GRIF 2014 Module SIL User manual
Contents
1. SEP GRIF SIL Module E Legend Sensors _ Computation selection J Computations L default Albizia R default Moca Result to be displayed lea Gates and Events 9 J Probability Q RIA SIF1_ACTUATORS D SIF1_SOLVERS X Axis Y Axis Value to be displayed SILO w SiL C SIL4 SIL3 _ Maximum Average SIL2 The window is divided into three parts e Legends enables you to give a title to the curve s Value to be displayed used to select the values which are to be displayed or not below the curve For SIL curve probability functions of times available values are s SILO s SIL 1 s SIL2 s SIL3 s SIL 4 percentage of time spent in SIL 0 percentage of time spent in SIL 1 percentage of time spent in SIL 2 percentage of time spent in SIL 3 percentage of time spent in SIL 4 e Minimum the minimum instantaneous PFD over the period studied s Maximum the maximum instantaneous PFD over the period studied User manual 28 40 Version 31 March 2014 e Mean the average of the PFD over the period studied For average probability curves like PFDAvg available values are e Minimum the minimum value of the average PFD over the period studied e Maximum the maximum value of the average PFD over the period studied e Mean the average value of the average PFD over the perio2. PFDAvg Maximum 0 D Take Commor PFD t Moyenne 0 SILO 0 SIL1 0 SIL2 0 SIL3 0 SIL4 0 ta sub actuai TEA 9E 1 rr se Ann e s actuator and 0 sub actuator s configured ir PFDAvg PFD t Actuators Sensors Solver nt IDE 2 2 2 Description of the Menus 1 The File menu contains the standard commands used in this type of menu open close save print etc The properties name creation date created by description version can be accessed and modified by selecting User manual 5 40 Version 31 March 2014 TOTAL Document properties The Document statistics provide information on the model s complexity It is also possible to access a certain number configurable of recently modified files The icon bar just under the menus proposes shortcuts for most of the File commands File eait Tools Document E New Ctri N Open Save Save as EA Send by e mail Export into dag Export into xIsx Close Ctri O Ctri S Ctri F4 Create a report Statistics of document Document properties Fichiers r cents Ctri Q Quit 2 The Edit menu contains all the commands needed to edit the model being input graphically The icon bar just under the menus proposes shortcuts for most of the Edit commands Tools Document Data and C undo Redo Copy Ctrl C Cut Ctrl Paste Ctri
3. This chapter describes the procedure to follow before the software can be used Because an external computation engine is used certain prerequisites are necessary 1 1 Prerequisites The minimum hardware requirement is a Pentium IV or more with 512 MB memory Works under Window XP Vista and 7 1 2 Installation of TOTAL version without TOTAL s version of the GRIF software does not require an installation procedure You must unzip the GRIF 201X Module SIL zip in the directory of your choice The path of directory must not contain any special characters such as 5 La L1LC etc In the following chapters we will assume you have unzipped the file in C Programmes Total GRIF 201X Module SIL 1 3 Installation of retail version with installer and demonstration version The retail version of software is provided with a file whose name is GRIF 201X zip Unzip the file on your desktop for exemple ans launch GRIF Install Win32 exe A window will guide you through installation step If you haven t purchase GRIF please select demo at the end of inttallation In the following chapters we will assume you have install GRIF in C Programmes Total GRIF 201X 1 4 Saving Data generated by GRIF are saved in USER directory With Windows XP it is C Documents And Setting USER with Windows Vista and Windows 7 it is C Users USER The name USER is usually your name or your identification number with which you have openned your session
4. hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension the model s parameters can be edited in the Parameters tab Time of the first test TO time at which the first test of the component is carried out The modes for editing this characteristic value and unit are the same as for the duration between tests Lambda failure rate of the component h This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension User manual 13 40 Version 31 March 2014 e TOTAL LambdaD Lambda Ad A proportion of dangerous failures among the total number of failures This value can be edited manually or selected from a drop down list displaying all of the parameters with a Factor dimension s DC on line diagnostic coverage and is a rate between 0 and 100 A 0 rate means that no revealed failure can be detected This value can be edited manually or selected from a drop down list displaying all of the parameters with a Factor dimension e MTTR Mean Time To Repair in h mean time between detection of a failure and the repair of the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension Note This field
5. tab is used to configure the actuators e and the Parameters tab contains the definitions of the model s parameters NB In the following chapters all the numerical values entered can be real numbers where the decimal separator is a dot It is possible to write them as such 0 0000015 or in scientific notation 1 5E 6 4 1 Configuring the sensors The sensors of the safety loop can be configured in the Configuration of components Sensor s Part tab Each sensor can be accessed separately in the sub tabs 1 1 1 2 etc The first number before the dot is the channel number the second after the dot is the position in the channel Results Configuration of architecture Configuration of components Report Parameters Sensor s Part Solver Part Actuator s Part Channel 1 1 1 1 2 E Existing component SIF1_S1 2 Identification Tag Name SIF1_S1 1 5 Instrument type Flow transmitter E Identical to 1 2 T Determined character of the component Component Non type A B TypeB Type A Test Test type When unit is stopped lt Duration between tests T1 6 Year s Time of the first test TO 6 Year s sl Instrument parameters Lambda A 1 5E 6 ht LambdaD Lambda Ad A 25 v DC 70 vy MTTR 96 Hour s Switch time 8 v Hour s lt Test leads to failure y 0 probability Advanced configuration In the following
6. 1 instantaneous PFD e 10 10 PFH instantan e e 10 10 SIL 2 instantaneous PFD e 10 10 instantaneous PFH 107 10 SIL 3 instantaneous PFD e 10 10 instantaneous PFH 10 10 7 SIL 4 instantaneous PFD e 0 10 instantaneous PFH 0 10 e SIS Safety Instrumented System Instrumented system used to carry out one or several safety functions An SIS is made up of sensors a logical processing system and actuators e System set of elements which interact according to a specific model an element which may be another system called a sub system The sub systems can themselves be either a command system or a controlled system made up of hardware software and interacting with man s S PLC Safety Programmable Logic Controller Test duration x Pi period of time necessary for testing the component Test efficiency rate o Sigma cover or efficiency rate of the test The value ranges from O the test never detects anything to 1 the test always detects the failure Test leads to failurey Gamma probability 0 1 that the test will cause the hardware to fail 0 means no test causes any failure 1 mean every test causes failures e Test when unit is stopped means that the component is tested when the unit is stopped The test does not harm the safety function as the unit is no longer working e Test when unit is working means that the component is tested when the unit is w
7. The reference solver can be selected in a list This options is only available when you have many SIF The solver is configured using the following parameters e Tag solver s instrument tag on PID e g 10 ESD 06 e Solver type type of solver used It is selected from a drop down menu e Configuration type specifies the solver s configuration type Two types of configuration can be selected from the drop down menu e Simple the solver is modelled by a constant law e Advanced the solver is modelled by a full periodic test law The parameters of the solver are described under Instrument parameters They depend on the type of configuration which has been selected In the case of a simple configuration the parameters are as follows s PFD of solver probability that the solver will not work when triggered This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension s SIL computed from PFD automatically displays the solver s SIL computed based on the solver s PFD s PFH of solver the PFH of the solver given by manufacturer or by experience feedbacks s SIL computed from PFH automatically displays the solver s SIL computed based on the solver s PFH User manual 15 40 Version 31 March 2014 In the case of an advanced configuration the parameters are as follows Test Duration between tests T1 6 v Years Time of the first test T0
8. To create or modify data parameters variables etc tables are available in the Data and Computations menu and in tabs at the right of the view All the GRIF 2014 data tables operate in the same manner ramete n fms Y B X Domain Namea Value Bool CondToStart false Float Lambda 4 0E 6 Float Mu 0 0114 Name Location The data editing table panel is divided into 3 parts s The top part containing the buttons e The main part containing the data table User manual 36 40 Version 31 March 2014 s The bottom part indicating what the selected data is used for Hl Saves the table in a text file E Opens the table in a text editor that defined in the Options ba HE Opens the column manager x When the display selection button is pressed a click in the table leads to the selection in the input area Ge Displays the data filtering part Multiple modifications made to all the selected data ur Creates new data Kaana Duplicate the selected data ask a new name x Deletes the selected data one or many Enables data filtering or not Filtrer S Defines the filter to be applied to the data Filtering allows you to display only what is necessary in a table Several filtering criteria can be combined as shown below Creation of data filter x Associate tests with A
