Paper F&G SIS
Paper F&G SIS
Paper F&G SIS
Mike Scott
VP, Process Safety
Applied Engineering Solutions
Greenville, SC 29607
Bud Adler
Director, Business Development
Applied Engineering Solutions, Inc.
Lake Mary, FL 32746
KEYWORDS
Fire & Gas Detection Systems, FGS, Fire Panel, NFPA 72, EN 54, Safety Instrumented
System, SIS, Safety Integrity Level, SIL, Safety Instrumented Fire & Gas System, SI-FGS,
ANSI/ISA 84, IEC 61508, IEC 61511, Safety PLC
ABSTRACT
This paper will explore the current trends in the market place and industry in general with
respect to Fire & Gas Detection Systems and their relationship to Safety Instrumented
Systems. The concept of a Safety Instrumented Fire & Gas Detection System (SI-FGS) will
be introduced and explained in detail. This will include a review of the following topics:
In support of this paper, the authors conducted an informal survey of Fire & Gas System
OEMs, Engineering Firms and End Users, in an attempt to ascertain what are the driving
factors towards the emergence and acceptance of Safety Instrumented Fire & Gas Detection
Systems in the marketplace.
INTRODUCTION
The concept of a Safety Instrumented Fire & Gas Systems (SI-FGS) has emerged in the
process industry. Its arrival is has generated both controversy and confusion. The term SI1 of 13
FGS represents the attempted application of performance based safety concepts to the design
of Fire & Gas Detection Systems. ANSI / ISA S84.01 states that Fire & Gas Systems where
operation action is required to initiate the system is not covered by the standard. Thus, those
systems that automatically initiate an action could be addressed by the performance based
Safety Instrumented System standards. However, the inherent differences between a Safety
Instrumented System and a Fire & Gas System pose some challenges for an end user
attempting to merge design techniques. This paper will discuss some of these differences and
trends in industry.
MITIGATION
Mechanical Mitigation Systems
Safety Instrumented Control Systems
Safety Instrumented Mitigation Systems
PREVENTION
Mechanical Protection System
Process Alarms
Operator Supervision
Safety Instrumented Control Systems
Safety Instrumented Prevention Systems
Basic Process Control Systems
Monitoring Systems (process alarms)
Operator Supervision
Process Design
2 of 13
A Safety Instrumented System by definition is designed to bring the process to a safe state
when demand is placed upon it. For instance consider a scenario, possible rupture of a vessel
with subsequent release of a flammable / toxic material that could result in on-site injuries and
/ or fatalities due to the ensuing fire. A Safety Instrumented System could be designed that
would close the feed valve if a high-high pressure condition was detected, thus eliminating the
source of overpressure. If this action is taken, the process is returned to a safe state and the
potential hazardous event has been completely prevented. A Fire & Gas Detection System
may include some preventative functions as described above. However, it is typically
comprised of mitigating functions. A mitigating function is described as an action that does
not prevent the hazardous event from occurring but instead initiates actions that reduce the
potential consequences of the event after it has occurred. For instance in the example
described above, one could implement a Fire & Gas System to detect the fire and / or release
of the flammable material at the ruptured vessel and initiate a suppression action (water mist,
foam system, etc.) This system would be designed to contain the fire to a single unit
operation, lessen the potential for injuries to personnel through area alarming, and protect
capital investment of the facility by quickly containing / extinguishing the fire. The Fire &
Gas Detection system acted after the primary event (vessel rupture) had occurred in an
attempt to lessen the consequence of this condition. Even if the Fire & Gas System does not
initiate a suppression related action, the act of sounding alarms / beacons is a common
mitigating action. By removing personnel from the hazardous zone one is mitigating potential
injury to those workers. Refer to Figure 2 below for a typical P&ID depiction of the
relationship between the above described Safety Instrumented System and Fire & Gas
Detection System.
