Common misconceptions: Safety instrumented system basics
Plant personnel commonly ask the following questions of consulting engineers who:
“Does our proposed SIS design meet the required SIL?”
Unfortunately, consulting engineers typically are not in a position to answer these questions. Therefore, here is a brief review of terminology and concepts that can provide the explanation needed:
- ISA84: Electrical/Electronic/Programmable Electronic Systems (E/E/PES) for Use in Process Industry Safety Applications: Three-part series of standards that give "requirements for the specification, design, installation, operation, and maintenance of a safety instrumented system."
- Safety instrumented system (SIS): A system that uses process control equipment to reduce the chances that one or more hazardous conditions will develop.
- Safety instrumented function (SIF): A function that uses elements of an SIS to reduce the chances that a given, specific hazardous condition will develop.
- Safety integrity level (SIL): An indication of a system’s probability of failing when called upon to take action in order to avoid the hazardous condition.
- Hazard and operability study (HAZOP): A methodical analysis conducted by a multi-disciplinary team to identify the potential hazards associated with a given process.
- Layer of protection analysis (LOPA): An evaluation performed to quantify the likelihood that a given hazardous condition will occur.
One common misconception is that ISA84 is a "cook book" or "prescriptive standard" that specifies detailed design requirements for different SIFs. Instead, ISA84, which is recognized by the Occupational Safety and Health Administration (OSHA) as a means to comply with process safety management (PSM) requirements, is a "performance standard" describing a general approach a plant owner can use to conceive, design, build, test, maintain, and improve an SIS over its lifecycle.
ISA84 does not mandate any specific SIL for any specific SIF, it does not even require a SIF for any given process or hazard. Instead, it provides a general approach and describes several analytical methodologies, such as a HAZOP, that can be used to identify hazards for a given process.
Another common misconception is that ISA84 specifies the desired or acceptable level of risk for any given process or industry. Instead, only the plant owner can specify the acceptable level of risk, which is the reason why a consulting engineer cannot normally answer the question, "Does our proposed SIS design comply with ISA84?"
Unfortunately, even once the hazards are identified and the acceptable level of risk defined, ISA84 still does not specify the required SIF to be implemented. Instead, it recommends analytical methodologies, such as a LOPA, be used to quantify the inherent, unmitigated risk for comparison with the acceptable level of risk in order to determine risk reduction to be provided by one or more SIF’s where the unmitigated risk exceeds the acceptable risk.
Finally, this required risk reduction can now be correlated to a SIL specification, which determines the required safety availability of each corresponding SIF. Note that each SIF’s SIL value is dependent upon all of its components—the process sensor, logic solver, and final control element—as well as its maintenance testing interval.
It is only at this stage can the question, "Does our proposed SIS design meet the required SIL?" be answered, and even then, only for the specific SIF in question.
This post was written by Shane Hudson. Shane is a principal engineer at MAVERICK Technologies, a leading automation solutions provider offering industrial automation, strategic manufacturing, and enterprise integration services for the process industries. MAVERICK delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, business process optimization and more.
MAVERICK Technologies is a CSIA member as of 3/5/2015