[instreng.com]sis how to primer[1]

8/9/2019 [Instreng.com]SIS How to Primer[1]

http://slidepdf.com/reader/full/instrengcomsis-how-to-primer1 1/32

Safety Instrumented Systems: A How To Primer



Presenter IntroductionPresenter Introduction

• Michael Scott, PE, CFSE

• Vice President, AE Solutions

• 18 Years Experience• ISA Committees - S84, WG6 FGS

Chair, WG3 BMS Core Team Member

• Past ISA Safety Division BMS

Chairman• Past ISA Safety Division FGS

Chairman

• ISA Course Developer / Instructor

• ISA, AIChE, NFPA, SFPE Member • Past PIP Safety System Task Team

Member

• BSME, University of Maryland

• MS, University of South Carolina



What is an SIS?What is an SIS?

• Informal Definition:

– Instrumented Control

System that detects “ out of

control” conditions and

automatically returns the

process to a safe state

• “ Last Line of Defense”

– Not basic process control

system (BPCS)



Common SIS ApplicationsCommon SIS Applications

• Emergency Shutdown Systems

• Process Interlock Systems

• Burner Management Systems for FiredHeaters

• High Integrity Pressure Protection Systems

– Flare Load Reduction• Fire and Gas Detection and Mitigation

• Many are Installed and in Operation in

typical Process Plants…



How SIS are Different from BPCS?How SIS are Different from BPCS?



SIS Program

Safety

valve

Output

Process Process

Logic solver(s)

Input

Transmitter

Final Element(s)Sensor(s)

SV

IAS

SIS ComponentsSIS Components



What is NOT an SIS?What is NOT an SIS?

• Many Instrumented Protective Functions (IPF)

fall outside the industry-accepted definition

Equipment Protective Functions

ESD Functions that are solely initiated by manual

means

Emergency Isolation Valves

Alarm Systems Mechanical Devices, e.g., Fire Safety Valves with

Fusible Link, Overspeed protection, etc.

Not all interlocks in aNot all interlocks in a

SIS will be associated withSIS will be associated withPreventing a Specific Safety HazardPreventing a Specific Safety Hazard



Installation and

Commissioning 6%

Changes afterCommissioning 21%

Specification 44%

Operation and

Maintenance 15%

Design and

Implementation 15%

HSE Study of Accident CausesHSE Study of Accident Causes

• Accidents involving inadequate control

systems

“Out of Control: Why Control Systems go Wrong

and How to Prevent Failure,” UK Heath and SafetyExecutive, 1995



Conceptual Process DesignConceptual Process Design

Process Hazards AnalysisProcess Hazards Analysis

SIFSIF DefinitionDefinition

TargetTarget SelectionSelection

Conceptual DesignConceptual Design

TargetTarget Verification Verification

Design SpecificationsDesign Specifications

Construction, Installation,Construction, Installation,

And Commissioning And Commissioning

PSATPSAT

Operation, MaintenanceOperation, Maintenance

and Testingand Testing

Procedure DevelopmentProcedure Development

Management of ChangeManagement of Change

Typical SIS design lifecycleTypical SIS design lifecycle



Key Regulatory RequirementsKey Regulatory Requirements

• Process Safety Information

– OSHA Process Safety Management (PSM) Standard

29 CFR 1910.119(d) (3) – (ii) “ The employer shall document that equipment

complies with recognized and generally accepted

good engineering practices.”

• Also cited in EPA Accidental Release

Prevention Program 40 CFR Part 68

(68.65)



OSHA Endorsement of ISA 84.01OSHA Endorsement of ISA 84.01

• In 2000, OSHA Endorsed ANSI/ISA 84.01 viaLetter of Interpretation

• Complies with “ Process Safety Management”

• Is one example of RAGAGEP

• Not the “ only” way

• Applies to 1996 version of ANSI/ISA 84.01

• Also have endorsed 2004 version



“ “GeneralGeneral” ” SIS StandardsSIS Standards

• ANSI/ISA 84.01 (1996, 2004) – Application of Safety Instrumented Systems for

the Process Industries (1996) – Functional Safety: Safety Instrumented Systems

for the Process Industry Sector, (2004)

• IEC 61511

– Functional Safety: Safety Instrumented Systemsfor the Process industry Sector

• IEC 61508 – Functional Safety of

Electrical/Electronic/Programmable ElectronicSafety Related Systems



Application Specific Standards Application Specific Standards

• Burner Management Systems

– NFPA 85, Boilers

– NFPA 86, Ovens and Furnaces• Fire and Gas Systems – NFPA 72

• Compressor Systems – API 617-619

• Turbine Driver Systems – API 616• Offshore Oil & Gas Applications – API RP

14C

Application Specific Standards tend to be More-Prescriptive in

Nature. Not Flexible, or Performance-Based Standards



Existing versus New SystemsExisting versus New Systems

• OSHA Process Safety Management29 CFR 1910.119(d) (3) – (ii) “ The employer shall document that

equipment complies with recognized andgenerally accepted good engineeringpractices.”

