Introduction to Safety Basics

 Safety Standards Explained

 What is a SIS (Safety Instrumented System)

 What is SIL (Safety Integrity Level)

 What is a SIF (Safety Instrumented Function)

 How is a SIS different from DCS (BPCS)

 Examples of SIF Loop Design

2
Safety Acronyms

SIS – Safety Instrumented System

SIF – Safety Instrumented Function

SIL – Safety Integrity Level

PFD – Probability of Failure on Demand

PHA – Process Hazard Analysis

LOPA – Layer Of Protection Analysis

SRS – Safety Requirement Specification

PES – Programmable Electronic System

BPCS – Basic Process Control System

3
 Evolving Standards

1984 TUV Guidelines for PES (SK Safety Classes 1-9)

1987 HSE PES Guidelines Parts 1 & 2
1989 DIN 19250/ VDE 0801 for PES (AK Safety Classes 1 - 8)
1994 Appendix to VDE 0801 - Harmonisation Document
1996 ISA SP84 - Safety Lifecycle, Quantitative Approach
1997 IEC 61508 - Safety Lifecycle, Quantitative and Qualitative
Approach
2003 ANSI/ISA 84.01 = IEC61511 - Functional Safety, SIS for the
Process industry sector
2004 DIN 19250 withdrawn and Introduction of Machine Safety
Standard IEC 62061
Today Many more to come?

4
Industry Standards for
Safety Instrumented Systems (SIS)

Instrumentation, Systems, and

Automation Society (ISA), ANSI/ISA 84.01,
Application of Safety Instrumented
Systems for the Process Industry, 1996
(revised 2004).
•International Electrotechnical
Commission (IEC), IEC 61511, Functional
Safety: Safety Instrumented Systems for
the Process Sector

Performance Based Standards

5
 Evolving Standards

IEC 61508 is an “umbrella standard” for functional safety

across all industries

Each industry then uses IEC 61508 as a guide to develop

industry specific standards

•IEC/AS 61511 – Process Industry

•IEC 61513 – Nuclear Industry
•IEC 62061 – Machinery Industry
•Future – Rail, Medical, Automotive, Transport

6
 Evolving Standards

Other standards reference safety standards

•FM AS 7605 – Programmable Logic Control (PLC) Based

Burner Management

•FM AS 7610 – Combustion safeguards and Flame Sensing

•NFPA 85 – Boiler and Combustion Systems Hazards Code

•OSHA Process Safety Management & duty of care.

7
Why do we need Functional Safety?

Analysis Of 34 Incidents, based on 56 causes identified

20 %
Changes after
commissioning

44 %
Specifications

15%
Operations and
maintenance

6%
15%
Installations and
Design and
commissioning
implementations

Out of control
Why control systems go wrong and how to prevent failure?
(2nd edition, source: © Health & Safety Executive HSE – UK)
8
IEC 61508 Lifecycle

1 Concept

2 Overall Scope
Definition

Hazard & Risk

3 Analysis Analysis Phase

4 Overall Safety
Requirements

5 Safety Requirements
Allocation

Overall Planning 9 Safety-related 10 Safety-related 11

systems: Systems: External Risk
6 7 8 E/E/PES Other Reduction
Overall Overall Technology Facilities
Overall
Operation & Installation
Validation Realisation
Maint & Com-
Planning [see E/E/PES Realisation Realisation
Planning missioning
Realisation Planning Safety
Lifecycle]
Phase
12 Overall Installation &
Commissioning

Overall back to appropriate

13 Overall Safety Lifecycle
Safety Validation
Phase

14 Overall Operation & 15 Overall Modification

Maintenance & Retrofit

Operation 16 Decommissioning
Phase

9
IEC 61511 & ISA 84.01 Lifecycle

Manage - Safety Verifica -

Risk Analysis and
ment of Lifecycle tion
Protection Layer Design
Functional Structure 1
Subclause 8
Safety and
and Planning
Functional
Allocation of Safety
Safety
Functions to
Assess -
Protection Layers
ment 2
Subclause 9
Analysis Phase

Safety Requirements
Specification for the Safety
Instrumented System
3 Subclause 10

Design and
Design and Engineering of Development of Other
Safety Instrumented System Means of
Subclause 11 Risk Reduction
4 Subclause 9
Realisation

