Scribd
Upload
10 views48 pages

Section 10

Uploaded by

Shahid Hussain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views48 pages

Section 10

Uploaded by

Shahid Hussain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 48

Safety Instrumented Systems (SIS)

& Layers of Protection

Section 10

Safety Instrumented Functions

Section 10 Haward Technology Middle East 1


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


Is this process safe and ready to run?
Is the design complete?
PROCESS
STEAM
FLUID

Section 10 Haward Technology Middle East 2


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


TOPICS
▪ Definition
▪ Example of a Safety Function
▪ What a SIF Is
▪ What a SIF Is Not
▪ How SIF fits with SIS and SIL
▪ Summary
▪ Bibliography

Section 10 Haward Technology Middle East 3


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

Definition

Section 10 Haward Technology Middle East 4


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

DEFINITION
▪ The definition of a SIF as provided in IEC standard
61511, “Functional safety: Safety Instrumented
Systems for the process industry sector,” leaves a bit
to be desired as a practical definition, and the
application of the term leaves many people confused.
▪ IEC standard 61511 defines a safety instrumented
function as a “safety function with a specified safety
integrity level which is necessary to achieve functional
safety”.

Section 10 Haward Technology Middle East 5


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

DEFINITION
▪ A safety instrumented function can be either a safety
instrumented protection function or a safety
instrumented control function.
▪ A safety function is further defined in 61511 as a
“function to be implemented by a SIS, other techno-
logy safety-related system, or external risk reduction
facilities, which is intended to achieve or maintain a
safe state for the process, with respect to a specific
hazardous event.”

Section 10 Haward Technology Middle East 6


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

DEFINITION
▪ From this definition we can also see that there are two
types of safety instrumented functions.
▪ The first is a safety instrumented protection function,
which is a safety instrumented function operating in
the demand mode.
▪ The second is a safety instrumented control function,
which is a safety instrument function operating in the
continuous mode.

Section 10 Haward Technology Middle East 7


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


DEFINITION
▪ A safety system could be defined as a “Low Demand”
classification as the typical frequency would be in the
order of once per year.
▪ One example of a “Continuous Mode” system would be
the brakes on a car where frequent demands are
made.

Section 10 Haward Technology Middle East 8


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


DEFINITION
▪ The term SIF refers to the equipment that carries out the
single set of actions in response to the single hazard, as
well as to the particular set of actions itself.
▪ From these sources we might define the SIF as an
identified safety function that provides a defined level of
risk reduction or safety integrity level (SIL) for a specific
hazard by automatic action using instrumentation.

Section 10 Haward Technology Middle East 9


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


DEFINITION
▪ A SIF is made up of sensors, logic solver, and final
elements that act in concert to detect a hazard and
bring the process to a safe state.
▪ Another view of a SIF is that of an instrument safety
loop that performs a safety function which provides a
defined level of protection (SIL) against a specific
hazard by automatic means and which brings the
process to a safe state.

Section 10 Haward Technology Middle East 10


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


DEFINITION

Section 10 Haward Technology Middle East 11


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


DEFINITION

Section 10 Haward Technology Middle East 12


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

Section 10 Haward Technology Middle East 13


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ Consider a machine with a rotating blade that is
protected by a hinged solid cover.
▪ The blade is accessed for routine cleaning by lifting
the cover.
▪ The cover is interlocked so that whenever it is lifted
an electrical circuit de-energizes the motor and
applies a brake. In this way the blade is stopped
before it could injure the operator.

Section 10 Haward Technology Middle East 14


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ In order to ensure that safety is achieved, both hazard
analysis and risk assessment are necessary.
▪ The hazard analysis identifies the hazards associated
with cleaning the blade. For this machine it might
show that it should not be possible to lift the hinged
cover more than 5 mm without the brake activating
and stopping the blade. Further analysis could reveal
that the time for the blade to stop must be one second
or less. Together, these describe the safety function.

Section 10 Haward Technology Middle East 15


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ The risk assessment determines the performance
requirements of the safety function. The aim is to
ensure that the safety integrity of the safety function
is sufficient to ensure that no one is exposed to an
unacceptable risk associated with this hazardous
event.

Section 10 Haward Technology Middle East 16


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ The harm resulting from a failure of the safety
function could be amputation of the operator’s hand
or could be just a bruise.
▪ The risk also depends on how frequently the cover has
to be lifted, which might be many times during daily
operation or might be less than once a month.
▪ The level of safety integrity required increases with
the severity of injury and the frequency of exposure to
the hazard.

Section 10 Haward Technology Middle East 17


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ The safety integrity of the safety function will depend
on all the equipment that is necessary for the safety
function to be carried out correctly, i.e. the interlock,
the associated electrical circuit and the motor and
braking system.
▪ Both the safety function and its safety integrity specify
the required behaviour for the systems as a whole
within a particular environment.