9. Year s v Instrument parameters Lambda A 1 5E 6 vin LambdaD Lambda Ad A 25 v DC 0 v MTTR N A Test leads to failure y 10 probability Advanced configuration User manual 17 40 Version 31 March 2014 e TOTAL In the following paragraph the actuator main or sub will be called the component The component may be already used defined somewhere else in the system In this case we speak about existing component For example when a component is in 2 chanels The existing component can be selected in a list It can be a component of the current SIF of one of another SIF This options is only available when you have many components of the same type If the component is not already used defined it must be defines The following parameters can be configured Tag component s instrument tag on PID e g 10 PT 2034 for a sensor or 10 UV 2034 for an actuator Instrument type type of instrument used It is selected from a drop down menu Identical to used to specify whether the component is identical to another component of the same type i e a sensor when editing a sensor another main actuator when editing a main actuator or another sub actuator when editing a sub actuator It is different from Existing component Here the component is not exactly the selected one they are physically distinct but they have same parameters This functionality can only be accessed when
10. d L Normal _ At thresh Invalid __ gt B A lt 1 x eee A gt B d E A an gt B Normal Atthresh Invalid H gt lt 3 3 Configuration of channels of a part You can select a MooN M ou of N configuration in this case the system needs M working sub systems out of N to be available for its safety function You can also choose a specific configuration For example if you need to configure 3 channels as follows channell OR channel2 AND channel3 select the manual button and type 1 2 amp 3 in the text field In formula each channel is remplaced by its number For logical OR use pipe I character For AND use amp Operators have different priority you must use parenthesis 3 4 Take Common Cause Failures into account You can use Common Cause Failures CCF at different levels of architecture For each level you can specify a beta factor For expert users you can display the DDC period configuration with Tools it let you specify a period in hour for DCC test This period is automatically calculated Uncheck the period checkbox if and only if you really know what you do User manual 11 40 Version 31 March 2014 4 Configuration of components The aim is to specify values for each element of the SIF being studied Do this with the tabs of configuration window e The Sensor s tab is used to configure the sensors e the Solver tab is used to configure the solver e the Actuator s
11. detected failure leading to trip can be modified by users The reconfigurations in A M configuration are the following 1003 gt 1002 gt lool 2003 gt 1002 gt lool 3003 gt 2002 gt lool MooN gt Moo N 1 gt Moo N 2 etc while N i gt M then M and N are decreased of 1 until 2003 configuration NooN gt N 1 oo N 1 etc until lool Example 4008 gt 4007 gt 4006 gt 4005 gt 3004 gt 2003 Following chapters detail S and A configuration for 1002 and 2003 3 2 1 1002S and 1002A Sensor in 1002A configuration Normal The safety function is inactive ripped The safety function ts active BA T Normal Atthreshold Invalid LIT Noma ENT Tripped Tripped Tripped Tripped Tripped Sensor in 1002S configuration Normal The safety function is inactive nd Mipped The safety function is active BIA J Normal _ Atthreshold raia Nomai Normal E ipped Trpped User manual 9 40 Version 31 March 2014 3 2 2 2003S Sensors in 20025 configuration Sensors Normal The safety function is inactive mepa The safety function is active Tnpped Tripped Tripped Tripped Tripped Tripped Tripped Tnpped Tripped Tripped Tripped At thresh Invalid User manual 10 40 Version 31 March 2014 Q TOTAL 3 2 3 2003A Sensors in 2003A configuration Sensors Normal The safety function is inactive Ta The safety function is active x lt o 1 b A 3 E y
12. eed nn Deus EEEE ON EN vie decayed ened winnie etes 32 8 4 PDE reports 23 cescesswescncesves are loan adenesnssaeesselbducaninnsncowepeinasvatiowsSaseins t dws eee nine mnt ete pleines 32 8 5 Mirosoft Excel XLSX file format export ss 33 PIE EET D sesssscesiedienesedessecusssesessedcusessbsciseucecavsscsesstenesddasscosesdiusesscsetscedessssasocavecsssccubensosaedsesscceese 34 9 ls Format TTT 34 9 2 Definition and explanation of the acronyms and parameters sese ee ee ee ee eee eee 34 10 APP NAIX 2535 sites esescsc esis vessesscedussesdecedeceecsussssosedsacesucsosssesesidessstsbcisecceSeessusscasesecossssestves 36 10 1 Configuration of Lambda computation method for CCF sees ee eee ee 36 10 2 Data Editing KT Seoes ec dbvettacdiveutdeccaes tccdtvan five tentant tre rent edi in eete etre detente 36 10 2 1 Description of the Tables ss 36 10 2 2 Tableaccessibility 2eme asset oen E Ea eteneveabesval cu ON anne eee enol detente sente dies 38 10 3 Options of GRIF SIL sise 38 User manual 2 40 Version 31 March 2014 10 3 1 10 3 2 10 3 3 10 3 4 10 3 5 10 3 6 10 3 7 User manual Executa Lo ET EEE EE EE REE EPEn 39 DADAS Eeee e a E E E E bee E enr ne 39 LAD o ten ea e e E E E E A EA 39 CO TL NT aT E E E E 39 GTAPRICS ni ssh eT EEE E EOE aa EE E E T EEEE EEEE R HEAT EEE EEIT R 40 STET 40 CULV S esse teensy aSsacansecbivend dre de E EE E T demon siens 40 3 40 Version 31 March 2014 1 Prerequisites and Installation
13. on computer GRIF Module SIL saves its files in USER GRIF SIL Application 1 5 Launching The software is now ready for use To launch the SIL module double click on ZIS bat qui is in directory where GRIF bas been installed In retail version you can also use the Start menu Sofwares GRIF 201X User manual 4 40 Version 31 March 2014 2 Presentation 2 1 Introduction This module of GRIF is used for PFD computations We will focus on the processing of Safety Instrumented Functions SIF on continuous process installations safeties functioning in on demand mode The computations carried out are safety computations the top event is a non detected dangerous failure of the SIS safety function The definitions and parameters used in this document are explained in the glossary cf Section 9 Glossary 2 2 Presentation of the graphical user interface 2 2 1 Main window of the SIL module The main window is divided into several parts s Title bar The title bar shows the names of the module and file being edited s Menu bar The menu bar gives access to all the application s functions e Icon bar shortcuts The shortcut bar is an icon bar horizontal which gives faster access to the most common functions The Operating duration area lets you specify the operating duration in years and launch computation s Tool bar The tool bar vertical allows you to select the elements for modeling By default this tool bar is not
14. operators and repairs procedures are infallible powering up the new motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension 4 3 Configuring the actuators The actuators of the safety loop can be configured in the Configuration of componentsActuator s Parts tab The actuators can be classified as follows e Main actuators they have 0 1 or 2 sub actuators e Sub actuators they are set up in series with their respective actuators The sub actuators of a same main actuator are set up in series 2002 or parallel 1002 Each main actuator can be accessed separately in the sub tabs A1 1 A1 2 and each sub actuator in the sub tabs Al la A1 1b 4 Configuration of architecture Configuration of components Report Parameters Sensor s Part Solver Part Actuator s Part Channel 1 Actuator 1 Actuator 2 A1 1 Existing component Identification Tag Name SIF2_A1 1 Instrument type Solenoid valve de energize to trip k C Identical to b Determined character of the component Component Non type A B Type B Type A Test Test type When unit is stopped v Duration between tests T1 6 vw Year s v Time of the first test TO 6 v
15. that the value is to be equal to lambda A a Test duration 7 Pi period of time necessary for testing the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension Note This field is editable only if Test type is equal to Test when unit is working Test efficiency rate o Sigma cover or efficiency rate of the test The value ranges from 0 the test never detects anything to 1 the test always detects the failure This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after testsol Omegal probability 0 1 of wrong re setup of the equipment after the test It is the probability that the component will not be able to carry out its safety mission after being tested by the operator It can be left at 0 if you consider that the operators and test procedures are infallible no omission of a by passed sensor powering up the motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after repairso2 Omega probability 0 1 of wrong re setup of the equipment after the repairs It is the probability that the component will not be able to carry out its safety mission after being repaire
