Features
Accurate Modeling of Shared Components in High Reliability Applications
This article addresses how to model and evaluate the risk reduction factor (RRF) of safety instrumented systems (SIS) when one or more of the components in the SIS can cause the dangerous condition or hazard that the SIS is designed to protect against. Generally a failure that can cause a hazard is referred to as an initiating event (IE). International standards for SIS safety evaluation require that shared components either be prohibited or accurately modeled. Current practice generally falls into one of two extremes, ignoring any degradation of system reliability due to shared components or completely discounting any improvements in reliability as a result of redundancy created by the shared component.
This article shows how to accurately model shared components in an SIS and proposes a methodology for simplified modeling techniques when certain criteria are met. Ignoring the interaction of shared components can result in estimates of reliability being optimistic by a factor of 2 or more. Conversely, taking no credit for the redundancy created by the shared component results in estimates of reliability that can be overly pessimistic. Several examples modeling shared components with varying degrees of independence illustrate the impact on overall system reliability.
1 INTRODUCTION
The ideas developed in this paper are most easily understood if the reader can refer to a concrete example of a process and the SIS that is protecting it. To that end, we introduce the steam turbine system and its associated SIS depicted in Figure 1. The basic process itself consists of the steam turbine and the basic process control system (BPCS) which includes the shaft speed sensor (BPCS SEN), a logic solver (BCPS L/S) which determines (based on shaft speed) how to adjust the amount of steam flowing into the turbine, a valve positioner (BPCS POS) to provide input to the actuator- control valve combination (BPCS A/CV), and BPCS A/CV itself which directly controls the steam flow into the turbine.
