Master of Engineering
(Industrial Automation)
| Unit code | ME508 | ||
| Unit name | Safety Instrumented Systems | ||
| Assessment # | 4 | ||
| Paper # | D | ||
| Version # | 1 | ||
| Created by | Chandrasekhar Seethepalli |
Date | 5 Oct 2020 |
| Reviewed by | Morteza Alizadeh | Date | 16 Nov 2020 |
Master of Engineering (Industrial Automation) 2
ME508_Assessment4_PaperD_v1
Assessment Instructions:
1. Please familiarise yourself with the EIT Academic Honesty and Misconduct Policy, in order to
understand your requirements and responsibilities as a student of EIT.
2. Please refer to our Assessment, Moderation and Student Progress Procedure for
information relating to extensions. Extension requests should be submitted to your LSO at
least 3 days prior to the due date.
3. Assessments submitted via email will not be accepted.
4. Assessments must be submitted through Turn-it-in (unless otherwise stated).
Your submission must:
a. Be a single document (Word or PDF only)
b. Include at least 20 words of machine-readable text, and
c. Not exceed 10MB.
5. You must use the provided assessment cover page available on your Moodle student
homepage. Submissions without a cover page will not be accepted.
6. You must correctly title your document/s. For example:
UNIT#_ASSESSMENT#_YOURNAME_DATE
E.g. ME501_Assessment2_SteveMackay_01Aug2019
7. You must reference all content used from other sources including course materials, slides,
diagrams, etc. Do not directly copy and paste from course materials or any other resources.
Refer to the referencing section of the EIT eLibrary on Moodle for referencing guides.
8. It is your responsibility to check that you have submitted the correct file, as revised
submissions are not permitted after the due date and time.
Important note: Failure to adhere to the above may result in academic penalties. Please refer to
the unit outline or EIT Policies and Procedures for further information.
Master of Engineering (Industrial Automation) 3
| Unit code and name: | ME508: Safety Instrumented Systems |
| Assessment #: | 4D |
| Assessment type: | Case Study |
| Weighting: | 45% |
| Total marks: | 100 marks |
Please complete your answers on the assessment cover page document available on Moodle.
Clearly label your question numbers (there is no need to copy the full question over). Include all working
out.
Objective:
In this case study, you will carry out SIL verification using Fault Tree Analysis (FTA) technique. You
will be utilising an FTA software for this purpose. The Fault Tree Models need to be generated
based on the given description of the plant and its safety shutdown system.
Note: This case study will make you check the overall PFD of a SIF. All failures are assumed to be
undesirable in the exercise.
Before you attempt the assessment, you should become familiar with the Top Event FTA Software.
It is recommended to review the video demos available on their website: (https://www.fault-treeanalysis.com/videos). In order to aid easy understanding of the software with the evaluation of the
fault tree with different mission times, a demo file has been uploaded to Moodle with this
assessment as “FTA-Example.mp4”. (Note: There is no CCF in this model).
Case Description: Hydraulic Induced Gas Flotation Vessel (V-400) Low Low Pressure Scenario
Refer to the following figure showing the arrangements of a Safety Instrument Function PALL-5527
A/B with a target SIL 2 in low demand operation and a target proof test interval (Ti) of 15 years,
which is the “Mission Time” in the software.
As shown in the P&ID, the vessel V-400 is a Hydraulic Induced Gas Flotation Vessel (HIGF). The
outlet Effluent Water is sent to Five Nos. Pumps G-500 A to E (4 Nos. running + 1 stand-by). During
SIL assessment study, it was identified that when V-400 pressure is very low, the pumps G-500 A to
E (4 Nos. running at one time) may be impacted due to low suction pressure and there is a
possibility of cavitation damage to the pumps. Thus, it was decided to have two pressure
transmitters PALL-5527 A/B to sense the low low pressure condition and trigger a shutdown of all
the pumps, as a protection to the pumps.
Master of Engineering (Industrial Automation) 4
ME508_Assessment4_PaperD_v1
For the top event of the SIF Failure on Demand, develop a Fault Tree Analysis using downloaded
FTA software (e.g. Reliotech Top Event FTA Express – a Fault Tree Analysis software).
P&ID of Hydraulic Induced Gas Flotation Vessel V-400
Master of Engineering (Industrial Automation) 5
P&ID showing 3 out of the total 5 Nos. Pumps (4 running + 1 Stand by).
Only 3 Nos. Pumps shown in this P&ID and 2 more identical pumps are
shown in another P&ID but that drawing is not incldued.