16. the SIF comprises several components of the same type If the checkbox is checked only the Tag and Instrument type characteristics of the component can be edited the others are identical to the reference component Copy another component s parameters enables you to copy the parameters of another component of the same type This functionality can only be accessed when the SIF comprises several components of the same type Only the characteristics Tag and Identical to are not copied The components available are the same as those displayed for the functionality Identical to Modify the default parameters of the application enables you to manage the default parameters of the application and the document model system Four actions can be chosen from the drop down menu displayed with a left click on the button Save as default model Save as default model saves the component s characteristics in the default model Re intialyse to default values Z Re nitialyse to defauit values copies into the component the characteristics stored in the default model Save in a model file Save in a model file saves the component s characteristics in a model file whose location must be specified This file can be reused or sent to another person Use a model Use a model copies into the component the characteristics stored in a model whose location must be specified Determined character of the component enables y
17. these 3 types Non type A B Type A or Type B Duration between tests T1 period of time between two proof tests of the component E E PE electrical electronic programmable electronic Technology based on electricity E and or electronics E and or programmable electronics EP NB This term designates all devices which work according to electrical principles Efficiency of partial stroking tests Proportion of detected failure proportion of hidden failures detected during partial stroking tests 0 100 0 means no failure is detected 100 means every failure is detected Failure a functional unit ceases to accomplish its required function Lambda failure rate of the component h Lambda during test failure rate of the component during the tes h The test conditions may cause extra stress and increase the lambda Lambda D A d dangerous failures Failure with the potential to put the safety system into a dangerous state or make it unable to carry out its function MDT in h indicates the mean time between the occurrence of a failure and the re start of the system Mean Down Time It is the average downtime MTTF in h indicates the mean time between the start up of the system and the occurrence of the first failure Mean Time To Failure It is the average time of operation before the first failure occurs A 1 MTTF for a component MTTR Mean Time To Repair in h mean time between dete
18. to be tested and the installation has not been stopped Remark it is also possible to specify that the component will undergo no periodic test Duration between tests T1 period of time between two proof tests of the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension the model s parameters can be edited in the Parameters tab User manual 18 40 Version 31 March 2014 TOTAL s Time of the first test T0 time at which the first test of the component is carried out The modes for editing this characteristic value and unit are the same as for the duration between tests Lambda failure rate of the component h This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension LambdaD Lambda Ad A proportion of dangerous failures among the total number of failures This value can be edited manually or selected from a drop down list displaying all of the parameters with a Factor dimension s DC on line diagnostic coverage and is a rate between 0 and 100 A 0 rate means that no revealed failure can be detected This value can be edited manually or selected from a drop down list displaying all of the parameters with a Factor dimension e MTTR Mean Time To Repair in h mean time between detection
19. 2 TOTAL GRIF 2014 Module SIL User manual Version 31 March 2014 Copyright 2014 Total Table of Contents 1 Prerequisites and Installation cccccssscssscccsescessssccesccceescesssccsesceseesescscessesseesccesesseseesesenees 4 1 15 K e UT 4 1 2 Installation of TOTAL version without sise 4 1 3 Installation of retail version with installer and demonstration Version 4 IE SAVING 5e nl too ne nets Men esdubtine nbgunedenales bores bed duel nes seamed ede tite 4 TO mbes EEE ENE EEEO AREE E REE EREE AA EERO ES 4 Z Presentation T 5 2 Ve LUN GLS LATE NON eienaar a a a a a n a a ea 5 2 2 Presentation of the graphical user interface eee 5 2 2 1 Main window of the SIL module sese 5 2 2 2 Description of the Menus session dunes EE EE TE eceebustsver ccs evea need ec dense den tentes 5 2 23s Vertical toolbar semanrea esner e e eE a E E ESES 7 3 Configuration of architecture scsccccsssscccssscessccccesceessseeescccsesseesssssesccesessescscesescessessseecese 8 3 1 Architecture definition a saz OE2 0094748 ST rH 2 e ead TERRE Ze ERAT 8 3 2 Voting for components of a chanel sise 9 3 2 1 1002S gt and LOOZA eriei semis ctvawasl andi EREE EEEn S EA EEEa D ERE EE EEE 9 E 10 S DOOD A necueuanenaienwarosee onccsneuaae E E 11 3 3 Configuration of channels of a part see 11 3 4 Take Common Cause Failures into account ss 11 4 Configuration of components sss ss
20. 6 v lYears v Instrument parameters Lambda A 5E 4 vin MTTR 96 L Hours SA Test leads to failure y 0 probability Advanced configuration s Duration between tests T1 period of time between two proof tests of the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension the model s parameters can be edited in the Parameters tab s Time of the first test TO time at which the first test of the component is carried out The modes for editing this characteristic value and unit are the same as for the duration between tests Lambda failure rate of the component h This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension s MTTR Mean Time To Repair in h mean time between detection of a failure and the repair of the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension Test leads to failurey Gamma probability 0 1 that the test will cause the hardware to fail 0 means no test causes any failure 1 mean every test causes failures This value ca
21. March 2014 TOTAL 8 5 Mirosoft Excel XLSX file format export You can also export to XLSX format thanks to File menu The file is made of two tabs the first one for SIF description and results the second one for configuration of components User manual 33 40 Version 31 March 2014 9 Glossary 9 1 Format All values can be entered in two different ways Normal notation the decimal separator is the dot e g 0 0000015 Scientific notation the decimal separator is the dot e g 1 5E 6 which corresponds to 0 0000015 9 2 Definition and explanation of the acronyms and parameters Beta P proportion of common cause failures in CCF or DCC Common Cause Failure When several identical elements are put in a system there is always a probability that they will fail at the same time from a common cause design problem external phenomena for example This is called a common cause failure Component available during test X specifies whether the component is able to carry out its safety mission during the test if the checkbox is checked DC on line diagnostic coverage and is a rate between 0 and 100 A 0 rate means that no revealed failure can be detected Detected applies to the equipment and means detected by diagnostic tests periodic tests or human intervention e g physical inspection and manual tests or during normal operation DCS Distributed Control System Determinate A component can be one of
22. ND OR Add a criteria 3 Value w greater than gt h 0 T Name x contains v lt B Select AND or OR to choose the type of association between each line filter criterion A line is a Boolean expression divided into 3 parts 1 the first is the column on which the filter is used 2 the second is the comparator 3 the third is the value to which the data will be compared If the Boolean expression is true the data will be kept displayed otherwise the data will be masked When the filter is enabled its value is displayed between lt and gt The data in a column can be sorted by double clicking the header of this column The first double click will sort the data in ascending order small triangle pointing upwards The second double click on the same header will sort the column in descending order small triangle pointing downwards A table can contain many columns some columns may be unnecessary in certain cases The linked to database column is unnecessary when no database is available It is thus possible to choose the columns to be displayed and their order To do this click right on a table header or click the Columns Manager button the following window opens User manual 37 40 Version 31 March 2014 Columns manager B Select columns that have to be displayed and their order Name Value Linked ta t L Dimension mrn Last database Desacti
