HOW TO SELECT A SAFETY PLC Mike Scott, PE, CFSE V P, Process Safety AE Solutions Greenville, SC 29616
Bud Adler Director, Business Development Process Safety Systems AE Solutions Lake Mary, FL 32746
KEYWORDS Safety Instrumented System, SIS, Logic Solver, ANSI/ISA 84, IEC 61508, IEC 61511, Safety PLC, Redundant Architecture, Lifecycle Cost, Benefit-to-Cost Ratio
ABSTRACT Throughout the industrial process control industry Safety Instrumented Systems are becoming high profile. Most companies have accepted that the performance-based standards such as ANSI/ISA 84.01, IEC 61508 and IEC 61511 are here to stay and that conformance is not optional. A growing number of instrumentation manufacturers have recognized the steadily increasing interest that this market has shown in bringing their plants into conformance with the standards. They have responded by introducing a wide range of products that are “suitable for use” in Safety Instrumented Systems (SIS). These products include sensors, transmitters, valves and valve positioners and a wide range of logic solvers. Most users have little concern about being able to select a proper sensor, transmitter or valve positioner but when it comes to choosing from the vast array of logic solvers, they often do not know how to make a proper decision. The problem is clear when you consider the range of choices for Logic Solvers that range from the relatively simple alarm trip architectures up through the wide variety of safety PLCs offered by about twenty different manufacturers. These PLC architectures cover the scale from simple one-out-of-one (1oo1) architectures up through triple and quadruple redundant systems with differing degrees of self-diagnostics. With all of these choices, how is a control engineer supposed to pick the “best” system for his project and / or plant standard? If he errors on the side of conservatism, he may cost his company tens of thousands of wasted dollars by selecting a more sophisticated system than is warranted by the application. And, even worse, a simplistic system may not be in conformance with the standards and could place human life at unnecessary risk. The problem is exacerbated when all factors of lifecycle costs are considered.
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
This paper will present a systematic methodology for selecting a Safety PLC platform. It will describe the evaluation of Safety PLC’s based upon both technical requirements (i.e. safety requirements) and commercial requirements (i.e. availability and Life Cycle Cost analysis).
INTRODUCTION Once you’ve completed your risk analysis, performed initial conceptual design and completed some Safety Integrity Level calculations you may think that your work is complete? However, there are other issues to consider. What about the economics of the project? Which Safety Instrumented System architecture optimizes costs through increased availability and reduced nuisance trips? Is the Safety Instrumented System even a sound financial investment for the facility? For instance consider the following simple scenario: • • • •
A person has a house located in a possible flood plain Cost of a flood insurance policy is $1,000 / year It is estimated that cost to repair flood damage to a typical home is $10,000 Probability of a significant flood is once every 50 years
Is it a sound investment to purchase a flood insurance policy for the above event? Assuming a 6% discount rate and home ownership for ten (10) years, a Future Value calculation yields a cost of $13,181. Thus, the insurance policy as stated above would cost more than the actual event. If one can analyze the above scenario, why not apply similar logic to review a proposed Safety Instrumented System design? This paper will highlight a five (5) step methodology, which can be applied to perform economic analysis on Safety Instrumented Systems to ensure the “best” system has been selected 1. Step 1 – Select an architecture for the SIS for evaluation (sensors, logic solver and final elements) 2. Step 2 – Perform SIL Calculations to determine Probability of Failure on Demand Average (PFDavg) and Mean Time To Fail Safe (MTTFS) based upon a given Functional Test Interval 3. Step 3 – Calculate Lifecycle Cost in terms of Net Present Value (NPV) 4. Step 4 – Calculate Benefit-to-Cost Ratio 5. Repeat above steps for each possible SIS architecture being considered for the project Note: Steps 1 and 2 represent tasks associated with the Safety Lifecycle and are typically already being performed by designers of Safety Instrumented Systems.
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
Start
SIS Conceptual Design Architecture Options
Perform SIL Calculations (PFDavg
Calculate Lifecycle
Calculate Benefit-to-Cost Ratio
No
Benefit To Cost > 1.0
Yes
No
Lowest Lifecycle Cost?
