Power System ProtectionQuestion 1:(25 marks)Case Study: SIS Detailed Design ConsiderationsObjective of the case study:Detailed design considerations of any SIS fall under the categories of...

Questions are attached in file


Power System Protection Question 1:(25 marks) Case Study: SIS Detailed Design Considerations Objective of the case study: Detailed design considerations of any SIS fall under the categories of general, hardware and software design requirements. Once an SRS is prepared, the designer must prepare a design framework (top level design document usually called Functional Design Specification or FDS) for the SIS. The final step before proceeding for manufacturing is to carry out an “SIS Verification” for the design stage, i.e. to compare the proposed design with the requirements of the SRS and to confirm that the designed system will fully meet the requirements, (both general and project-specific) set forth in the SRS. Question In this case study, you will perform an SIS Verification for Design Stage. An example SRS is provided as a separate attachment to this paper, along with an example FDS proposing a design for the same system covered in the SRS. Prepare a brief verification report (approximately four pages) upon your review of the proposed design, if the design complies with the requirements set forth in the SRS. Highlight issues that might require special attention from your point of view, and justify. The report shall cover the below listed design aspects and shall be structured accordingly. General and hardware considerations: Energized Vs. De-energized Systems System Diagnostics ( 2 ) ( 3 ) Minimize Common Cause Panel Size and Layout Environmental Considerations Power Grounding Selection of Switches and Relays Bypasses Functional Testing Security Operator Interfaces Software considerations: Software Lifecycle Program and Language Types Quantifying Software Performance Testing Software Note: The answers must be in your own words and copy and paste answers will not receive marks. You must provide references as appropriate. When compiling your report, we recommend that you implement the suggestions listed below. 1. Analyse the proposed design (5 marks) Your analysis and report should display an overall understanding of the detailed design requirements, including ALL the suggested criteria for evaluation and possibly additional criteria from your readings. 2. Accuracy of conclusions (5 marks) Describe your conclusion and not just state “the design does not meet the SRS”. Justify your statements. 3. Produce a report that is logically complete. (5 marks) Include a short introduction at the beginning and a short summary and conclusion at the end, to present a well-integrated evaluation and logical conclusion. 4. Discuss possible design enhancements (5 marks) This is an open discussion. The student may suggest any other relevant design enhancement or modification, and justify how the suggestion will enhance the design (do not include un-proven designs). 5. Communication style and clarity of the report (5 marks) A clean structure of the report with correct referencing and adapted headings and subheadings and no spelling mistakes gets full marks. Each of the following will be sanctioned 0.5 marks: Lack of clean structure, incorrect referencing, no headings and subheadings, spelling mistakes. Question 2:(15 marks) Case Description: Functional Safety Management The entire objective of the functional safety approach is to achieve a risk reduction to an acceptable level or at least to ALARP level, in line with the company’s Risk Tolerance Criteria (RTC). Hence, it is the responsibility of the management of an operating company to establish policies and procedures to ensure that the requirements of IEC61511 are complied with and also to ensure that the manufacturers of components of SIS comply to the requirements set by IEC 61508. As per IEC 61511 Clause 5.0, a: · Functional Safety Management Plan “shall” be in place, and · “the policy and strategy for achieving functional safety shall be identified together with the methods for evaluating their achievement · and shall be communicated within the organization As part of this case study, you are required to watch the series of videos entitled “Functional Safety Management Planning”, Parts 1, 2 and 3 available at the link given below. https://www.youtube.com/user/exidaLLC/search?query=Functional+Safety+management Questions: a) Prepare a “complete list” of documentation that a typical operating company should prepare, in order to comply with the Clause 5 of IEC61511. For each of the documents, provide a high-level bulletpoint list of topics you would propose to cover in that document. b) Once you prepare the complete list, arrange the list