Safety Instrumented Systems:

A How To Primer

Presenter Introduction

Michael Scott, PE, CFSE

Vice President, AE Solutions
18 Years Experience
ISA Committees - S84, WG6 FGS
Chair, WG3 BMS Core Team Member
Past ISA Safety Division BMS
Chairman
Past ISA Safety Division FGS
Chairman
ISA Course Developer / Instructor
ISA, AIChE, NFPA, SFPE Member
Past PIP Safety System Task Team
Member
BSME, University of Maryland
MS, University of South Carolina

What is an SIS?

Informal Definition:
Instrumented Control
System that detects out of
control conditions and
automatically returns the
process to a safe state

Last Line of Defense

Not basic process control
system (BPCS)

Common SIS Applications

Emergency Shutdown Systems

Process Interlock Systems
Burner Management Systems for Fired
Heaters
High Integrity Pressure Protection Systems
Flare Load Reduction
Fire and Gas Detection and Mitigation
Many are Installed and in Operation in
typical Process Plants

How SIS are Different from BPCS?

SIS Components
Process

Process

Output

Input

IAS

SIS Program
Transmitter

Sensor(s)

SV

Safety
valve

Logic solver(s)

Final Element(s)

What is NOT an SIS?

Many Instrumented Protective Functions (IPF)

fall outside the industry-accepted definition
Equipment Protective Functions
ESD Functions that are solely initiated by manual
means
Emergency Isolation Valves
Alarm Systems
Mechanical Devices, e.g., Fire Safety Valves with
Fusible Link, Overspeed protection, etc.

Not all interlocks in a

SIS will be associated with
Preventing a Specific Safety Hazard

HSE Study of Accident Causes

Accidents involving inadequate control

systems
Design and
Implementation 15%
Specification 44%

Installation and
Commissioning 6%
Operation and
Maintenance 15%
Changes after
Commissioning 21%

Out of Control: Why Control Systems go Wrong

and How to Prevent Failure, UK Heath and Safety
Executive, 1995

Typical SIS design lifecycle

Conceptual Process Design
Process Hazards Analysis

Procedure Development

SIF Definition

Construction, Installation,
And Commissioning

Target Selection
PSAT
Conceptual Design
Target Verification
Design Specifications

Operation, Maintenance
and Testing
Management of Change

Key Regulatory Requirements

Process Safety Information

OSHA Process Safety Management (PSM) Standard
29 CFR 1910.119(d) (3)
(ii) The employer shall document that equipment
complies with recognized and generally accepted
good engineering practices.

Also cited in EPA Accidental Release

Prevention Program 40 CFR Part 68
(68.65)

OSHA Endorsement of ISA 84.01

In 2000, OSHA Endorsed ANSI/ISA 84.01 via

Letter of Interpretation
Complies with Process Safety Management
Is one example of RAGAGEP
Not the only way
Applies to 1996 version of ANSI/ISA 84.01
Also have endorsed 2004 version

General SIS Standards

ANSI/ISA 84.01 (1996, 2004)

Application of Safety Instrumented Systems for
the Process Industries (1996)
Functional Safety: Safety Instrumented Systems
for the Process Industry Sector, (2004)

IEC 61511
Functional Safety: Safety Instrumented Systems
for the Process industry Sector

IEC 61508
Functional Safety of
Electrical/Electronic/Programmable Electronic
Safety Related Systems

Application Specific Standards

Burner Management Systems

NFPA 85, Boilers
NFPA 86, Ovens and Furnaces

Fire and Gas Systems NFPA 72

Compressor Systems API 617-619
Turbine Driver Systems API 616
Offshore Oil & Gas Applications API RP
14C

Application Specific Standards tend to be More-Prescriptive in

Nature. Not Flexible, or Performance-Based Standards

Existing versus New Systems

OSHA Process Safety Management

29 CFR 1910.119(d) (3)
(ii) The employer shall document that
equipment complies with recognized and
generally accepted good engineering
practices.
(iii) For existing equipment designed and
constructed in accordance with codes,
standards, or practices that are no longer in
general use, the employer shall determine and
document that the equipment is designed,
maintained, inspected, tested, and operating in
a safe manner.
The Grandfather Clause
Grandfathering applies only
If no upgrades are made to SIS

Regulatory Compliance

Good Engineering Practice

Is a moving target as industry practices change
Does allow for a large degree of flexibility based on
industry- and company- practices
Is not an OPTION in the eyes of Process Safety
Regulations

How is Implementation of SIS going

to affect my Plant?

