Safety Instrumented Systems:

A How To Primer
Presenter Introduction
Presenter Introduction
Michael Scott, PE, CFSE
Vice President, AE Solutions
18 Years Experience
ISA Committees - S84, WG6 FGS
Chair, WG3 BMS Core Team Member
Past ISA Safety Division BMS
Chairman
Past ISA Safety Division FGS
Chairman
ISA Course Developer / Instructor
ISA, AIChE, NFPA, SFPE Member
Past PIP Safety System Task Team
Member
BSME, University of Maryland
MS, University of South Carolina
What is an SIS?
What is an SIS?
Informal Definition:
Instrumented Control
System that detects out of
control conditions and
automatically returns the
process to a safe state
Last Line of Defense
Not basic process control
system (BPCS)
Common SIS Applications
Common SIS Applications
Emergency Shutdown Systems
Process Interlock Systems
Burner Management Systems for Fired
Heaters
High Integrity Pressure Protection Systems
Flare Load Reduction
Fire and Gas Detection and Mitigation
Many are Installed and in Operation in
typical Process Plants
How SIS are Different from BPCS?
How SIS are Different from BPCS?
SIS Program
Safety
valve
Output
Process
Process
Logic solver(s)
Input
Transmitter
Final Element(s) Sensor(s)
SV
IAS
SIS Components
SIS Components
What is NOT an SIS?
What is NOT an SIS?
Many Instrumented Protective Functions (IPF)
fall outside the industry-accepted definition
Equipment Protective Functions
ESD Functions that are solely initiated by manual
means
Emergency Isolation Valves
Alarm Systems
Mechanical Devices, e.g., Fire Safety Valves with
Fusible Link, Overspeed protection, etc.
Not all interlocks in a Not all interlocks in a
SIS will be associated with SIS will be associated with
Preventing a Specific Safety Hazard Preventing a Specific Safety Hazard
Installation and
Commissioning 6%
Changes after
Commissioning 21%
Specification 44%
Operation and
Maintenance 15%
Design and
Implementation 15%
HSE Study of Accident Causes
HSE Study of Accident Causes
Accidents involving inadequate control
systems
Out of Control: Why Control Systems go Wrong
and How to Prevent Failure,UK Heath and Safety
Executive, 1995
Conceptual Process Design Conceptual Process Design
Process Hazards Analysis Process Hazards Analysis
SIF SIF Definition Definition
Target Target Selection Selection
Conceptual Design Conceptual Design
Target Target Verification Verification
Design Specifications Design Specifications
Construction, Installation, Construction, Installation,
And Commissioning And Commissioning
PSAT PSAT
Operation, Maintenance Operation, Maintenance
and Testing and Testing
Procedure Development Procedure Development
Management of Change Management of Change
Typical SIS design lifecycle
Typical SIS design lifecycle
Key Regulatory Requirements
Key Regulatory Requirements
Process Safety Information
OSHA Process Safety Management (PSM) Standard
29 CFR 1910.119(d) (3)
(ii) The employer shall document that equipment
complies with recognized and generally accepted
good engineering practices.
Also cited in EPA Accidental Release
Prevention Program 40 CFR Part 68
(68.65)
OSHA Endorsement of ISA 84.01
OSHA Endorsement of ISA 84.01
In 2000, OSHA Endorsed ANSI/ISA 84.01 via
Letter of Interpretation
Complies with Process Safety Management
Is one example of RAGAGEP
Not the only way
Applies to 1996 version of ANSI/ISA 84.01
Also have endorsed 2004 version

General
General

SIS Standards
SIS Standards
ANSI/ISA 84.01 (1996, 2004)
Application of Safety Instrumented Systems for
the Process Industries (1996)
Functional Safety: Safety Instrumented Systems
for the Process Industry Sector, (2004)
IEC 61511
Functional Safety: Safety Instrumented Systems
for the Process industry Sector
IEC 61508
Functional Safety of
Electrical/Electronic/Programmable Electronic
Safety Related Systems
Application Specific Standards
Application Specific Standards
Burner Management Systems
NFPA 85, Boilers
NFPA 86, Ovens and Furnaces
Fire and Gas Systems NFPA 72
Compressor Systems API 617-619
Turbine Driver Systems API 616
Offshore Oil & Gas Applications API RP
14C
Application Specific Standards tend to be More-Prescriptive in
Nature. Not Flexible, or Performance-Based Standards
Existing versus New Systems
Existing versus New Systems
OSHA Process Safety Management
29 CFR 1910.119(d) (3)
(ii) The employer shall document that
equipment complies with recognized and
generally accepted good engineering
practices.
(iii) For existing equipment designed and
constructed in accordance with codes,
standards, or practices that are no longer in
general use, the employer shall determine and
document that the equipment is designed,
maintained, inspected, tested, and operating in
a safe manner.
The Grandfather Clause
Grandfathering applies only Grandfathering applies only
If no upgrades are made to SIS If no upgrades are made to SIS
Regulatory Compliance
Regulatory Compliance
Good Engineering Practice
Is a moving target as industry practices change
Does allow for a large degree of flexibility based on
industry- and company- practices
Is not an OPTION in the eyes of Process Safety
Regulations
How is Implementation of SIS going
How is Implementation of SIS going
to affect my Plant?
to affect my Plant?
Analysis Required
Identify Safety Instrumented Functions
Select and Verify Achievement of Performance
Targets
Develop Safety Requirements Specs.
New Equipment
Transmitters
Valves
Logic Solver (PLC)
Testing and Maintenance
Increase (Decrease?) Effort Level
Layers of Protection
Layers of Protection
Prevention Mitigation
What is a
What is a

