Decrease font size
Increase font size
Topic Title: Safety integrity of HV/MV motor starters to SIL 3
Topic Summary:
Created On: 22 March 2012 11:27 AM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 22 March 2012 11:27 AM
User is offline View Users Profile Print this message


Posts: 7
Joined: 25 July 2008

We have to demonstrate compliance to safety integrity level 3 for plant emergency stop systems for oil & gas processing plants. We can do this successfully for the control circuitry by utilising certified safety relays, which are available from various manufactures. But the problem comes when we try to achieve SIL 3 compliance of the motor starter. We can demonstrate the control circuit will reliably activate, but have trouble ensuring that the power side of the circuit, the final element such as the circuit breaker or contactor, will reliably activate when triggered by the emergency stop control circuit.
Has anybody come across this issue before? How did you demonstrate compliance and do you know a manufacturer of HV or MV circuit breakers certified to SIL 3? Any help appreciated, thanks
 22 March 2012 02:59 PM
User is offline View Users Profile Print this message


Posts: 201
Joined: 25 February 2008

I would be interested how you achieved SIL3 on the control system. Using certified safety relays still need to prove rating by way of calculation.
It was some time ago I was involved with SIL2 power by having several contactors in series, using the control system philosophy to check contactor integrity on both closing and opening.

For SIL3 I guess you would need 2oo3 voting style contactor operation - 3 in series perhaps. The nearest I have come to that is offshore designs.

To demonstrate compliance to me you would have to demonstrate functional operation, safe operation wih faulty components still in circuit and supporting calculations.
I don't know any manufacturer who does this, but many will build to your designs/drawings.
 09 June 2014 12:51 PM
User is offline View Users Profile Print this message


Posts: 1
Joined: 30 September 2010

Two contactors in series, controlled by a monitoring safety relay, this is set to auto reset, if either unit fails to drop out the monitoring relay will stop re-energisation and report the error. The calc would be anticipated failure of both contactors simultaneously, the diagnostic coverage and the rate of operation.
 19 June 2014 10:59 PM
User is offline View Users Profile Print this message


Posts: 65
Joined: 25 July 2008

Hi mrh105,

It is not clear from your post whether the protective function is ETT or DTT. Also, what is the demand rate?

The large power component suppliers certainly supply MV equipment that is certified to both IEC 61508 family SIL3, and ISO 13849 PL e, and produce B10 and MTTF data to support this, along with various application examples for single, dual, and voting scenarios.

I'd suggest speaking with their machinery safety specialists, detailing your requirements.

One other area to consider: Are there no other layers of protection that could reduce the demand and integrity for this SIF?

New here?

See Also:

FuseTalk Standard Edition v3.2 - © 1999-2018 FuseTalk Inc. All rights reserved.