23. V Paste and renumber Ctl R Remove Supprime Select all Properties Alt Entr e 3 The Tools menu contains all the commands needed to manage the current model page management alignments options etc The icon bar just under the menus proposes shortcuts for most of the Tools commands Tools Document Data and Computations 1 New page RA New safety loop Page manager Move to page amp Refresh F5 Zoom Charts model gt Display state bar Display bar of opened documents Display graphical tools bar Document options Application options Connect to a CSV file 4 The Document menu gives access to all the documents being created or modified User manual 6 40 Version 31 March 2014 TOTAL 5 The Data and Computations menu is divided into two parts data management creation and management of the different parameters and configuration computation launch computation time desired computation etc Data and Computations Edit Parameters TO T1 Edit test periods L Configure the test periods of CCF Computation method for lambda of CCF Database gt Jo Start PFD computation ALE rH Start PFH computation Alt D The action Edit of test periods also available in the toolbar allows to globally modify the components tests periods The action Configure the test periods of CCF allows you to manually configure the test periods of CCF New fields are availabl
24. abs User manual 38 40 Version 31 March 2014 10 3 1 Executables Executables tab enables to specify path to external executables s Editor path Specifies text editor path e Mail client Enable you to set the mail client to use e Automatically open PDF files Specifies if PDF reports must be opened with generation Style sheet from XML to DocBook Style sheet allowing converting from XML report to docbook file Style sheet from XML to HTML Style sheet allowing converting from XML report to HTML file Style sheet from DocBook to PDF Style sheet allowing converting from docbook file to PDF file e Moca RPC path Specifies Moca version 12 path e Javaw path Path of javaw exe executable 10 3 2 Database Database tab enables to configure database connection s Use DataBase connection for parameters Select if database must be use e Name Database name will be put into parameter during its update It enables to know from which database parameter has been lastly updated e JDBC Driver Enter name of JDBC driver to be used sun jdbc odbc JdbcOdbcDriver oracle jdbc driver OracleDriver e Connection to database Database Url e Connection options Connection properties s Login Login to be used to connect to database e Password Password to be used to connect to database s SQL Request Request that have to be executed to retrieve data from database s Name of ID field Name of field containing da
25. am_5 0 028 _ l Rate Param_6 3672 0 Time E Each parameter is defined by the following Name the parameter s name unique Value the parameter s value consistent with its dimension Linked to the identifier of the database to which the parameter is linked User manual 20 40 Version 31 March 2014 e TOTAL e Dimension the parameter s dimension It is selected from a drop down menu Boolean factor probability rate time other e Last database last database used to update the parameter The parameters can then be used to fill in the characteristics of the safety loop s components This table can be accessed using the tabs situated on the right but can also be opened in another window via the menu Data and Computations Edit parameters User manual 21 40 Version 31 March 2014 5 Computes 5 1 Launch PFD PFH computation When all of the components have been configured computations can be started PFD Computations are launched via the menu Data and Computations Launch PFD computations or by clicking on the icon PFH Computations are launched via the menu Data and Computations Launch PFH computations or by clicking on the icon NB if many SIF has been created computation is done on each SIF The chart which contained no information has now been updated Edit Tools Document Data and Computations Normal lIaluls s Operating dur
26. ation years 50 0 So Su Toma Configuration of components Report Parameters Configuration of architecture Sensors architecture LE Number of channels a FA configured in Take Common Cause Failures into account Beta inter channels Number of sensors 2 configured in 1002 v s r C Take Common Cause Failures into account Beta sensors Actuators architecture PTE Number of channels 1 configured in 1001 L Take Common Cause Failures into account Beta inter channels Channel 1 Number of actuators 2 configured in 1002 v r LJ Take Common Cause Failures into account Beta actuators Beta sub actuators 0 25 5 75 10 125 15 175 D 25 B 275 A Year s Actuator1 Actuator 2 PFDAvg Maximum 6 94E 4 z PFD t Average 6 94E 4 SILO 0 SIL1 0 SIL2 6 84 SIL3 93 16 SIL4 0 1 actuator and 1 v sub actuator s configured in PFDAvg PFD t Actuators Sensors Solver C Take Common Cause Failures into account el Beta sub actuators L SUT 1 L IDE Reminder The combination Control Scroll whee
27. copy the parameters of another component of the same type This functionality can only be accessed when the SIF comprises several components of the same type Only the characteristics Tag and Identical to are not copied The components available are the same as those displayed for the functionality Identical to Modify the default parameters of the application enables you to manage the default parameters of the application and the document model system Four actions can be chosen from the drop down menu displayed with a left click on the button Save as default model Save as defautt model saves the component s characteristics in the default model Re intialyse to default values Z Re nitialyse to default values copies into the component the characteristics stored in the default model Save in a model file Save in a modet file saves the component s characteristics in a model file whose location must be specified This file can be reused or sent to another person Use a model 2 Use a model copies into the component the characteristics stored in a model whose location must be specified Determined character of the component enables you to specify the component s determined character The component is characterised by one of the three characters available e Non type A B indicates that the component is operating in negative safety mode energise to trip and without self diagnostic system Corresponds to th
28. ction of a failure and the repair of the component Non detected Undetected applies to the equipment and means non detected by diagnostic tests periodic tests or human intervention e g physical inspection and manual tests or during normal operation Number of tests number of partial stroking tests carried out between two full tests Operating duration Years means the foreseen operating industrial duration of the Safety Instrumented Function SIF installed on its process unit PFD Probability of Failure on Demand Cf Norm IEC61508 Can be defined as Unavailability PFH Probability of Failure per Hour Cf Norm IEC61508 Can be defined as Unconditionnal Failure Intensity Redundancy implementation in parallel of elements which have the same safety function so that the sub system is more available Repair rate u Mu repair rate in whose symbol is u This value is equal to 1 MTTR for a repair time of 48h Mu 1 48 2 08E 2 User manual 34 40 Version 31 March 2014 e TOTAL s R R F Risk Reduction Factor of the SIF e Safety function function to be carried out by an E E EP safety system by a safety system based on another technology or by an external risk reduction device designed to ensure or maintain the controlled system in a safe state with regard to a specific dangerous event e SIF Safety Instrumented Function SIL 0 instantaneous PFD 10 1 instantaneous PFH 10 infinity SIL
29. d or changed by the operator It can be left at O if you consider that the operators and repairs procedures are infallible powering up the new motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension With partial stroking test if checked specifies whether the component takes partial stroking tests into account as for example the partial stroke testing of a valve gate Efficiency of partial stroking tests Proportion of detected failure proportion of hidden failures detected during partial stroking tests 0 100 0 means no failure is detected 100 means every failure is detected The value of the efficiency can be edited manually or selected from a drop down list displaying all the parameters with a Factor dimension This characteristic is accessible only if the component takes partial stroking tests into account Number of tests number of partial stroking tests carried out between two full tests NB Sub actuators do not take partial stroking tests into account There is therefore no Partial stroking test section in the sub actuator configuration tab 4 4 Editing the parameters The parameters table contains all of the model s parameters Parameters D T KS ix amp Name Value Linkedto Dimension Last datab Param_1 true Boolean Param_2 12 0 Factor Param_3 9 4 Other Param_4 0 0010 Probability Par
30. d studied which is NOT the PFDAvg When the values are entered just click on OK to close the windows User manual 29 40 Version 31 March 2014 8 Generating reports 8 1 Description The PDF reports can be configured in the tab Report and its sub tab Description Configuration of architecture Configuration of components Report Parameters Description Result SIL SIF Identifier SIF1 Revision Date Produced by Checked by Validated by Location Units SIF Function SIF Description PID Data source Comments When report is generate the following fields are exported SIF Identifier identifier of the SIF or report e Revision revision index of the report e Date date on which the report was issued Produced by name of the author of the report Checked by name of the checker of the report Validated by name of the person who validated the report e Localization specify the refinery the platform the plant e Units specify the units the sectors the workshops the project s SIF Function function of the SIF top event s Description of the SIF description of the SIF s PID number of the PID e Data source source of the data used in the computations e g TOTAL EXIDA OREDA etc e Comments comments You can save fields of SIF in a model in order to use it for
