General Objective - Funnel Risk Graph Method in the Design of Integrated Control and Safety Sys

The aim of this thesis is to explore a more cost-effective, simplified and enhanced approach for the design and evaluation of SIS through the FRGM. Safety Integrity Level (SIL) and Performance Level (PL) allocation for process, mining and other related industries require deeper level of analysis. Adopting the SIL allocation process to the concept of risk reduction is shown in Figure 1.1. For

each of the Equipment Under Control (EUC) risks are identified, the level of risk is calculated or estimated and then one or more risk reduction measures are designated. The objective of this risk management approach is to apply sufficient risk reduction measures against the EUC risk such that the “actual risk reduction” exceeds the “necessary risk reduction” to achieve an acceptable “tolerable risk”.

Fig. 1.1. Risk Reduction General Concept

Based on this concept, this research project’s main aim is to develop and apply an optimised approach for the design and evaluation of ICSS using the FRGM method shown in Figure 1.2 [10-12] (FRGM is the proposed approach in evaluation of ICSS that aims to reduce costs in the early stage of the design process).

Fig. 1.2. Funnel Risk Graph Method

Specific Objectives:

Real-life industrial scenarios will be analysed to prove the advantage of FRGM over the traditional approach. The specific objectives of this project are to:

1. Develop the framework of the FRGM approach by aligning to the phases of the safety lifecycle as a ‘funnel’;

2. Present case study analyses to prove the advantages of FRGM over the traditional approach;

3. Carry out an evaluation of FRGM, comparing it to the traditional method to show that;

• FRGM will result in equal functional safety;

• FRGM requires few number of steps required and time taken, thus achieving economic benefit.

4. Analyse different kinds of SIF with resulting SIL; 5. Cybersecurity consideration using FRGM.

Main Contributions to Knowledge

This research strives to address the issues faced by the oil & gas and related industries regarding the evaluation and design of ICSS, particularly the SIS. Big or small players in the industry, cannot escape from the fact that they need to utilise ICSS in their business operations. Traditionally, in designing ICSS, all SIF must undergo quantitative or semi-quantitative analyses consuming a lot of resources. In this research work, an application of a more cost-effective, simplified and enhanced approach called FRGM for the design and evaluation of SIS will be explored in reference to the functional safety standards. FRGM will be discussed in-depth in Chapter 3. Based on the preliminary results, it is expected that the project will result in significant economic benefits, more practicable compliance with results in equal degree of functional safety as compared to the traditional approach. To prove the effectiveness of this approach, comparative analyses are presented in Chapters 3 and 4. The proposed approach will also consider cybersecurity as an important component of the assessment in Chapter 5. Specifically, my main contribution can be summarised as follows, I have:

• Developed the FRGM as a novel approach to determine SIL ratings. The FRGM approach can be applied to filter lower SIL ratings and the result as target or required SIL. By utilising this technique, a lot of resources can be saved. Potential cost savings were presented in Chapters 3 and 4 for different applications;

• Presented several case studies and compared results of FRGM with traditional method to show accuracy of FRGM. The application of FRGM was presented in Chapter 3 involving 3 SIFs. These 3 SIFs were involved in a process of transporting and handling solids through a conveyor belt. They are designed to disable any movement of the conveyor belt and its associated equipment during emergency or metal detection. Potential hazards may involve fatalities, injuries or equipment damage. Another real-life case study was presented In Chapter 4 utilising LNG Plant A. The Plant is one of the biggest LNG plants in the world with an estimated gas resource of 50 trillion cubic feet;

• Presented cost benefit analyses of FRGM. All of the case studies presented in this research demonstrated potential cost savings to prove the effectiveness of the FRGM approach. The 3 SIFs in Chapter 3, which involves a process of transporting and handling solids through a conveyor belt, generated a potential savings of $976,500. The LNG Plant A in Chapter 4 yielded a total cost reduction of $3,906,000 out of four (4) multidisciplinary personnel which conducts the safety

assessment. This was based on 3,000 SIFs, total reduction of 2.167 hours and average salary rate of $150/hour;

