Planning Your Safety Instrumented System Executive Summary Industrial processes today involve innate risks due to the presence of gases, chemicals and other dangerous materials. Each year catastrophes in chemical and oil & gas industries account for millions of dollars of losses and more significantly the loss of lives.
Planning Your Safety Instrumented System 2 Table of Contents Executive Summary... 1 Why Safety Instrumented Systems?... 3 Common Definitions of a SIS... 5 What is Safety Integrity Level (SIL)?... 6 Process Sector Safety Standards... 6 The Safety Life-Cycle of the SIS... 7 Safety Instrumented System Costs... 8 Where to from here?... 9 References... 10
Planning Your Safety Instrumented System 3 Table of Figures Figure 1: Layers of Protection... 5 Figure 2: Structure of an SIS...5 Figure 3: IEC61508 or IEC61511... 6 Figure 4: Safety Life Cycle... 7 Figure 5: SIL Cost Components... 8
Planning Your Safety Instrumented System 4 Why Safety Instrumented Systems? Industrial plant owners, directors, shareholders, production and maintenance managers have an enormous responsibility to protect the health and safety of all those either directly or indirectly affected by their plant, the environment and maintain plant reliability avoiding consumer losses. History holds a number of these well-documented industrial disasters, for example: 1. The Fuxin coal mine gas explosion in northeast China in February 2005 killed 203 people. 2. China's mines are the deadliest in the world. At least 6,000 miners died in 2004 alone. No monetary estimate can be placed on fatality however, China s premier has promised 3 billion Yen ($362m, 189m) to "truly make coal mining safe". 3. The Esso gas plant explosion at Longford, Victoria, in September 1998 caused two fatalities, eight injuries and an estimated $1.8 billion of property damage and consumer losses. 4. The Piper Alpha platform in the North Sea, where 167 oil workers died in 1988 when the production platform caught fire. 5. The costs of the Chernobyl Ukraine incident in 1986 and its ongoing effects are insurmountable in fatalities as well as property damage. Since a great potential for loss exists, a growing number of companies today are employing Safety Instrumented Systems (SIS) specifically designed to protect personnel, equipment and the environment. Safety Instrumented Systems play an increasingly important role in many process plants, reducing the probability or the impact severity of an emergency event. Arguments like we ve never had a dangerous incident or we ve always done it this way, it won t happen to us are no longer acceptable. Companies must implement suitable safety standards. Companies which employ these systems clearly demonstrate that they adopt the best practice method for managing safety in their facility. Safety standards such as IEC61508, IEC61511 and ISA- S84.01, set parameters for Safety Instrumented Systems and are creating more stringent safety requirements for process plants. Major companies and corporations are starting to respond to these standards by implementing good safety engineering practices in alliance with National Occupational Health and Safety (OH&S) requirements. Despite the lack of clear-cut references to safety standards IEC61508 and IEC61511, safety regulatory bodies and governments are starting to recommend these standards in their major hazard facility guidelines as good engineering practice for their industries. While corporations should not make hasty major investments into a Safety Instrumented System or implement a system that is inadequate, i.e., too narrow in scope for their process, it is good business practice for the directors of any corporation which own or operate a major hazard facility to demonstrate that safety in their plant is the top priority by adopting a Safety Instrumented System. The IEC standards describe a structured methodology to determine if you need a Safety Instrumented System and how to customize the SIS for your particular plant. In the event of a hazardous occurrence a Safety Instrumented System provides the highest level of safety for the workforce and process. When processes exceed or violate a dangerous level, Safety Instrumented Systems commonly takes the process to a safe state and when conditions allow, enable the process to move forward in a safe manner. It instills a culture of prevention, not a post event insurance claim mentality. While the main impetus is process safety, the Safety Instrumented Systems may also moderate consequences of an industrial hazard. It reduces serious environmental impact, diminishes the economic burden of property and equipment damage and plant downtime to the company. Insurance premiums are decreased and the company director s exposure to claims of negligence is lessened if the Safety Instrumented System based on IEC61508 is adopted in their plant. Finally, reducing the risk of a catastrophic failure clearly demonstrates a company s reliability to its customers.