in terms of four hierarchical stages entitled “Policy, Procedures, Work Instructions and Forms”, as suggested in the Exida presentation. For example, the “Functional Safety Policy” document clearly belongs to the “Policy” level of the hierarchy of documentation. On the other hand, “Safety Requirement Specification” may belong to the “Procedures” group. c) After arranging the list of documents in the hierarchical groups, assign responsibilities and accountabilities for each document, in four categories – “Responsible, Accountable, Consulted and Informed (RACI)”. In typical project set up, the stake holders are – Operating Company, Engineering Consultant (including PMC, EPC, PAC, etc.), and OEMs for each element of the SIS. For guidance, an example RACI assignment is given below for the FSM Plan and SRS. You are required to list all of the identified documents as in part a) of this question in a table and carry out an RACI assignment to the list in the table. Note: The answer for part b) is included in the table and hence is not required to be provided separately. Your presentation will be evaluated for completeness of the document list (5 marks) and also for correctness of the responsibility assignment (10 marks). Document Document Category Operating Company Engineering Consultant OEM for SIS / SIL element FSM Plan Policy Responsible & Accountable Consulted Informed SRS Procedure Responsible Accountable Informed Proof Test Procedures Work Instructions Consulted & Informed Responsible Accountable END OF ASSESSMENT 6 SUPPORTING DOCUMENTATION FOR QUESTION 1 1. Example Safety Requirements Specification (SRS) 2. Example Functional Design Specification (FDS) 7 EXAMPLE SAFETY REQUIREMENTS SPECIFICATION 7. SRS GENERAL FUNCTIONAL SAFETY REQUIREMENTS Functional requirements describe how the instrumented system will work, or what must be accomplished. Functional requirements for a safety instrumented system are much like functional requirements for any instrumented control system designating what the system is required to do. 7.1 Response Time Requirements for the Safe Trip Response time shall be specified for each safety instrumented function to bring the process to a safe state within Process Safety Time. Unless otherwise for an individual SIF, the maximum response time for each system shall be as shown below (an independent third party will review this figures for each SIF). o Sensor Subsystem : 250 mS. o Logic solver Subsystem : Less than 500 mS o Final Element Subsystem: Valve size [inch] x 1.5 = xx [Second] o The system response time shall be% PST (Process Safety Time). 7.2 Consideration for Manual Shutdown Operation of a manual shutdown initiator shall override any functions (normal or abnormal) that are currently in operation. There shall be no facility to override manual shutdown initiated from the field or from the control room Aux. Console, in which all the manual shutdown pushbuttons are located. Lamps ("Red" for depressed and "Green" for released) with lamp test buttons shall be provided for each position, indicating the status of the pushbutton. Manual shutdown switches for process unit or plant shall be provided to actuate the SIS final elements. Field pushbuttons shall be provided for level 4 shutdown only. o Level 1 Total Plant Shutdown with Depressurization o Level 2 Total Plant Shutdown without Depressurization o Level 3 Production Train Shutdown o Level 4 Local Process Element and Related shutdown 7 .3 Energize or De-energize to trip All safety instrumented function (except fire and gas detection) shall be designed such that movement of the final element to safe position will be performed by removing power from the element (i.e. de-energized to trip). 7 .4 Process output actions and the criteria: All shutdown operations shall be designed on "Fail to Safe" basis. All ESDVs / SBDVs shall be tight-shutoff, All ESDVs / SBDVs shall be provided with Partial Stroke Test facility. All shutdown valves to have an indication of Valve Travel Failure. ----·-------......... __ 17 7.5 Reset Functions The logic system shall not be self-resetting. Operations of the appropriate reset shall be necessary after a trip. Reset Buttons for Level 1, 2, 3 shutdowns shall be provided in Auxiliary Console in the Control Room. For level 4 shutdowns, the reset shall be at the field. Means shall be provided to alert the process operator in the field that reset is to be made. Reset in DCS shall be not be applied. 