Layer of Protection Analysis (LOPA) is a technique used to determine the frequency of unwanted events by analyzing independent protection layers (IPLs). The probability of failure on demand (PFD) of each IPL is used to calculate the overall frequency. A Safety Integrity Level (SIL) is assigned based on the risk reduction needed and is inversely related to the PFD - a higher SIL indicates a lower allowed PFD. A SIL is selected by first analyzing risks, then using LOPA to quantify likelihood and consequences, and determining the SIL needed to reduce risk to as low as reasonably practicable.
Layer of Protection Analysis (LOPA) is a technique used to determine the frequency of unwanted events by analyzing independent protection layers (IPLs). The probability of failure on demand (PFD) of each IPL is used to calculate the overall frequency. A Safety Integrity Level (SIL) is assigned based on the risk reduction needed and is inversely related to the PFD - a higher SIL indicates a lower allowed PFD. A SIL is selected by first analyzing risks, then using LOPA to quantify likelihood and consequences, and determining the SIL needed to reduce risk to as low as reasonably practicable.
Layer of Protection Analysis (LOPA) is a technique used to determine the frequency of unwanted events by analyzing independent protection layers (IPLs). The probability of failure on demand (PFD) of each IPL is used to calculate the overall frequency. A Safety Integrity Level (SIL) is assigned based on the risk reduction needed and is inversely related to the PFD - a higher SIL indicates a lower allowed PFD. A SIL is selected by first analyzing risks, then using LOPA to quantify likelihood and consequences, and determining the SIL needed to reduce risk to as low as reasonably practicable.
Layer of Protection Analysis (LOPA) is a technique used to determine the frequency of unwanted events by analyzing independent protection layers (IPLs). The probability of failure on demand (PFD) of each IPL is used to calculate the overall frequency. A Safety Integrity Level (SIL) is assigned based on the risk reduction needed and is inversely related to the PFD - a higher SIL indicates a lower allowed PFD. A SIL is selected by first analyzing risks, then using LOPA to quantify likelihood and consequences, and determining the SIL needed to reduce risk to as low as reasonably practicable.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1of 9
Layer of Protection Analysis (LOPA)
& Safety Integrity Level (SIL) Selection
What is LOPA? LOPA (Layer of Protection Analysis) is a form of event tree analysis used to determine the frequency of an unwanted event, which can be prevented by one or more protection layers. Initiating Event IPL #1 Fails IPL #2 Fails IPL #3 Fails IPL #1 Success IPL #2 Success IPL #3 Success Event Ends Event Ends Event Ends How is the Frequency of a Consequence Calculated? Probability of Failure on Demand (PFD) is used to quantify the likelihood of a given consequence with the layers in place. Initiating Event 0.5/yr. IPL #1 0.2 IPL #2 0.07 IPL #3 0.3 IPL #1 Success IPL #2 Success IPL #3 Success Event Ends Event Ends Event Ends Frequency = 0.5 x 0.2 x 0.07 x 0.3 = 2.1 x 10 -3 Event PFD Operator Response 0.2 PRV Activation 0.07 Ignition 0.3 Typical Protection Layers
Basic Process Control System
Operator Intervention
Use Factors
Mechanical Integrity of Vessels and Piping
Physical Relief Device
External Risk Reduction Facilities
Ignition Probabilities
Explosion Probabilities
Occupancy Factors What is an IPL? Independent Protection Layers (IPL) are incident protection layers that must meet the following criteria:
Specificity An Independent protection layer must be specifically designed to be capable of preventing the consequence(s) under consideration.
Independence The protection layer must operate completely independently of all other protection layers; no common equipment may be shared between layers.
Dependability The layer must be able to dependably prevent the consequence(s).
Auditability The layer should be proof tested and maintained. What is a SIL? A Safety Integrity Level (SIL) is the overall availability of a ESD Safety Instrument Function (SIF) or an ESD system component calculated as 1 minus the sum of the average probability of failure on demand (PFD).
SIL RRF (risk reduction factor) PFD Safety Availability 0/a Process Control 1 10-100 10%-1% 90%-99% 2 100-1000 1%-.1% 99%-99.9% 3 1000-10000 .1%-.01% 99.9%-99.99% What is a SIF and a SIL? A Safety Instrumented Function (SIF) is an action a Safety Instrumented System (SIS) takes to bring the process or equipment under control to a safe state. A Safety Instrumented System (SIS) is a collection of sensors, logic solvers, and actuators that executes one of more safety instrumented functions (SIFs) that are implemented for a common purpose. NOTE: The SIL classification belongs to the individual SIF, not the entire SIS. When a piece of equipment is common to multiple SIFs, it must be designed to meet the highest SIL classification found amongst those individual SIFs! Identifying a SIF A Safety Instrumented Function (SIF) is an action a Safety Instrumented System (SIS) takes to bring the process or equipment under control to a safe state. 1. The SIF must signal or indicate a hazardous condition is present and harm will result if there is no action.
2. The function should execute or facilitate some action to achieve a safe state.
3. A safe state should result from the function for this process. How is a SIL Selected? 1. Determine the level of risk that exists after considering all non-SIS related mitigation measures (relief valves, dikes, passive fire protection, etc.)
2. Risk scenarios are typically identified through HAZOPs or similar risk assessments.
3. LOPA is used to quantify the likelihood and consequence and to identify protection layers (IPLs and non-IPLs)
4. Each additional SIL step reduces the likelihood of a given consequence by an order of magnitude. Example: Baseline risk is 10 -2 per year, a SIL 3 system reduces the overall likelihood by 3 orders of magnitude to 10 -5
HSE - A Methodology for the Assignment of Safety Integrity Levels (SILs) to Safety-related Control Functions Implemented by Safety-related Electrical, Electronic and Programmable Electronic Control Systems of Machines