Standard
Standard

SIS Design?
SIS Design?
In Most Cases, The Prescriptive
Approach to SIS Design is Not Optimal
from the Standpoint of Cost or Safety
Industry Standards for
Industry Standards for
S
S
afety
afety
I
I
nstrumented
nstrumented
S
S
ystems (SIS)
ystems (SIS)
Instrumentation, Systems, and Automation
Society (ISA), ANSI/ISA S84.00.01-2004,
Functional Safety: Safety Instrumented
Systems for the Process Industry Sector,
2004.
International Electrotechnical Commission
(IEC), IEC 61511, Functional Safety: Safety
Instrumented Systems for the Process Sector
Performance Oriented Standards
What does ISA 84.01 require?
What does ISA 84.01 require?
Performance based
Defines a safety
lifecycle
Requires selection of
performance target
Requires confirmation of
target achievement,
quantitatively
A measure of the amount of risk reduction provided
by a Safety Instrumented Function (SIF)
Safety
Integrity
Level
SIL 4
SIL 3
SIL 2
SIL 1
Risk Reduction
Factor
100,000 to 10,000
10,000 to 1,000
1,000 to 100
100 to 10
Safety
> 99.99%
99.9% to 99.99%
99% to 99.9%
90% to 99%
What is a Safety Integrity Level
What is a Safety Integrity Level
(SIL)?
(SIL)?
Probability of
Failure on Demand
0.001% to 0.01%
0.01% to 0.1%
0.1% to 1%
1% to 10%
Consequence
L
i
k
e
l
i
h
o
o
d
Tolerable Risk
Region
ALARP
Risk Region
Unacceptable
Risk Region
Consequence Reduction,
e.g., material reduction,
containment dikes,
physical protection
Inherent Risk
of the Process
Increasing Risk
SIL 1
SIL 2
SIL 3
Non SIS Risk
Reduction, e.g.
Pressure
Relief Valves
SIS Risk
Reduction
Reducing Risk
Reducing Risk
Non
Non
-
-
SIS Risk Reduction
SIS Risk Reduction
SIS Risk Reduction
SIS Risk Reduction
-
-
Preventive
Preventive
Conceptual Design
Conceptual Design
Select Technology
Device Failure Rate
Certifications
Proven in Use (Prior Use)
Safety Manual for Certified
Equipment
Conceptual Design
Conceptual Design
Select Architecture /
Voting
Select degree of
Fault Tolerance
Redundancy for Safety
Redundancy for Nuisance
Trip Avoidance
Identify potential
common-cause failures
that could defeat
redundant architecture
Conceptual Design
Conceptual Design
Functional Proof Tests
Frequency
Online or during Shutdown
Full Functional Test or
Partial Test
Diagnostic Testing
Frequency
Response to detected fault
Typical SIL 1 Design
Typical SIL 1 Design
Atmospheric
Storage Tank
LT-101
V-101
LIC
101
LAL
LT-102
SV
IAS
LV-101 XV-101
Product
Separator
Typical SIL 1 Design
Typical SIL 1 Design

Low MTTFs
Low MTTFs
Atmospheric
Storage Tank
LT-101
V-101
LIC
101
LAL
SV
IAS
Vote 2oo2
LV-101 XV-101
Product
Separator
LAL
LT-102
LT-103
Typical SIL 2 Design
Typical SIL 2 Design
Atmospheric
Storage Tank
LT-101
V-101
LIC
101
LAL
SV
IAS
Vote 1oo2
SV
IAS
LV-101 XV-101 XV-102
Product
Separator
Overhead to
Vapor
Recovery
LAL
LT-102
LT-103
Typical SIL 2 Design
Typical SIL 2 Design

Low MTTFs
Low MTTFs
Atmospheric
Storage Tank
LT-101
V-101
LIC
101
LAL
IAS
Vote 2oo3
LV-101 XV-101 XV-102
Product
Separator
Overhead to
Vapor
Recovery
LAL
LT-102
LT-103
LT-104
2oo2
SOV
2oo2
SOV
IAS
Certified Functional Safety Expert
" ...ensuring that applicable parties involved in
any of the overall E/E/PE or software safety
lifecycle activities are competent to carry
out activities for which they are
accountable"
- IEC 61508, Part 1, Paragraph 6.2.1 (h)
Competence of Personnel
Competence of Personnel
Certified Functional Safety Expert
Certified Functional Safety Expert
PE type certification process for application
of IEC61508 / IEC61511 (www.csfe.org)