31. displayed In order to make it visible check the box Display graphical tools bar in Tools s Input zone A maximum amount of space has been left for the graphical input zone for creating the model When module is launched this zone contains a picture representing the architecture as well as an empty chart as no computations have yet been carried out e Tree Graphical tree is between input zone and tool bar It enables to walk through pages and groups of the document It is not displayed bt default e Configuration window On the right of input zone a window that contains Configuration of architecture Configuration of components Report and Parameters enables you to configure the system Ba GRIF Module SIL Sif5 sil File Edit Tools Document Data and Computations 7 iros lBlalalo operaning duration year Boo lel Be Eu To 4 Configuration of components Report Parameters K Configuration of architecture li Sensors architecture lt Number of channels 1 configured in 1001 Take Common Cause Failures ir unt Channel 1 Number of sensors Fr configured in 1001 BE OTa omme ause Failures into account SF1 PFD Actuators architecture Number of channels 1 contiguredin 1001 C Tak t siLo Channel 1 Number of actuators 1 v configured in 1001 4 7ARRA mM HW mM DRAC L Actuator1
32. e NS type Non safety component of versions previous to 2013 s Type B indicates that the component is operating in positive safety mode fail safe or equipped with a self diagnostic system Corresponds to the S type Standard component of versions previous to 2013 s Type A indicates that the component is operating in positive safety mode fail safe and proven in use or certified and equipped with a self diagnostic system or implementation of several proof test and access protected safeguarding the settings of the internal configuration parameters Corresponds to the F type Field proven component of versions previous to 2013 Test type enables you to specify the type of test used for the component Two types of test can be selected from the drop down menu e Test when unit is stopped means that the component is tested when the unit is stopped The test does not harm the safety function as the unit is no longer working e Test when unit is working means that the component is tested when the unit is working The component is no longer available to carry out its function and this affects the safety function This can be used when a sensor has been by passed to be tested and the installation has not been stopped Remark it is also possible to specify that the component will undergo no periodic test Duration between tests T1 period of time between two proof tests of the component The time unit is selected from a drop down list
33. e l apport de charge HC SIF1_S1 1 SIF1_S1 2 SIF1_S1 3 hanna 2 Contguciton 1002 SIF1_SOLVER SIF1_A1 1 SIF1_A1 1a SIF1_A1 2 SIF1_A1 2a SIF1_A2 1 SIF1_A2 1a SIF1_A2 2 Gare pe SIF1_A2 2a 654321 E s A R s eu ne Onen urin aeae owen amar TOTAL Inteme Y Gage Actuator 1 1 sub attuators Configuration 1001 Channel 1 Connguraton 1002 Actuator 2 1 ar Configuraton 1001 Other Partial stroking parameters test ns fm Idena o me 31 1 component parameters ena ae me 511 component parameters e aaas T smc T E e G ot E LE a SE R sere L rA MES E Omega 001 PSE iii Sa SF Ata 10 Lamia eon irie eza SMS eesneee Identical to me A1 1 component parameters E IE onna E aod ERE RE on E s Lans e E NEE DE its i DRAM es ER d sn S L Tn s vme C a amer ura Es C S L Ean Omega 0 01 E vave C sF a22 kea Page actes to me A2 1 component parameters G srs E E E S om C ue C Tn Ganmand PFD Avg 3506 6 2800733 50084 200000 S1064 1962 13 1 0463 050 95 a ES a rE ee ae a ee 3 HSE A OPER ee S Page 2ot2 User manual 32 40 Version 31
34. e on the Configuration of architecture panel The Computation method for lambda of CCF is explained in the chapter Section 10 1 Configuration of Lambda computation method for CCF 6 Finally the Help menu accesses the on line Help the Help topics and to About 2 2 3 Vertical toolbar Each operating safety model has its own icons All the graphical symbols for the event trees are shown on the vertical icon bar on the left of the data input screen This toolbar is not visible by default it can be displayed with the Outils menu ENHA The vertical toolbar contains the following items e Select selects the desired elements e Group to create a new group A group is a sub page which can contains graphics elements e Comment to add text directly to the graphic e Charts to draw charts representing computations on the model e Line to draw lines or arrows User manual 7 40 Version 31 March 2014 3 Configuration of architecture The Configuration of architecture tab enables to define architecture Each modification made on the tab is visible on picture of architecture l Configuration of architecture I Configuration of components I Report T Parameters Sensors architecture Number of chanels 1 v Configuration of chanels 1001 x C Take count Beta inter chanels Ic Automatic period Chanel 1 Number of sensors 1 w Configuration of senso
35. esse sss sese sese sese esse senenn ennenen nenen nenen nenes 12 4 1 Configuring the SENSOMS issus Rd demie nel eO gE KR o TROER YRO 297 12 4 2 Configuring the solver 25580 nmeeenemuen aise VEN EEEE En EE ASEEN ESEE NETE EEGEN ESE E 15 4 3 Configuring th actuators aa 2 scr eg OKT a 2 4029 erue EEEE TENE a EEEE ends LEDET ERTE RET EENE E AHC EENES 17 4 4 Editing the parameters 554 sehe nb ssteleeanen titi schons tan lens Enee a ERER Ee EEES 20 5 COMPUTES ss veccvessccccecsccvcceusescenseescccvesenssvecsaesswescesscescvesesddsvesensootessesdsessecssedssessdessoscsaedaasesseoanesss 22 Sol Launch PFD PFH COMPUTATION sis2s5 cesecanesevestueesvtrvenslssw rsdn ssnweriwss en aei EEO E TEE ENSA 22 6 Multi 100p SYSTEMS sesseusssessscsevsosecccesouscscesaseccosseasscessou eden sseessesscusacsccsecessectocesssscsdesssevedevsosssaesses 24 6 1 DT LE LE wenn dSsvxteay ected ones tuwensendia cae de de EE E deanna caren beatainea EEEE EEEE EESE E EE ENERE 24 6 2 T S AAE A E E E E E E T 24 6 3 COMPUtA Te 25 64 Reports and P TT 26 6 3 PDF report and MS Excel report usines nissan diese Rien REEE ENEE EEEE eE 26 Te Charts T 27 Fale Charts Edit Window TTT 27 Pad Editing THE CUNVES spede eas eaescaten suck araa spetee sec enes den unes dunes terne E E E 28 8 Generating Feports oiseiiccisssiccceesceltesesciscdeesslosscnceidacvasess decssetsadeaselesdcassiecdedesssteanssdesssssstsssaussccees 30 81s Desc Apol RS es 30 8 2 RES TT 31 8 32 SPUFIOUS r 26 en
36. heckbox is checked s Safe failure repairs don t impact safety function It means if checked that repairs of safe failure haven t any impact on the safety function Note This field is editable only if LambdaD Lambda lt 100 Lambda during test A failure rate of the component during the tes h The test conditions may cause extra stress and increase the lambda This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension It is possible to indicate that the value is to be equal to lambda A a Test duration 7 Pi period of time necessary for testing the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension Note This field is editable only if Test type is equal to Test when unit is working Test efficiency rate o Sigma cover or efficiency rate of the test The value ranges from 0 the test never detects anything to 1 the test always detects the failure This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after testsol Omegal probability 0 1 of wrong re setup of the equipment after the test It is the probability that the component will not be able to carry out its safety mission after being tested b
37. ion des canaux e Number of actuators in each channel and the configuration of these components in the channel e For each actuator the number of sub actuators 0 1 or 2 and the configuration of these sub actuators s Taking Common Cause failure into account for all actuators cf Configuration des DCC s Taking Common Cause failure into account for actuators and sub actuator of the channel e Taking Common Cause failure into account for sub actuators of the actuator User manual 8 40 Version 31 March 2014 TOTAL 3 2 Voting for components of a chanel Usually for each chanel a MooN voting means that you need M components at threshold detecting problem to trip put the system under control in a safe mode For sensors the SIL module distinguish MooNS Safety and MooNA Availability voting Vote with A type architecture the invalidity of the sensor triggers no action other than an alarm availability The solver logic is modified excluding sensors with detected failure In this case we define a number X of detected failure from which the channel trips This number X is fixed by default for TOTAL but can be modified in M configuration e 3 si plus de 3 composants e 391 3 composants e 2si2 composants e 1 si 1 composant Vote with S type architecture the invalidity of the sensor triggers the safety system Safe Vote with M type architecture It is exactly the same definition as type A But X the number of
