Safety Instrumented Systems: A How To Primer

Presenter IntroductionPresenter Introduction

Michael Scott, PE, CFSE Vice President, AE Solutions 18 Years Experience ISA Committees - S84, WG6 FGS

Chair, WG3 BMS Core Team Member Past ISA Safety Division BMS

Chairman Past ISA Safety Division FGS

Chairman ISA Course Developer / Instructor ISA, AIChE, NFPA, SFPE Member Past PIP Safety System Task Team

Member BSME, University of Maryland MS, University of South Carolina

What is an SIS?What is an SIS?

Informal Definition: Instrumented Control

System that detects out of control conditions and automatically returns the process to a safe state

Last Line of Defense Not basic process control

system (BPCS)

Common SIS ApplicationsCommon SIS Applications Emergency Shutdown Systems Process Interlock Systems Burner Management Systems for Fired

Heaters High Integrity Pressure Protection Systems

Flare Load Reduction Fire and Gas Detection and Mitigation Many are Installed and in Operation in

typical Process Plants

How SIS are Different from BPCS?How SIS are Different from BPCS?

SIS Program

Safetyvalve

Output

Process Process

Logic solver(s)

Input

Transmitter

Final Element(s)Sensor(s)

SV

IAS

SIS ComponentsSIS Components

What is NOT an SIS?What is NOT an SIS?

Many Instrumented Protective Functions (IPF) fall outside the industry-accepted definition Equipment Protective Functions ESD Functions that are solely initiated by manual

means Emergency Isolation Valves Alarm Systems Mechanical Devices, e.g., Fire Safety Valves with

Fusible Link, Overspeed protection, etc.

Not all interlocks in a Not all interlocks in a SIS will be associated with SIS will be associated with

Preventing a Specific Safety HazardPreventing a Specific Safety Hazard

Installation and Commissioning 6%

Changes after Commissioning 21%

Specification 44%

Operation and Maintenance 15%

Design and Implementation 15%

HSE Study of Accident CausesHSE Study of Accident Causes

Accidents involving inadequate control systems

Out of Control: Why Control Systems go Wrong and How to Prevent Failure, UK Heath and Safety Executive, 1995

Conceptual Process DesignConceptual Process Design

Process Hazards AnalysisProcess Hazards Analysis

SIFSIF DefinitionDefinition

TargetTarget SelectionSelection

Conceptual DesignConceptual Design

TargetTarget VerificationVerification

Design SpecificationsDesign Specifications

Construction, Installation, Construction, Installation, And CommissioningAnd Commissioning

PSATPSAT

Operation, Maintenance Operation, Maintenance and Testingand Testing

Procedure DevelopmentProcedure Development

Management of ChangeManagement of Change

Typical SIS design lifecycleTypical SIS design lifecycle

Key Regulatory RequirementsKey Regulatory Requirements

Process Safety Information OSHA Process Safety Management (PSM) Standard

29 CFR 1910.119(d) (3) (ii) The employer shall document that equipment

complies with recognized and generally accepted good engineering practices.

Also cited in EPA Accidental Release Prevention Program 40 CFR Part 68 (68.65)

OSHA Endorsement of ISA 84.01OSHA Endorsement of ISA 84.01 In 2000, OSHA Endorsed ANSI/ISA 84.01 via

Letter of Interpretation Complies with Process Safety Management Is one example of RAGAGEP Not the only way Applies to 1996 version of ANSI/ISA 84.01 Also have endorsed 2004 version

GeneralGeneral SIS StandardsSIS Standards

ANSI/ISA 84.01 (1996, 2004) Application of Safety Instrumented Systems for

the Process Industries (1996) Functional Safety: Safety Instrumented Systems

for the Process Industry Sector, (2004) IEC 61511

Functional Safety: Safety Instrumented Systems for the Process industry Sector

IEC 61508 Functional Safety of

Electrical/Electronic/Programmable Electronic Safety Related Systems

Application Specific StandardsApplication Specific Standards Burner Management Systems

NFPA 85, Boilers NFPA 86, Ovens and Furnaces

Fire and Gas Systems NFPA 72 Compressor Systems API 617-619 Turbine Driver Systems API 616 Offshore Oil & Gas Applications API RP

14C

Application Specific Standards tend to be More-Prescriptive in Nature. Not Flexible, or Performance-Based Standards

Existing versus New SystemsExisting versus New Systems OSHA Process Safety Management

29 CFR 1910.119(d) (3) (ii) The employer shall document that

equipment complies with recognized and generally accepted good engineering practices.

(iii) For existing equipment designed and constructed in accordance with codes, standards, or practices that are no longer in general use, the employer shall determine and document that the equipment is designed, maintained, inspected, tested, and operating in a safe manner.

The Grandfather Clause

Grandfathering applies onlyGrandfathering applies onlyIf no upgrades are made to SISIf no upgrades are made to SIS

Regulatory ComplianceRegulatory Compliance Good Engineering Practice

Is a moving target as industry practices change Does allow for a large degree of flexibility based on

industry- and company- practices Is not an OPTION in the eyes of Process Safety

Regulations

How is Implementation of SIS going How is Implementation of SIS going to affect my Plant?to affect my Plant?

