82 results about "Safety Integrity Level" patented technology

The present disclosure belongs to the field of offshore oil, and in particular relates to a method for assessing the safety integrity level of offshore oil well control equipment. The method for assessing the safety integrity level of the offshore oil well control equipment comprises three major steps: creating a safety instrumented function evaluation module and dividing the related devices for performing the safety instrumented functions into a sensor subsystem; a controller subsystem and an actuator subsystem, establishing a dynamic Bayesian network model for respective subsystems for calculation; and integrating, analyzing and optimizing the safety integrity data of the subsystems.

A system and method for continuous online safety and reliability monitoring is disclosed. The method includes the steps of obtaining operating information about at least one of a plurality of instrumented function components, which are part of an instrumented function, and determining a probability of failure on demand for the instrumented function based on the operating information. In variations, operating information includes status information, which may be received from and / or provided to an asset management application. In some variations, instantaneous probability of failure on demand, online mean time to failure (MTTF), and online safety integrity level (SIL) are also calculated for an instrumented function. In yet further variations, the system allows a user to predict probability of failure on demand values into the future based on hypothetical and / or future planned test times.

The invention provides a design and realization method of a redundant and fault-tolerant safety instrument control system based on a fieldbus and ARM (advanced RISC machines), comprising the following steps: by virtue of redundant and fault-tolerant configuration of a system power supply, input modules, a CPU (central processing unit) and output modules, four core processors communicate with respective and corresponding I / O (input / output) modules by a CAN (controller area network) bus so as to carry out field signal acquisition and control command output, and hardware 2oo4 redundant and fault-tolerant voting is carried out on the output signals of four channels on an output voting module, so that mis-stop of the system caused by single-channel hardware failure is avoided, the function safety level of the redundant and fault-tolerant safety instrument control system is ensured to reach SIL3 (safety integrity level 3), in-time and fast response and protection are carried out on dangerous states of protected field equipment, further a production device enters a predefined working condition of safe stopping, and the safety of staffs, equipment, production and the device is guaranteed.

A system and method for continuous online safety and reliability monitoring is disclosed. The method includes the steps of obtaining operating information about at least one of a plurality of instrumented function components, which are part of an instrumented function, and determining a probability of failure on demand for the instrumented function based on the operating information. In variations, instantaneous probability of failure on demand, online mean time to failure (MTTF), and online safety integrity level (SIL) are also calculated for an instrumented function. In other variations of the invention, alarms are reported to an operator based on the variance indicating the probability of failure on demand for the instrumented function is too high. In yet further variations, the system allows a user to predict probability of failure on demand values into the future based on hypothetical and / or future planned test times.

A process device is configured to meet a desired Safety Integrity Level (SIL). A device interface is configured to couple to the process device and provide an output related to operation of a component of the process device. A component monitor monitors operation of the component and identifies a safety event of the component. A safety response module responds to a safety event of the component in accordance with a safety response.

Embodiments relate to systems and methods for self-diagnosis and / or false detection using multiple signal paths in sensor and other systems. In one embodiment, a sensor system comprises at least two sensors such as magnetic field sensors, and separate signal paths which belong to each of the sensors. A first signal path can be coupled to a first sensor and a first digital signal processor (DSP), and a second signal path can be coupled to a second sensor and a second digital signal processor. A signal from the first digital signal processor can be compared with a signal from the second digital signal processor either on-chip or off-chip to detect defects, errors, and other information in connection with the operation of the sensor system. Embodiments of these systems and / or methods can be configured to satisfy or exceed relevant safety or other industry standards, such as safety integrity level (SIL) standards.

The invention relates to a method for evaluating the functional safety of a safety instrument system, belonging to the technical field of functional safety of safety instrument systems. The invention aims at reliably simulating and monitoring the safety instrument system, evaluating the functional safety and studying the variation condition of common cause failure of the safety instrument system. The method comprises the following steps of: controlling the functional safety of a controlled system by a safety instrument system; analyzing the initial risk of the safety instrument system and determining the grade of safety integrity; verifying whether the safety instrument system reaches the determined grade of safety integrity; changing the constituting structures or devices of the safety instrument system; and repeating the above steps. In the technical scheme, the constituting structures or devices of the safety instrument system can be changed according to the studied specific condition to adapt for different application environments and requirements, and the variation condition of the common cause failure characteristic of the safety instrument system can be analyzed under different circumferences so as to provide important basis for studying the topic of common cause failure.