Planning Your Safety Instrumented System 5 Common Definitions of a SIS The term Safety Systems can refer to many different definitions and applications, some of which can be confusing. Typical names in the industry are: Safety Shutdown Systems Burner Management Systems [BMS] Critical Instrumentation Emergency Shutdown Systems [ESD] Safety Critical Systems Interlock Systems Although the names and applications may differ, a common requirement can be found in most systems. They are designed to respond to the conditions of a plant that may be hazardous in themselves or if ignored could eventually cause a hazardous event. Industry standards refer to the safety system as a Safety Instrumented System [SIS]. Figure 1 Layers of Protection The Safety Instrumented System consists of three elements: A Sensor, a Logic Solver and Final Control Elements (Actuators). Sensors collect information to determine if an emergency situation exists. Sensors measure process parameters (e.g. temperature, pressure, flow, etc.) to determine if the equipment or process is in a safe state. The Logic Solver determines what must be done based on the information gathered by the Sensors. Final Control Elements implement the action determined by the logic system. Figure 2 Structure of an SIS
Planning Your Safety Instrumented System 6 What is Safety Integrity Level (SIL)? The buzzword in many industry sectors is SIL. What is SIL? Safety Integrity Level (SIL) is the degree of confidence that can be placed in the reliability of the SIS to perform its intended safety function. 1 SIL ratings between 1 and 4 are applied to safety functions depending on the risk determined during the SIL assessment process. SIL1 is the lowest reliability level while SIL4 is the highest. The level of reliability increases by a factor of 10 between each of the SIL ratings. The assignment of the SIL is a decision defined at a corporate level on the basis of the risk management philosophy. A SIL target cannot be taken lightly or determined from a gut feeling of how dangerous a process plant is. Our experience with some companies or corporations unfamiliar with the term or process of assigning a SIL has shown that they inadvertently assign a SIL based on simply looking at a selection from the IEC61508 and IEC61511 standards. Careful consideration and planning will result in a truly accurate SIL determination. The results of poor SIL determination are: An under specified design, resulting in inadequate process safety. An over specified design, resulting in an unnecessary belts and braces design, and over expense. Process Sector Safety Standards It is generally understood that the manufactures of components for Safety Instrumented Systems are required to design their hardware and software in accordance with the international IEC61508 standard. However, the Safety Instrumented System designers, integrators and users should follow the international industry specific IEC61511 standard. Figure 3 IEC61508 or IEC61511 The question is still, do these standards apply to my process? Because there is a growing awareness in the process sector of IEC61508 and IEC61511 and because of the association with some regulatory authorities, the answer is YES. However, the process in question may already have the appropriate safe guards or layers of protection in place, alleviating the need to implement a Safety Instrumented System. This will only be determined through the implementation of some initial phases of the Safety Life-Cycle which include site assessment, competency assessment, Process Hazard Analysis (PHA), Safety Instrumented Function (SIF) review and SIL assessment. 1 Practical Safety Instrumentation & Emergency Shut-Downs Systems for the Process industries, IDC Technologies, Dave MacDonald
Planning Your Safety Instrumented System 7 The Safety Life-Cycle of the SIS Safety standard IEC61511 goes into great depth and detail in managing a Safety Instrumented System. The standard defines the management process as the SIS Safety Life-Cycle. The Safety Life-Cycle is broken into 13 key phases and activities from initial conception through to decommissioning. To conform to IEC61511, each of the requirements outlined in the 13 key steps has to satisfy the defined criteria. Figure 4 below depicts an example of a Safety Life-Cycle. As the term implies the Safety Life-Cycle has no beginning or end. This gives the flexibility of implementing some or all of the phases based on your current requirements. Figure 4 Safety Life-Cycle Some key phases and functions; Site Assessment is conducted to determine the risk associated with the operation of process units, and to evaluate the design, operation and maintenance of either existing or potential SIS. Planning Your Safety Instrumented System 7 of 10 Competency Assessment is to ascertain the level of competency of individuals involved in any part of the Safety Life-Cycle. All persons involved in any single Safety Life-Cycle activity, including management activities shall have the appropriate training, technical knowledge, experience and qualifications relevant to the specific duties they have to perform. 2 PHA/SIF Review SIL Assignment can be broken down into three separate steps: 1. Process Hazard Analysis 2. Safety Instrumented Function Review 3. Safety Integrity Level Assignment. All are required to identify potential hazards in the operation of the process. 2 IEC61511 2004 Functional Safety of electrical/electronic/programmable electronic safety related systems