Master of Engineering (Industrial Automation) 6
ME508_Assessment4_PaperD_v1
Result of SIL Assessment Exercise for PALL-5527 A / B
Use the following reliability data in the FTA:
| Component | Failure rate, λ (per hour)* |
| Pressure Transmitters | 0.6 x 10-6 |
| Logic solver CPU | 0.2 x 10-6 |
| Motor Contactor Trip Relay | 2.2 x 10-6 |
• λ is the reciprocal of MTBF
| Component | MTTR hours | Common Cause Factor (CCF) |
| Pressure Transmitters (1oo2) | 24 | 10% |
| Logic Solver (PLC) – Redundant 1oo2 | 56 | 2% |
| Motor Contactor (4oo4) (To take the plant to safe state, all pumps must stop together. Any one pump failing to stop, is considered to be failure of the SIF) |
36 | 1% |
Unavailability at t = 0 is 0%. CCF is defined as the % of a single instrument failure rate, resulting in all the
redundant instruments fail at the same time due to a Common Cause. Only 4 pumps need to be modelled.
CFF for each group of Elements (Sensor, Logic Solver and Final Element) will be an additional “Basic” element
in the Fault Tree connected to the next higher element. So instead of PALL-5527A and PALL-5527B leading to
a 2-input OR gate to represent the Sensor part, there will be an additional 3rd input element called CCF having
the failure rate that is 10% of the failure rate of one PT. For Logic Solver group, it will be one OR gate fed by
two Basic elements, PLC Failures and CCF of Logic Solver redundant CPUs. For the Final element Group, there
will be one OR gate fed by Four Pumps and CCF of pump.
Master of Engineering (Industrial Automation) 7
FTA models:
The following failure probability models are to be used for calculating the dangerous unavailability
or PFD.
Use the “Unrepairable” Model for all CCF components and MTBF model for the repairable
components (Transmitters, PLC & ESDV), the FTA software referenced above uses the following
formulae. Note that the data input for the MTBF and CCF elements will be different units.
where:
| q(t) | Component unavailability |
| λ | Component failure rate |
| µ | 1/ Component repair time (MTTR) |
| MTBF | Mean time between failures |
| MTTR | Mean time to repair |
Questions:
a) Model the Top Event, i.e. failure of the SIF with Tag. No. PALL-5527 A/B protection. Show
the FTA evaluation diagrams generated from the FTA software (clear screenshots are
acceptable) showing the PFD figures and full details of the models used for each element
and for each sub-system. You should prepare base model FTA Diagram for mission time of
15 years. (50 marks)
Note: PFD is also the measure of unavailability of a safety function. If a demand to act occurs
after a time, the probability that the safety function has already failed is represented by the
unavailability of the function. The unavailability of the Top Event “Q” represents the PFD of
the SIF. In order to meet SIL 2 performance, Q must be equal to 0.01 or less (0.01<=PFD<0.001).
You are required to model the top event fed from three OR gates.
Hint: The top event, i.e. PALL-5527 A/B action will be triggered if any of the three subsystems (input, PLC or output) fails.
Show the minimal cutsets, unavailability values and contribution from each minimal cutset
in tabular form. Show model properties along with graphs for each element model.
Master of Engineering (Industrial Automation) 8
ME508_Assessment4_PaperD_v1
b) Confirm whether or not the SIF reliability calculations match the target SIL2 for the initial
proof test interval of 15 years (this is mission time within the FTA software). If the target
performance is not met by the value of “Q” of Top Event, run the model with different
mission times of 10 years and 5 years. Explain in brief your observations of the changes in
performance of the SIF with different mission times. (10 marks)
c) Adjust the mission time and re-run the calculation to identify the optimum (longest) mission
time in years and months, that achieves the SIF reliability target to be within the SIL PFD
range.
What is the longest mission time (proof test interval) for the SIF that will just meet the SIF
SIL target given the reliability of the SIF components provided? Show the PFD contributions
for each of cut set evaluated in the FTA software for this mission time. (10 marks)
d) Considering that practical proof-test intervals are in multiples of years for this company,
what proof test interval is necessary (recommended) to be made standard for this SIF loop,
for meeting the target performance? Show the output of the software for the
recommended PTI. (10 marks)
e) For the case shown in “d” above, study the quantitative impact of reducing the CCF to 1%
for all the elements, on the SIF performance. Provide the results along with the model and
minimum cut sets. What is the maximum Proof Test interval (mission time) allowed for this
case, meeting SIL2. (10 marks)
f) Recommend a minimum of three measures to qualitatively reduce CCF. Explain each
measure in brief. (10 marks)
END OF ASSESSMENT