Alarm annunciators in safety related applications.

In modern processing plants the issue of functional safety is steadily gaining importance. The adoption of EN61508 standard [1] has introduced a very broad but systematic framework which allows plant engineers to apply the functional safety concepts systematically to all modern control equipment. Alarm annunciators are an integral part of safety planning, especially in processing plants where alarm conditions can be numerous. An alarm or combination of several alarm conditions will require a reaction of an operator in order to either investigate the cause of alarms or take the steps required by safety procedures in order to eliminate the condition. C1 = One injury C2 = One death C3 = Several deaths C4 = Many deaths F1 = Low probability of persons present F2 = High probability of persons present P1 = Good chance of avoiding the hazard P2 = Little chance of avoiding the hazard W1 = Small probability of the event W2 = Medium probability of the event W3 = High probability of the event - = No safety requirements a = No special safety requirements b = A single E/E/PES is not sufficient 1,2,3,4 = Safety integrity level (SIL) Example of risk graph assessment of risk reduction requirements Annunciators in risk reduction The EN 61508 standard introduces a uniform and predictable approach to safety analysis of all electronic and programmable-electronic equipment. The FMEDA analysis provides tools for calculating the overall probability of failure of electronic assemblies and from there, the probability of failure on demand (PFD), diagnostic coverage (DC) and safe failure fraction (SFF) of the complete instrument can be calculated. However, the most important concept in the standard is that of establishing the necessary safety integrity level (SIL) for the safety-related electronic equipment. Without repeating rather detailed requirements of the standard, the SIL level is conceptually determined by all the risks that cannot be eliminated by any other means. In other words all the risk reduction measures should be exhausted first. Once the risk cannot be reduced any further, the safety of that particular function will rely solely on the automatic process control equipment. The risk associated with the function will determine what SIL level is required of the equipment (see selection tables in EN61508-1). If the electronic controller has the required reliability, SFF and fulfils all other requirements of the standard, it can be used in the application. Here lies the important detail – the SIL level is associated with the specific safety function to be performed, not the equipment itself. Not only can different safety function on one plant have different SIL ratings but other equipment involved in the same safety function impacts on all safety calculations. For example, two safety loops using the same type of controller can have different PFD because the actuator used is different in each of them. Equipment can therefore only fulfil the necessary criteria for a particular SIL level but does not determine it. It is quite common today to adopt the approach that all safety-related equipment on a given plant must be suitable for use in SIL1 or SIL2 applications. While SIL rating of all safety functions on the plant cannot be established this way, the approach reflects the target risk associated with the plant and its operations. Safety functions that have associated risk higher than the target, clearly require other risk reduction methods to bring the risk down. There is a genuine and substantiated concern that perhaps functions classified as SIL3 or SIL4 loops are not desirable on a chemical plant at all, where many employees can be at risk. The high risk to personnel, property and environment is simply not acceptable and also carries high cost associated with mana

For more information on Alarm annunciators in safety related applications. talk to Omniflex UK Limited