Page 19 - Stanochny park
P. 19
INNOVATIVE TECHNOLOGY
EAP system - from risk to safety
Ensuring safety is the most important task in industrial enterprises. The chief technologist
and chief engineer must ensure the trouble-free operation of all equipment, protect human health
and the environment, and comply with the requirements of regulatory authorities. This is not
always easy to do - outdated technologies, backwardness of equipment, ineffective approaches
to ensuring security significantly affect the solution of the above tasks. Accidents of recent years
indicate that not enough has been done to ensure industrial safety, and there are areas that require
special attention. The causes of accidents are, as a rule, a fatal combination of design errors,
equipment failures, and violation of procedures [1, 2]. This article describes why it is necessary
to perform the risk analysis stage when designing a security system, which is recommended by
GOS, and why the construction of SIL-oriented protection loops based on risk analysis saves
the enterprise costs and provides it with the required level of security. From an expert point
of view, the focus on improving functional safety is the correct application of the standards of
the GOST R IEC 61508/61511
series (http://protect.gost.ru) The practice of applying the SIL safety integrity
in the creation and operation level in Russia
of emergency automatic In Russia, the concept of the safety integrity level, SIL
protection (EAP) systems. (Safety Integrity Level), has traditionally taken root, but the
life cycle of the security system is ignored. The requirements
for the PAZ system only take into account the safety integrity
level of the SIL controller, and the risk analysis stage, at which
the target SIL level of the entire protection circuit is to be
determined, is ignored.
The typical situation is as follows: the company announces
a tender for the control system of the installation and places the
technical requirements on the official website. Requirements
fall into the companies of potential suppliers who begin to
prepare technical and commercial proposals. Often you can
see the following formulated typical requirements for the EAP
system:
● "The EAP system controller must comply with SIL3 standards.
To confirm compliance with SIL3 standards, it is necessary to
provide certificates with a list of modules";
● "The EAP system controller must have a redundant
architecture, including ...".
As a rule, the distribution of signals on the protection
circuits and the requirements for sensors, shut-off valves,
interface devices are absent. Thus, the foundation of the EAP
system is violated - the integrity of the circuit from the sensor
to the actuator.
The distribution of the main technological equipment between
the DCS or the EAP system is as follows. Pumps, electric valves,
shut-off valves belong to the EAP system, and the sensors
involved in the regulation, and control valves to the DCS. This
approach seems redundant. As a result, the total number of
EAP system cabinets is greater than the number of cabinets in the DCS, while according to
statistics, the supplied SIL3 level controllers affect safety for 8 % of the total probability of
circuit failures.
So, as a result of the accident at the Russian oil refinery in 2014, one of the reasons
mentioned by Rostekhnadzor was "the lack of assessment of the technical equipment’s equipment
with monitoring, control and emergency protection measures, and their actions during the
start-up and shutdown of technological equipment" (http: // www. gosnadzor.ru). By "lack of
equipment assessment" is meant the failed stage of risk analysis and the lack of gradation of
protection circuits according to SIL safety integrity levels.
Stanochniy park 19
