Professional Documents
Culture Documents
com
excellence in dependable-automation
Version 1.0
e ida.com Course Logistics
excellence in dependable-automation
• Books
• Application Software
• Web-based online software
• Online discussion and knowledge base
• Online SIS engineering data
• Member newsletter
www.exida.com
3 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
• Instructor
– Name
– Background/experience
• Classmates
– Name, company, position
– Background/experience
– What would you like to get from this course?
Pre-Exercise
Section 1:
Introduction
• What is IEC 61511?
• When is IEC 61511 Applied?
• Relation to other standards
• Benefits
• Key Issues
Technical Requirements
Support Parts
Benefits of Compliance
Key issues
• Safety Lifecycle
• Hazard and Risk Analysis
• Quantitative Verification
• Management System
• Certification
Summary:
Introduction
• What is IEC 61511?
• When is IEC 61511 Applied?
• Relation to other standards
• Benefits
• Key Issues
Section 2:
The Safety Life Cycle
• Safety Lifecycle Objectives
• IEC 61511 Safety Lifecycle
• ANSI/ISA S84.01 Safety Lifecycle
• Lifecycle Phases
Sub-
Operation and Maintenance
Sub-clause 15
OPERATION Sub-
clause
clause
Clause 5 Decommissioning 7, 12.7
6.2 Modification
Sub-clause 15.4 Sub-clause 16
• Objective
– Identify process hazards, estimate their
Risk analysis
risks and decide if that risk is tolerable
and
protection • Tasks
layer design
– Hazard Identification (eg, HAZOP)
Subclause 8 – Analysis of Likelihood and
Consequence
– Consideration of non-SIS Layers of
Protection
SIL Selection
• Objective
– Specify the required risk reduction, or
Allocation of difference between existing and tolerable
Safety Functions risk levels – in terms of SIL
to Safety • Tasks
Instrumented
– Compare process risk against tolerable
Systems or Other
risk
Means of Risk
Reduction – Use decision guidelines to select required
risk reduction
Subclause 9 – Document selection process
Safety Requirements
Specification
• Objective
– Specify all requirements of SIS
Safety
needed for detailed engineering and
Requirements
Specification for process safety information purposes
the Safety • Tasks
Instrumented
System – Identify and describe safety functions
– Document SIL
Subclause 10
– Document action taken – Logic,
Cause and Effect Diagram, etc.
Conceptual /
Detailed Design
• Objective
– Select and configure equipment
Design and used in the SIS (including
Engineering of programming)
Safety
Instrumented • Tasks
System – Specify system technology and
architecture
Subclauses 11,
– Specify field instrumentation
12
– Configuration / Programming
– Select vendors, review bids
32 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Installation and
Commissioning
• Objective
– Install equipment, after acceptance
Installation,
testing, and prepare for operation
Commissioning
• Tasks
Subclauses 13
and 14 – Factory Acceptance Testing Field
and control room equipment
installation
– Confirm equipment operation
– Instrumentation Calibration
Safety Review
Validation
• Objectives
– Verify that the SIS is designed,
Validation installed, and operating according the
the Safety Requirements
Subclauses 13 • Tasks
– Verify operation of field instruments
– Validate logic and operation
– Verify SIL of installed equipment
– Produce OSHA and EPA required
documentation – Certifications if req.
34 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Operation and
Maintenance
• Objective
– Operate and maintain the SIS so that
Operation and the specified SIL is maintained
Maintenance • Tasks
Subclause 15 – Establish procedures for operating
and maintaining the SIS
– Perform periodic function test on an
interval that allows the specified SIL
to be achieved with the installed
equipment
Modification and
Decommissioning
• Objective
– Ensure changes to the system are
Modification and safe and appropriately reviewed
Decommissioning
• Tasks
Subclauses 15.4 – Establish procedures for change
and 16
management
– Review safety functions prior to
taking an SIS out of service
Application Exercise 1
Summary:
The Safety Life Cycle
• Safety Lifecycle Objectives
• IEC 61511 Safety Lifecycle
• ANSI/ISA S84.01 Safety Lifecycle
• Lifecycle Phases
Section 3:
Hazard and Risk Analysis
• Objectives and Requirements
• Identifying Safety Instrumented Functions
• Process Hazards Analysis
Overview
• Objective
– Identify hazardous events, quantify their risk, and
identify required safety instrumented function
• Inputs
– Process design, equipment layout, staffing
arrangement
• Outputs
– A description of required safety instrumented
functions
40 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Summary:
Hazard and Risk Analysis
• Objectives and Requirements
• Identifying Safety Instrumented Functions
• Process Hazards Analysis
Section 4:
Requirement Allocation/SIL Selection
• Objectives and Requirements
• Risk / Risk Reduction
• Consequence Analysis
• Likelihood Analysis
• SIL Selection
Overview
• Objective
– Allocation of safety functions to protective layers
and for each SIF, the associated Safety Integrity
Level SIL
• Inputs
– A description of the SIF and hazards requiring risk
reduction
• Outputs
– Description of allocation of safety requirements,
including SIL
47 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Risk Terms
Risk and Hazard
• The objective of SIS is to reduce the risk of
the hazards in a process to a tolerable level