Section 10 Haward Technology Middle East 18


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ To summarise, the hazard analysis identifies what has
to be done to avoid the hazardous event, or events,
associated with the blade.
▪ The risk assessment gives the safety integrity required
of the interlocking system for the risk to be
acceptable.
▪ These two elements, “What safety function has to be
performed?” – the safety function requirements – and
“What degree of certainty is necessary that the safety
function will be carried out?” – the safety integrity
requirements – are the foundations of functional
safety.
Section 10 Haward Technology Middle East 19
Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


EXAMPLE OF A SAFETY FUNCTION
▪ In this example, the functional safety requirements for
the specific hazardous event could be stated as
follows.
▪ When the hinged cover is lifted by 5 mm or more, the
motor shall be de-energized and the brake activated
so that the blade is stopped within 1 second.
▪ The safety integrity level of this safety function shall
be SIL2.

Section 10 Haward Technology Middle East 20


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

What a SIF is?

Section 10 Haward Technology Middle East 21


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?

Safety instrumented function

One hazard Safe state

SIF Sensors
Logic Solver
Final Elements
SIL

FIGURE 11
Figure

A SAFETY INSTRUMENTED FUNCTION (SIF) DETECTS A SPECIFIC HAZARD


AND BRINGS THE PROCESS TO A SAFE STATE

Section 10 Haward Technology Middle East 22


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?
Some examples of SIFs are:
Example #1
▪ High pressure in a vessel opens a vent valve:
The specific hazard is overpressure of the vessel.
• The high pressure is detected by a pressure-sensing
instrument, and logic (PLC, relay, hardwired, etc.)
opens a vent valve, bringing the system to a safe
state.

Section 10 Haward Technology Middle East 23


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?
Some examples of SIFs are:
Example #2
▪ High temperature in a furnace that can cause tube
rupture shuts off firing to furnace:
• The specific hazard is tube rupture
• Instrumentation automatically causes a main fuel
trip that removes the heat, bringing the system to a
safe state

Section 10 Haward Technology Middle East 24


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?
Some examples of SIFs are:
Example #3
▪ Flame-out in an incinerator that can lead to a release
of toxic gas causes process gas feed to be shut off:
• The specific hazard is a flame-out
• The automatic instrument protective action is to
close process gas feed to the incinerator, which
stops any toxic gas release bringing the system to a
safe state

Section 10 Haward Technology Middle East 25


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?
Some examples of SIFs are:
Example #4
▪ Flame-out in an incinerator that could cause fuel gas
accumulation and explosion causes a main fuel gas
trip:
• The specific hazard is a flame-out
• The automatic instrument protection action is a
main fuel gas trip, which cuts off the fuel and
prevents fuel gas accumulation, bringing the
system to a safe state

Section 10 Haward Technology Middle East 26


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS?
▪ There are functions that may seem like a SIF or part of
a SIF, but are not. A SIF is normally associated with
life-and limb protection.
▪ If you have identified an instrumented protection
function and the consequence of the hazard could be
killing or injuring, the function is a potential SIF
(pending SIL analysis—there may be adequate layers of
protection so that identification as a SIF is not
required).

Section 10 Haward Technology Middle East 27


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

What a SIF is not!

Section 10 Haward Technology Middle East 28


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS NOT!
▪ However, when a SIF operates, there may be related
actions that occur at the same time which place
portions of the process in desirable operating states to
minimize startup time, loss of inventory, process
equipment problems, etc.
▪ Operating companies sometimes fall into the trap of
considering these related actions as part of the SIF.
▪ Considering related actions that are operational
complicates the SIF and can increase the difficulty of
achieving the target SIL.

Section 10 Haward Technology Middle East 29


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS NOT!
▪ Equipment or asset protection functions also are not
SIFs.
▪ Every plant has protective functions that protect the
plant’s equipment and assets. This is primarily a
commercial or money issue. If there are no safety
aspects to these protective functions, they are not
SIFs.

Section 10 Haward Technology Middle East 30


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS NOT!
▪ Another example of what is not a SIF is an operational
protection function

▪ This type of function is designed to keep the plant


within predetermined operational boundaries for
commercial or operational reasons but not safety.

Section 10 Haward Technology Middle East 31


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


WHAT A SIF IS NOT!
▪ A key to SIL selection is to correctly identify the safety
instrumented functions for a facility
▪ Failure to identify true SIF’s leads to less safety
▪ Conversely, identifying things as SIFs that are not leads
to unnecessary cost, burden, and complexity

Section 10 Haward Technology Middle East 32


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

How SIF Fits with SIS and SIL?