Yes
Figure 1 – Economic Analysis Flowchart
LIFECYCLE COST Lifecycle Cost is a technique that allows those responsible for system selection to consider all of the costs incurred over the lifetime of the Safety Instrumented System rather than just the initial purchase costs. This is especially important where the cost of equipment failure can be significant. The intent of this evaluation is to include all costs of procurement and ownership Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
over the life span of the Safety Instrumented System. Procurement costs represent costs that occur only once during life of the project. Operating costs occur over the life of the Safety Instrumented System and can be repetitive. Costs associated with system failure can dominate overall Lifecycle Costs. A Lifecycle Cost evaluation can show one how to minimize overall cost of ownership by initially selecting the “best” Safety Instrumented System architecture. The evaluation considers the costs for: design, purchase, installation, start-up, functional testing, energy, repair, a failure event, and lost production. To obtain the complete Lifecycle Cost, all yearly operating costs are converted to “present value”. All future expenses are converted into their current valve, accounting for discount rate (interest / inflation). Initial costs and the present yearly costs are added to obtain total Lifecycle Cost. Refer to reference [5] for additional information regarding Lifecycle Cost calculations. The proposed architecture for each Safety Instrumented System should be evaluated for minimum Lifecycle Cost. Table 1 – Lifecycle Cost Components Procurement Costs System Design Purchase Installation Start-up Operating Costs Engineering Changes Consumption Maintenance Cost of System Failure Lost Production Asset Loss
Lifecycle Costs Description Engineering costs associated with Front End Loading and Detailed Design Cost of Equipment including Factory Acceptance Testing and shipping Construction costs associated with SIS Commissioning, PSAT and Initial Functional Testing of SIS Description Engineering costs associated with maintenance Power, spares parts, instrument air, etc. Inspection, Functional Testing Description Cost of lost production Cost of lost equipment
BENEFIT-TO-COST RATIO Another tool to determine if the “best” Safety Instrumented System architecture has been selected is to calculate the ratio of benefits to costs on a financial basis. If the ratio is greater than one, the system is cost effective. For example if a system has a Benefit-to-Cost Ratio of 1.5, for every $1.00 invested, the system will return $1.50. Therefore, the Benefit – Cost Ratio is as follows: B-C Ratio = FNo-SIS x EVNo-SIS - FSIS x EVSIS CostSIS + CostNT Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
Where, B-C Ratio FNo-SIS FSIS EVNo-SIS EVSIS CostSIS CostNT
= = = = = = =
The ratio of benefits to cost The frequency of the unwanted event without a SIS The frequency of the unwanted event with a SIS The total expected value of loss of the event without a SIS The total expected value of loss of the event with a SIS The total lifecycle cost of the SIS (Annualized) The cost incurred due to nuisance trips (Annualized)
SAMPLE PROBLEM The following sample problem will highlight how economic analysis must be an integral part of the overall SIS architecture selection / design process. A company has completed their initial risk analysis and SIL selection exercises associated with a batch reactor. The team identified a single SIF for this particular unit operation. The results are as follows: Table 2 – SIF Summary SIF ID
SIF Description
1
High pressure in reactor isolates inlet feed
Hazard Potential overpressure of vessel with subsequent release of flammable / toxic material. Potential fire / explosion and injury / fatality
SIL
Inputs
Outputs
2
PT-101
HV-100
