Table of Contents Table of Contents
Previous Page  42 / 189 Next Page
Information
Show Menu
Previous Page 42 / 189 Next Page
Page Background

Immingham East Terminal – Gasoline Overfill Protection

Safety Instrument System

P & I Design Ltd

DOCUMENT NO: SI277001_RPT

2 Reed Street, Thornaby, UK, TS17 7AF

ISSUE:

F

DATE: 31.10.14

Tel: + 44 (0)1642 617444

PAGE 21 OF 29

Fax: + 44 (0)1642 616447

www.pidesign.co.uk

The actuator section of the sub system meets the requirements of SIL2 with a PFD of

7.09 x 10

-4

.

The valves will be operated, cycled, periodically on a monthly basis. This will provide a form

of regular stroke testing. The operations to open and close the valves will not affect the SIS

and will not prevent the activation of the SIS.

7.2.3.3 Final Element Subsystem Hardware Fault Tolerance

BS EN 61511-1:2003 Section 11.4 requires a minimum hardware fault tolerance.

Table 6 of the standard is reproduced below:

SIL

Minimum hardware fault tolerance

(see 11.4.3 and 11.4.4)

1

0

2

1

3

2

4

Special requirements apply

BS EN 61511-1:2003 Section 11.4.3 states that the fault tolerance in the above table should

be increased by 1, unless the dominant failure mode is to the safe state or dangerous failures

are detected.

In this application, for the valve, the dominant failure mode is to the safe state (Safe Fail

Fraction = 81%). Therefore, the fault tolerance has not been increased by 1.

In this application, for the actuator, the dominant failure mode is to the safe state (Safe Fail

Fraction = 73%). Therefore, the fault tolerance has not been increased by 1.

In this application, for the solenoid valve, the dominant failure mode is to the safe state (Safe

Fail Fraction = 99%). Therefore, the fault tolerance has not been increased by 1.

BS EN 61511-1:2003 Section 11.4.4 states that the fault tolerance in the above table can be

reduced by 1 if the hardware complies with the following:

The hardware of the device is selected on the basis of prior use

The device allows adjustment of process related parameters only. i.e. measuring

range, upscale and downscale failures.

The adjustment of the process related parameters is protected either by jumper or

password.

The function has a SIL requirement of less than 4.

In this application the above requirements are true for each final element subsystem and a

reduction of 1 applies.

Comparatively, BS EN 61508-2:2010 Section 7.4.3 requires architectural constraints on

hardware safety integrity.

1 37 38 39 40 41 42 43 44 45 46 47 48 188-189 P & I Design Ltd