More than ten years ago, a changeover occurred from national to international regulations governing safety equipment. While the new, very detailed official regulations have been systematically implemented relatively quickly in large corporations, a consistent SIL implementation frequently continues to be on the agenda in companies without the relevant specialist departments. Plant manufacturers such as Dürr can offer an alternative to the SIL implementation through specialized engineering firms or consultants, which often concentrate only on individual areas. Dürr provides the air pollution control system and SIL as an integrated solution. Moreover, they combine fundamental safety know-how from plant construction with the relevant experience from a variety of customer applications. A single-source supply is the best way of implementing SIL.
Background and goals of the Safety Integrity Level (SIL)
Since 1998 the IEC 61508, published by the International Electro technical Commission has set the standards for safety-related system designs of hardware and software, IEC 61508 is the generic functional safety standard, providing the framework for sector specific standards, e.g. IEC 61511 which provides good engineering practices for the application of safety instrumented systems in the process sector. The generic international standard IEC 61508 has been adopted regionally responsible as national standards. In Germany the technology- and application-oriented IEC/DIN EN 61508 (VDE 0803) and IEC/DIN EN 61511 (VDE 0810) standards have been valid since 2004. In the United States ANSI/ISA 84.00.01 was issued in September 2004, a version of IEC 61511 with minor changes.
All standards shall minimize risks and damage to systems that pose a danger to people and the environment, globally and on a consistent basis. This is against the backdrop of ever-increasing levels of automation of single products and whole systems, which can lead to an exponential increase in risks. Experience shows that focusing on single products and components within machinery and systems is not enough. In fact, in order to reduce risks consistently the whole process chain has to be considered.
In Germany’s process industry, the IEC/DIN EN 61511 (VDE 0810) standard is of particular relevance with its focus on the safety life cycle. Nationally adopted standard bodies, such as. Britain’s BS EN 61511 ore US ANSI/ISA- 84.00.001 use the same basic principles.
Essentially, IEC 61511 makes three basic demands: a) avoid systematic errors, b) determine the random error rate, c) make appropriate adjustments to the system architecture (see Figure 1).
DIN EN 61508 is founded on the basic standard for functional safety set forth in IEC 61508. The key new features of this standard for safety-relevant systems are the graduated SILs in addition to the safety life cycle. In this context, risks and probabilities of occurrence are initially categorized by means of appropriate criteria (see Figure 2). Numerous methods are available for determining the process risk, e.g., the risk graph from DIN V 19250. The higher the process risk, the higher the safety function SIL intended to cover the risk.
Plant owners can calculate the necessary SIL from the residual operating risk. Economically, the goal is to achieve as low a SIL value as possible, as this has the greatest savings potential. However, legally valid obligations to provide proof must under no circumstances be neglected. The fulfillment of such obligations must be verified in the event of damage.
Prerequisites for more efficient SIL solutions
Dürr’s air pollution control systems purify exhaust air flows containing varying pollutants and composition, with the pollutants often being solvents or VOCs in concentrations that can lead to explosions. Frequently, the exhaust air purification is part of the production process. This has to be stopped if the air pollution control system fails and limit values are exceeded. Combined with a heat recovery system, a system failure will affect the energy supply of the whole production. For this reason, sources of faults and hazards have to be systematically analyzed and ruled out in the air pollution control system, as well as in the adjacent production.
With more than 5,000 exhaust gas and air pollution control systems already installed for efficient emissions reduction, Dürr possesses extensive experiences as well as know-how spanning decades (see Picture 1). The company supplies its systems including safety inspections upon request. In order to develop suitable SILs for individual applications with maximum safety at the lowest possible cost, it is vital to consider the whole process in addition to single products, components or processes. This entails the use of air pollution control and heat recovery systems as well as emission-causing production processes.
With its experienced team, Dürr and the customer jointly draw up and document the optimal safety concept with the required risk assessment for safe and efficient systems operation. This also includes organizing the HAZOP (hazard and operability/risk and hazard analysis) and establishing the required SILs, in addition to drawing up safety specifications.
Subsequently, the safety function is specified. Apart from the protection goal, concrete measures are defined for the planning and layout, implementation, commissioning, operating behavior, maintenance and procedure. This is the basis for the selection of the required equipment. For example, it might have to be established which analyzer or sensor to use for monitoring the concentration, or which actuators such as dampers, valves and drive units, etc., are necessary and how they are to be integrated into the signaling system and arranged in terms of location.
Both active and passive measures are possible (see Figure 3). Thus, active measures can include setting exhaust air volumes or delaying processes in such a way that a hazard is no longer possible. However, this can lead to inefficient operation if, e.g., the exhaust air energy content is too low to run the air pollution control system in an energy-efficient manner or to run a heat recovery system. With higher pollutant concentrations this is still possible, but at the price of a higher explosion risk. The method of choice here is an SIS (Safety Instrumented System) combining concentration monitoring in the exhaust gas and a shut-off valve with the failsafe control system available as standard in Dürr’s air pollution control system.
Passive measures may include, a bursting disk or flame arrester which reduce the effects of explosions or backfiring to a minimum if they cannot be prevented through other measures.
In addition to the selection of suitable system components, Dürr uses relevant software to analyze error possibilities through all stages of the process and also to control the air pollution regulate and heat recovery systems. Not just the correct specifications and selection of the required equipment are essential, but also the proper installation, correct commissioning and later maintenance work (see Table 1).
Conclusion: Every company has to make the decision itself in favor of a systematic SIL implementation based on a basic risk and profitability study. The arguments of high cost and work involved in an SIL implementation are soon put into perspective if a) solutions can be found with an experienced partner offering maximum safety at a reasonable cost, and b) the potential cost of the loss of production or even serious accidents is taken into account.