Section 10 Haward Technology Middle East 33


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


HOW SIF FITS WITH SIS AND SIL?
▪ ANSI/ISA 84.01 does not always make a clear
distinction between a SIF (a safety function) and a SIS.
▪ IEC 61511 makes a bit clearer distinction but still is
somewhat unclear
▪ A SIS is made up of one or more SIFs
▪ The relationship of a SIF to a SIS is illustrated in the
next slide

Section 10 Haward Technology Middle East 34


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SIS
HOW SIF FITS WITH SIS One Hazard SIF #1 Safe State

AND SIL? Sensors


Logic solver
Final elements
SIL
One Hazard SIF #2 Safe State
Sensors
Logic solver
Final elements

A SAFETY INSTRUMENTED One Hazard


SIL
Safe State
SIF #3
SYSTEM (SIS) IS A Sensors
Logic solver
COMBINATION OF ONE OR Final elements
SIL
MORE SAFETY One Hazard SIF #4 Safe State

INSTRUMENTED Sensors
Logic solver
FUNCTIONS (SIF) Final elements
SIL

INSTRUMENTED FUNCTIONS (SIFS).

Section 10 Haward Technology Middle East 35


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


HOW SIF FITS WITH SIS AND SIL?
▪ By definition, each SIF must have a SIL based on how
much risk reduction the SIF must provide to help
reduce the risk of a particular hazard to an acceptable
level when considered with the rest of the protective
layers that reduce the risk of that particular hazard.
▪ The SIL is selected based on the risk posed by the
hazard the SIF is protecting against.
▪ This risk is composed of a consequence (what bad
things that can happen) and a pre-safeguard frequency
(how often the hazard is expected to occur if no
protections—SIS or non-SIS—are provided).

Section 10 Haward Technology Middle East 36


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


HOW SIF FITS WITH SIS AND SIL?
▪ However, while there is a single hazard (and generally
a single consequence) associated with a SIF, there can
be multiple initiating causes, each with its own
frequency of occurrence.
▪ For example, overpressure of a vessel due to loss of
cooling (with a consequence of vessel rupture and
fire/explosion) could be caused by loss of cooling
water supply, loss of cooling water pump(s),
temperature control loop failure, plugging of tubes,
etc.
▪ Each of these initiating causes can have a different
frequency of occurrence, and thus different risks
(consequence x frequency) for the same SIF.
Section 10 Haward Technology Middle East 37
Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


HOW SIF FITS WITH SIS AND SIL?
SIF

Frequency #1
Initiating cause #1 SIF
Frequency #2 Safe state
One hazard
Highest SIL
Initiating cause #2 SIF
Frequency #3
Initiating cause #3 SIF
Frequency #4
Initiating cause #4 SIF

WHEN A SAFETY INSTRUMENTED FUNCTION HAS MULTIPLE POTENTIAL


CAUSES, EACH WITH ITS OWN SAFETY INTEGRITY LEVEL (SIL) REQUIREMENT,
THE HIGHEST SIL IS GENERALLY SELECTED FOR THE ENTIRE SIF

Section 10 Haward Technology Middle East 38


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions

Summary

Section 10 Haward Technology Middle East 39


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ Based on a HAZOP study, a determination can be made
as to what risks are present and whether these risks
can be prevented or mitigated with something other
than instrumentation, which is complex, expensive,
requires maintenance and can be prone to failure
▪ For example, a dike is a simple and reliable method
which can easily contain a liquid spill

Section 10 Haward Technology Middle East 40


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY

High level
ATM
hazard
problem

Basic tank level Raw


Tank 1-101

control with Material


Feed

over pressure
release hazard

Discharge valve Pump

Section 10 Haward Technology Middle East 41


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ Where an instrumentation system is required, a
“Safety Instrumented Function” (SIF) will be
determined.
▪ For each SIF, the level of performance has to be
established. This standard is referred to as the “
Safety Integrity Level” (SIL).

Section 10 Haward Technology Middle East 42


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ The SIL is not directly a measure of process risk but
rather a measure of the performance of the safety
system which is required in order to control the risk,
which has been identified, to an acceptable level
▪ The standards describe a variety of methods on how
this can be done

Section 10 Haward Technology Middle East 43


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ On completion of the previous actions, the next step is
to develop the “Safety Requirements Specification”
(SRS)
▪ This consists of documenting the input and output
(I/O) requirements, function logic and the SIL for each
safety function (SIF)

Section 10 Haward Technology Middle East 44


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ The final stage is to design the “Safety Instrumented
System” (SIS)
▪ This would detail the actions required by the SIS
▪ Also involved would be the selection of the technology
to be used, choice of field devices, speed of response,
degree of redundancy etc.
▪ Also included would be all the aspects of installation
and commissioning

Section 10 Haward Technology Middle East 45


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


SUMMARY
▪ An example of an action could be “If temperature
sensor TT2301 exceeds 410 degrees F then close valves
XV5301 and XV5302”
▪ This function must respond within 3 seconds and needs
to be SIL 2

Section 10 Haward Technology Middle East 46


Safety Instrumented Systems (SIS)
& Layers of Protection

Safety Instrumented Functions


BIBLIOGRAPHY
“Safety Instrumented Systems: Design, Analysis and
Justification”
2nd Edition
Paul Gruhn, P.E., CFSE and Harry Cheddie, P.Eng., CFSE.

Section 10 Haward Technology Middle East 47


Safety Instrumented Systems (SIS)
& Layers of Protection

COURSE RECAP

Section 10 Haward Technology Middle East 48

You might also like