– Risk – Combination of the probability of
occurrence of harm and the severity of that harm
– Harm – Physical injury or damage to the health of
people either directly, or indirectly as a result of
damage to property of the environment
– Hazard – Potential source of harm
Risk Terms
Tolerable Risk
• The risk reduction the SIF must provide is the
difference or process risk and tolerable risk
– Process Risk – Risk arising from the process
conditions caused by abnormal events
– Tolerable Risk – Risk which is accepted given a
context based on the current values of society
– Necessary Risk Reduction – The risk reduction
required to ensure that the risk is reduced to a
tolerable level
High Risk
Intolerable Region
ALARP or Tolerable
Region
Broadly Acceptable
Region
Negligible
50 Risk Copyright © 2000, exida.com
ee ida .com
ida.com
excellence in
excellence in dependable-automation
dependable automation
Broadly Acceptable
Negligible Risk Region
52 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Effect of SIS
k
e Non-SIS
Non-SIS
SIL 1 Consequence
likelihood
l reduction, e.g.,
reduction,
e.g. relief
containment
i SIL 2 dikes
valves
h
SIL 3 SIS Risk
o Reduction Unacceptable
Risk Region
o
d Final Risk
after
ALARP
Acceptable Risk Risk Region
Region Mitigation
Consequence
Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Analysis
M
Plant and
I Emergency Emergency response layer
T Response
I
G Passive protection layer
Dike
A
T
I Relief valve,
O Active protection layer
Rupture disk
N P
R Safety Emergency Shut Down
E Instrumented Safety layer
V System
E Trip level alarm
N Process shutdown
T Operator Process control layer
Intervention
I
O Process alarm
N Basic
Process Process Process control layer
Control value Normal behaviour
System
56 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Summary:
Requirement Allocation/SIL Selection
• Objectives and Requirements
• Risk / Risk Reduction
• Consequence Analysis
• Likelihood Analysis
• SIL Selection
Section 5:
Safety Requirements Specification
• Objectives and Requirements
• Safety Instrumented Functions
• Logic Description Techniques
Overview
• Objective
– Specify requirements of each SIF of a SIS,
including functional and safety integrity
requirements
• Inputs
– Description of allocation of safety requirements
• Outputs
– SIS safety requirements; software safety
requirements
64 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Objectives
Requirements
Requirements
Requirements
Requirements
Requirements
Loop 3
Logic
Solver
Loop 5
Loop
71 6 Copyright © 2000, exida.com
e ida.com Methods for Logic
excellence in dependable-automation
Specification
Binary Logic Diagram
PSL
101
HY
Cause and Effect Diagram
LSL
OR 415
105
Effects
PSV 1201
PSV 1234
XV 1217
XJ 1217
Plain Text
Causes
Low Pressure or Low Level shall
indicated by deenergization of the PSLL-0203 X X
inputs from LSL -105 and PSL -105, BSL-0252 X X
shall deenergize output HY-415
causing the shutoff valve to close. XL-0288 X X
Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Application Exercise 4
Summary:
Safety Requirements Specification
• Objectives and Requirements
• Safety Instrumented Functions
• Logic Description Techniques
Section 6:
SIS Design and Engineering
• System Technology and Architecture
• Field Device Considerations
• Interfaces and Communication
• Probability of Failure
Design
Failure Modes
t spurious t potentially
t costly downtime
dangerous
t must find by testing
Technology
Relay Systems
• Relays/Modules
Relays/Modules perform
perform logic
logic
Hardwired Logic • Reprogrammed
Reprogrammed byby rewiring
rewiring
Inherently Fail-Safe Logic
Advantages
Advantages Considerations
Considerations
• Fail-safe
Fail-safe for
for special
special relays
relays • Nuisance
Nuisance trips
trips
and
and inherent
inherent fail-safe
fail-safe logic
logic • No
No diagnostics
diagnostics on on relays
relays
• Low
Low initial
initial cost
cost • Complexity
Complexity ofof large
large systems
systems
• Reprogramming
Reprogramming
• Documentation
Documentation
• High
High cost
cost of
of ownership
ownership
Technology
Programmable Electronic Systems
• Microcomputers perform the logic
• I/O modules sense inputs and generate outputs
Advantages: Considerations:
1. Diagnostics 1. Fail danger failure modes
2. Flexibility, Modular 2. Software unpredictability
3. Cabinet space savings 3. Communications security
4. Calculation capability 4. Cost
5. Communications
6. Documentation
Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
General Requirements
Field Devices
Interfaces
• Operator Interface
– SIS protective action has occurred
– Protective functions have been bypassed
– Status of sensors and final elements including
failures and diagnostics
• Maintenance/Engineering Interface
– SIS operating information including diagnostics,
voting and fault handling - troubleshooting
– Add, delete, modify application software
86 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Probability of Failure
Modeling Methods
Markov
Analysis
λD
Fault Tree U
Analysis
Block Diagram
Application Exercise 5
Summary:
SIS Design and Engineering
• System Technology and Architecture
• Field Device Considerations
• Interfaces and Communication
• Probability of Failure
Section 7:
FAT, Installation and Commissioning
• Objectives and Requirements
• Factory Acceptance Testing
• Commissioning Activities
• Validation (PSAT)
Overview
• Objectives
– Integrate and test the SIS.
