinction is made between spurious operation, spurious trip, and spurious shutdown. The causes and effects of spurious activation are discussed and related to the concepts used in IEC 61508, IEC 61511, and OREDA. A new set of formulas for calculating the spurious activation rate is presented, and compared with formulas that are frequently used in the oil and gas industry. The new approach is illustrated in a simple case study.

Reliability analysis of large phased-mission systems with repairable components based on success-state sampling

In many engineering applications, some phased-mission systems (PMS) may contain a large number of phases and repairable components. Traditional binary decision diagram (BDD) based methods or state-enumeration methods can suffer from the BDD explosion or the state explosion for this kind of PMS. This paper presents a non-simulation method for the reliability analysis of large PMS. In our approach, the system reliability is approximated by the system availability at discrete time. The discrete-time availability is modeled by the sampling of success states, which avoids the BDD explosion as the number of phases increases. Furthermore, BDDs are used to simplify success states, and enable our model to avoid the state-explosion problem. Two real-world PMS are analyzed to illustrate that the time and the storage cost of our approach do not increase exponentially with the number of components and phases in the PMS.

Integrating RAMS engineering and management with the safety life cycle of IEC 61508

This article outlines a new approach to reliability, availability, maintainability, and safety (RAMS) engineering and management. The new approach covers all phases of the new product development process and is aimed at producers of complex products like safety instrumented systems (SIS). The article discusses main RAMS requirements to a SIS and presents these requirements in a holistic perspective. The approach is based on a new life cycle model for product development and integrates this model into the safety life cycle of IEC 61508. A high integrity pressure protection system (HIPPS) for an offshore oil and gas application is used to illustrate the approach.

New PFH-formulas for k-out-of-n:F-systems

Simplified formulas are popular for reliability analysis of safety instrumented systems (SISs). Both the IEC 61508 standard and the PDS-method provide such formulas for calculation of the average frequency of dangerous failures per hour (PFH). These formulas give reasonably accurate values for the PFH, but both of them also have significant weaknesses. The IEC-formulas can only be applied to systems with up to three elements while the PDS-formulas do not properly account for dangerous detected failures and are not able to include the effects of non-perfect proof-testing. This article presents new PFH-formulas for general k-out-of-n-systems, that take into account both dangerous detected and dangerous undetected failures and also allow for non-perfect proof-testing. The proposed PFH-formulas are compared with the IEC-formulas and the PDS-formulas for some selected systems in a case study, which shows that the new formulas represent an improvement compared to the IEC- and PDS-formulas.

Architectural constraints in IEC 61508: Do they have the intended effect?

The standards IEC 61508 and IEC 61511 employ architectural constraints to avoid that quantitative assessments alone are used to determine the hardware layout of safety instrumented systems (SIS). This article discusses the role of the architectural constraints, and particularly the safe failure fraction (SFF) as a design parameter to determine the hardware fault tolerance (HFT) and the redundancy level for SIS. The discussion is based on examples from the offshore oil and gas industry, but should be relevant for all applications of SIS. The article concludes that architectural constraints may be required to compensate for systematic failures, but the architectural constraints should not be determined based on the SFF. The SFF is considered to be an unnecessary concept.

RELIABILITY ASSESSMENT OF SAFETY INSTRUMENTED SYSTEMS IN THE OIL AND GAS INDUSTRY: A PRACTICAL APPROACH AND A CASE STUDY

Reliability assessment of safety instrumented systems in the oil and gas industry : A practical approach and a case study

Uncertainty assessment of reliability estimates for safety-instrumented systems

Reliability estimates play a crucial role in decision making related to the design and operation of safety-instrumented systems. A safety-instrumented system is often a complex system whose performance is seldom fully understood. The safety-instrumented system reliability estimation is influenced by several simplifications and assumptions, both about the safety-instrumented system and its operating context, and therefore subject to uncertainty. If the decision makers are not aware of the level of uncertainty, they may misinterpret the results and select a safety-instrumented system design that is either too complex or too simple, or with an inadequate testing strategy, to provide the required risk reduction. This article elucidates the uncertainties related to safety-instrumented system reliability estimation. The article is limited to safety-instrumented systems that are operated in a low-demand mode, for which the probability of failure on demand is the standard reliability measure. The uncertainty of the probability of failure on demand estimate is classified as completeness uncertainty, model uncertainty, and parameter uncertainty and each category is thoroughly discussed. It is argued that the completeness uncertainty is the most important for safety-instrumented system reliability analyses, followed by parameter and model uncertainty. It is further argued that uncertainty assessment should be an integrated part of any safety-instrumented system reliability analysis, and that the analyst should communicate her judgment about the uncertainty to the decision-makers as part of the analysis results.

Two-terminal reliability analysis for multi-phase communication networks

Prediction methodology of durability of locomotives diesel engines / L. P. Lingaitis, S. V. Mjamlin, D. Baranovsky, V. Jastremskas // Eksploatacja i Niezawodnosc. — 2012. — Vol. 14, № 2. — P. 154—159.

PFDavg generalized formulas for SIS subject to partial and full periodic tests based on multi-phase Markov models

IEC 61508 is a standard on design and operation of safety-instrumented systems (SISs) which has been adapted by many national regulations as the recommended way to achieve high-reliability systems. Many decisions about the design of SIS rely on the results from reliability assessments. It is therefore important that the reliability assessments are able to capture key properties of the system, such as the consideration of regular partial and full proof tests. IEC 61508 has proposed analytical formulas for commonly used architectures. Unfortunately, these formulas do not explicitly include the contribution of partial tests and consequently their use is mainly restricted to full proof tests. In addition, the already existing formulas dealing with partial tests disregard the different repair times. The aim of this paper is to (i) extend the PFDavg formulas given in IEC 61508 by including partial tests impact and, (ii) investigate their consistency based on multi-phase Markov models related to 1oo1 and 1oo2 architectures and (iii) to establish new generalized formulations in light of the results related to the investigation process, which account for the different repair times. Different comparisons are performed throughout the paper in order to validate the set of the derived formulations.