Installation, Commissioning Phase

and Validation
Subclauses 14
5

Operation and Maintenance

6 Subclause 15

Modification Operation Phase

7 Subclause 15.4

Sub -clause
Clause 5 Sub -clause
6.2
10 Decommissioning 7, 12.7
8 Subclause 16 11

10
When do I use IEC 61511 vs. IEC 61508?

Process Sector
Safety
Instrumented
System
Standards

Safety instrumented system designers,

Manufacturers and suppliers of integrators and users follow IEC 61511
devices use IEC 61508 & ISA 84.01

11
Safety Lifecycle

Conceptual Process Design

Process Hazards Analysis Procedure Development

SIF Definition Construction, Installation,

And Commissioning

SIL Selection
PSAT

Conceptual Design
Operation, Maintenance
and Testing
SIL Verification

Design Specifications Management of Change

12
Safety
Safety& Instrumented
Layers of Protection
Function

13
Independent Protection Layers

M Plant and/or
I Emergency Emergency response layer
T Response
I
G
A
Dike Passive protection layer
T
I
Relief valve,
O Rupture disk Active protection layer
N
Safety Emergency Shut
Instrumented
System Down action Isolated protection layer
Trip level alarm
P
R Operator Wild process
E Process control layer
Intervention parameter
V High level alarm
E High level
N Basic
T Process Process
Control value Process control layer
I
System
Normal behavior
O Low level
N Plant
Design

14
What is a SIS?

Formal Definition:

 SIS – “instrumented system used to implement

one or more safety instrumented functions (SIF).
A SIS is composed of any combination of
sensor(s), logic solver(s), and final element(s)”
(IEC 61511 / ISA 84.01)
Informal Definition:
 Instrumented Control System that detects “out of
control” conditions and automatically returns the
process to a safe state
“Last Line of Defense”
 Not basic process control system (BPCS)

15
What makes up a SIS?

Process Process

Input Output
IAS

SIS Program SV

Transmitter Safety
valve

Sensor(s) Logic solver(s) Final Element(s)

16
How SIS are Different from BPCS?

SIS
PV
101
USC PT
102 102
PT PIC
101 101
UV
102

BPCS
17
Safety PLC vs. standard PLC – what’s the difference?

 Standard PLC has unknown failure modes – don’t

know how it will fail before it fails

 Safety PLC is guaranteed to fail safely to within

certified probability (SIL 1, 2 or 3)

 Safety PLC is certified by a 3rd party to

international standards IEC 61508, IEC 61511 –
TÜV

 Certification includes certificate, report to the

certificate AND operation as per safety manual of
PLC

 Safety PLC must be configured by person with

appropriate safety competency
18
Where would I need a SIS?

Typical applications for SIS

ESD: Emergency ShutDown System

F&G: Fire and Gas System
BMS: Burner Management System
TMC: Turbo Machinery Control System
HIPPS: High Integrity Pressure Protection System

19
 What is a Safety Instrumented Function (SIF)?

Formal Definition:

SIF – “function to be implement by a SIS which is

intended to automatically achieve or maintain a safe
SIS state for the process with respect to a specific
PV

USC
102
PT
102
101
hazardous event.” (IEC61511 ISA SP 84.01)
PT PIC
101 101
UV
102

BPCS Informal Definition:

Independent safety loop or interlock that
automatically brings process to a safe state in
response to specific initiating events

20
 SIS versus SIF
SIF
SIS

Logic
Solver

Sensors
Final elements

21
What is (SIL) – Safety Integrity Level?

Safety
Integrity Informal Definition:
Level
SIL ..the Safety Integrity Level of a specific Safety
Instrumented Function (SIF) which is being
SIL 4 implemented by a Safety Instrumented System (SIS).
OR
SIL 3
The amount of risk reduction achieved by a specific
Safety Instrumented Function (SIF)
SIL 2

SIL 1

23
SIL expressed as PFD

PFD:
PFDavg = λDU TI / 2 Probability of Failure
on Demand

PFD (t)
λDU:
Dangerous Undetected
Failures
SIL 1

SIL 2 TI:
SIL 3 PFDavg Test Interval (proof)
SIL 4 test interval

time

24
Different levels of SIL

Safety
Probability of Risk Reduction
Integrity Safety
Failure on Demand Factor
Level

