By Chris Powell
In 2016, the International Electrotechnical Commission (IEC) published Edition 2 of the IEC 61511 standard, “Functional Safety – Safety Instrumented Systems for the Process Industry Sector,” which the International Society of Automation (ISA) 84 committee also adopted in 2018 as a U.S. national standard (ANSI/ISA 61511.2-2018).

This standard covers the design and management requirements for a Safety Instrumented System (SIS) throughout its lifecycle. The 2nd edition of IEC 61511 now requires – by use of the word “shall” – that a Stage 4 Functional Safety Assessment (FSA) be conducted during normal operation of a facility to ensure the SIS is providing protection and risk reduction against the hazards as designed and intended.

An FSA is carried out in five (5) stages throughout the SIS lifecycle.

Stages 1 through 3
Prior to designing a SIS, a hazard and risk assessment is conducted to determine required Independent Protection Layers (IPLs) for risk reduction. After Safety Instrumented Functions (SIFs) have been allocated to protection layers, the Safety Requirements Specification (SRS) documents the functional and integrity requirements for each SIF. Following the SRS, the Stage 1 FSA precedes the design and engineering of the SIS, Stage 2 FSA precedes the installation, commissioning, and validation, and Stage 3 FSA precedes the SIS operation and maintenance.

Schneider Bold

Stages 1-3 of the FSA cover the SIS from original concept as defined by the hazard and risk assessments, through design, construction, and commissioning. In practice, this is commonly where SIS assessment ends, yet Stage 4 is essential and now required for the operation and maintenance phase to ensure the SIS meets its safety performance targets.

Prior to a Stage 4 FSA, the hazards the SIF protect against have not yet been introduced into the process which is why Stage 4 is absolutely critical for monitoring SIS performance, understanding operating behavior of the installed devices, and verifying reliability assumptions made during design. It takes a number of years of experience with the operation for an FSA to truly reveal trends of how the SIS responds to process deviations.

A Stage 4 FSA can determine if:

  • The SIFs are being called upon with the expected frequency?
  • The SIFs are functioning correctly when called upon?
  • SIF trips result from the causes identified in the hazard and risk assessments?
  • Proof tests procedures are being executed at the required frequency and documented appropriately?
  • Bypassing elements of a SIF is allowed, is the correct procedure followed when this occurs?
  • A SIF is in improper bypass mode?
  • Other aspects of operation and maintenance are identified in Clause 16 of IEC 61511

Although IEC 61511 does not prescribe when or how often to perform Stage 4, Stage 4 FSAs should be conducted periodically over the lifecycle of the installed SIS as new hazards are identified, after plant modifications, and at periodic intervals during operation to confirm the SIS continues to operate and protect against hazards as designed. Historical data collected over the lifecycle of the SIS can also help mitigate failures and provide a basis for statistical reliability.

Bottom Line
The 2nd edition of IEC 61511 emphasizes understanding the behavior of a SIS in its operating environment. The most important conclusion, however, is whether the SIS is providing the necessary protection, regardless of how carefully it was designed in compliance with standards.

Investing in periodic Stage 4 FSAs to fulfill SIS requirements per IEC 61511, as well as addressing SIS’s during normal operation as part of good practice, can result in safer operations and confidence that the SIS is achieving its designed risk reduction.

Chris Powell, PE, CFSE is a SIS engineering group manager at aeSolutions. This post first appeared on the aeSolutions aeBlog page.

ISSSource

Pin It on Pinterest

Share This