Analysis Required Identify Safety Instrumented Functions Select and Verify Achievement of Performance

Targets Develop Safety Requirements Specs.

New Equipment Transmitters Valves Logic Solver (PLC)

Testing and Maintenance Increase (Decrease?) Effort Level

Layers of ProtectionLayers of Protection

Prevention Mitigation

What is a What is a StandardStandard SIS Design?SIS Design?

In Most Cases, The Prescriptive Approach to SIS Design is Not Optimal from the Standpoint of Cost or Safety

Industry Standards for Industry Standards for SSafety afety IInstrumented nstrumented SSystems (SIS)ystems (SIS)

Instrumentation, Systems, and Automation Society (ISA), ANSI/ISA S84.00.01-2004, Functional Safety: Safety Instrumented Systems for the Process Industry Sector, 2004.

International Electrotechnical Commission (IEC), IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Sector

Performance Oriented Standards

What does ISA 84.01 require?What does ISA 84.01 require?

Performance based Defines a safety

lifecycle Requires selection of

performance target Requires confirmation of

target achievement, quantitatively

A measure of the amount of risk reduction provided by a Safety Instrumented Function (SIF)

Safety Integrity

Level

SIL 4

SIL 3

SIL 2

SIL 1

Risk Reduction Factor

100,000 to 10,000

10,000 to 1,000

1,000 to 100

100 to 10

Safety

> 99.99%

99.9% to 99.99%

99% to 99.9%

90% to 99%

What is a Safety Integrity Level What is a Safety Integrity Level (SIL)?(SIL)?

Probability of Failure on Demand

0.001% to 0.01%

0.01% to 0.1%

0.1% to 1%

1% to 10%

Consequence

Likelihood

Tolerable RiskRegion

ALARPRisk Region

Unacceptable Risk Region

Consequence Reduction, e.g., material reduction, containment dikes, physical protection

Inherent Risk of the Process

Increasing Risk

SIL 1

SIL 2

SIL 3

Non SIS Risk Reduction, e.g. Pressure Relief Valves

SIS Risk Reduction

Reducing RiskReducing RiskNonNon--SIS Risk ReductionSIS Risk ReductionSIS Risk ReductionSIS Risk Reduction -- PreventivePreventive

Conceptual DesignConceptual Design Select Technology

Device Failure Rate Certifications Proven in Use (Prior Use) Safety Manual for Certified

Equipment

Conceptual DesignConceptual Design Select Architecture /

Voting Select degree of

Fault Tolerance Redundancy for Safety Redundancy for Nuisance

Trip Avoidance Identify potential

common-cause failures that could defeat redundant architecture

Conceptual DesignConceptual Design Functional Proof Tests

Frequency Online or during Shutdown Full Functional Test or

Partial Test

Diagnostic Testing Frequency Response to detected fault

Typical SIL 1 DesignTypical SIL 1 Design

Atmospheric Storage Tank

LT-101

V-101

LIC 101

LAL

LT-102

SV

IAS

LV-101 XV-101

Product Separator

Typical SIL 1 Design Typical SIL 1 Design Low MTTFsLow MTTFs

Atmospheric Storage Tank

LT-101

V-101

LIC 101

LAL

SV

IAS

Vote 2oo2

LV-101 XV-101

Product Separator

LAL

LT-102

LT-103

Typical SIL 2 DesignTypical SIL 2 Design

Atmospheric Storage Tank

LT-101

V-101

LIC 101

LAL

SV

IAS

Vote 1oo2

SV

IAS

LV-101 XV-101 XV-102

Product Separator

Overhead to Vapor

Recovery

LAL

LT-102

LT-103

Typical SIL 2 Design Typical SIL 2 Design Low MTTFsLow MTTFs

Atmospheric Storage Tank

LT-101

V-101

LIC 101

LAL

IAS

Vote 2oo3

LV-101 XV-101 XV-102

Product Separator

Overhead to Vapor

Recovery

LAL

LT-102

LT-103

LT-104

2oo2SOV

2oo2SOV

IAS

Certified Functional Safety Expert

"...ensuring that applicable parties involved in any of the overall E/E/PE or software safety lifecycle activities are competent to carry out activities for which they are accountable"

- IEC 61508, Part 1, Paragraph 6.2.1 (h)

Competence of PersonnelCompetence of Personnel

Certified Functional Safety ExpertCertified Functional Safety Expert PE type certification process for application

of IEC61508 / IEC61511 (www.csfe.org)

TOSHIBAMigas Indonesia

Presenter IntroductionWhat is an SIS?Common SIS ApplicationsHow SIS are Different from BPCS?SIS ComponentsWhat is NOT an SIS?HSE Study of Accident CausesTypical SIS design lifecycleKey Regulatory RequirementsOSHA Endorsement of ISA 84.01General SIS StandardsApplication Specific StandardsExisting versus New SystemsRegulatory ComplianceHow is Implementation of SIS going to affect my Plant?Layers of ProtectionIndustry Standards for Safety Instrumented Systems (SIS)What does ISA 84.01 require?What is a Safety Integrity Level (SIL)?