3 of 13
I2
BV
200
I2
Water Mist
XV
UA
203
I1
HV
100
PT
101
To Safe Location
Feed
PSV
102
FCV
Reactor
I2
I2
BSH
201
ASH
202
Flame
Detector
Combustible
Gas Detector
4 of 13
ACTUATION STATE
Another inherent difference between Safety Instrumented Systems and Fire and Gas Detection
Systems is the basic design principal regarding de-energize to trip and energize to trip
functionality. Most Safety Instrumented Systems are designed to de-energize (i.e. remove
power, instrument air, etc.) upon detection of a potentially dangerous condition. Most Fire
and Gas Detection Systems, on the other hand, are typically designed to energize (turn on
power, instrument air, etc.) upon detection of a potentially dangerous condition. One needs to
recognize that most of the failure data used in Probability of Failure on Demand (PFD)
equations presented in various Safety Instrumented System literature sources represent deenergize to trip systems. In this mode of operation, it is generally assumed that a dangerous
detected failure is converted to a nuisance trip through initiation of a diagnostic generated
shutdown. Another critical concept associated with energize-to-trip systems is the mandate
for some sort of source of back-up power to be provided to bring the system to a safe state
upon loss of power.
Another inherent difference between Safety Instrumented Fire & Gas Detection Systems and
typical commercial Fire and Gas Detection Systems is power consumption. A commercial
Fire & Gas System, specifically designed to meet NFPA 72, includes design provisions to
minimize quiescent power consumption during the time frame the system is operating on
back-up power. A Safety PLC based system on the other hand has been designed to operate
using a de-energize-to-trip concept and, as such, specific steps to minimize power
consumption have not been implemented in these type systems. Thus, a commercial Fire &
Gas Detection System is going to draw micro / milli-amps whereby a Safety Instrumented
Fire & Gas Detection System is going to draw many amps. Therefore, one needs to recognize
that commercially available battery systems to support the power consumption requirements
of a Safety PLC, while still meeting all of the diagnostic and supervision related requirements
of NFPA 72 with FM and / or UL Approvals already in place, may not readily exist at this
time. At the time of this writing the authors are aware of a newly FM-Approved battery
system that is capable of supporting a Safety PLC based Safety Instrumented Fire & Gas
Detection System.
For example, NFPA 72 (or EN-54) contains a large number of prescriptive requirements with
respect to the design and installation of Fire & Gas Detection systems. This includes
requirements on initiating device circuit supervision, notification appliance circuit
supervision, fire safety function circuit supervision, suppression system designs, etc. The
concept of a Safety Instrumented Fire & Gas System requires implementing both the
5 of 13
NFPA 72 or EN-54 does not specifically mandate functional testing of Fire & Gas Detection
Systems based upon the architecture of the system and desired availability. Safety
Instrumented Systems, on the other hand, have underscored the importance of functional
testing and its relationship to overall Probability of Failure on Demand calculations. This
fundamental difference must be addressed for those intending to apply performance-based
requirements to a Fire & Gas Detection / Mitigation System.
0 .7
0 .6
0 .5
Probability
of Failure on
Demand
(Probability)
0 .4
0 .3
0 .2
0 .1
40
37
34
31
28
25
22
19
16
13
10
NFPA 72 specifies requirements associated with fire detection and / or mitigation. Gas
detection is typically considered an additional action that is labeled as interference free.
Depending on the Authority Having Jurisdiction (i.e. Local Fire Marshall) one may not be
allowed to mix Fire, Gas & shutdown functions within a single system unless the system has
been specifically approved for this application. This issue should be carefully researched to
6 of 13
ensure the all goals of the project can be readily and easily achieved. For the Authority
Having Jurisdiction inform a user during Acceptance Testing that, combining Fire & Gas
logic within the Safety PLC, is unacceptable would have a major impact on the project. The
authors are aware of at least one NFPA 72 approved Safety Instrumented Fire & Gas
Detection System that supports both Fire & Gas functionality.