SIL 4 > 99.99% 0.001% to 0.01% 100,000 to 10,000

SIL 3 99.9% to 99.99% 0.01% to 0.1% 10,000 to 1,000

SIL 2 99% to 99.9% 0.1% to 1% 1,000 to 100

SIL 1 90% to 99% 1% to 10% 100 to 10

25
Different levels of SIL

Safety
Probability of Risk Reduction
Integrity Safety
Failure on Demand Factor
Level

SIL 4 > 99.99% 0.001% to 0.01% 100,000 to 10,000

SIL 3 99.9% to 99.99% 0.01% to 0.1% 10,000 to 1,000

SILDEALT
2 WITH
99% IN ISA
to 99.9% 84.01
0.1% AND
to 1% IEC 61511
1,000 to 100

SIL 1 90% to 99% 1% to 10% 100 to 10

26
Different levels of SIL

Safety
Probability of Risk Reduction
Integrity Safety
Failure on Demand Factor
Level

SIL 4DEALT WITH USING0.001%

> 99.99% IEC 61508
to 0.01% 100,000 to 10,000

SIL 3 99.9% to 99.99% 0.01% to 0.1% 10,000 to 1,000

SIL 2 99% to 99.9% 0.1% to 1% 1,000 to 100

SIL 1 90% to 99% 1% to 10% 100 to 10

27
What is Risk?

“the likelihood of a specified undesired event Serious consequence

x high likelihood =
occurring within a specified period or in higher risk
specified circumstances.”

RISK = Likelihood x consequence

Likelihood

high

moderate

Minor consequence x
low likelihood = low
low risk
minor serious extensive
Consequence

28
 Effects of accepting too much risk

 Injury / death to Personnel

Likelihood  Environment damage and consequential clean up

high
costs

moderate
 Damage and loss of equipment / property

low
 Business interruption associated losses
minor serious extensive
Consequence
 Legal liability, litigation & “duty of care defense”

 Company image

 Lost market share

29
Tolerable Risk

 Moral, Legal and financial responsibility to limit our risk

 In some countries, the law mandates tolerable risk levels
Meeting OSHA requirements as minimum

Make plant as safe as

possible, disregard cost
Comply with regulation
as written, regardless of Legal Moral
cost or level of risk

Financial

Build the lowest cost plant

and keep operating budget
as small as possible
30
Reducing Risk

Inherent Process Risk

Likelihood

Unacceptable
Risk Region

Tolerable
Risk Region
Consequence 31
Reducing Risk

Inherent Process Risk

Active Protection
e.g. PRV
Likelihood

Unacceptable
Risk Region

Tolerable
Risk Region
Consequence 32
Reducing Risk

Inherent Process Risk

Passive Protection Active Protection

e.g. Containment Dyke e.g. PRV
Likelihood

Unacceptable
Risk Region

Tolerable
Risk Region
Consequence 33
Reducing Risk

Inherent Process Risk

Passive Protection Active Protection

e.g. Containment Dyke e.g. PRV
Likelihood

Unacceptable
SIS Applied
Risk Region

Tolerable
Risk Region
Consequence 34
Reducing Risk

Inherent Process Risk

Passive Protection Active Protection

e.g. Containment Dyke e.g. PRV
Likelihood

SIL 1

SIL 2

SIL 3
Unacceptable
SIS Applied
Risk Region

Tolerable
Risk Region
Consequence 35
 Summary
 IEC 61511 is the applicable safety standard for the process industry
 This is a performance based standards and addresses the entire safety
lifecycle
 Compliance is considered “best engineering practice” worldwide
 Compliance will help reduce risk and help meet obligations
 Safety System (SIS) PLC is different from normal PLC & must be
certified by 3rd party (TÜV) to IEC 61508, 61511
 A Safety System must always be separate from a DCS
 SIS is made up of sensors, logic solver and final elements
 DCS and SIS should not normally “share” the same field devices

36
 Summary
 SIF (Safety Instrumented Function) consists of detection, logic and
automatic action to bring plant to safe state
 SIL (Safety Integrity Level) is a measure of risk reduction provided by a
specific SIF
 Risk is a product of likelihood and consequence
 Implementing a SIS can help you move from inherent risk region to
tolerable risk region
 Conceptual design of SIS involves many elements – not just equipment
 SIS device testing, voting and plant availability must all be considered in
design
 Without a safety CULTURE in the plant no amount of technology can
provide 100% protection

37
Thank You