7 .6 Start-up and restart requirements For the individual SIF requirements. the Section 12 provides specific requirements for restarting the process after a shutdown. In addition to that, the safety system design should incorporate the following requirements: • For SIFs (FIT-3300, LIT-3390A/B/C, LIT-3393A/B/C, PIT-3311A/B/C, FIT-3309, PIT- 3406A/B/C and PIT-3413A/B/C) POS shall be provided to override unhealthy field inputs ln order to facilitate start-up. The request for POS should be generated by DCS and upon receiving this request through OPC communication link, the ESD shall start a countdown timer and implement the POS. The POS shall automatically be released upon normalisation of the field input or preset time approved, whichever is earlier. • In case the process condition has not normalised within the preset time, it shall result in start failure, and accordingly abort the start-up, or shutdown the equipment, as the case may be. Next start attempt shall be enabled only after resetting the system manually. • While the timer is running, the overridden input shall not prevent reset of the logic; however the alarm status of the field inputs, which are overridden by POS, shall not be masked. 7.7 Interface between SIS and any other system: SIS logic solver shall be provided with redundant interface with DCS. Redundant interface using OPC communication link between SIS and DCS shall be limited to status monitoring of any safety device or equipment. All shutdown initiating request signals and shutdown output signals between systems shall be hardwired. The signals between SIS and Anunciator located on Auxiliary Console shall be hardwired in order to achieve the first-out sequence for ESD-Level 1 /213/4. Redundant communication between ESD and SSLS shall be provided through the Modbus TCP/IP. 7.8 Requirements for Override/Inhibits/Bypass The ESD system shall follow the following SIF voting degradation philosophy to maintain safe state: 18 For 2oo3 SIF • When all three detectors are healthy, only one detector should be allowed to be taken into the MOS condition. • When any one detector is taken into the MOS condition, the SIF shall degrade to 1oo2D voting; • When any one detector goes to the fault condition, the SIF shall also degrade to 1oo2D voting; • While one detector is in fault or MOS condition, it shall not be possible to apply an MOS on the remaining healthy detectors. • While one detector is in fault condition and one of the remaining operational detectors goes into fault, the SIF will generate a timed shutdown. On commencement of the timed shutdown a warning message shall be displayed to the operator via the HMI/DCS. During this time period preventative maintenance should be performed on the defective detectors. After the time period has elapsed a shutdown command shall be generated automatically by the system. In this condition the SIF voting degradation philosophy shall be 3-2-(T)-O. Where T = the Mean time to Repair (MTTR) as defined within the SRS. For 1oo2 SIF • When two detectors are healthy, only one detector should be allowed to be taken into the MOS condition. • When any one detector is taken into the MOS condition, the SIF shall degrade to 1001 D voling; • When any one detector goes to the fault condition, the SIF shall also degrade to 1001 D voling; • While one detector is in fault or MOS condition, ii shall not be possible to apply an MOS on the remaining healthy detector. • While one detector is in fault condition and the remaining operational detector goes into fault, the SIF will generate a timed shutdown. On commencement of the limed shutdown a warning message shall be displayed to the operator via the HMI/DCS. During this time period preventative maintenance should be performed on the defective detector. After the time period has elapsed a shutdown command shall be generated automatically by the system. In this condition the SIF voting degradation philosophy shall be 2-1-(T)-O. Where T = the Mean time to Repair (MTTR) as defined within the SRS. 7.9 Note: The MTTR cannot be extended without degradation of the Safety Integrity Level (SIL) Requirements for Environmental Condition All the equipment will be subjected to the, the severe environment of location must be considered before design and procurement of plant and/or equipment. It must be --�as�s �Urll!!tl that, unless otherwise specifi!!tl, equipment will be subjected tCl�l'ld and fine 1Q particle dust storms, sand laden winds, chemical contaminates, thunderstorms, heavy rain and extreme hot temperatures. All materials in contact with hydrocarbon shall conform to the requirements of latest NACE MR-01-75 Standard. 7 .1 O Electrical Area Classification and Electromagnetic Immunity For installation in the electrically classified area of the facility, the components of ESD instrument loops shall be selected and installed in accordance with the requirements of the classified area. For installation of ESD/SSLS loops in the vicinity of certain equipment that
Nov 28, 2022
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here