Functional Safety
What is the definition of hazard? Give a practical example
109. Hazard is a potential source of harm. He hazard might be the potential for an earthquake for a process plant in California.
What is the definition of risk? Give a practical example
111. A risk is a hazard defined in terms of its frequency and consequences. The practical example for a risk is the frequency of low and cost of a very high for hurricane damage to an inland Florida process plant where the risk is calculated as the consequences times the frequency. In this example very high is given a numerical value of four and very low is given a numerical value of one, so the risk for this example would be equal to four.
What are the three important steps to follow when applying risk management?
116. Identify the hazards, analyze the hazards and reduce the risk when necessary
What are the disadvantages of a FMEA technique?
127. Disadvantages of FMEA are that it is only taking into account singular failures, common cause failures are not captured with this method. The work level is heavyand it is highly dependent on the availability of details for the system.
What is hazop? Name three unique attributes
140, 141. Is a technique for identifying hazards The process industry. Structured and critical examination of a process not individual components. Mainly qualitative. Systematic
name four different risk reduction analysis techniques
158. Risk reduction analysis techniques include using risk matrix, risk graph, FMEA, FTA, hazop, event tree analysis And LOPA. LOPA is widly ised in US but is sensitive to numbers and false allocation of credit for non-protection layers.
The five basic properties of safety function? Give a practical example in your own words
176. SLATS Sense Logic Actuate Timing SIL
How does One determine the response time requirements of the safety function what is the definition of a hazard? Give a practical example
176. timing is less than or equal to the process safety time divided by two. Process safety time / 2
Besides the above five properties of a safety function what are the other parameters a SIF should contain in an SRS
178. A functional description, the hazard description, required risk reduction factor - RFS, demand state (low, high or continuous), Safe process state for each safety function, start up restart and reset functionality, maximum allowable's veriest trip level STL, environmental conditions, requirements for overrides inhibits bypasses including how they will be cleared
What are the three important documents that a functional safety assessment or Audit will require for the physical SIS implementation?
187. The assessment Will require a safety plan, verification and validation plan and the safety requirements specification -SRS.
What is the difference between an energize to trip and a Denergized to trip safety function? Give an example of both
199, 200. Energize to trip needs energy to perform its function it is not feel safe. Energize to trap does not require energy to perform its function this is failsafe.
Low demand, high demand and continuous mode - 61508, which one is PFDavg or PFH?
202-204, 208. Low demand requires a PFT PFDavg and high demand and continuous mode's require a PFH.
What is the issue with continuous mode in 61511?
205. The dangerous failure of this mode has immediate effect on the process. The process is in danger because safety function fails dangerous.
XooY, which is voting? Which one is redundancy?
217. X is voting and Y is redundancy
YooX Express with YooX - HFT. How many channels have to feel dangerous for you to lose your safety function?
219 HFT + 1 = (X-Y) + 1 or 1 if (X-Y)<1.
What is the difference between type A and type B subsystems per 61508 ?
222, 223. Type B has software. Officially type Bs have undefined failure modes or indeterminable failure behavior with insufficient data.
Failures can be revealed in three ways, describe them
225. Fail safe, fail dangerous and no effect failure. These failures can be revealed through normal operations, periodic proof tests, and diagnostics.
Name the minimum three differences between proof test and diagnostic test
233. Proof tests are manual, diagnostics automatic, diagnostics happens more frequently than proof tests. Proof tests are for undetectable failures and has a low frequency. Proof tests require procedures.
Why do two smart transmitters certified as SIL2 not necessarily meet SIL3 by putting them in 1oo2 configuration i.e. increasing the HFT by one?
236. Software must be Sil 3 on both boards to get that to work.
What is SFFand Mark why is it such an important parameter?
236. safe failure fraction = As+Add/[As+Add+Adu] it's a measure Kent of the fraction of failures which are covered by diagnostics. Total detected failures ratio with total failures.
What are the three important SIL properties?