The SIL Selection process included a Layer of Protection Analysis (LOPA). Based upon the above information the SIS Engineer needs to perform the following: 1. Select the “best” Functional Test Interval 2. Select the “best” SIS Architecture (sensor(s), logic solver & final element(s)) 3. Design SIS for least cost of ownership over a 15 year time frame assuming a 6% discount rate Thus, the SIS Engineer needs to answer the following questions about the “best” design: 1. Sensors: transmitters versus switches and associated architecture (1oo1, 1oo2, 2oo3, etc)
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
2. Logic Solver: relays versus programmable electric and associated architecture (1oo1, 1oo1D, 1oo2, 1oo2D, 2oo3, 2oo4, etc.) 3. Final Elements: architecture and testing requirements (full stroke versus partial stroke) The P&ID for SIF-001 is shown below in Figure 2. HV 100 PT 101
To Safe Location
Feed PSV 102
FCV
Reactor
Figure 2 – High Pressure SIF Sketch Using the steps highlighted in Figure 1 Economic Analysis Flowchart, the following analysis was completed. To underscore the importance of cost of ownership the analysis shall be completed for two (2) different nuisance trips cost scenarios (cost of nuisance trip is $10,000 and $150,000). In addition two (2) different cost of the event shall be evaluated (rupture of vessel costs $1,000,000 and $12,000,000). Step 1: SIS Conceptual Design Architecture Options This was the first Safety Instrumented System to be installed in this particular area of the plant. As such, the SIS Engineer decided to evaluate a wide variety of options with respect to the architecture of the new SIS. Thus, the following options were to be evaluated: • • • •
Switches versus transmitters and required redundancy if any Relays versus Safety PLC’s and required redundancy if any Valves and required redundancy if any 12 month test interval versus 24 month test interval Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
Step 2: Perform SIL Calculations (PFDavg and MTTFS) The SIS Engineer completed the following SIL calculations based upon the following design conditions: Table 3 – SIS Architecture Analysis Summary Case
Sensors
Logic Solver
1a
Relay (1oo1)
3a
Switch (1oo1) Switch (1oo1) Switch (1oo2) Switch (1oo2) Xmtr (1oo1)
3b
Xmtr (1oo1)
3c
Xmtr (1oo2)
3d
Xmtr (1oo2)
4a
Xmtr (1oo2)
4b
Xmtr (1oo2)
5a
Xmtr (1oo2)
5b
Xmtr (1oo2)
6a
Xmtr (1oo2)
6b
Xmtr (1oo2)
1b 2a 2b
Relay (1oo1) Relay (1oo2) Relay (1oo2) Current Switch (1oo1) Current Switch (1oo1) Current Switch (1oo2) Current Switch (1oo2) Safety PLC (1oo1D) Safety PLC (1oo1D) Safety PLC (1oo2D) Safety PLC (1oo2D) Safety PLC (2oo3) Safety PLC (2oo3)
Final Elements Valve (1oo1) Valve (1oo1) Valve (1oo2) Valve (1oo2) Valve (1oo1) Valve (1oo1) Valve (1oo2) Valve (1oo2) Valve (1oo2) Valve (1oo2) Valve (1oo2) Valve (1oo2) Valve (1oo2) Valve (1oo2)
Func Test 12 months 24 months 12 months 24 months 12 months 24 months 12 months 24 months 12 months 24 months 12 months 24 months 12 months 24 months
SIL
PFDavg
1
3.58 x 10-2 13.6
N/A N/A
MTTFS
N/A
2
1.48 x 10-3 6.84
2
3.92 x 10-3 6.94
1
1.85 x 10-2 20.21
N/A N/A
N/A
2
4.09 x 10-4 10.11
2
1.37 x 10-3 10.24
1
8.67 x 10-4 5.26
2
2.22 x 10-3 4.25
2
7.29 x 10-4 10.63
2
1.95 x 10-3 10.79
2
7.30 x 10-4 10.99
2
1.95 x 10-3 11.14
Note: Based upon the need to meet SIL 2 options 1a, 1b, 3a, 3b, and 4a have been eliminated from further analysis since they could not reach SIL 2. Step 3: Calculate Lifecycle Costs To calculate the Lifecycle Costs several additional pieces of information are required. For this sample problem, the following data was utilized: Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
• •
Operating Costs were assumed to be $500 / year plus cost of functional testing. Functional Testing = 2 people for 8 hours @ $70/hr plus cost of 8 hours lost production Table 4 – SIS Lifecycle Cost Analysis Summary - $10,000 Nuisance Trip Cost
Case 2a 2b 3c 3d 4b 5a 5b 6a 6b
Functional Test 12 months 24 months 12 months 24 months 24 months 12 months 24 months 12 months 24 months
Procurement Costs $26,000 $26,000 $34,100 $34,100 $67,600 $82,600 $82,600 $107,600 $107,600
Operating Costs $11,620 $6,060 $11,620 $6,060 $6,060 $11,620 $6,060 $11,620 $6,060
Cost of System Failure $10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000