A computer-readable medium including computer-executable instructions that, when executed by a processor, cause the processor to perform acts, via an associated method that includes selecting a fault tree based upon an architecture of a safety instrumented system. The method includes evaluating at least a failure probability due to dangerous detected failures and a failure probability due to dangerous undetected failures as a function of values of factors. A portion of the failure probability due to dangerous undetected failures is based on failures detected during proof testing and a remainder of the failure probability due to dangerous undetected failures is based on failures detected during refurbishment. The method includes generating a probability of failure on demand for the safety instrumented system by combining at least the failure probability due to dangerous detected failures and the failure probability due to dangerous undetected failures according to the fault tree.

A system and method for continuous online safety and reliability monitoring is disclosed. The method includes the steps of obtaining operating information about at least one of a plurality of instrumented function components, which are part of an instrumented function, and determining a probability of failure on demand for the instrumented function based on the operating information. In variations, operating information includes status information, which may be received from and / or provided to an asset management application. In some variations, instantaneous probability of failure on demand, online mean time to failure (MTTF), and online safety integrity level (SIL) are also calculated for an instrumented function. In yet further variations, the system allows a user to predict probability of failure on demand values into the future based on hypothetical and / or future planned test times.

A system and method for continuous online safety and reliability monitoring is disclosed. The method includes the steps of obtaining operating information about at least one of a plurality of instrumented function components, which are part of an instrumented function, and determining a probability of failure on demand for the instrumented function based on the operating information. In variations, instantaneous probability of failure on demand, online mean time to failure (MTTF), and online safety integrity level (SIL) are also calculated for an instrumented function. In other variations of the invention, alarms are reported to an operator based on the variance indicating the probability of failure on demand for the instrumented function is too high. In yet further variations, the system allows a user to predict probability of failure on demand values into the future based on hypothetical and / or future planned test times.

The invention discloses a configuration method for a safety strategy and aims to solves the problem that the prior art fails to realize the configuration of allaround safety integrity level. The inventive configuration method for the safety strategy comprises the following steps: (1) the system sets up a safety strategy table containing safety level, scene and algorithm protocol in each safety element; (2) the system determines the safety level and current scene and extracts a required algorithm protocol from the safety strategy table; and (3) the system applies the obtained algorithm protocol to the safety service to complete the configuration of safety strategy. As a result, the invention sets up the safety strategy table for each safety element, determines the required algorithm protocol based on the determined safety level and current scene and extracts the algorithm protocol from the safety strategy table. The invention can realizes the configuration of the allaround safety integrity level according to the actual situation that the user utilizes the mobile network.

A system for on-line testing of an emergency shut-off valve includes a first emergency shut-off valve and a control for initiating a test on the first emergency shut-off valve. The system also includes a fluid actuator for opening and closing the first emergency shut-off valve. A subsystem is also provided for testing the first emergency shut-off valve without fully closing the shut-off valve in response to a signal from the control. In this system, a second solenoid valve bleeds off pressurized fluid to move the emergency shut-off valve from a fully opened to a partially closed position functions as a second emergency shut-off valve. A second emergency shut-off valve is also provided in series with the first emergency shut-off valve and a bypass around the second emergency shut-off valve allows the second emergency shut-off valve to be tested by being fully closed without shutting down the process. The use of the two emergency shut-off valves in series wherein either valve can shut down the process raises the safety integrity level to level 3.

The invention relates to an SIL (safety integrity level) assessment unit for a safety-instrument system for an LNG (liquefied natural gas) project. The SIL assessment unit comprises a project information management module, an HAZOP (hazard and operability analysis) result import module, an intermediate data management module, an SIL assessment calculation module, a database management module and an assessment result output module, wherein the project management information module is used for building an SIL analysis project; the HAZOP result import module is used for carrying out structured processing on the HAZOP analysis result of the SIL analysis project by taking a plot as a unit; the intermediate data management module is used for managing, inquiring and editing HAZOP analysis plots stored in the HAZOP result import module; the SIL assessment calculation module is used for carrying out assessment calculation aiming at each input HAZOP analysis plot by adopting an LOPA (layer of protection analysis) method, and obtaining the to-be-set SIL; the database management module is used for providing the acceptable risk frequency of an influence event, the initial event occurrence frequency and the failure probability reference value of an independent protective layer which are required for LOPA analysis; the assessment result output module is used for automatically generating an SIL assessment report. The SIL judgment method can be widely applied to SIL assessment of the safety-instrument system for the LNG project.

