Scribd
Upload
37 views34 pages

GMI Webinar - 1oo2 Vs 2oo3

Sıl

Uploaded by

Efari Bahcevan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views34 pages

GMI Webinar - 1oo2 Vs 2oo3

Sıl

Uploaded by

Efari Bahcevan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

GMI WEBINAR

How do you degrade from a 2oo3 to a 1oo2 safety architecture


and remain the same (?) safety and process availability?
GMI Speakers Details
GMI Our Speakers today are
Speakers
Tino Vande Capelle
[email protected]
Tino was educated in Belgium where he gained qualification in Automation & Critical Control Systems. During
his 30+ years career in the process industry performing technical HW & SW engineering, process control
engineering, troubleshooting and field instrumentation. He is senior Functional Safety Expert (#109/05) &
accredit Trainer for the SIS program of TÜV Rheinland and is a senior member of ISA. He finds purpose in
sharing his knowledge and learning from others while providing Functional Safety training in IEC61508 &
IEC61511. He has published many papers and magazine articles and is frequently sought after for seminars and
presentations based on his international recognized passion and mastery of the subject matter.

Gabriele Caglio
[email protected]
With over two decades of experience, Gabriele Caglio is a seasoned Technical Support Specialist at G.M.
International. His journey began by testing and repairing GMI devices, evolving into a role as an R&D
Support Specialist, focusing on prototyping and PCB design. Throughout his tenure, he has witnessed G.M.
International's substantial growth in the market and the evolution of the GMI product range. Currently, he
plays a pivotal role in ensuring effective communication between the company and its stakeholders.
Gabriele's expertise is dedicated to informing end-users, customers, resellers, and the sales department
about the extensive features of GMI products, empowering them to fully exploit the products' potential.

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 6
Company
Safety, performance and reliability
About us
OUR PRODUCTS, OUR COMMITMENT
GM International designs, engineers and manufactures a complete range of
Intrinsically Safe and SIL Certified Devices.
For automation packages, DCS - ESD - FGS - BMS - HIPPS - PLC - SCADA – MARINE
In several industrial sectors: Oil and Gas, Petrochemical, Pharmaceutical, Fertilizer,
Mining, Food.

 40 years of Experience
founded in 1993,
former Elcon Instruments
 100% Internal Production
in State-of-the-Art facilities
near Milan, Italy
 Global Player
with presence in 5 continents

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 8
rights.
Worldwide
Think local, act global
presence WE ARE WHERE YOU NEED

9
75
200
20
1000 s

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 9
Expertise & Manufacturing excellence
Innovation FOR A SAFE WORLD
 State-of-Art technology
 Product traceability; incoming &
outgoing
 Full testing on 100% of production
Expertise &  Highly automated manufacturing
process
Innovation  5 Years Warranty
 10 Years guaranteed availability
Social responsibility
We design Intrinsically Safe Instruments and SIL certified devices in order to prevent
accidents and understand, manage and reduce risks for people and environment.
Customers satisfaction is the way we demonstrate our social responsibility to
contribute to sustainable development, minimizing climate impact and creating a
safe and healthy working environment.

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 10
rights.
Certifications
About us

We are 100% committed to full compliance with global standards and regulations:

 Product are certified by over 15 independent Agencies to global standards

 TÜV Functional Safety Management certification up to SIL3 (SC 3)

 ISO 9001:2015 Quality Management System for entire company

 ISO 45001 Occupational Health and Safety

 ROHS Directive, REACH Regulation, Waste Framework Directive, Conflict


Minerals: Materials Chemical Compliance Management

 Code of Ethics

 3TG Conflict Mineral Regulations Waste

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 11
rights.
Our product GMI Safety Solutions
range

IS barriers Safety Relays Isolators Power supplies Multiplexers

Termination HART Multiplexers Surge protectors FS & Ex courses


Boards & Services

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 12
rights.
Reference World-wide customer references & AVL
List ACROSS ALL MARKETS
System vendors E.P.C. O.E.M. End users
 ABB  AMEC FOSTER  ABB OY DRIVES  3M
 EMERSON WHEELER  ACCAGEN SA  ADMA-OPCO
 GEBHARDT  BECHTEL  APPLIED WEIGHING INT.  AGIP
AUTOMATION  FLUOR  BOBST GROUP  ARAMCO
 HIMA  HHI  BASF
 CAMERON
 HONEYWELL  JACOBS  BHP
 CANRIG DRILLING TECH.  BP
 ICS TRIPLEX  L&T  CLAMPON  CIBA GEIGY
 INVENSYS  MCDERMOTT  DRESSER RAND  CAMERON
 SIEMENS  NPCC  FMC  ENEL
 SCHNEIDER  SAIPEM  GE  ENI
 ROCKWELL  PARSONS  HALLIBURTON  EXXON-MOBIL
AUTOMATION  PETROFAC  HANLA LEVEL  GASCO
 YOKOGAWA  SK ENGINEERING  INKMAKER  KOC / KNPC
 SNC-LAVALIN  KONGSBERG SEATEX  LOTOS
 TECNIMONT  ONGC
 NOV
 TECHNIP-FMC  ORLEN
 PRECIAMOLEN
 TR  PFIZER
 SCHLUMBERGER  SASOL
 WORLEY  SIEMENS IND. TURBINES  SHELL
 SKANA KOREA HYDRA.  SIRTE OIL
 WARTSILA NORWAY  STATOIL
 WEATHERFORD  TOTAL

