Logic solver for overpressure protection

Supplier: Moore Industries
17 February, 2014

A high integrity pressure protection system (HIPPS) is a specific type of Safety Instrumented System (SIS) that acts as a barrier between high and low pressure parts of an installation without the need to release fluid into the environment or otherwise contaminate it.

Within this SIS, the logic solver initiates the final elements that restore the process back to a safe state. An example is in an offshore well platform where the source can occasionally present a harmful pressure surge in the pipeline.

The HIPPS is designed to shut off the source before the design pressure of the downstream plant is exceeded, avoiding a rupture of a line or vessel. The normal system comprises pressure transmitters, a logic solver and fast-acting shut off valves. A HIPPS is a specific type of SIS that typically uses redundant elements to achieve the SIL specified for the application.

Factors Leading to the Choice of a Logic Solver

People can often assume the logic solver has to be a safety PLC. But in many cases a discrete logic device for each loop, which avoids the complications and expense of a programmable solution, is a sensible option. One of the objectives of functional safety is to engineer the protection layers so that the complexity of safety-related functionality is minimised. This includes designing the overall concept for the minimum number of safety instrumented loops, avoiding the unnecessary use of more complex technology and reducing interdependency between loops and keeping safety and non-safety functionality separate.

IEC 61508-2 and related standards demand a higher burden on the architectural design, which can often be avoided using less complex discrete logic solver technologies. Apart from the obvious savings in cost from a simpler architecture, perhaps the biggest gains with this approach are unseen.

Consider that this straightforward approach avoids the development cost of application programming (plus associated costs such as software maintenance, upgrades, configuration management and back-ups) and the need for specialist competence in operation and maintenance of the programmable platform. Installation, validation and commissioning of complex programmable systems also require specific competence and procedures, which can make the functional safety management (FSM) system more onerous to set up and maintain.

Many safety-related applications in the process industry are ideally suited to one or more single loop logic solvers because they are small scale, isolated or located in remote areas. As mentioned, the simpler architectural demands using this approach can reduce the cost of hardware, software and procedural overheads.

The Safety Integrity Level

The performance of a SIF is defined by the safety integrity level (SIL 1 to SIL 4). All elements that form the SIS must be designed or selected in accordance with the IEC 61508 or IEC 61511 standards. In practice, each SIF in an SIS typically consists of three subsystems that include one or more sensor elements, logic solver elements and final control elements, as required to meet the (highest) target SIL for the function(s) being performed (Figure 1).

The three basic attributes of the SIS that require design consideration and evaluation in order to
achieve the SIL are:

1) The architectural constraints for each subsystem are at least SIL 'n'
2) The systematic capability of each subsystem is at least SC 'n'
3) The probability of failure on demand, PFDAVG is within (or <) the range for SIL 'n'

Each one of these attributes places requirements on the elements used in each subsystem.

Read the complete white paper