42. That it applies to the entire safety system; that it has a measurable PFD and other functional and nonfunctional's safety requirements; The higher The SIL rating, the more stringent the requirementsand the higher the PFD
Explain what a dangerous state is in your own words and get a practical example.
45, 46. A dangerous state is one in which the failure of the SIS a such that when the Safety function is demanded it is not available.
Explain what a safe state is in your own words and give a practical example
45, 46. A safe state is one in which the safety function is carried out without a demand, upon failure of the SIS
What are the four different system states a SIS can have?
45. The four states are: safe, dangerous, OK, Intermediate. Safe - the process has tripped. Dangerous - the process is available but not protected. OK -The process is available. Intermediate - process is available, SIS is available, but it is time to repair it
When is a SIS 100% functional safe?
59. 100% functional safety does not exist. That would imply that all hazards are known and are accounted for in the LOPA and all random, common cause and systemic failures do not need to malfunction of the safety system and do not result in injury or death of humans, spills to the environment, or loss of equipment or production.
Explain what type of application and what type of system the IEC 61508 is covering? Explain what type of application and what type of system these IEC 61511 is covering?
64, 65, 67. 61508 is intended to cover the functional safety of electrical/electronic/programmable electronic safety related systems - EEPES. In practical use 61508 is applied to non-EEPES systems such as railways, hydraulics, ETC. 61508 tends more towards component development. 61511 is for the application of safety instrumented systems SIS within the process industry sector. Tends to have a lot of practical applications for end-users.
What are the two main objectives of functional safety management?
74. To define all technical and management activities during the lifecycle of the safety instrumented system SIS to specify responsibilities or activities for all persons, departments and organizations involved with the safety instrumented system.
What does the standard consider is typical Documentation characteristics?
80. Document shall be easy to read and understand, traceable and accurate, accessible and relevant for the intended purpose.
What is verification and give an example?
84. Verification is the formalization of checking each phase within the safety instrumented system development life cycle. Verification is an act requiring evidence that all necessary items within the phase completed correctly. Six answer question of whether the system is correct in the procedure was carried out correctly. An example is the process of going through and determining if all system requirements in the SRS were properly match and the procedures properly followed during the FAT.
What is validation and give an example?
85. Validation is a phase in the lifecycle validation needs to be verified and is an activity carried out by the end user or stakeholder. Validation usually takes place once or twice during the whole lifecycle it must take place at least once as part of the SAT. Best practices suggest doing validation after the FAT. The site acceptance test itself is an example of a validation task. Is the correct system built?
What is the difference between functional safety assessments and audits?
93, 95. The functional safety assessments take place at defined times within the lifecycle. The audits occur frequently during the long phases of the lifecycle and require follow ups and checking of the procedures followed for the audits including the defined frequency for the audits as well
What is the purpose of a functional safety assessment?
93. The functional safety assessment FSA is to check whether the people did what were they were asked to do. The assessment determines which lifecycle was applied, The competency of the individuals performing the activities, is part of the employment documentation for each phase and determine the compliance with the IEC standards for safety. ESS or must be an individual not affiliated with the SIS design team.
When does a change become a modification?
96. He change becomes a modification after verification of the phase for which the change means to be applied. Modifications occurring prior to cite acceptance test maybe changes due to cost and flexibility in the design however any change after site acceptance tests must follow a management of change guideline and procedure and is considered a modification to the system. As part of the modification and impact analysis must be conducted per the management of change procedure.
What should be included in an impact analysis?
99. An impact analysis should include an assessment from what impacts the change will have to the system. I must have a risk analysis and hazard analysis to understand what lifecycle phases are affected by the change and a guarantee Of functional safety must exist at all times
Explain LOPA, give an example of the independent layers, what are the two different separate groups we are defining?
LOPA is constructed of two layers prevention and mitigation. The mitigation layer consists of the The inherent safe design, the process control layer high-level and low-level, the process control where high-level alarm, The isolated protection layer which is where Sil is applied.