25 safety HIVE by wanghonghx



 MIT 40
           Safe state
-What is it?

-For whom?

• Stop             • Maintain
– Train            (Alarm operator)

– Process          –    Airplane
– Machines         –    Exothermal reactor
                   –    Drill-rig?
                   –    Airbag?
           Failure Modes
• Dangerous failure
– The system does not
perform its function when

• Spurious Trip
– The system performs its
function without beeing
– Also, many spurious trips are
negative for the overall safety
of the installation
• Risk = Consequence x Frequency

• Frequency = Demandrate x Probability
of failure of the safety function

EXAMPLE                            RESULT
•Gas-leakage due to overpressure   Gas-leakage due to
•Overpressure once a year          overpressure every
•SIS failure every 10. demand      10. years
Risk based

                    1oo2 voting

     Safe state = off

                          Safe state = on

Good safety
Bad availability
          2oo2 voting

                     Safe state = on
  Safe state = off

Bad safety
Good availability
     Qualitative requirements
• When a safety function does not work,
it is either broken or “wrong”.
– Wrong location of detectors
– Software mistakes
– Operator blunders/typos

• Systematic failures can not be
calculated….only minimized and
             Other requirements
• independent and in addition to other systems
(PSA, API, IEC 61508-1 (ch. b))

• not to be negatively influenced by failures in other

• Process safety to be done by two independent and
different barriers
– Primary barrier (instrumented)
– Secondary barrier (mechanical)