Analysis Required
Identify Safety Instrumented Functions
Select and Verify Achievement of Performance
Targets
Develop Safety Requirements Specs.

New Equipment
Transmitters
Valves
Logic Solver (PLC)

Testing and Maintenance

Increase (Decrease?) Effort Level

Layers of Protection
Prevention

Mitigation

What is a Standard SIS Design?

In Most Cases, The Prescriptive

Approach to SIS Design is Not Optimal
from the Standpoint of Cost or Safety

Industry Standards for

Safety Instrumented Systems (SIS)

Instrumentation, Systems, and Automation

Society (ISA), ANSI/ISA S84.00.01-2004,
Functional Safety: Safety Instrumented
Systems for the Process Industry Sector,
2004.

International Electrotechnical Commission

(IEC), IEC 61511, Functional Safety: Safety
Instrumented Systems for the Process Sector
Performance Oriented Standards

What does ISA 84.01 require?

Performance based
Defines a safety
lifecycle
Requires selection of
performance target
Requires confirmation of
target achievement,
quantitatively

What is a Safety Integrity Level

(SIL)?
A measure of the amount of risk reduction provided
by a Safety Instrumented Function (SIF)
Safety
Integrity
Level

Safety

Probability of
Failure on Demand

Risk Reduction
Factor

SIL 4

> 99.99%

0.001% to 0.01%

100,000 to 10,000

SIL 3

99.9% to 99.99%

0.01% to 0.1%

10,000 to 1,000

SIL 2

99% to 99.9%

0.1% to 1%

1,000 to 100

SIL 1

90% to 99%

1% to 10%

100 to 10

Risk
SIS
Risk Reduction
SIS Non
Risk-Reducing
Reduction
- Preventive
L
i
k
e
l
i SIL 1
hSIL 2
o
oSIL 3
d

Inherent Risk
of the Process

Non SIS Risk

Reduction, e.g.
Pressure
Relief Valves

Increasing Risk

Consequence Reduction,
e.g., material reduction,
containment dikes,
physical protection

SIS Risk
Reduction

Tolerable Risk
Region

Unacceptable
Risk Region

ALARP
Risk Region

Consequence

Conceptual Design
Select Technology

Device Failure Rate

Certifications
Proven in Use (Prior Use)
Safety Manual for Certified
Equipment

Conceptual Design
Select Architecture /
Voting
Select degree of
Fault Tolerance
Redundancy for Safety
Redundancy for Nuisance
Trip Avoidance
Identify potential
common-cause failures
that could defeat
redundant architecture

Conceptual Design
Functional Proof Tests
Frequency
Online or during Shutdown
Full Functional Test or
Partial Test

Diagnostic Testing
Frequency
Response to detected fault

Typical SIL 1 Design

Product
Separator

LIC
101

V-101
SV
IAS

LT-102

LT-101
Atmospheric
Storage Tank

LAL

LV-101

XV-101

Typical SIL 1 Design Low MTTFs

Vote 2oo2

Product
Separator

LIC
101

V-101
SV
IAS

LT-102

LT-101
Atmospheric
Storage Tank

LAL

LT-103

LV-101

XV-101

Typical SIL 2 Design

Vote 1oo2

Overhead to
Vapor
Recovery
Product
Separator

LIC
101

V-101
SV

SV
IAS

LT-102

IAS

LT-101
Atmospheric
Storage Tank

LAL

LT-103

LV-101

XV-101

XV-102

Typical SIL 2 Design Low MTTFs

Vote 2oo3

Overhead to
Vapor
Recovery
Product
Separator

LIC
101

LT-104
V-101

2oo2
SOV

LT-102

IAS

2oo2
SOV

IAS

LT-101
Atmospheric
Storage Tank

LAL

LT-103

LV-101

XV-101

XV-102

Competence of Personnel
Certified Functional Safety Expert
"...ensuring that applicable parties involved in
any of the overall E/E/PE or software safety
lifecycle activities are competent to carry
out activities for which they are
accountable"
- IEC 61508, Part 1, Paragraph 6.2.1 (h)

Certified Functional Safety Expert

PE type certification process for application
of IEC61508 / IEC61511 (www.csfe.org)