High-Integrity Protection Systems (HIPS): Methods and Tools for Efficient Safety Integrity Levels Analysis and Calculations
- Jean-Pierre Signoret (Total)
- Document ID
- Society of Petroleum Engineers
- SPE Projects, Facilities & Construction
- Publication Date
- March 2008
- Document Type
- Journal Paper
- 1 - 6
- 2008. Society of Petroleum Engineers
- 6.3.7 Safety Risk Management, 4.5 Offshore Facilities and Subsea Systems, 5.7.4 Probabilistic Methods
- 1 in the last 30 days
- 474 since 2007
- Show more detail
- View rights & permissions
|SPE Member Price:||USD 5.00|
|SPE Non-Member Price:||USD 35.00|
High Integrity Protection Systems (HIPS) are more and more extensively used in the oil industry to replace conventional safety systems, and this paper aims to show how to efficiently evaluate their Safety Integrity Levels (SIL) as required by the IEC 61508 (1998) and 61511 (2003) standards. These standards provide rigorous formal processes to build the safety of Safety Instrumented Systems (SIS) and are very efficient from an organizational point of view. However, difficulties still arise with definitions and probabilistic calculations, and for this reason our company has developed a set of probabilistic methods and tools to overcome such difficulties. They are based on traditional holistic approaches and the powerful algorithms developed in the reliability field over the past 30 or 40 years: Fault Trees, Markov processes, and Monte Carlo simulation performed on behavioral models (e.g., Petri nets or formal languages). They are briefly analyzed in this paper using simple examples to highlight the principles. This paper is mainly focused on HIPS working in low-demand-mode (i.e., with less than one demand per year according to the standards) and HIPS such as High Integrity Pressure Protection Systems (HIPPS), but indications are given for HIPS functioning in continuous modes of operation. The main conclusions are that, when properly handled, Fault trees are very efficient for low-demand topside HIPS; that the Markovian approach is interesting but practicable only for very small systems; and that Monte Carlo simulation on behavioral models is efficient in all cases. From our point of view, these approaches are simpler to handle than the informative formulae proposed in the present issue of the standards. Therefore, we have begun to disseminate these approaches and we strongly recommend our contractors to use them.
In the oil industry, the traditional protection systems defined in API 14C are more and more frequently replaced by safety instrumented systems: the so-called HIPS (High Integrity Protection Systems). Therefore, according to IEC 61508 and IEC 61511 standards, their safety integrity levels (SILs) shall be calculated.
Unfortunately, when using these standards some difficulties arise (Signoret 2006; Dutuit et al. 2006). They often remain ignored by those performing SIL studies and are related to:
- Failure taxonomy and definitions.
- Tests and maintenance procedures handling.
- Safe failure fraction (SFF) concept.
- Probability of failure on demand (PFD) and probability of failure per hour (PFH) calculations.
The first three difficulties are presented briefly before discussing the fourth one in more depth, and showing how to cope with the various SIL assessment situations encountered in the oil industry:
- Topside HIPS easily tested and maintained.
- Subsea HIPS difficult to test and maintain.
- Preventive HIPS.
According to the standards (see the following), topside and subsea HIPS belong to the so-called "low-demand-mode?? safety instrumented systems (SIS), while preventive HIPS belongs to the so-called "continuous?? mode SIS. This paper is mainly focused on methods and tools devoted to low-demand-mode HIPS.
|File Size||614 KB||Number of Pages||6|
Arnold, A., Griffault, A., Point, G., and Rauzy, A. 2000. The AltaRicalanguage and its semantics. Fundamenta Informaticae 34:109-124.
Dutuit,Y. and Signoret, J.-P. 2003. Tutorial on dynamic system modelling byusing stochastic Petri nets and Monte Carlo simulation. KONBIN'03, Gdansk,Poland, 27-30 May and European Safety and Reliability Conference (ESREL),Maastricht, The Netherlands, 15-18 June.
Dutuit,Y., Innal, F., Rauzy, A., and Signoret, J.-P. 2006. An attempt tounderstand better and apply some recommendations of IEC 61508 standard.Proc., 30th ESDReDA Seminar: Reliability of Safety-Critical Systems,Trondheim, Norway, 7-8 June.
IEC 61508, Functional safety of electric/electronic/programmable electronicsafety-related systems. Parts 1-7. 2000. Geneva, Switzerland: InternationalElectrotechnical Commission. October 1998-May 2000.
IEC 61511, Functional safety. Safety Instrumented systems for the processsector. Parts 1-3. 2003. Geneva, Switzerland: International ElectrotechnicalCommission.
Rauzy, A., Dutuit, Y., and Signoret, J.-P. 2006. Assessment of safetyintegrity levels with fault trees. Proc., European Safety andReliability Conference (ESREL), Estoril, Portugal, 18-22 September.
Signoret, J.-P. 1998. Modeling the behavior of complex industrial systemswith stochastic Petri nets. Proc., European Safety and ReliabilityConference (ESREL), Trondheim, Norway, 16-19 June.
Signoret, J.-P. 2006. Managing risks in HIPS by making SIL calculationseffective. Proc., Reliability and Maintenance for Subsea Systems 2006,Seminar organized by the International Quality & Production Center,Aberdeen, 23-24 May.
Signoret, J.-P., Chabot, J.-L., and Hutinet, T. 2002. Hiding a stochasticPetri net behind a reliability block diagram. Proc., European Safety andReliability Conference (ESREL), Lyon, France, 18-21 March.