Authors: Carsten Mahler, Volker Phielipeit-Spieß, Harald Schuhmacher – OneSubsea, a Schlumberger Company; Markus Glaser, Tobias Winter, Simon Schoch, Julian Popp – Aalen University; Stefan Schlünß, Stefan Marx – SubCtech GmbH, Robert Schreck, Martin Reinhart, Florian Boettcher – WITTENSTEIN SE
Safety Capability of an All-Electric Production System
The all-electric control system, as proposed with this paper, provides improved HSE, cost reduction, and an increase in safety and reliability figures compared to an electro-hydraulic (e/h-mux) system. This paper describes the approach for the development of a novel all-electric safety actuation system. Key to this concept is the centralized battery which is utilized to provide the system with the required amount of energy during valve actuation for normal operation, but also in case of a power cut or communication loss. Since instantaneous power for valve operation is supplied by the battery, continuous power demand remains at a similar level for current e/h-mux solutions.
Scope of this paper is a detailed analysis to evaluate the safety and reliability capability of the proposed system. It also covers root causes for failure modes and suitable mitigations to prevent occurrence or for failure impact reduction. Further objective is the analysis of common cause failures, which are critical for safety function execution. The paper is a result of the work of a joint industry project.
Methods, Procedures, Process
The usage of the battery as an active part of the safety function requires a different analysis, then the usage of the battery as an uninterrupted power supply without any safety requirements. The complete system development approach provides the highest possible safety and reliability result. The proposed system design is examined with the method of failure mode and effects analysis (FMEA) on the system and component level. The analyses are performed to detect the potential failures, the corresponding root causes, and mitigating actions. On hardware level the failure mode, diagnose, and effect analysis (FMEDA) is applied. The results of both analysis are discussed in respect to the international functional safety standards.
Results, Observation, and Conclusions
The paper provides a summary of the identified high-risk elements of the design, a list of common cause failures, and quantitative results of the FMEDA Analysis. Not surprisingly, the main source for the common cause failures are (identical) redundant pieces of electronics and software. Suitable measures for risk reduction and common cause failure control are presented. This includes measures on architectural design but also on single electronic and software components. Applying new methods and lessons learned from automotive industry, battery diagnosis is improved to gather an exact battery health status. The Probability of Failure on Demand of the proposed system design is in the range of SIL 2. This is the result of a quantitative fault tree analysis based on the failure rates of the FMEDA.
Novel information to be presented includes:
- FMEDA results
- List of common cause factors
- Quantitative analysis results
- Measures control common cause factors