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 13
rights.
Degrade from a 2oo3 to a 1oo2?
Architecture?
IEC61511 Lifecycle

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 15
rights.
Architecture?
Architecture constraints?

Where and when do you define-decide-use & maintain?

 DEFINE : Phase 1 – PH & RA phase 2 – LOPA


phase 3 – SRS = requirement which SIL level
 DECIDE : Phase 4 – design & engineering of the SIS =
based on the architecture constraint requirements
Hardware Fault Tolerance (HFT) from the IEC61508
table 2 & 3 and/or IEC61511 table 6.
 USE & MAINTAIN : Phase 6 - Operation & maintenance
Phase 7 - modifications
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 16
rights.
HFT
Hardware safety integrity architectural constraints
summary Architectural Constraints - HFT

Method #1 Method #2 Method #3


61508-2 (7.4.4.2) 61508-2 (7.4.4.3) 61511-1 (11.4.3)
ROUTE 1H ROUTE 2H based on Route 2H
Theory approach Field QUALITY feedback data
✓ FMEDA  Proven in use  Prior use
✓ SFF ✓ Manufactures Feedback similar ✓ End Users feedback, guidance
✓ Systematic Capability (SC)
✓ Type A or B
applications/environment BUT WHO HAS
✓ Data collection per int. standards
ISATR84.00.04:2015, NAMUR
NE130
✓ Safety Manual ✓ FVL & LVL DC ≥ 60%
✓ (Certificate / Report)
QUALITY FAILURE
e.g. IEC60300-3-2, ISO 14224
✓ Evaluations (amount feedback, ✓ Reliability Data confidence ≥ 70%
✓ PFD/PFH expert judgement, if needed specific ✓ Performance evidence similar
tests) FEEDBACK DATA ? operating environments

table 2 (type A) – table 3 (type B) table 6


G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 17
rights.
HFT
Hardware Fault Tolerance - HFT
summary
HFT Architecture for Architecture for
SAFETY availability PRODUCTION availability

0 1oo1 2oo2
1 1oo2 2oo3
2 1oo3 2oo4

 Architecture in both standards is expressed as MooN, read as M


(independent voting channels) out of N (redundant channels)
available to achieve the same safety or part of the same safety
function
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 18
rights.
HFT
Hardware Fault Tolerance – HFT
summary
EXAMPLE
Worse for SAFETY
Great for PRODUCTION

Great for SAFETY


Worse for PRODUCTION

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 19
rights.
Poll question
Poll

SAFETY availability versus PRODUCTION availability?


(Only 1 answer is the most complete and correct answer)

a) 1oo2 and 2oo3 are the same for PRODUCTION availability


b) 1oo2 is better for SAFETY availability than a 2oo3
c) 2oo3 provides both SAFETY and PRODUCTION availability
d) 2oo2 and 2oo3 provides the same SAFETY and PRODUCTION
availability
e) 2oo2, 2oo3 & 2oo4 – all architectures provide the maximum
SAFETY and PRODUCTION availability
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 20
rights.
Hardware Fault Tolerance – HFT (HFTd)
Basics

 The IEC standards defines HFT as:


How many ‘Dangerous’ failures (HFTd) can your
architecture tolerate and keep the SIF operational?

 Not by IEC standard defined but by TVC:


I have defined a new definition HFTs (safe): How many
‘Safe’ failures (spurious trips) can your architecture tolerate
and keep the process/production available/running?

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 21
rights.
Hardware Fault Tolerance – HFT (HFTd) vs (HFTs)
Basics

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 22
rights.
1oo2 – architecture (HFT(d) = 1)
1oo2

 The principle of a Fail-Safe design is DE-ENERGISE to


trip. 0 = safety / 1 = process/production
 1oo2 can tolerate 1 dangerous fault but NO safe fault

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 23
rights.
2oo3 – architecture (HFT(d) = 1)
2oo3

 2oo3 can tolerate 1 dangerous fault and simultaneously


also 1 safe fault

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 24
rights.
Let us compare a 1oo2 versus a 2oo3
1oo2 vs
2oo3

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 25
rights.
Poll
1oo2 vs
2oo3
Bypassing 1 channel of a 2oo3 voting block in the safety PLC
(Only 1 answer is the most complete and correct answer)
a) Can always be done by simply disabling 1 input channel
b) Can only be done after compensating measures are in place and
degrading to a 1oo2 for a time limited operation
c) Can not take place while the process needs the safety protection on a live
production facility
d) Can be solved via 2 redundant 1oo2 solutions
e) None of the above

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 26
rights.
How to perform maintenance or testing on
1oo2 vs
2oo3 a 2oo3 correctly and degrade into a 1oo2?