The invention discloses a functional security verification method for a safety instrument based on Markov process. The functional security verification method for the safety instrument based on the Markov process includes: using a Markov model to calculate failure rate on demand of a single device in a one-to-one structure, calculating probability of co-failure of multiple devices based on the failure rate on demand of the single device in the one-to-one structure, and calculating failure rate on demand of a redundant structure according to the probability of co-failure of the multiple devices; and verifying functional safety integrality level of the safety instrument according to the average failure rate on demand of the redundant structure based on the requirements in IEC61508. The functional security verification method for the safety instrument based on the Markov process has the advantages that the Markov model covers various statuses of the system to reflect dynamic behaviors of the system, and accordingly precision in calculating the failure rate is improved; the failure rate on demand of the redundant structure is calculated indirectly according to results of calculation on the failure rate on demand of the one-to-one structure, and accordingly the difficulty in direct Markov modeling and model calculation for the redundant structure is avoided; and a beta factor model and a binomial failure rate model are used to consider common cause failures, and the precision in calculating common cause failure rate is improved.

Controller capable of executing non-safety-related control logic. A safety module is added to the controller in order to increase the safety-integrity level of a control system. The controller is able to execute safety-related control of real-world objects. Such a control system may exist at an offshore production platform or in a hazardous area of a chemical plant.

The invention relates to an SIL (Safety Integrity Level) assessment unit of a safety instrument system and mainly solves a problem that in the prior art, a computer system, which is targeted at petrochemical devices and has functions of SIF identification, SIL allocation and SIL verification and the like, does not exist domestically yet. The SIL assessment unit for the safety instrument system is adopted and the unit includes SIFs of any number and SIL selection can be carried out for each SIF. The technical scheme of the assessment system, which has functions of safety requirement specification making, SIL verification, SIL report generation and database management solves the problem comparatively well and is applicable to the field of reliability assessment of a safety instrument system of the petroleum and petrochemical industry.

The invention discloses a device and a method for parallel decoding of software and hardware. The device comprises a hardware decoding module, a software decoding module, a message comparison module and a data packet composition module, wherein the hardware decoding module is used for decoding a transponder transmission message which is received to obtain a transponder user message; the software decoding module is used for decoding the transponder transmission message which is received to obtain the transponder user message; the message comparison module is used for comparing whether the transponder user message which is obtained by using the hardware decoding module accords with the transponder user message which is obtained by using the software decoding module; and the data packet composition module is used for composing the transponder user message which is obtained by using the hardware decoding module with the transponder user message which is obtained by using the software decoding module into a data packet and sending the data packet to peripheral equipment. By adoption of the device and the method provided by the invention, the problem of safety caused by common-cause failure in the decoding process is solved, potential safety hazard caused by message error in the decoding and dumping processes is further avoided, the safety of the transponder transmission messages is improved, and the safety integrity level required by a train operation control system is achieved.

A system for on-line testing of an emergency shut-off valve includes a first emergency shut-off valve (first valve) and a flow control valve (second valve), with the system being configured to allow the second valve to serve as a combination flow control and second emergency shut-off valve. A subsystem is also provided for testing the first valve without fully closing the first valve in response to a signal from the control. In this subsystem, a solenoid valve bleeds off pressurized fluid to move the first valve from a fully opened to a partially closed position. A bypass around the second valve allows it to be tested as the second emergency shut-off valve, allowing the second valve to close completely without shutting down the process. The use of the two emergency shut-off valves in series wherein either valve can shut down the process provides a level 3 safety integrity level.

The invention provides a train door opening and closing control method, device and system. The method comprises the following steps of: obtaining a target object, a vehicle on-plate controller (VOBC)obtains a remote door opening and closing instruction from an automatic train supervision (ATS), and the VOBC determines whether an execution condition corresponding to the remote door opening and closing instruction is met or not according to the operation state of the train, and if the operation state of the train meets the execution condition, the VOBC executes the door opening process or the door closing process according to the remote door opening and closing instruction. The operation state of a train is detected through the VOBC with a high safety integrity level, whether an execution condition corresponding to the remote door opening and closing instruction is met is determined, remote door opening and closing control is then carried out, the accuracy of judgment of the door opening and closing instruction execution condition is improved, and the problems that in the related art, whether the train meets the execution condition corresponding to the remote door opening and closing instruction or not is determined through the ATS, due to the low safety integrity level of the ATS, judgment of the remote door opening and closing execution condition is inaccurate, misoperation iscaused, and potential safety hazards are generated are solved.

