PT Notes
Contributions to Risk Reduction from SIS and Non-SIS Systems in SIL Determination
PT Notes is a series of topical technical notes provided periodically by Primatech for your benefit. Please feel free to provide feedback.
The IEC 61511 / ISA 84 standard distinguishes between safety instrumented systems (SISs) and other types of safety systems. Safety functions can be implemented using a SIS, other technology safety-related systems, or external risk reduction facilities. Other technology safety-related systems are based on a technology other than the electrical, electronic, or programmable electronic systems that are specifically covered by the standard, e.g. a relief valve. They may include hydraulic and pneumatic systems. External risk reduction facilities are measures to reduce or mitigate the risks which are separate and distinct from the SIS, e.g. a dike (bund). Necessary risk reduction may be achieved by either one or a combination of SISs or other protection layers. Consequently, both SIS and non-SIS safeguards are addressed in SIL determination studies.
Considerable effort goes into establishing that the claimed safety integrity level (SIL) for a Safety Instrumented Function (SIF) is valid and maintained throughout the life of a process. Consequently, it would be logical to assume that comparable effort should be invested in ensuring that failure data for other elements of hazard scenarios are valid. However, that is not always the case. There can be a considerable difference between the treatment of SIS and non-SIS safeguards and enablers.
The IEC 61511 / ISA 84 standard contains extensive and detailed requirements for SISs necessitating substantial effort and resources for compliance while industry requirements for non-SIS safeguards and other non-SIS failure data can be significantly less demanding. While standards exist for various non-SIS safeguards, their requirements can be less rigorous than those of IEC 61511 / ISA 84 for SISs, and their implementation can receive less attention. Unfortunately, the old adage, "familiarity breeds contempt", may apply. Also, effort spent verifying failure data such as initiating event frequencies may be much less than the effort to qualify a SIF to a SIL value. The difference in the requirements of standards for SIS and non-SIS safeguards might make sense if SIS contributions to risk reduction were dominant. However, that is not necessarily the case.
Verification of the assumed SILs for SIFs by calculation is a requirement of IEC 61511 / ISA 84 and many factors must be addressed in this calculation. However, there are currently no such requirements for non-SIS safeguards. Consequently, there is a mismatch between the detailed calculations required to demonstrate that the required SIL for a SIF is valid and the guesstimates that are sometimes used for other failure data. Non-SIS failure data should also be subject to appropriate verification. Indeed, safety requirements specifications comparable to those for SISs should be developed for critical non-SIS safeguards.
Risk reduction claims made for protection layers are often optimistic suggesting that limits should be placed on the amount of risk reduction that can be claimed for non-SIS protection layers unless they are qualified to a comparable extent to SIFs.
Besides a possible mismatch in the requirements that must be met by SIS and non-SIS safeguards, there is also a danger that efforts to qualify SISs to IEC 61511 / ISA 84 require such considerable resources that efforts to ensure the performance of non-SIS safety systems may be shortchanged. Safety functions that contribute more to risk reduction in processes may not receive comparable treatment to SISs, or at least treatment commensurate with their contributions to risk reduction. A performance-based approach in which safety functions receive attention according to their importance and contributions to risk reduction is desirable.
For more information, you can contact Primatech or consult the article:
The Interface of Functional Safety with Process Safety and Risk Analysis, by Paul Baybutt, Process Safety Progress, Volume 32, Issue 4, Pages 346–350, December 2013.
The article is available at: http://onlinelibrary.wiley.com/doi/10.1002/prs.11640/abstract.
Click here for information on a related training course.
Click here for information on a related software tool.