 This is only correct IF you mask/disable 1 input of the 2oo3 only ‘IF’ the function
block degrade into a 1oo2 and NOT simple mask/disable the input to a healthy
(1) WITHOUT changing the architecture functionality of the 2oo3, because then
you automatically achieve a 2oo2 architecture!

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 27
rights.
When the 2oo3 function block does NOT
2oo3 into a
2oo2 degrade correctly, it will become a 2oo2!

 Assume you mask/disable ’C’, then the SIF will only trip when
the other two remaining input conditions ‘A’ & ‘B’ become 0 (trip
signal conditions) = 2oo2
 But you maintained production availability and lost your safety
availability!
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 28
rights.
The correct way to bypass a 2oo3 for
2oo3 into a
1oo2 maintenance or testing
CONCLUSION

 The only correct method to bypass 1 input channel on a 2oo3


voting structure is to degrade from a 2oo3 into a 1oo2 and
maintain the architectural constraint (HFT = 1) and the safety
availability but there is no more production availability for the
duration of the bypass.

 Bypass of a input channel is ONLY allowed when there are


compensation measures in place and the bypass needs to be
time limited according to the IEC61511
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 29
rights.
Summary
Summary

 Make sure you understand ‘first’ the basics


 Select the correct architecture based on IEC61511
and/or IEC61508
 Truly understand the difference between SAFETY
availability versus PRODUCTION availability
 Respect the bypass requirements of the IEC61511 with
compensation measurements and under time limited
conditions
 Keep it Functional Safe and think twice before you act

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 30
rights.
GMI support
SRS

WE CAN SUPPORT YOU WITH THE SIL MANUAL 4th ED.

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 31
rights.
GMI support
SRS
WE CAN SUPPORT YOU WITH GMI ONLINE ACADEMY

https://news.gminternational.com/academy-with-tvc
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 32
rights.
GMI support
SRS

WE CAN SUPPORT YOU WITH TRAININGS


- TÜV Rheinland accredit competency review training program:
 Functional Safety (FS) Engineer SIS competency review program
 Fundamentals of Cyber Security (CySec)
 IACS Cyber Security Risk Assessment
Above training courses are subject to passing an exam test that will
give you the recognition of a personal certificate issued by the TÜV
Rheinland training program

- Customized in-house FS training and seminars


- Additional free GMI webinars will follow…
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 33
rights.
GMI support
SRS
WE CAN SUPPORT YOU WITH SERVICES
- IEC61511 Lifecycle support:
 Process Hazards and Risk Assessments (HAZOP, FTA, FMEA, ETA,
Bow-tie, etc.)
 LOPA
 SIL Determination and Verification
 Safety Requirements Specification
 Functional Safety Management and Assessments

- IEC62443 Lifecycle support:


 Industrial Security Management and Assessments
 Supplier Security Management
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 34
rights.
Closing
GMI Our Speakers today are
Speakers
Tino Vande Capelle
[email protected]
Tino was educated in Belgium where he gained qualification in Automation & Critical Control Systems.
During his 30+ years career in the process industry performing technical HW & SW engineering, process
control engineering, troubleshooting and field instrumentation. He is senior Functional Safety Expert
(#109/05) & accredit Trainer for the SIS program of TÜV Rheinland and is a senior member of ISA. He finds
purpose in sharing his knowledge and learning from others while providing Functional Safety training in
IEC61508 & IEC61511. He has published many papers and magazine articles and is frequently sought after
for seminars and presentations based on his international recognized passion and mastery of the subject
matter.

Mauro Perego
[email protected]
Mauro Perego is Global Sales Director at GM International, a leading Italian company that designs and
manufactures a full range of intrinsically safe products that meet the highest quality requirements ensuring
the strictest production standards. Mauro has more than twenty-fives years’ experience in the
Instrumentation, Automation and Safety Industry spent at HIMA, Emerson Process Management and
Schneider. Mauro is FS Eng (TÜV Rheinland, #15307/17, SIS)

G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 38
rights.
THANK YOU
www.gminternational.com

© G.M. International s.r.l.


Data specified in this document are merely descriptive of the products and should be integrated with relevant technical specifications. Our
products are constantly being further developed and the information presented herein refers to the latest product release. No statements
concerning a certain condition or suitability for a certain application can be derived from our information. The information given does not
release the user from the obligation of own judgment and verification. Terms & Conditions can be found at www.gminternational.com.
G.M. International © All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property 39
rights.

You might also like