Implementing IEC 61508 for Qualification of Safety-Instrumented Systems for Submergible Tube Bridges

Abstract

Qualification of new technology (or systems) has become an important discipline within application areas that have strict requirements to safety and/or reliability, and where new technology is not adequately covered by established rules, standards, and practices. With new solutions,which potentially affect a lot of people, it is important to reduce the uncertainty related to the development of the technology and document that the technology will have an acceptable performance during its lifecycle.

The Norwegian Public Road Administration (NPRA) has adopted technology qualification as an approach to ensure that the extreme fjord-crossing concepts evaluated for the "Ferry free E-39" project inherits the necessary attributes. Several uncertainties are related to the E-39 project. To empower decision making, and systematically address these uncertainties, the agency has begun the development of a technology qualification programme.

It is expected that the extreme fjord-crossing concepts will require installation of dedicated safety-related systems that employ electrical/electronic/programmable electronic technology(so called safety-instrumented systems ) to ensure safe operation. Many of these systems may be considered unproven (in technology and/or application area), and will require a systematic and structured process of qualification before deemed safe to install.

IEC 61508 is considered the main standard for safety-instrumented systems, and elements from this standards may supplement and improve a potential framework for qualification of such systems. The standard can be classified as a RAMS (reliability, availability, maintainability and safety) standard. RAMS requirements are key attributes of system performance, and RAMS assessments are therefore key tools in any qualification process.

This thesis aims to contribute to the currently on-going work of implementing a technology qualification programme in the NPRA, by proposing a qualification framework for safety-instrumented systems related to the submerged floating tube bridge concept. The concept is being addressed as a solution for the crossing of Bjørnafjorden. The framework aims to draw on several different approaches, and implement principles from RAMS engineering and IEC 61508. Focus has been placed on the transferability of a framework for qualification of safety- instrumented systems, and a framework for qualification of entire bridge concepts.

To understand the basics of technology qualification, this thesis includes an in-depth review of the different approaches towards qualification of new technology. This includes the more established recommended practices, such as DNV-RP-A203 and API-RP-17N. With focus on safety-instrumented systems, IEC 61508 is presented and the potential contributions of the standard towards qualification of such systems are discussed. It was identified that the central safety lifecycle from the standard is similar to a qualification process with several elements that may supplement a qualification framework.

In order to adapt the framework to the NPRA s practices, central aspects and challenges of a qualification framework in the NPRA have been identified and discussed. The lack of a RAMS management framework in the agency was identified as a key challenge towards implementing a risk-based qualification framework. The scope and role of a qualification framework is another challenge that must be addressed prior to a potential implementation.

Based on the challenges in the NPRA, central aspects of RAMS engineering and IEC 61508, and the established approaches towards technology qualification, a framework for qualification of safety-instrumented systems is introduced. The framework contains some new methods and approaches towards the stating of requirements and assessing readiness of technology.

The framework is demonstrated on a water-mist fire suppression system for the submerged floating tube bridge concept over Bjørnafjorden. In order to understand the environmental and operational conditions for such a system, a description of the submerged floating tube bridge concept and its risk picture are included.