Lifecycle Cost $167,251 $112,842 $166,168 $111,924 $172,151 $213,728 $159,457 $238,130 $183,892
Table 5 – SIS Lifecycle Cost Analysis Summary - $150,000 Nuisance Trip Cost Case 2a 2b 3c 3d 4b 5a 5b 6a 6b
Functional Test 12 months 24 months 12 months 24 months 24 months 12 months 24 months 12 months 24 months
Procurement Costs $26,000 $26,000 $34,100 $34,100 $67,600 $82,600 $82,600 $107,600 $107,600
Operating Costs $151,620 $76,060 $151,620 $76,060 $76,060 $151,620 $76,060 $151,620 $76,060
Cost of System Failure $150,000 $150,000 $150,000 $150,000 $150,000 $150,000 $150,000 $150,000 $150,000
Lifecycle Cost $1,924,490 $1,184,496 $1,794,842 $1,057,327 $1,491,737 $1,829,247 $1,091,326 $1,845,270 $1,107,843
The above two tables underscore how the cost of a nuisance trip can dominate the overall cost of ownership. In Table 4 with a nuisance trip cost being assumed to be $10,000, the best SIS architecture consists of redundant pressure transmitters, current switches and valves tested every 24 months. In Table 5 with a nuisance trip cost being assumed to be $150,000, the best SIS architecture consists of redundant pressure transmitters, 1oo2D Safety PLC and 1oo2 Shutoff Valves tested every 24 months. Note depending upon actual costs utilized, the results will vary and different SIS architectures may prove to be “best” for your project. Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
Step 4: Calculate Benefit-to-cost Ratio To calculate the Benefit-to-Cost ratio several additional pieces of information are required and typically are available as a result of completing the SIL Selection process. For this sample problem, the following data was utilized: FNo-SIS FSIS EVNo-SIS EVSIS CostSIS CostNT
= = = = = =
1 / 50 years (from SIL Selection Risk Ranking process) Calculated based upon (PFDavg x FNo-SIS) Evaluate $1,000,000 or $12,000,000 events Evaluate $1,000,000 or $12,000,000 events Varies per architecture considered Evaluate $10,000 and $150,000 events
Note: To underscore importance of costs in overall analysis, two different event costs were evaluated as well as two different cost of a nuisance trip. Table 6 – SIS Benefit-to-Cost Ratio Analysis Summary - $10,000 Nuisance Trip Cost
Cost SIS Cost NT EV No SIS (per yr) Case 2a 2b 3c 3d 4b 5a 5b 6a 6b
$11,150 $7,523 $11,078 $7,462 $11,477 $14,249 $10,630 $15,875 $12,259
$10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000 $10,000
$1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000
EV SIS $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000
FNo SIS 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000
PFDavg 1.48E-03 3.92E-03 4.09E-04 1.37E-03 2.22E-03 7.29E-04 1.95E-03 7.30E-04 1.95E-04
FSIS 0.00002960 0.00007840 0.00000818 0.00002740 0.00004440 0.00001458 0.00003900 0.00001460 0.00000390
Nuisance Trip Rate (Yrs)
Cost NT (per yr)
6.84 $ 1,462 6.94 $ 1,441 10.11 $ 989 10.24 $ 977 4.25 $ 2,353 10.63 $ 941 10.79 $ 927 10.99 $ 910 11.14 $ 898
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
B-C Ratio 1.79 2.65 0.95 1.14 0.93 0.82 0.97 0.77 0.90
Table 7 – SIS Benefit-to-Cost Ratio Analysis Summary - $150,000 Nuisance Trip Cost Cost Cost Case SIS (per NT yr) 2a 2b 3c 3d 4b 5a 5b 6a 6b
EV No SIS
$128,299 $150,000 $12,000,000 $78,966 $150,000 $12,000,000 $119,656 $150,000 $12,000,000 $70,488 $150,000 $12,000,000 $99,449 $150,000 $12,000,000 $121,950 $150,000 $12,000,000 $72,755 $150,000 $12,000,000 $123,018 $150,000 $12,000,000 $73,856 $150,000 $12,000,000
EV SIS
FNo SIS
PFDavg
$12,000,000 $12,000,000 $12,000,000 $12,000,000 $12,000,000 $12,000,000 $12,000,000 $12,000,000 $12,000,000
0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000 0.020000
1.48E-03 3.92E-03 4.09E-04 1.37E-03 2.22E-03 7.29E-04 1.95E-03 7.30E-04 1.95E-04
FSIS
Nuisance Cost NT Trip Rate (per yr) (Yrs)
0.00002960 0.00007840 0.00000818 0.00002740 0.00004440 0.00001458 0.00003900 0.00001460 0.00000390
6.84 $ 6.94 $ 10.11 $ 10.24 $ 4.25 $ 10.63 $ 10.79 $ 10.99 $ 11.14 $
21,930 21,614 14,837 14,648 35,294 14,111 13,902 13,649 13,465
As can be seen by the above Benefit-to-Cost numbers, not all architectures represent a sound financial investment.
