ada topik menarik dari diskusi group SIL di linkedin sehubungan dengan pemisahan Fire & Gas (F&G) System dengan Safety Instrumented System (SIS).
Dulu waktu project Arthit APP (Arthit Process Platform) saya perhatikan F&G System digabung dengan SIS.
Kalau ditempat saya kerja sekarang sih dipisah antara F&G System dengan Emergency Shutdown System.
Dari diskusi di bawah saya setuju dengan yang dipisah.
SIS used as F&G system.
Can a SIS be used as a F&G system? Can we integrate both in the same system? You know that when is required by Hazop study thast some F&G detectors shall have process action (close valves, stop pumps), normally we put that detectors into the SIS PLC.
And for mitigation action (when it is required energized to trip)? Supplier (as Emerson) already have devices to used in DElta V SIS for that purpose. With today’s technology, many companies utilize an integrated approach and interfaced the FGS with the ESD system to initiate plant shutdown if hazardous events occur. Any standard that not permitt the F&G and shut down in the same system?
Tanggapan para anggota:
– I assume we are talking about IEC61511? The more you put in the SIS that contains your SIF’s the more complex it becomes to meet the requirements for operational management of the SIS. Using typical offshore production numbers for…
– What I am trying to araise is: Dont have a seprate F&G system, and implemented into the SIS (same logic solver). There are some vendor talking abou this FGS-SIS integration. So prevention layer with mitigation layer in the same safey…
Ricardo A. Vittoni
– Ricardo, you are right. Although ESD and F&G are both SIS per IEC 61511, you should not run both on the same logic solver.
We can argue two days about pros and cons, but just think about this:
You will need separate I/O cards for ESD…
– This has been asked a number of times before. The systems are usually separated to ease management of change, simplify the designs, minimize common cause, etc. Many will use the same logic solver technology/type, but still have two separate systems.
– Although the idea does not violate any standard, it shall not be taken into practice based on Ricardo and Paul’s comments. However in small scale packages like rotary machines where F&G signals are not noticeable, there is intention of implementing both signals in an individual SIS.
– I think a big concern is when we do a plant shutdown for revamping whatever and the SIS goes to off line, but the F&G system shall be on line even in that cases, because there are works on going and the Fire or gas needs to be detected all the time.
– The sensors connected to F& G system are prone to failures & require frequent maintenance. Integration in SIS will add further degradation of SIS other than the reasons mentioned above.
– See kenexis.com. They have some great tutorials on F&G and process safety. Check out their youtube site.
Aria Putra Maulana
– The F&G system provides mitigation for operations when dealing with a loss of containment and fire event. Therefore it is important to ensure the availability of the system through any potential scenario up to abandonment of the facility (up to the highest shutdown hierarchy level). So, we use the same high integrity hardware platform as SIS for F&G for the reasons of ensuring this high availability requirement. You’re right that F&G adopts NDE (equipped with line monitoring) and SIS adopts NE for their final device circuit therefore we should not combine them in one common logic solver as they have different requirement for the fault reaction configuration, i.e. one is non-safety related and the other is safety related (i.e. shutdown the controller on any uncontrollable fault is detected such as short or open circuit of the output loops, cross wiring between output loops, any failure of the suppression diodes in the output module, etc.
Aria Putra Maulana
– So, imagine if we put SIS and F&G in a common logic solver, when there is presence of fire and it causes output circuit fault and SIS DO module failure, it will shutdown the common controller regardless the DO module redundancy and will leave all NDE F&G outputs remain de-energized e.g. power isolation will not be isolated (or circuit breakers will remain close), deluge valves will remain close and cannot be opened, firewater pump will not be able for remote start, etc. thus the system will fail to give protection against the hazard arise.
– FGS in the same Logic Solver but differnet cards, Emerson has this apllication intregated FGS-SIS (NE to NDE)…
– Fire and gas systems may be implemented in the SIS logic solver according to IEC 61511/ISA 84.00.01-2004, which requires that the user ensure that the non-SIS functions do not impact the functionality and/or integrity of the SIS.
… selengkapnya bisa di klik link ini.