• Conducted SIL calculations and verifications for SIFs in the LNG Plant A using exSILentia software and compared results with FRGM to prove accuracy of the proposed FRGM approach. Achieved SIL ratings were verified for 16 SIF loops in Chapter 4. It is shown in Table 4.1 that all 16 loops achieved their respective SIL targets. SIF 064LZ- 0011 LL even exceeded the achieved SIL from 1 to 2;

• Developed the novel National Institute of Standards and Technology (NIST) + FRGM framework for the integration of SIS and cybersecurity. It has been recognised by the research community [13- 21], the industry, as well as the International Society of Automation (ISA) [22] that there is a need of such alignment between safety and security, in which this research work was also striving to address;

• Presented a case study using the NIST + FRGM framework for a SIF in the LNG Plant A. SIF 064FZ-0567 LL from LNG Plant A was explored and re-analysed to illustrate the proposed integrated NIST + FRGM in Chapter 5. The objective is to demonstrate how SIL assessment would be impacted in the consideration of cyber security threats. The result showed that the SIF has low cybersecurity risk with SIL rating of SIL 1. The primary advantage of this integrated approach is that it ensures all risks (cybersecurity and safety) are considered.

Secondarily, optimising the evaluation process into a unified approach would mean significant cost benefit.

Organisation of the Thesis

This thesis is presented in six Chapters. The organisation of the remaining Chapters is as follows:

Chapter 2 provides literature reviews of past and ongoing research work.

Pros and cons of those methodology were compared and contradicted. Various SIL determination and calculation methods are compared as per criteria of relevant qualifying factors. This Chapter compared advantages and disadvantages of reviewed methods from complexity, accuracy and cost- effectiveness perspectives.

Chapter 3focuses on the development of FRGM which was based on the

Phase 5: Safety Requirements Allocation. This was based on the 16-phase IEC61508 [2] safety lifecycle with the inclusion of IEC62061 [23], IEC61511 [3], ISO13849 [24] and AS4024.1 [25] as a combined safety lifecycle process [10]. The qualities of FRGM being more cost-effective and simplified is explored in this Chapter. Comparative analyses between FRGM and LOPA (and other traditional methods) are also presented. The FRGM only takes 3 steps while LOPA takes 13 steps. An estimated cost savings of $976,500 is calculated for 3,000 SIFs with the presented case study example.

Chapter 4provides quantitative analyses for the SIFs used in the LNG Plant

A Process Unit 6400 (PU6400). This Chapter demonstrates SIL calculations performed for each SIF loop that were assigned a SIL target of SIL 1 or greater. Calculations are based on the actual hardware selected for the Sensor, the Logic Solver and the Final Element. The software for performing SIL calculations is exSILentia coupled with the latest reliability database SERH, then results compared against FRGM. Considering the factors such as number of hours reduced using FRGM, salary per hour and the number of personnel conducting the assessment, potential savings can be achieved at around $3,906,000 using the FRGM when the entire SIFs of the LNG Plant A are evaluated.

Chapter 5 this complementary chapter is dedicated to an integrated and optimised evaluation framework for ICSS and related subsystems considering cybersecurity and safety. This can be achieved by the alignment of the cybersecurity framework formulated by the National Institute of Standards and Technology (NIST) with safety and security standards ISA84 (IEC 61511) and ISA99 (IEC 62443), and the novel Funnel Risk Graph Method (FRGM). The need of such alignment between safety and security has been recognised by the research community, the industry, as well as the International Society of Automation (ISA). The framework is called NIST + FRGM.

Chapter 6 summarises the research work and presents the conclusions

drawn from the study along with some recommendations for possible future research opportunities.

Chapter 2 - Developments in SIL

In document Funnel Risk Graph Method in the Design of Integrated Control and Safety System (Page 35-43)