Knowledge Center: Plant Safety
The Language of Safety
by Dr Angela Summers
Despite the fact that safety standards IEC 61508 and IEC 61511 have been in existence for many years, some confusion still abounds when it comes to the interpretation of the terms associated with process safety systems. So here are some insights into the terminology associated with process safety systems.
Safety instrumented system (SIS) SIS has, in many peoples minds, mistakenly come to mean electronic/programmable logic solvers. In reality, it is composed of a separate and independent combination of sensors, logic solvers, final elements, and support systems designed and managed to achieve a specified safety integrity level.
An SIS may implement a single safety instrumented function (SIF) or it may include multiple safety functions. Depending on the safety function requirements of the application, an SIS logic solver can be assembled using anything from relays to sophisticated CPU-based programmable controllers.
Safety instrumented level (SIL) The SIL is a measure of the safety risk of a given process, with each of four defined levels (SIL1, SIL 2, SIL 3 SIL 4) representing an order of magnitude of risk reduction. A higher SIL level signifies a lower acceptable failure rate and a greater impact should a failure occur.
Safe failure fraction (SFF)This is the ratio of the safe and detected dangerous failures to the total safe plus total dangerous failures. IEC 61508 permits increasing the SFF by detecting more dangerous failures and then re-classifying them as detected dangerous. However, there is a caveat here. The owner/operator/user should be able to recognize that the failure has occurred and be willing to assume responsibility for maintaining process safety.
100 per cent SFF This is claimed by some manufacturers on the basis of the existence of perfection in design, diagnostics, manufacturing, installation, commissioning, validation, inspection, maintenance, and proof testing. Such claims, however, come across as inconsistent with a safety culture that demands developing and using conservative, real world data.
Despite IEC 61508’s scope being confined to the Electrical/Electronic/ Programmable Electronic System, inclusion of the mechanical and wetted parts in the certification reports serves only to confuse users.
Certification Another area of much confusion among users. It should be noted that the word “certify” and its derivatives do not appear anywhere in IEC 61511. The standard requires that users select the individual devices that will comprise a safety instrumented system (SIS) based on proven performance in an operating environment that is similar to the environment where the SIS will be applied.
If the user’s operating environment, inspections, maintenance, proof testing, etc are different from those for/in which the device was certified, the user must make appropriate design and implementation considerations in order to ensure the implemented SIS meets its design specification.
Emergency shutdown systems (ESD) These are instrumented systems used for burner and gas protection, however, they are not considered SIS and therefore they are not required to be designed in compliance with IEC 61511. These systems are safety equipment and each should be tested, inspected, and managed. If/when ESD systems are implemented in the SIS logic solver the entire system must be managed, at minimum, to the level of rigor required for the SIS.
------------------------ Dr Angela Summers is CEO of SIS-TECH Solutions, Texas, USA.
-----------------------------------
For more information Please visit Honeywell website at www.honeywell.com/ps/sea