– Validate the SIS meets requirements of the SRS
• Inputs
– SIS Design, SIS Test Plan, SIS safety
requirements, Validation Plan
• Outputs
– Fully functioning SIS in conformance with SRS
– Validation of SIS
93 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Commissioning Activities
Validation
Pre-Startup Safety Acceptance Test
• The Validation or PSAT will consist of the following
activities
– The SIS performs under all normal and abnormal modes as
identified in the SRS
– Confirmation that adverse interaction of the BPCS and other
systems do not affect the proper operation of the SIS
– The proper shutdown sequence is achieved
– The SIS properly communicates
– Sensors, logic solvers, and actuators perform according to
the SRS
– Confirmation of proper SIS operation on Bad PV
– Proper shutdown sequence is activated
Validation
Pre-Startup Safety Acceptance Test
• The Validation or PSAT will consist of the
following activities
– The SIS performs under all normal and abnormal
modes as identified in the SRS
– The SIS provides the proper annunciation and
display
– Computation of the SIS are correct
– SIS reset functions operate as defined in SRS
Validation
Pre-Startup Safety Acceptance Test
• The Validation or PSAT will consist of the
following activities
– Bypass functions operate properly
– Manual shutdown operates properly
– Proof test intervals are documented in
maintenance procedures
– Diagnostic alarm functions perform as required
– Confirmation SIS performs as required on loss of
power and returns to proper state upon re-
application of power
Validation Documentation
Pre-startup Tasks
Summary:
FAT, Installation, and Commissioning
• Objectives and Requirements
• Factory Acceptance Testing
• Commissioning Activities
• Validation (PSAT)
Section 8:
SIS Operation and Maintenance
• Objectives and Requirements
• Procedures
• Training
• Proof Testing
Overview
• Objective
– Ensure functional safety of the SIS is maintained
• Inputs
– Safety requirements specification
– SIS Design
– SIS operation and maintenance
• Outputs
– SIS operation and maintenance
Objectives
Planning Requirements
Procedures
Training
• Ensure that:
– Understand how the SIS functions (trip points and
resulting actions)
– Hazard SIS is preventing
– Operation of bypass switches and circumstances
for their use
– Operation of manual switches and when they are
to be activated (I.e., reset switches)
– Action taken on diagnostic alarms
SIL 3
1/PFDavg
SIL 2
SIL 1
test period
time
1/PFD(t)
Decreasing the test interval decreases the
IEC61511 average failure probability, increasing the safety
integrity of the system
SIL 4
SIL 3
1/PFDavg
SIL 2
test
SIL 1 period
time
– Date of Test
– Persons involved
– Identifier of system
– Test Results
Application Exercise 7
• Exercise 7
– Describe some operational requirements for SIS
Summary:
Operation and Maintenance
• Objectives and Requirements
• Procedures
• Training
• Proof Testing
Section 9:
Modification and Decommissioning
• SIS Modifications
• Management of Change
• SIS Decommissioning
SIS Modification
Modification Documentation
SIS Decommissioning
Summary:
Modification and Decommissioning
• SIS Modifications
• Management of Change
• SIS Decommissioning
Section 10:
Management of Functional Safety
• Objectives and Requirements
• Planning
• Verification
• SIS Functional Safety Audit
• Documentation
Overview
• Objective
– Identify the management activities that are necessary to
ensure functional safety objectives are met
• Requirements
– The policy and strategy for achieving safety shall be
identified together with the means for evaluating its
achievement and shall be communicated within the
organization
– A safety management system shall be in place so as to
ensure that safety instrumented systems have the ability to
place and/or maintain the process in a safe state
Resources
Planning
• Verification
– The activity of demonstrating for each phase of the
relevant safety lifecycle by analysis and/or tests,
that, for specific inputs, the deliverables meet in all
respects the objectives and requirements set for
the specific phase
• Validation
– The activity of demonstrating that the safety
instrumented system under consideration after
installation meets in all respects the safety
requirements specification.
130 Copyright © 2000, exida.com
e ida.com
excellence in dependable-automation
Verification
Documentation Requirements
Documentation to be maintained
Documentation ControlControl
Documentation
Application Exercise 2
Summary:
Functional Safety Management
• Objectives and Requirements
• Planning
• Verification
• SIS Functional Safety Audit
• Documentation