– (iii) “ For existing equipment designed andconstructed in accordance with codes,

standards, or practices that are no longer ingeneral use, the employer shall determine anddocument that the equipment is designed,maintained, inspected, tested, and operating in

a safe manner.”“ The Grandfather Clause”

Grandfathering applies onlyGrandfathering applies only

If no upgrades are made to SISIf no upgrades are made to SIS



Regulatory ComplianceRegulatory Compliance• “ Good Engineering Practice”

– Is a moving target as industry practices change

– Does allow for a large degree of f lexibility based on

industry- and company- practices

– Is not an OPTION in the eyes of Process Safety

Regulations



How is Implementation of SIS goingHow is Implementation of SIS going

to affect my Plant?to affect my Plant?• Analysis Required

– Identify Safety Instrumented Functions

– Select and Verify Achievement of Performance

Targets

– Develop Safety Requirements Specs.

• New Equipment – Transmitters

– Valves

– Logic Solver (PLC)• Testing and Maintenance

– Increase (Decrease?) Effort Level



Layers of ProtectionLayers of Protection

Prevention Mitigation



What is aWhat is a “ “StandardStandard” ” SIS Design?SIS Design?

In Most Cases, The Prescriptive

Approach to SIS Design is Not Optimalfrom the Standpoint of Cost or Safety



Industry Standards forIndustry Standards for

SSafetyafety IInstrumentednstrumented SSystems (SIS)ystems (SIS)• Instrumentation, Systems, and Automation

Society (ISA), ANSI/ISA S84.00.01-2004,Functional Safety: Safety InstrumentedSystems for the Process Industry Sector ,2004.

• International Electrotechnical Commission(IEC), IEC 61511, Functional Safety: Safety

Instrumented Systems for the Process Sector

Performance Oriented Standards



What does ISA 84.01 require?What does ISA 84.01 require?

• Performance based

• Defines a “ safetylifecycle”

• Requires selection of

performance target• Requires confirmation of

target achievement,

quantitatively

What is a Safety Integrity LevelWhat is a Safety Integrity Level



A measure of the amount of risk reduction provided

by a Safety Instrumented Function (SIF)

SafetyIntegrity

Level

SIL 4

SIL 3

SIL 2

SIL 1

Risk ReductionFactor

100,000 to 10,000

10,000 to 1,000

1,000 to 100

100 to 10

Safety

> 99.99%

99.9% to 99.99%

99% to 99.9%

90% to 99%

What is a Safety Integrity LevelWhat is a Safety Integrity Level

(SIL)?(SIL)?

Probability ofFailure on Demand

0.001% to 0.01%

0.01% to 0.1%

0.1% to 1%

1% to 10%



Consequence

L

ike

lihood

Tolerable Risk

Region

ALARP

Risk Region

Unacceptable

Risk Region

Consequence Reduction,e.g., material reduction,

containment dikes,

physical protection

Inherent Risk

of the Process

Increasing Risk

SIL 1

SIL 2

SIL 3

Non SIS Risk

Reduction, e.g.Pressure

Relief Valves

SIS Risk

Reduction

Reducing Risk Reducing Risk NonNon--SIS Risk ReductionSIS Risk ReductionSIS Risk ReductionSIS Risk Reduction -- PreventivePreventive




• Select Technology – Device Failure Rate

– Certifications

– Proven in Use (Prior Use)

– Safety Manual for Certif iedEquipment




• Select Architecture /Voting – Select degree of

Fault Tolerance

– Redundancy for Safety

– Redundancy for NuisanceTrip Avoidance

– Identify potentialcommon-cause failuresthat could defeatredundant architecture




• Functional Proof Tests – Frequency

– Online or during Shutdown

– Full Functional Test orPartial Test

• Diagnostic Testing

– Frequency – Response to detected fault



Typical SIL 1 DesignTypical SIL 1 Design

Atmospheric

Storage Tank

LT-101

V-101

LIC

101

LAL

LT-102

SV

IAS

LV-101 XV-101

ProductSeparator



Typical SIL 1 DesignTypical SIL 1 Design – – Low MTTFsLow MTTFs

AtmosphericStorage Tank

LT-101

V-101

LIC

101

LAL

SV

IAS

Vote 2oo2

LV-101 XV-101

Product

Separator

LAL

LT-102

LT-103



Typical SIL 2 DesignTypical SIL 2 Design


LT-101

V-101

LIC

101

LAL

SV

IAS

Vote 1oo2

SV

IAS

LV-101 XV-101 XV-102

Product

Separator

Overhead toVapor

Recovery

LAL

LT-102

LT-103



Typical SIL 2 DesignTypical SIL 2 Design – – Low MTTFsLow MTTFs


LT-101

V-101

LIC

101

LAL

IAS

Vote 2oo3

LV-101 XV-101 XV-102

Product

Separator

Overhead toVapor

Recovery

LAL

LT-102

LT-103

LT-104

2oo2

SOV

2oo2

SOV

IAS

C f P lC t f P l



Certified Functional Safety Expert

" ...ensuring that applicable parties involved in

any of the overall E/E/PE or software safety

lifecycle activities are competent to carry

out activities for which they are

accountable"

- IEC 61508, Part 1, Paragraph 6.2.1 (h)

Competence of PersonnelCompetence of Personnel

C tifi d F ti l S f t E tC tifi d F ti l S f t E t



Certified Functional Safety ExpertCertified Functional Safety Expert

• PE type certification process for applicationof IEC61508 / IEC61511 (www.csfe.org)

[instreng.com]sis how to primer[1]

Documents