### This article is a summary of Gulay Basova's ongoing MSc thesis at the University of Stavanger on the topic of evaluation of SIS performance in aging and lifetime extension context. The full thesis will be published by the University of Stavanger at a later stage.

A great number of oil and gas production facilities have exceeded the originally designed lifetime while having a significant amount of recoverable oil and gas resources. In this context, aging and life extension (ALE) have become important topics for oil and gas asset operators.

The principles of aging and life extension activities have been addressed by numerous of standards and implementation guidelines published over the years. Along with the aging offshore facilities, the performance of the safety systems beyond their pre-defined useful lifetimes has become one of the core topics to protect against loss of human life, environmental damage, and commercial impact.

The useful lifetime of a component is defined as the time interval within the design life where the failure rate is assumed to be constantly provided that the components are subject to periodic proof testing. The characteristic shape of the failure rate function is known as the bathtub curve, where the failure rate is high in the beginning, then it is assumed to remain constant for a certain period (called useful lifetime) while it increases in a so-called wear-out period.

The required risk reduction provided by Safety Integrity Functions (SIFs) must be ensured as long as the facility (and the certain function) is in the operational phase. For aging installations, it is observed that some of the SIF subcomponents, forming the safety systems, have been used beyond their originally stipulated useful lifetimes.

So - how does the overall SIF performance (and the failure rates of the SIF subcomponent) change beyond the useful lifetime? Although there are various studies in the literature addressing the behavior of components based on the probability of failure while they age, there are few sources/studies dealing with the computational estimation to re-quantify the Safety Integrity Levels (SILs) based on the estimated failure rates. For the MSc thesis, a Bayesian methodology is suggested to quantify the change in failure rate over time, (hence the achieved SIL for SIFs), to investigate the situation where the accumulated in-service time exceeds the pre-defined useful lifetime. In this case, the failure rates are estimated by gathering expert knowledge, available data, and other applicable reliability theory concepts about SIF subcomponent failure rates.

Bayesian thinking acknowledges that there is some prior knowledge (expert opinion) about the failure distribution. Given some evidence (data) about the distribution, the prior knowledge can be updated and produce an estimation more in line with the evidence. To illustrate the mathematical notation of Bayesian updates, let θ denote a parameter for a population, and p(x|θ) is the probability function of a parameter when the experimental data is x. The problem then becomes estimating the model parameter θ.

The relation known as Bayes Theorem is,

p(θ|x) = p(x|θ)p(θ)/ p(x) ∝ p(x|θ)p(θ)

where

p(θ|x) is the posterior probability (the beliefs after the evaluation of model parameters);

p(x|θ) is the likelihood of experimental data x given “theta”;

p(θ) is the prior probability of the event occurring (initial belief).

Combined Lifecycle (CMBL) Failure Distribution seems to be a useful distribution for the quantification and analysis of lifetime data. Therefore, the likelihood function for the useful lifetime (the constant failure rate) section is represented by the exponential(λ) with an expected value of 1/λ, and the wear-out phase (aging/beyond useful lifetime) is represented by normal (ϻ,σ). The Bayesian Model has been created and runs in Python programming and estimation of failure rates of components for 40 years period are obtained.

As a part of the MSc thesis, 3 SIFs formed by 9 components in total have been investigated in a detailed way. The selected functions (High Integrity Pressure Protection System (__HIPPS__), ESD Segregation Function, and Gas Detection Function) have been evaluated by using the developed Bayesian model. Then, the estimated failure rates have been used to determine the PFD of the SIFs and finally, the corresponding SILs of SIFs. The underlying assumption is that observing the changing trend of failure rates for the mentioned safety systems will give an overall insight into the performance of other SIFs and the overall safety and reliability of SISs.

It is not the intention of this article to give a detailed summary of the MSc thesis. For the details, reference is made to the full thesis work which will be published later on. Overall, the following high-level conclusions are yielded from this study:

It is observed that for some SIF subcomponents, the failure rate increases significantly over time when operated beyond the useful lifetime. Therefore, it is not a solid approach to have a blanket assumption about “constant failure rates” for aging SIF subcomponents. This observation is also in line with the guidance provided in the latest revisions of the IEC 61511 standard.

Broadly speaking, the achieved SIL change beyond the useful lifetime. As an example, if the required IL is SIL3, after some years, the achieved IL can only satisfy the SIL2 range or similar – based on the quantitative requirements.

SIS Safety Lifecycle Plans (SIS-SLP) typically address the defined lifetime of the SIFs. The reviewed SIS-SLPs typically fall short of addressing the lifetime extension challenges/activities.

Asset operators need a practical- and well-defined roadmap to handle SIFs from a lifecycle perspective – that includes possible lifetime extension activities.

Proof testing based on the functional- and integrity- requirements may be inadequate to get the full picture, especially when operating beyond the useful lifetime. In this case, supporting evidence (such as inspection reports, etc.) should be evaluated together with the results from proof testing. This requires interdisciplinary cooperation between subject matter specialists.