The underlying principal behind Safety Instrumented System designs is based on reliability
fundamentals regarding the failure modes of systems / devices and their impact on the ability
of the system as a whole to perform its intended function. Probability of Failure on Demand
for a simple 1oo1 (One out of one) system is defined as:
PFDavg = (DU x TI) / 2
Where,
PFDavg Probability of Failure on Demand Average
DU Failure Rate Dangerous Undetected
TI Test Interval
When evaluating this simplified equation, it must be recognized that the inherent differences
between a de-energize-to-trip and energize-to-trip system regarding the definition of DU for
each system. Consider the system described in Figure 2 above.
BSH
201
Logic Solver
UA
203
7 of 13
#
1
2
Logic Solver Output stuck
OFF
Failure rate data and failure modes for a energize-to-trip design must be carefully evaluated to
ensure PFDavg calculations yield accurate results.
Traditional Fire & Gas Systems utilize wiring schemes that allow many field devices to be
daisy chained together on a single circuit. For instance, this type of circuit typically uses
some sort of end of line device to monitor the contact state of multiple sensors or it can even
use an addressable network / bus scheme. Safety Instrumented Systems, on the other hand,
tend to have a single field device wired to a single I/O channel on the Safety PLC. This can
result in increased costs for those attempting to migrate from a proprietary Fire & Gas System
to a Safety PLC based Safety-Instrumented Fire & Gas Detection System. One should
carefully review the wiring schemes required by the Safety Instrumented Fire & Gas
Detection System to ensure the projects scope and funding includes the cost to engineer and
install new conduit / cable to all field devices. The authors are aware of one NFPA 72
approved Safety Instrumented Fire & Gas Detection System that supports multiple field
devices connected to a single I/O channel. Thus, all hope is not lost and, through careful
research and due diligence, a user can, in fact, cost effectively migrate to a Safety
Instrumented Fire & Gas System.
8 of 13
A major driving factor towards the emergence of a Safety-Instrumented Fire & Gas Detection
System seems to be the desire for a facility to utilize a common logic solver hardware
platform for both Fire & Gas systems. This choice offers the following benefits:
The same issues and economics that have virtually eliminated the proprietary Distributed
Control System (DCS) are now forcing consolidation within the Fire & Gas and Safety
Instrumented System marketplaces. In todays competitive global economy companies need
every cost advantage they can get to remain competitive.
INDUSTRY UPDATE
ISA S84 FIRE & GAS DETECTION SUB-COMMITTEE FORMATION
ISA has formed a new sub-committee to develop a technical report entitled Fire and Gas
Systems (F&GS) Relationship to ANSI/ISA84.01-2004 (IEC 61511). The purpose of this
technical report / guideline is to provide guidance for users and OEM vendors of industrial
fire and gas systems to determine which, if any, safety instrumented functions of a F&GS
should be implemented according to the requirements of ANSI/ISA 84.01-1996 and IEC
61511. The technical report / guideline will show examples of prescriptive functions that may
be required by national fire codes, such as NFPA 72. This guideline, by reference to
ANSI/ISA 84.01-1996 and IEC 61511, will demonstrate how to determine which functions
are safety functions, and to determine the required SIL (Safety Integrity Level) for those
safety functions. Also by reference to ANSI/ISA 84.01-1996, IEC 61508, and IEC 61511, the
technical report / guideline will give some guidance as to how the safety functions can be
implemented from a performance perspective to achieve the desired risk reduction. This subcommittee has generated a lot of interest from a variety of end users, OEMs and consultants.
At the time of writing this article, the authors are aware of three (3) different Safety PLC
offerings that have been submitted to UL or FM for an application-based approval for Fire &
Gas Detection. Also, two (2) different Fire System OEMs have developed Fire & Gas
9 of 13
Systems that have been TUV approved to meet a given Safety Integrity Level per IEC 61508.
