AlChE 2017 Spring Meeting and 13th Global Congress on Process Safety
Layer of protection analysis (LOPA) is a widely used semi-quantitative method for determining the reliability requirement for safety instrumented functions (SIFs). An advantage of LOPA is that it specifies a numerical reliability target – the average probability of failure on demand (PFDavg). However, uncertainties in the input parameters and simplifications within the LOPA method lead to a margin of error in the target PFDavg that is often not accounted for in the design of the SIF. Further uncertainties are introduced when carrying out a reliability analysis of the SIF design to ensure that the target PFDavg is met. The result of overlooking such uncertainties is that the target PFDavg may be set low and the calculation of the actual PFDavg achieved by the design may be optimistic, leading to a SIF that is under-designed. The need to account for uncertainty is emphasized in the latest version of IEC 61511, the international standard for SIF design.
This paper investigates and highlights the sources of such uncertainties in LOPA and SIF reliability analysis. In particular, the quality of the data used as input parameters to LOPA and reliability models has a large effect on the accuracy of the results. These parameters include failure rates, conditional modifiers, beta factors for common cause failures, and proof test coverage factors. Available data for these parameters can be sparse and may not be representative of the conditions in which the SIF is applied. Where the confidence intervals of the data are available, these can be incorporated into the calculations to reach a more conservative result. Alternatively, a safety factor can be applied to try and capture all the uncertainties. In this approach, the target PFDavg obtained from LOPA is reduced by the safety factor to give a more stringent target PFDavg for the SIF design to meet. The methods for handling uncertainty are reviewed in this paper.
