Table of Contents
Advertisement
Design Verification
The following describes the design verification criteria for the SIF and the SVI II ESD:
A detailed Failure Mode, Effects, and Diagnostics Analysis (FMEDA) report is available
from the factory. This report details all failure rates and failure modes as well as the
expected lifetime.
The achieved Safety Integrity Level (SIL) of an entire Safety Instrumented Function (SIF)
design must be verified by the designer by means of PFDavg calculation, considering
redundant architectures, proof test interval, proof test effectiveness, any automatic
diagnostics, average repair time and specific failure rates of all products included in
the SIF. Each subsystem must be checked to assure compliance with minimum
hardware fault tolerance (HFT) requirements. The exida exSILentia
recommended for this purpose as it contains accurate models for the SVI II ESD and
related failure rates.
When using an SVI II ESD in a redundant configuration, include a common cause factor
of 5% in safety integrity calculations.
The failure rate data listed in the FMEDA report is valid only for the useful life time of an
SVI II ESD. The failure rates sometimes increase after this time period. Reliability
calculations based upon the data listed in the FMEDA report for mission times beyond
the lifetime can yield results too optimistic, i.e. the calculated Safety Integrity Level will
not be achieved.
SIL Capability
The SVI II ESD meets SIL 3 requirements as outlined below.
Systematic Integrity
The product has met manufacturer design process requirements of Safety Integrity Level (SIL)
3. These are intended to achieve sufficient integrity against systematic errors of design by the
manufacturer. A Safety Instrumented Function (SIF) designed with this product must not be
used at a SIL level higher than the statement without prior use justification by end user or
diverse redundant technology in the design.
Random Integrity
The SVI II ESD's safety critical function is maintained by a Type A Device. Therefore based upon
the SFF > 90%, when the SVI II ESD is used as the sole component in a final element
subassembly, a design can meet SIL 3 @ HFT=0.
When the final element assembly consists of many components (SVI II ESD, quick exhaust
valve, actuator, isolation valve, etc.) the SIL must be verified for the entire assembly taking into
consideration failure rate of each component. This analysis must account for any hardware
fault tolerance and architecture constraints.
22 |
=GE Oil & Gas
®
tool is
© 2016 General Electric Company. All rights reserved.
Advertisement
Table of Contents
Troubleshooting
