As I am currently preparing material for a revision of the ISATR 84.00.07 technical report, I will try to share with my readers some of the issues that users of the technical report have requested be included in an update to the TR.
When I last attended an IEC 60079 committee meeting, the members of the committee expressed some concern about the technical report specifically related to the situation where FGS functions should be treated directly as SIF, without any consideration of detector coverage and mitigation effectiveness. Upon a short amount of consideration, I was able to develop a large number of situations where the analysis of a SIF collapses down into the simple assessment of a preventive SIF. In order to highlight that some SIF do not require selection of coverage targets or the consideration of mitigative effectiveness during their design lifecycle (making them simple preventive SIF that only requiring design as per IEC 61511) I prepare an example to illustrate this concept. My expectation is that the below example will be included in Annex C of the next version of ISA TR 84.00.07 to illustrate situations where the methods in the technical report are not required, and direct analysis as per IEC 61511 is the appropriate approach.
The example is as follows:
Some applications of a FGS should be treated identically to a safety instrumented function, in accordance with IEC 61511. This type of application occurs when the detector coverage and mitigation effectiveness of the FGS function are 100%. If the only risk attribute of the FGS effectiveness that is not 100% is the safety availability, then the FGS function shall be treated as a preventive SIF.
Consider the example of a valve shelter house. Process facilities that are exposed to extreme environmental conditions, such as arctic oil and gas production, require the use of shelter to protect process equipment. One such application is the use of a valve shelter house to protect critical valves from low temperatures and other environmental stressors. A hazard posed by the use of such shelter houses is that they prevent the dissipation of fugitive emissions from valve packing, potentially allowing dangerous levels of toxic compounds such as hydrogen sulfide to accumulate in the shelter. If operations personnel enter the shelter house while high concentrations of toxins are present, they may be harmed.
In order to protect against this hazard, some operating companies employ a FGS function that will lock the shelter door and activate a visible alarm at the door upon detection of a high concentration of toxin inside the shelter. In this application, all components of the FGS effectiveness other than the safety availability are 100%, and as such, the FGS function should be treated as a preventive SIF which does not require consideration of detector effectiveness or complex risk analysis methods that consider mitigation effectiveness. The detector coverage in this example is 100%. An H2S detector located inside the shelter house will have 100% coverage, as any leak from the valve will accumulate in the shelter house allowing detection in virtually any installed location. The mitigation effectiveness in this case is also 100%. The means by when personnel will be harmed is opening the shelter door and subsequently inhaling hydrogen sulfide. If the FGS function performs, it will prevent personnel from opening the door, completely preventing any consequence from occurring upon successful activation of the FGS function.
Given that the only FGS Effectiveness attribute that is not 100% is safety availability, selection of performance targets can be simplified to common approaches for SIL selection in accordance with IEC 61511, as described in IEC 61511 part 3.
[subscribe2]