Description of all reviewed architectures
1oo2D
Architecture
Number of units
Output
Objective
Diagnostic circuit
switches
1oo1 1oo2 2oo2
1 2 2 1 3
1 2 2 2 6
Base unit
High safety
Input circuit
Logic solver
Output circuit
Maintain output
Sensor
1oo1D
High safety Safety and availability Safety and availability
2oo3
Diagnostic circuit
2oo2D
2
4
1oo2D
2
4
Safety and availability – biased toward safety
Input circuit
Logic solver
Output circuit
Sensor
Final element
Table 5 ⁵
Figure 6 1oo2D architecture7
safety integrity with SIL 3 capability using minimal hard- ware, while configuration 2 (Figure 7) prioritises both max - imum availability and safety integrity with SIL 3 capability. This type of hybrid system provides high safety integrity and high availability. Analysis of different redundant architectures with dif- ferent PFD avg and STR is done to understand their effect on integrity and availability. The designer has to consider appropriate redundant architecture (better to use the term HFT) during system design based on the SIL target to be achieved and accepted spurious trip rate. Takeaways HFT and redundancy are interrelated aspects crucial to the development of a robust safety design, particularly when aiming to achieve a specified SIL. Route 2 H allows for a redundant architecture with fewer restrictive limitations than Route 1 H , provided there is a high degree of confidence (90%) in the integrity of instru - ment failure data. We can consider Route 1 H if we plan to use the component in a safety system that has both high and low demand. The creation of a well-structured, diverse redundant sen- sor subsystem necessitates careful consideration of various trade-offs during the system design phase. These include decisions on achieving redundancy through the utilisation of multiple devices with the same technology from differ- ent manufacturers or employing diversified technologies. Different types of redundancy, such as 1oo2, 2oo2, 2oo2D, and 2oo3, come with distinct (PFD avg and STR. Therefore, the selection of the most suitable redundant architecture depends on the required SIL and the acceptable level of spurious trips in the plant. An effective safety system should not only be capable of achieving shutdown but also require precision to avoid triggering false alarms.
Con iguration 1 6
Input module
Node processor
Chasis processor
Digital output
Input module
Node processor
1oo2
1oo2
1oo1D
1oo1D
Con guration 2 6
Input module
Node processor
Chasis processor
Digital output
Input module
Node processor
Chasis processor
Digital
Input module
Node processor
2oo3
2oo3
2oo2D
2oo2D
Figure 7 Configurations 1 and 2
References 1 International Electrotechnical Commission (IEC) 61508 (2010), Functional safety of electrical/ electronic/programmable electronic safety-related systems . 2 International Electrotechnical Commission (IEC) 61511 (2016), Functional safety – Safety instrumented systems for the process industry sector. 3 Back to basics 19 – Route 2 H . Online: www.exida.com/Blog/ back-to-the-basics-19-route-2h 4 W M Goble, I van Beurden, Safety Instrumented System Design Techniques and Design Verification. 5 W M Goble, H Cheddie, Safety Instrumented Systems Verification: Practical Probabilistic Calculations . 6 W M Goble, A Hybrid Fault Tolerant Architecture. Project RTP 3000 system. Online: https://rtpcorp.com/wp-content/uploads/2021/03/ Exida-ArchitectureWhitePaperRTP3000.pdf 7 Exida Presentations. Partha S Mondal is a Certified Functional Safety Expert (CFSE 100821 001, Exida) and Instrumentation Engineer at Fluor Daniel India Pvt. Ltd, with 15 years of experience in the oil and gas industry. He has worked on various FEED and detailed engineering projects on activities such as P&ID development and HAZOP/SIL reviews, analysers, and automation.
Acknowledgement I wish to thank Amit K Aglave for reviewing this article and providing his valuable input.
89
PTQ Q2 2024
www.digitalrefining.com
Powered by FlippingBook