The embodiment of the invention provides a method and a system for realizing a train control safety computer based on general COTS (Commercial-Off-The-Shelf) software and hardware. The method comprises the steps that a safety computer management domain votes on input data transmitted by a safety input and output domain based on a periodic control way to select effective input data for use; the safety computer management domain votes on the logic operation result of a general computational domain based on the periodic control way to select an effective logic operation result for use; the safety computer management domain controls the general computational domain based on the periodic control way to complete complicated output pretreatment; the safety computer management domain completes simple output pretreatment based on the periodic control way; the safety computer management domain votes on the output pretratment result to select an effective output pretreatment result for use. According to the method and the system provided by the embodiment of the invention, not only can the processing capacity and the flexible upgrading ability of the COTS hardware and the general COTS operating system software be fully realized, but also the requirements of SIL-4 (Safety Integrity Level - 4) safety certification can be met.

A system for on-line testing of an emergency shut-off valve includes a first emergency shut-off valve (first valve) and a flow control valve (second valve), with the system being configured to allow the second valve to serve as a combination flow control and second emergency shut-off valve. A subsystem is also provided for testing the first valve without fully closing the first valve in response to a signal from the control. In this subsystem, a solenoid valve bleeds off pressurized fluid to move the first valve from a fully opened to a partially closed position. A bypass around the second valve allows it to be tested as the second emergency shut-off valve, allowing the second valve to close completely without shutting down the process. The use of the two emergency shut-off valves in series wherein either valve can shut down the process provides a level 3 safety integrity level.

The invention relates to a risk oriented hazard analysis method for a chemical process device. The risk oriented hazard analysis method is mainly used for solving the problems that in the prior art, when risk oriented hazard analysis is carried out on a chemical process device, time consumption is high, and investment is large. By the adoption of the risk oriented hazard analysis method for the chemical process device, the safety integrity level is determined when a safety instrument system is taken as a protective measure; when the safety evaluation on the functions of the safety instrument system is carried out, a risk graph is used for analyzing the risks related to danger sources, a set of risk parameters are used for evaluating the risk levels, a risk level is assigned to each danger source, and an improved and extended ROHA process risk graph is used for determining the safety integrity level. The risk oriented hazard analysis method is characterized in that according to the technical scheme shown in the ROHA process risk graph (shown in figure 1), the problems are effectively solved, and the risk oriented hazard analysis method can be used for risk oriented hazard analysis of the chemical process device.

A security architecture, a battery, and a motor vehicle that has a corresponding battery are configured to be used to combine battery packs of a lower security integrity level into a battery system that has a higher security integrity level. The security architecture is for at least two batteries and each battery includes at least one electrochemical cell. The at least two batteries are each combined with at least one data processing unit to form a respective module. The security architecture is configured such that input signals of at least one second module are processed by the at least one data processing unit of at least one first module.

The invention relates to a method and a system for the one-channel transmission of information on a bus system (1) within an automation system, with which data transmission in compliance with safety integrity level 2 according to IEC 618508 is achieved with reduced hardware outlay. The information to be transmitted via the bus system (1) contains net data, which is present within a processing unit (4) in two channels in the form of a first data set (2) and in the form of a second data set (3) that differs from the first data set (2) at least in the form of representation. The processing unit generates a transmission telegram (5) suitable for one-channel transmission on the bus system (1) from the two data sets (2,3), whereby the net data present in the form of the first data set (2) is stored in a first data area (6) of the transmission telegram (5) and a checksum generated on the basis of the second data set (3) is stored in a second data area (7) of the transmission telegram (5).

A vehicle-to-X communication apparatus includes a generating device which is designed to generate a vehicle-to-X message to be sent, a signing device which is designed to sign the vehicle-to-X message to be sent, a first verification device which is designed to verify the vehicle-to-X message to be sent, a transmitting device which is designed to send the vehicle-to-X message. The first verification device is configured according to a higher safety integrity level than the generating device, the signing device and / or the transmitting device. Furthermore, a corresponding method as well as the use of the apparatus in a vehicle or an infrastructure facility is disclosed.