        PSA              IEC61511

            OLF 070                     DnV
  API RP 14C
                Company standards
                  (Statoil, Hydro,
              Phillips, Shell, BP etc.)
Maritime Black Box MBB .
The Maritime Black Box MBB system
consists of the units described below.
• Norcontrol Data Collection Unit (DCU)
  – Interfaces sensors and equipment for data
    collection and storage in the PSU,
  – Multi Serial Interface Module (MSI), Audio
    Recording Module (ARI),
  – Distributed Process Modules (DPU) and a video
    frame grabber card.
  – Operation and monitoring of the Maritime Black
    Box system (MBB)
• Norcontrol Protected Storage Unit (PSU)
  – Storage of recorded data
• Optional Replay and Evaluation Unit (REU)
  – Unit for replay and training using recorded data
          Data Recorded 1
• Data and Time Date and Time is derived from a
  device external from the ship, normally a GPS.
• Ship's position Latitude and longitude, this is
  derived from an electronic position-fixing system
• Ship Speed Ship speed is normally recorded
  from the ships Speed Log
• Ship Heading Ship heading is recorded as
  indicated by the ship's compass or gyro
• Bridge Audio Recorded through microphone
  panels located on the bridge. Four microphones
  are included in standard delivery
         Data Recorded 2
• Communication Audio (VHF)
• In and outbound communication from the ships
  VHF, one VHF set included in standard delivery
• Radar Radar image as displayed to the operator,
  one radar included in standard delivery
• Echo sounder This includes depth under keel,
  the depth scale currently being displayed and
  other status information if available.
• Main alarms Including the status of all
  mandatory alarms on the bridge, more
  specifications in chapter 5.1.1
          Data Recorded 3
• Rudder order and response Rudder order
  and response angle on rudder is recorded,
  including status and setting of autopilot if
• Engine order and response Including
  position of engine telegraphs, both ordered
  speed and propeller response. Bow and stern
  thrusters are also recorded if fitted
• Hull openings status Including all IMO
  mandatory status information of hull openings
  that's required to be displayed on the bridge.
            Data Recorded 4
• Watertight and fire door status
• This includes all IMO mandatory status inforation
  that's required to be displayed on the bridge.
• Accelerations and hull stresses
• Where a ship is fitted with hull stress and response
  monitoring equipment all the data items that have
  been pre-selected within that equipment is
• Wind speed and direction The wind speed and
  direction is recorded from the navigation system.
  Both true and relative wind is recorded, including
  each direction
              AIM Safe
• The Kongsberg Maritime Safety System
  (AIM Safe) is a computerised system
  developed and designed specifically for
  the safe monitoring and automatic
  corrective actions on unacceptable
  hazardous situations.
• The AIM Safe system being a part of the
  AIM family
        Basic Applications
• An acceptable risk level must be established
  and means to achieve this acceptable risk
  level must be found.
• The most common use of computerised safety
  systems is for Emergency and/or Process
  ShutDown (yellow) and Fire & Gas detection
  and protection systems (red).
• Usually the systems are delivered with no
  interdependence, only information exchange
  between them takes place.
• This way the different safety barriers are kept
     Typical topology for an
        offshore vessel
• Installations on rigs usually centralize the
  HMI for safety systems to a central control
• Non-explosion proof equipment such as fire
  central, computers and traditional IO cards
  are normally centralized in the non-
  hazardous areas.
• Remote IO units and field sensors are
  physically distributed.
• RIO units can be delivered for installation
  both in non-hazardous and hazardous areas
  Typical topology for cruise vessels
• Installations on cruise vessels are usually
  physically distributed into the main fire zones.
  The solution reduces cabling cost and provides
  autonomous units to control the main fire zones.
    Emergency ShutDown (ESD)
• The Emergency ShutDown System (ESD)
  shall minimise the consequences of
  emergency situations,
  – uncontrolled flooding,
  – escape of hydrocarbons,
  – outbreak of fire in hydrocarbon carrying areas or
    areas which may otherwise be hazardous.
• Basically the system consist of field-mounted
  sensors, valves and trip relays, system logic
  for processing of incoming signals, alarm
  and HMI units.
• The system is able to process input signals
  and activating outputs in accordance with the
  Cause & Effect charts defined for the
  –   ShutDown of part systems and equipment
  –   Isolate hydrocarbon inventories
  –   Isolate electrical equipment
  –   Prevent escalation of events
  –   Stop hydrocarbon flow
  –   Depressurise / Blowdown
  –   Emergency ventilation control
  –   Close watertight doors and fire doors
  Process ShutDown (PSD)
• The Process ShutDown system ensures a rapid
  detection and safe handling of process upsets.
• the system consists of field-mounted sensors,
  valves and trip relays, a system logic unit for
  processing of incoming signals, alarm and HMI
• The system is able to process all input signals
  and activating outputs in accordance with the
  applicable Cause & Effect charts.
• Typical actions from PSD systems are:
  – ShutDown the whole process
  – ShutDown parts of the process
  – Depressurise /Blowdown parts of the process
   Fire / gas Detection and
       Protection (FDP)
• The Fire detection and protection
  system (FDP) shall provide early and
  reliable detection of fire or gas,
  wherever such events are likely to
  occur, alert personnel and initiate
  protective actions automatically or
  manually upon operator activation.
     Typical actions from FDP
           systems are:
•   Alert personnel
•   Release fire fighting systems
•   Emergency ventilation control
•   Stop flow of minor hydrocarbon sources such
    as diesel distribution to consumers.
•   Isolate local electrical equipment
•   Initiating ESD and PSD actions
•   Isolate electrical equipment
•   Close watertight doors and fire doors
   Safety Management (SMS)
• The SMS combines information from multiple
  sources with decision support and lifeguarding
• SMS is useful for crisis management especially on
  cruise ships and other complex installations, but
  will be useful even in other applications.
• The primary function of the SMS is to detect and
  announce the presence of a hazardous situation
  from multiple sources providing a homogenous
  HMI for all relevant subsystems.
• The system is able to display information about
  location of firewalls and passive fireprotection
  equipment, escape routes, ventilation status etc.
    Functionality of the SMS
• Emergency procedures / Decision Support
  System (DSS)
• Automatic or manually initiated safety
  reports for incidents, routine checks and drills
• Identification of escape routes from the areas
• Location of manual fixed/portable fire
  extinguishing components
• Integration of CCTV functionality (AIM
• Online -help
• Safety Condition Parameters (SCP)
• Integration of information from other control
  systems and subsystem
Emergency procedures / Decision
    Support system (DSS)
• Decision support is
  a tool to
  information to the
  during incidents
  and to guide them
  through the

To top