38. ion of the system as 1 amp 2 3 with 1 2 et 3 corresponding to the loops which ID is 1 2 and 3 The Loops of the system part enables adding removing modifying of loops that are in the system 6 3 Computations System PFD PFH computations are made as for SIF PFD PFH computations Section 5 1 Launch PFD PFH computation User manual 25 40 Version 31 March 2014 Q TOTAL 6 4 Reports and results Results are available with a right clic on the system and then select Computation results in the menu C1 Multi loops systems CI My_Sys iol Jk Refresh SIF a SIFF x 1 Properties The following window is displayed The Description part sum system configuration up The For the system part is used to specify the target values s Requiered SIL value of the SIL that is requiered for the system s Requiered RRF value of the RRF that is requiered for the system The Computation part displays computed values e Operating duration the operating duration used for the computation e PFD or PFH The computed PFDAvg or PFH s Computed SIL SIL computed from PFD or PFH architectural constraints are not taken into account s Computed RRF RRF computed from PFD or PFH The Results part displayed achieved targets e Achieved SIL Identical to computed SIL s Conclusion of SIL for the system conclusion compliant or not compliant e Remark Remark generated by sofware e Co
39. is editable only if DC is not 0 or if Test type is equal to Test when unit is working e Switch time parameter is the period of time during which the component causing the failure is disconnected from the system and replaced by a component in working order This time is necessarily lower than the MMTR Note This field is editable only if LambdaD Lambda is not 1 Test leads to failurey Gamma probability 0 1 that the test will cause the hardware to fail 0 means no test causes any failure 1 mean every test causes failures This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Note This field is editable only if DC is not 0 or if Test type is not Not tested The advanced parameters of a sensor can be specified by left clicking on the Advanced configuration button La Edit advanced configuration Advanced test parameters C Component available during test X Lambda during test A 0 M lt C Equal to Lambda Test duration 1 3 Hour s v Test efficiency rate 0 K L probability Wrong re setup after test w1 10 00 probability Wrong re setup after repairs w2 0 01 probability OK Cancel Help The advanced parameters of the sensor are as follows e Component available during test X specifies whether the component is able to carry out its safety mission during the test if the c
40. is not necessary It s the same thing for safe failure of actuators which trigger the safety function That is why the MooN configuration whith M gt 1 are used the triggering will not be made at the first safe failure The SIL module computes the number of expected spurious trips on a given architecture Spurious trip tab displays computation results of spurious trips The export of spurious trip computation results in reports is optional Make sure that the Spurious trip in reports option is selected in Application Options Options 8 4 PDF reports When all the computations have been carried out a report can be generated The language of the report English or French can be selected the PDF report is generated from the menu File Create a report PDF report en report written in English or from the menu File Create a report PDF report fr report written in French In all two cases you must select the location where the PDF file is to be stored and click on save When the report is generated it is opened with the programme associated with the PDF format generally Acrobat Reader PDF report RES Affichage Fen tre Aide aR D L LRU 12 748 7 e Outils Commentaire sna Configuration of components SIF Identifier SIF12345 3070572012 Sensors Location Project Raffinerie TOTAL contest Process Units HDS SIF function Protection surpression r acteur C127 SIF description Arr t d
41. l enables you to enlarge zoom in or reduce the window The x axis represents the time in hours and the y axis represents the probability of failure of the SIF when triggered also called PFD The chart ranges from 0 to 30 years by default but it is possible to modify this value as explained in the chapter on curves There are 5 curves in the chart s PFD t or PFH t the instantaneous value of the system s PFD PFH s PFD Avg or PFH the average value of the system s PFD PFH e Actuators the instantaneous value of the PFD PFH of the actuator part of the system s Sensors the instantaneous value of the PFD PFH of the sensor part of the system e Solver the instantaneous value of the solver s PFD PFH The curves are located in one or several bands of color These bands represent the PFD ranges which define the SIL SIL 0 instantaneous PFD 10 1 instantaneous PFH lt 10 infinity SIL 1 instantaneous PFD e 107 10 PFH instantan e 10 10 User manual 22 40 Version 31 March 2014 SIL 2 instantaneous PFD 10 10 instantaneous PFH 107 10 SIL 3 instantaneous PFD e 10 10 instantaneous PFH 10 107 SIL 4 instantaneous PFD 0 10 instantaneous PFH lt 0 10 User manual 23 40 Version 31 March 2014 6 Multi loop systems 6 1 Presentation When several loops SIF are created in a document a tree view on left left become visible The upper
42. me unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension User manual 16 40 Version 31 March 2014 TOTAL Note This field is editable only if Test type is equal to Test when unit is working Test efficiency rate o Sigma cover or efficiency rate of the test The value ranges from 0 the test never detects anything to 1 the test always detects the failure This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after tests 1 Omegal probability 0 1 of wrong re setup of the equipment after the test It is the probability that the component will not be able to carry out its safety mission after being tested by the operator It can be left at 0 if you consider that the operators and test procedures are infallible no omission of a by passed sensor powering up the motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after repairsw2 Omega probability 0 1 of wrong re setup of the equipment after the repairs It is the probability that the component will not be able to carry out its safety mission after being repaired or changed by the operator It can be left at 0 if you consider that the
43. mments User comments The Synthesis part displays PFD PFH curves of the system 6 5 PDF report and MS Excel report If there are system in your document they will be automatically exported in reports An additionnal section will be added for each system at the end of the report The system section contains informations in Reports and results window User manual 26 40 Version 31 March 2014 7 Charts Curves are drawn to study the results better Five curves are available PFDAvg t PFDsysem t PFD scuators t PFDsove t PFD gensors t 7 1 Charts Edit window The Charts Edit window is displayed when user double click on charts Charts title PFD Data List 99 Legend Show Color Style Average PFDAvg B No point 11 D PFD t iv Nopoint 2 le Actuators lv Nopoint 1 O Sensors C No point 14 J Solver C No point 1 J Style Intervals Display peaks values at X axis unit Year s O Log Y axis unit ha f gt O Log Areas This window is divided into several parts 1 Charts Title allows you to give a title to the graphic 2 Data List This part contains a three column table listing the chart s different curves name description display curve colour curve style curve thickness Several buttons are available above this table Up it moves the selected curve upwards in the li
44. n be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Other parameters can be accessed by left clicking on the Advanced configuration button only for a solver configured in advanced mode a tial Edit advanced configuration a Advanced test parameters C Component available during test X maT T Lambda during test A 0 7 4 H Equal to Lambda Test duration 1 3 v Hour s v Test efficiency rate 0 j probability Wrong re setup after test w1 0 00 probability Wrong re setup after repairs w2 0 01 probability e Component available during test X specifies whether the component is able to carry out its safety mission during the test if the checkbox is checked e Safe failure repairs don t impact safety function It means if checked that repairs of safe failure haven t any impact on the safety function Note This field is editable only if LambdaD Lambda lt 100 Lambda during test A failure rate of the component during the tes h The test conditions may cause extra stress and increase the lambda This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension It is possible to indicate that the value is to be equal to lambda a Test duration 7 Pi period of time necessary for testing the component The ti
45. ne remette pas le composant dans l tat d assurer sa mission de s curit apr s la r paration On peut la laisser 0 si on estime que les op rateurs et les proc dures de r paration sont infaillibles Remise du moteur neuf sous tension User manual 35 40 Version 31 March 2014 10 Appendix 10 1 Configuration of Lambda computation method for CCF When using common cause failure the software must compute a lambdaCCF that will be used for CCF It is the one that will be multiplied by Beta Assuming each component impacted bay a CCF has a different lambda there are many methods to compute the lambdaCCF from the list of lambdas Five methods are available Minimum This method uses the minimum value of lambdas Not recommanded Maximum Uses the maximum value of lambdas to be concervativ This method was used in GRIF 2013 and previous version It can be penalizing when lambda of components are very different Average This method uses the artimetic mean of lambdas e Geometric mean PDS Method This method uses the geometric mean of lambdas It is PDS Method recommanded by SINTEF It works fine with very different lambdas e Quadratic mean This method uses the quadratic mean of lambdas The lambda of a CCF is computed from lambdas of impacted components Please select a computation method Se max Geometric mean L Quadratic mean 10 2 Data Editing Tables 10 2 1 Description of the Tables