Planning Your Safety Instrumented System 8 Safety Requirement Specification (SRS) would be considered one of, if not the most important document in the evolution of a Safety Life-Cycle. This single document should detail all information pertaining to the needs and requirement of the Safety Instrumented System. Considerable time should be given to the development of this document especially for accuracy and depth as subsequent steps in the life cycle revert back to the SRS for clarification verification, design, commissioning, modification and finally decommissioning. In general, the implementation of the Safety Instrumented System Safety Life-Cycle can follow the standards in a prescriptive manner or can be customized to suit the company or corporations management style. In either case, the IEC61511 SIS Safety Life-Cycle is the foundation to build on. Safety Instrumented System Costs Figure 5 SIL Cost Components demonstrates the relationship between life-cycle cost and the assignment of a SIL target. It describes how costs escalate significantly with increasing SIL targets. Experience has shown the majority of safety functions usually require, at most, a target of SIL1. However cost cannot be the deciding fact to SIL assignment. Figure 5 SIL Cost Components One important cost factor that may be over looked when implementing a Safety Instrumented System is the ongoing cost to maintain the system. It is a requirement of IEC61511 that a Safety Instrumented System will be proof tested at an interval directed by the SIL. For example it is possible to achieve a suitable SIL rating through minimal hardware and more frequent maintenance. However, financial savings in up front engineering will never outweigh the ongoing maintenance cost for the life of the Safety Instrumented System. This highlights the importance of considering the long-term life cycle implications as well as the upfront capital costs when implementing a Safety Instrumented System. Maintenance should never be neglected when cost cutting takes place in a plant. If maintenance is neglected your SIL rated safety functions will diminish to less than their designed value, or worse have no actual SIL rating at all. This will give plant management a false sense of security in their Safety System and create a less safe process, while increasing company director s liability if a hazardous incident occurs.
Planning Your Safety Instrumented System 9 Where to from here? One or more of the following groups should be consulted in the planning of your safety system: 1. The safety system sponsor must have sufficient authority to drive the process and ensure decisions are consistent with the risk reduction strategy of the company and statutory authorities. 2. Production and maintenance management 3. Operators 4. Maintenance technicians 5. Safety system equipment vendors 6. Experienced safety system implementers. Implementers can provide the following services for the team: a. Participate in risk assessments b. Prepare the safety requirements specification c. Perform instrumentation and control system hardware design d. Perform and test all safety systems software e. Independent verification and validation of the safety system f. Help maintain the safety system through its life to ensure the integrity of the system is maintained. It s critical to pay attention to the planning of your safety system. Good planning and engineering will result in a cost effective Safety Instrumented System that suits the requirements of the process, company or corporation. Taking shortcuts through the Safety Life- Cycle to save money may result in serious consequences and long-term expense. It is well known that accidents do and will continue to happen in the process sector. As our awareness of IEC61508 and IEC61511 continues to grow and we strive to implement best industry practices, the process sector will be pacesetters when it comes to safety, plant reliability and the environment.
Planning Your Safety Instrumented System 10 References [1] IEC61508 1999 Functional Safety: Safety Instrumented System for the process industry sector. [2] IEC61511 2004 Functional Safety of electrical/electronic/programmable electronic safety related systems [3] Practical Safety Instrumentation & Emergency Shut-Downs Systems for the Process Industries, IDC Technologies, Dave MacDonald [4] McCrea-Steele, Robin, Who Do You Trust Technical Paper Premier Consulting Services [5] PFSE Premier Functional Safety Engineering Course, Premier Consulting Services. For more information: For more information about Alarm Manager visit our website www.honeywell.com/ps or contact your Honeywell account manager. www.matrikon.com am@matrikon.com Honeywell Process Solutions 1250 West Sam Houston Parkway South Houston, TX 77042 Lovelace Road, Southern Industrial Estate Bracknell, Berkshire, England RG12 8WD Shanghai City Centre, 100 Junyi Road Shanghai, China 20051 www.honeywell.com/ps WP 638 August 2011 2011 Honeywell International Inc.