CONCLUSION Based upon the scenarios evaluated it is readily apparent that one cannot simply stop at completing a SIL calculation to determine if the required SIL has been achieved. Fourteen (14) different SIS architectures were reviewed and of these designs only nine (9) met the required SIL requirements. Upon further review, only two SIS architectures were clearly the “best” in that they minimized cost of ownership, as well as, had a Benefit-to-Cost Ratio > 1.0. These SIS architectures were as follows: Table 8 – Final SIS Analysis Summary Case
SIS Architecture
3d
Xmtr (1oo2) Current Switch (1oo2) Valve (1oo2) Xmtr (1oo2) Safety PLC (1oo2D) Valve (1oo2)
5b
Nuisance Trip $10,000
$150,000
Event Cost $1,000,000
Lifecycle Cost $111,924
B-C Ratio
Savings
1.14
$126,206
$12,000,000
$1,091,326
1.08
$833,164
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
B-C Ratio 0.86 1.04 0.89 1.09 0.96 0.88 1.08 0.88 1.07
In summary, in today’s competitive business environment sound financial justification of a project must be performed during the Safety Instrumented System conceptual design process. This should include a Lifecycle Cost Analysis as well as a Benefit-to-Cost Ratio Analysis. Based upon the scenarios reviewed, significant savings could be realized by selecting the “best” architecture.
DISCLAIMER Although it is believed that the information in this paper is factual, no warranty or representation, expressed or implied, is made with respect to any or all of the content thereof, and no legal responsibility is assumed therefore. The examples shown are simply for illustration, and, as such, do not necessarily represent any company’s guidelines. The reader should use data, methodology, formulas, and guidelines that are appropriate for their own particular situation.
REFERENCES 1. ANSI/ISA S84.01-1996, Application of Safety Instrumented Systems for the Process Industries, The Instrumentation, Systems, and Automation Society, Research Triangle Park, NC, 1996. 2. IEC 61508, Functional Safety of Electrical/Electronic/Programmable Safety-related Systems, Part 1-7,Geneva: International Electrotechnical Commission, 1998. 3. IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Industry Sector, Parts 1-3, Geneva: International Electrotechnical Commission, 2003. 4. Dieter, G. E., Engineering Design A Materials and Processing Approach, McGraw-Hill, 1983 5. Goble, W.M., Control Systems Safety Evaluation & Reliability, 2nd Edition, ISA, 1998 6. Barringer, H. P, Life Cycle Cost and Good Practices, NPRA Maintenance Conference, 1998 7. Marszal, E & Scharpf, E, Safety Integrity Level Selection – Systematic Methods Including Layer of Projection Analysis, 2002, ISA, Research Triangle Park, NC
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org
ABBREVIATIONS AND DEFINITIONS 1oo1 1oo1D 1oo2 1oo2D 2oo3 IEC MTTFS NPV FV PFDavg PLC RRF SIF SIL SIS
1-out-of-1 1-out-of-1 D (D for extensive self-diagnostics) 1-out-of-2 1-out-of-2 D (D for extensive self-diagnostics) 2-out-of-3 International Electrotechnical Commission Mean Time To Fail Spurious Net Present Value Future Value Average Probability of Failure on Demand Programmable Logic Controller Risk Reduction Factor Safety Instrumented Function Safety Integrity Level Safety Instrumented System
Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society. Presented at ISA AUTOMATION WEST; www.isa.org