46. neric values under charts Display grid Display grid on curves area Display legends Display legends under curves Drawing zone transparency Activate curves area transparency Graphic transparency Activate charts transparency Title size Specifies charts title font size Generic values size Specifies generic values font size Point size Specifies point size on curves Coordinates size Specifies coordinates font size Legend size Specifies legends font size User manual 40 40 Version 31 March 2014
47. o avoid name conflict Tries to avoid name conflict creating new objects whose name is unik when pasting for example User manual 39 40 Version 31 March 2014 e TOTAL Add Copy suffix for copy paste If Enabled a copy suffix will be added to the name of pasted objects Synchronize view with tables Select objects in tables on the right when they are selected in view Synchronize view with explorer Select objects in explorer on the left when they are selected in view Spurious trip in reports Display the spurious trip rate in XLSX and PDF report 10 3 5 Graphics Graphics tab enables to modify GUI look Use Windows look and feel Use the look and feel of your operating system instead of java look and feel GRIF restart is needed Element Zoom Changes graphics size Comment size Changes comment font size Group size Changes group font size Activate smoothing for texts Activate anti aliasing smoothing for texts it can slow the display Activate smoothing for images Activate anti aliasing smoothing for images it can slow the display Activate tooltips Activate tooltip system 10 3 6 Digital format Digital format tab enables to customize digits display Display of parameters Specifies the display of parameters number of digits 10 3 7 Curves Charts tab enables to change charts drawing Set graphics borders Add borders to charts Set generic values borders Add borders to ge
48. of a failure and the repair of the component The time unit is selected from a drop down list hours days months years The value of the duration can be edited manually or selected from a drop down list displaying all of the parameters with a Time dimension Note This field is editable only if DC is not 0 or if Test type is equal to Test when unit is working e Switch time parameter is the period of time during which the component causing the failure is disconnected from the system and replaced by a component in working order This time is necessarily lower than the MMTR Note This field is editable only if LambdaD Lambda is not 1 Test leads to failurey Gamma probability 0 1 that the test will cause the hardware to fail 0 means no test causes any failure 1 mean every test causes failures This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Note This field is editable only if DC is not 0 or if Test type is not Not tested Important NB about Sub actuators Sub actuators do not have a Determined character of the component characteristic The section relating to this characteristic does therefore not appear when configuring the sub actuators As a rule the sub actuator has the same character as the one defined for its main actuator The advanced parameters of an actuator main or sub can be specified by left clicking on the Advanced configuration butt
49. on tial Edit advanced configuration x Advanced test parameters C Component available during test X C Safe failure repairs don t impact safety function Lambda during test A 0 lt N J Equal to Lambda Test duration Tr 3 w lHour s v Test efficiency rate o 1 probability Wrong re setup after test w1 0 00 probability Wrong re setup after repairs w2 0 01 probability y Partial stroking test C Component available during test X Test duration T 0 5 v Hour s Percentage of detected failures 50 z Number of tests 2 The advanced parameters of the actuator are as follows e Component available during test X specifies whether the component is able to carry out its safety mission during the test if the checkbox is checked User manual 19 40 Version 31 March 2014 e TOTAL Safe failure repairs don t impact safety function It means if checked that repairs of safe failure haven t any impact on the safety function Note This field is editable only if LambdaD Lambda lt 100 Lambda during test A failure rate of the component during the tes h The test conditions may cause extra stress and increase the lambda This value can be edited manually or selected from a drop down list displaying all of the parameters with a Rate dimension It is possible to indicate
50. orking The component is no longer available to carry out its function and this affects the safety function This can be used when a sensor has been by passed to be tested and the installation has not been stopped s Time of the first test TO time at which the first test of the component is carried out e Vote with A type architecture the invalidity of the sensor triggers no action other than an alarm availability The solver logic is modified excluding sensors with detected failure In this case we define a number X of detected failure from which the channel trips This number X is fixed by default for TOTAL but can be modified in M configuration e 3 si plus de 3 composants e 3 si 3 composants e 2 si 2 composants e si 1 composant e Vote with S type architecture the invalidity of the sensor triggers the safety system Safe Wrong re setup after testsol Omegal probability 0 1 of wrong re setup of the equipment after the test It is the probability that the component will not be able to carry out its safety mission after being tested by the operator It can be left at 0 if you consider that the operators and test procedures are infallible no omission of a by passed sensor powering up the motor etc Oubli de reconfiguration apr s r paration 2 Omega2 correspond la probabilit 0 1 d oubli de reconfiguration du mat riel apr s la r paration ou changement Il s agit de la probabilit que l op rateur
51. other SIF description Click on the top right button SIF identifier SiF1 Revision Date Produced by User manual 30 40 Version 31 March 2014 8 2 Result SIL Configuration of architecture Configuration of components Report Parameters Description Result SIL For the SIF sensors solver actuators Required SIL 1 Required RRF 11 Maximum reachable SIL due to the architectural constraints Sensors 3 Actuators 3 Computation Operating duration years 30 PFD Avg 1 3398E 2 Computed SIL 1 Computed RRF 74 Results Achieved SIL 1 Conclusion of SIL for the SIF Compliant Remark Comments Synthesis Contribution of each part S Sensors 22 Solver 4 Actuators 74 PFD Avg RRF SIL Computed Contribution Sensor s Part 3 00E 3 333 55_ 2 22 Solver Part 5 00E 4 2000 00 3 3 73 Actuator s Part 9 95E 3 100 54 2 74 23 SIF 134E 2 74 64 1 100 Result SIL tab do a synthesis of results On the top of the tab you must specify the objectives to be reached s Required SIL value of the SIL required for the SIF s Required RRF value of the RRF required for the SIF Then the softwre reminds you the maximum reachable SIL of each part not available if many channels s Maximum reachable SIL for sensors maximum SIL which can be reached b
52. ou to specify the component s determined character The component is characterised by one of the three characters available e Non type A B indicates that the component is operating in negative safety mode energise to trip and without self diagnostic system Corresponds to the NS type Non safety component of versions previous to 2013 s Type B indicates that the component is operating in positive safety mode fail safe or equipped with a self diagnostic system Corresponds to the S type Standard component of versions previous to 2013 s Type A indicates that the component is operating in positive safety mode fail safe and proven in use or certified and equipped with a self diagnostic system or implementation of several proof test and access protected safeguarding the settings of the internal configuration parameters Corresponds to the F type Field proven component of versions previous to 2013 Test type enables you to specify the type of test used for the component Two types of test can be selected from the drop down menu e Test when unit is stopped means that the component is tested when the unit is stopped The test does not harm the safety function as the unit is no longer working e Test when unit is working means that the component is tested when the unit is working The component is no longer available to carry out its function and this affects the safety function This can be used when a sensor has been by passed
53. paragraph the component means the sensor The component may be already used defined somewhere else in the system In this case we speak about existing component For example when a component is in 2 chanels The existing component can be selected in a list It can be a component of the current SIF of one of another SIF This options is only available when you have many components of the same type User manual 12 40 Version 31 March 2014 Q TOTAL If the component is not already used defined it must be defines The following parameters can be configured Tag component s instrument tag on PID e g 10 PT 2034 for a sensor or 10 UV 2034 for an actuator Instrument type type of instrument used It is selected from a drop down menu Identical to used to specify whether the component is identical to another component of the same type i e a sensor when editing a sensor another main actuator when editing a main actuator or another sub actuator when editing a sub actuator It is different from Existing component Here the component is not exactly the selected one they are physically distinct but they have same parameters This functionality can only be accessed when the SIF comprises several components of the same type If the checkbox is checked only the Tag and Instrument type characteristics of the component can be edited the others are identical to the reference component Copy another component s parameters enables you to
