FMEA is another vital tool in ensuring process safety. You can use a modified FMEA (Failure Modes and Effects Analysis) to ensure the robustness of complex safety systems. You can also use the modified FMEA to identify and avoid single failures that can prevent a safe state or cause spurious trips.
One of the first systematic methods developed to analyze potential failures in technical systems was the Failure Modes and Effects Analysis (FMEA). Since then, there have been further developments on the method and numerous applications use it today. You can use it to analyze the criticality of failures based on their probability and consequence (FMECA applications). Additionally, it can assess diagnostic capabilities (FMEDA applications). You often use it in these varieties to predict failure rates of components.
Using FMEA to ensure robustness and avoid single failures
This article will focus on a modified FMEA process to ensure the robustness of complex safety systems. Additionally, to identify and avoid single failures that can prevent a safe state or cause spurious trips. The method includes IEC 61511-1:2016 terms in order to facilitate the design of complex fail-as-is safety systems in compliance with IEC 61511 requirements. Most Safety instrumented systems used in the process industry are relatively simple systems. They consist of one or more initiators, a logic solver, and one or more final elements. The systems are normally fail-safe, meaning that they go to their safe state if there is a loss of power or motive force. However, for some applications, there is a need for more complex safety systems to avoid incidents.
Complex systems and SIL requirements
We often give these complex safety systems a SIL requirement, and examples of such systems are:
Systems for initiation of a deluge
Systems for initiation of water mist
You can regard the abovementioned systems as complex since achieving a safe state relies on several components. Components such as fire water pumps, generators, diesel/electrical supply, and valves, in addition to auxiliary systems and utilities. Furthermore, in some applications, spurious activation of the safety function is considered to have a significantly negative impact. This is with regard to cost or safety. Therefore there could be strong arguments for implementing design aspects to prevent spurious trips. Examples of such systems are:
Workover safety systems
BOPs
Common for these systems is that they are not necessarily fail-safe. They may rely on pneumatics, hydraulics, or electrical power (or a combination thereof) to reach a safe state. This increases the complexity of the safety systems. Because they are now reliant upon a number of components in the auxiliary systems in order to bring the system or process to a safe state. IEC 61511 puts additional requirements on safety systems that are not fail-safe. Most notably the requirement in section 11.2.11, that “For any SIS device that on the loss of utility (e.g., electrical power, air, hydraulics, or pneumatic supply) does not fail to the safe state, loss of utility and SIS circuit integrity shall be detected and alarmed (…)”, and implicitly through section 11.9.2 that reliability of the required utility systems shall be included in the calculated failure measure of the SIF.
The modified FMEA method
The modified FMEA methodology used to assess such complex safety systems is based on the premise that each component (such as DCVs, solenoids, valves, pumps, etc.) is part of the safety function (e.g., through detailed component FMECAs) and has detailed information available. This allows the methodology to assess the application from a system level. Thereby it identifies the required components in the utility systems for the safety function to work as intended. In addition, the methodology also identifies the components redundancy (HFT). Lastly, it identifies whether failures in these components can be detected from a system level before a demand is put on the safety system. The FMEA is suitable in concept or early design phases. It can provide valuable input to ensure robustness in the design of safety systems. Amongst the benefits obtained through the modified FMEA application is:
Detailed information about the required components in the utility systems necessary for the safety system to work as intended in a demand situation.
Input to design considerations with regards to a single point of failure that can prevent the SIF from working in a demand situation, and a single point of failure that can initiate spurious shutdowns.
Detailed information about the available redundancy (HFT) of the components included in the safety function.
Input to reliability block diagrams, and hence an early indication about whether a specific SIL is obtainable based on the PFD and architectural aspects of the requirements.
Input to components whose failure modes can be detected by the system or operator outside normal proof testing, and prior to a demand on the safety system, hence giving valuable information about safety-critical monitoring and alarms.
Additional help and guidance
Finally, ORS has gained significant experience through utilizing tailor-made FMEA methods for complex safety systems. Several projects have successfully implemented the methodology. These projects span the entire world, including the Norwegian Continental Shelf, Gulf of Mexico, and Australia. Contact us to discuss how we can help you to improve system safety and production performance.