In addition, we are aware of a large number of recent projects where end users have been
specifying the use of Safety PLCs for Fire & Gas Detection Systems. These requests for
quotation all included performance criteria associated with meeting a specific Safety Integrity
Level with respect to the logic solver. Thus, whether the demand has been created by end
users or through a marketing campaign developed by manufacturers of Safety PLCs, the fact
remains that Safety PLCs are routinely being applied to Fire & Gas Detection designs with
the requirement for meeting a specific Safety Integrity Level being imposed.
SENSOR UPDATE
A wide variety of fire and gas related sensors have had Failure Modes and Effects Diagnostics
Analysis (FMEDA) performed. Refer to table below for a partial listing of some of these
devices. As can be seen from the Table 2, several different OEMs have recognized the need
to provide data for use in a performance-based safety instrumented system design.
Detectomat GmbH
Det-Tronics
Det-Tronics
4
5
6
7
It is significant that sensor OEMs are beginning to provide data that could support the overall
SI-FGS concept.
CONCLUSION
The concept of a performance-based Safety-Instrumented Fire & Gas Detection System (SIFGS) is complex to say the least. Many issues need to be carefully considered when
attempting to merge the prescriptive world of Fire & Gas Systems with the performance-
10 of 13
based world of Safety Instrumented Systems. However, end users and OEMs both appear to
be driving industry towards convergence of design criteria. Lets review the facts:
Numerous Fire & Gas Sensors have been submitted for FMEDA completion to
support PFD calculations
Several Safety PLC systems have been submitted for FM and / or UL Approval as
Safety Instrumented Fire & Gas Detection Systems
Several Fire Systems have been submitted to TUV for certification to IEC61508
A FM Approved battery system capable of supporting a Safety PLC based FGS is
now commercially available
ISA has formed a sub-committee to develop a technical report on the relationship
of Fire & Gas Systems and Safety Instrumented Systems
Thus, it appears that Safety-Instrumented Fire & Gas Detection Systems are gaining
significant momentum and that can only benefit industry as a whole.
DISCLAIMER
Although it is believed that the information in this paper is factual, no warranty or
representation, expressed or implied, is made with respect to any or all of the content thereof,
and no legal responsibility is assumed therefore. The examples shown are simply for
illustration, and, as such, do not necessarily represent any companys guidelines. The reader
should use data, methodology, formulas, and guidelines that are appropriate for their own
particular situation.
REFERENCES
1. ANSI/ISA S84.01-1996, Application of Safety Instrumented Systems for the Process
Industries, The Instrumentation, Systems, and Automation Society, Research Triangle
Park, NC, 1996.
2. IEC 61508, Functional Safety of Electrical/Electronic/Programmable Safety-related
Systems, Part 1-7,Geneva: International Electrotechnical Commission, 1998.
3. IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Industry
Sector, Parts 1-3, Geneva: International Electrotechnical Commission, 2003.
4. Goble, W.M., Control Systems Safety Evaluation & Reliability, 2nd Edition, ISA, 1998
5. Marszal, E & Scharpf, E, Safety Integrity Level Selection Systematic Methods Including
Layer of Projection Analysis, 2002, ISA, Research Triangle Park, NC
11 of 13
6. NFPA 72 National Fire Alarm Code, Quincy, MA, National Fire Protection Association,
August, 2002
7. EN 54 Fire Detection And Fire Alarm Systems, European Standards (Norme Europenne),
2001
8. Kimberly A. Dejmek and Richard Skone, Standard's use spreading, but confusion still
surrounds FGS, Fire and Gas, June 2003
12 of 13
1-out-of-1
1-out-of-1 D (D for extensive self-diagnostics)
1-out-of-2
1-out-of-2 D (D for extensive self-diagnostics)
2-out-of-3
International Electrotechnical Commission
Mean Time To Fail Spurious
Average Probability of Failure on Demand
Programmable Logic Controller
Risk Reduction Factor
Safety Instrumented Fire & Gas Detection System
Safety Instrumented Function
Safety Integrity Level
Safety Instrumented System
13 of 13