54. part let you browse the pages one page by SIF The lower part is for systems that are made with several loops Y Filter c Sif_Project4 sil G4 Page 1 EL SIF1 L PFD GE Page 2 EL SIF2 lt PFD GJ Page 3 Sn SIF3 L PFD 6 EA SIF1 Sh SIF2 FL SIF3 6 2 Input 9 Muiti loops systems cA M System Double click one the root of Multi loops systems tree in order to create an empty system User manual 24 40 Version 31 March 2014 TOTAL System editing can be done either with a double click or with a right click using Properties menu The following window is displayed Ka Py ropertie KA Number 1 Name _ Automatic My_System Description S rie System configuration Manual confi ation gur Loops of the system E X lt ID Name 1 SIF1 2 SIF2 3 SIF3 You can enter Number and a Name The Automatic checkbox generates a name starting with a base name followed by the number A text area is available for adding a Description to your system The System configuration defines the logical use of the loops e Serial Safety loops are in serial every loop must be available to have an available system e Parallel Safety loops are in Parallel boucles de s curit sont en parall le le syst me reste disponible tant qu il reste au moins une boucle disponible e Manual You can specify the configurat
55. rs C Take Common Cause Failures into account Beta sensors yj Automatic period Actuators architecture Number of chanels 1 Configuration of chanels 1001 L Take Common Cause Failures into account Beta inter chanels Ic Automatic period h Chanel 1 Number of actuators hf Configuration of actuators 1001 C Take Common Cause Failures account Beta actuators Beta sub a ors V Automatic period h Actuator 1 1 actuator and oly sub actuator s Configuration of sub actuators Take Common Cause Failures into account Beta sub actuators y Automatic period 3 1 Architecture definition The top part of the tab Configuration of architecture enables to define the configuration of sensor part Possible choices are s The number of channels and the logical configuration between channels cf Configuration des canaux e Number of components in each channel and the configuration of these components in the channel s Taking Common Cause failure into account for all sensors cf Configuration des DCC e Taking Common Cause failure into account for sensors of a channel The bottom of Configuration of architecture tab enables to define the configuration of sensor part Possible choices are s The number of channels and the logical configuration between channels cf Configurat
56. st Down moves the selected curve downwards in the list e Save as default model saves current chart setting as default setting for new documents For each curve you can specify its colour its style of points its thickness and its display options 3 Style This part deals with displaying curves e Style type specifies the type of all the chart s curves line or histogram N B For histogram style bars going outside drawing zone will be drawn with a gradient to warn user that he has to change intervals to see the entire bar e Intervals on X and Y Specifies the display interval for the X and Y axes default interval or user defined interval This last function can for example be used to zoom in on the most interesting parts of the curve User manual 27 40 Version 31 March 2014 Q TOTAL The log check boxes are used to enable the logarithmic scale on the axis concerned Important 0 cannot be represented on a log scale remember to give a strictly positive starting point e g E 10 If 0 is given the log scale will start with an arbitrary value E 15 When domain axe deals with time you can choose time unit among hours days months years Default display is hours because it is the usualy used unit for modeling It s only available in SIL module 7 2 Editing the curves When a curve is edited with a double click on its name in list of curves the curve edition window is displayed The following window id displayed
57. ta ID s Type of ID Type of ID field INTEGER FLOAT VARCHAR 32 s Name of name field Name of field containing data name s Name of value field Name of field containing data value s Name of description field Name of field containing data description s Name of dimension field Name of field containing data dimension s Test Connection Name of field containing data description 10 3 3 Language Language tab enables to choice language e Language Language changes are taken into account when option windows is closed Available language are French and English 10 3 4 Options Options tab enables to tune application behavior e Save the options of the current document as default options in the application Save options of current doc as application default options s The application manages the default options of the documents Apply the default options to the current document Apply Application options to current document s Delay of automatic document saving in minutes Delay of automatic document saving in minutes A null value disables automatic saving s Number of undo Specifies number of possible undo redo s Number of recent files Specifies number of files in recent files list e Window display Enables separate tables external or linked tables internal s Columns to be resized in tables Enables to specify the columns on which space will be taken for resizing s Manage new names t
58. vate data sorting fastest You can choose the columns to be displayed by selecting or deselecting the corresponding check boxes The arrows on the right are used to move the columns up or down in the list to choose the order of the columns The Disable data sorting check box disables the data sorting This improves the application s performance with very complex models 10 2 2 Table accessibility As mentioned above the tables can be accessed via the Data and Computations menu in this case each table is displayed in a separate window To avoid having too many windows open all the tables are grouped together in tabs on the right hand side of the application This area can be hidden displayed using the small arrows above the input zone ISS LS qe dit Parameters 5 RA amp NW in 5 Ss xk C Filter Dim Last Other Other Other J Localization KI 31 201 TOTAL It is possible to choose the tables in this zone by right clicking on the tabs A contextual menu appears in which the user can select the tables s he wishes to display EX Variables W Parameters manan naants MEA Variables PIE Y WE Parameters Domain Hame gt MF Tables Float Lambda Results 10 3 Options of GRIF SIL Tools Application Options menu opens a window containing the following t
59. y the operator It can be left at 0 if you consider that the operators and test procedures are infallible no omission of User manual 14 40 Version 31 March 2014 TOTAL a by passed sensor powering up the motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension Wrong re setup after repairso2 Omega2 probability 0 1 of wrong re setup of the equipment after the repairs It is the probability that the component will not be able to carry out its safety mission after being repaired or changed by the operator It can be left at O if you consider that the operators and repairs procedures are infallible powering up the new motor etc This value can be edited manually or selected from a drop down list displaying all of the parameters with a Probability dimension 4 2 Configuring the solver The solver of the safety loop can be configured in the Solver tab Sensor s Part Solver Part Actuator s Part SOLVER identification Tag Name SOLVER Solver type S PLC k 2 Configuration Configuration type Simple L 2 Instrument parameters PFD of Solver 0 0005 probability SIL computed from PFD 3 PFH of Solver 0 00000005 probability SIL computed from PFH 3 The solver may be used in many SIF and may has been defined in an existing solver of the document
60. y the sensors due to architectural constraints e Maximum reachable SIL for actuators maximum SIL which can be reached by the actuators due to architectural constraints The Computation part reminds the computed values e Operation duration The duration used to do computation e PFD or PFH computed PFDAvg or PFH e Computed SIL SIL obtained with computed PFD or PFH Architectural contraints are not taken into account s RRF Calcul RRF obtained with computed PFD or PFH Then the results part says if objectives are reached or not e Achieved SIL SIL obtained for the SIF according to the PFD computation and architectural constraints s Conclusion of SIL for the SIF conclusion compliant or non compliant s Remark Remark generated by the software It shows the part whose Max SIL is limiting e Comments Comments made by user At the end of the tab a table shows you values for each part in order to identify the most important contributor User manual 31 40 Version 31 March 2014 8 3 Spurious trip Configuration of architecture Configuration of components Report I Parameters Description Result SIL Spurious trip Spurious trips during Spurious trips operating duration per year Sensor part 073 277E6 Actuator part 1 45 5 52E 6 SIF 2 17 8 24E 6 When a sensors has a detected failure it can lead to the triggering of safety function even if it
Download Pdf Manuals
Related Search