Security barriers and revision tests ; Barrières de sécurité et tests de révision

Abstract

The instrumented security systems (SIS) consisting of sensors (pressure measurement, gas detection, etc.), processing units (PLCs) and actuators (valves) play a key role in the prevention of industrial risks, as safety barriers. The objective of a SIS is to maintain a safe state of an industrial process in relation to a dangerous event (release of substance, fire, explosion, etc.). The challenge is to know the availability of SIS, which is the ability to perform one or more security functions at a given moment (when requested) and under specific conditions (their environments). INERIS's research on SIS evaluation consisted of quantifying the availability and likelihood of failure to call on complex architectures and thus optimising the frequency of SIS tests. This work builds on the assessment methods of IEC 61508 [3] and the development of mathematical models for complex redundant architectures. IEC 61508 provides methods based on flow diagrams, fault trees, Markov chains. The approach of INERIS is different: an analytical approach is proposed in order to have a parametric expression of the medium dangerous probability of failure, thus enabling parametric analysis and optimisation of tests. ; Safety barriers take an important part of industrial risk management. Even if these systems are not triggered frequently, when an initiating event occurs (overpressure, overflow, etc.), they aim at preventing undesired events on people, environment, and goods. Proof tests have therefore to be performed in order to check the functional state of the safety barriers and, if required, to perform the appropriate maintenance actions. Dependability criteria have then to be assessed by a practical model. A set of general formulas is proposed for the probability of failure on demand (PFD) assessment of systems subject to partial and full tests. Partial tests (e.g. visual inspections, imperfect testing) may detect only some failures, whereas owing to a full test, the system is restored to an as good as new condition. Following the ...