Documente Academic
Documente Profesional
Documente Cultură
06
Safety Fieldbus Design Considerations
for Process Industry Sector Applications
Approved 2 October 2009
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
ISATR84.00.06
Safety Fieldbus Design Considerations for Process Industry Sector Applications
ISBN: 978-1-936007-33-2
Copyright 2009 by the International Society of Automation. All rights reserved. Printed
in the United States of America. No part of this publication may be reproduced, stored in
a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), without the prior written permission of the
publisher.
ISA
67 Alexander Drive
P.O. Box 12277
Research Triangle Park, North Carolina 27709
E-mail: standards@isa.org
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
Preface
This preface is included for information purposes only and is not part of ISATR84.00.06.
This technical report has been prepared as part of the service of ISA, the International
Society of Automation. To be of real value, this document should not be static but should
be subject to periodic review. Toward this end, the Society welcomes all comments and
criticisms and asks that they be addressed to the Secretary, Standards and Practices
Board; ISA, 67 Alexander Drive; P.O. Box 12277; Research Triangle Park, NC 277099;
Telephone (919) 549-8411; Fax (919) 549-8288; E-mail: standards@isa.org.
This ISA Standards and Practices Department is aware of the growing need for attention
to the metric system of units in general, and the International System of Units (SI) in
particular, in the preparation of instrumentation standards, recommended practices, and
technical reports. The Department is further aware of the benefits of USA users of ISA
standards of incorporating suitable references to the SI (and the metric system) in their
business and professional dealings with other countries. Toward this end, the Department
will endeavor to introduce SI and acceptable metric units in all new and revised standards
to the greatest extent possible. The Metric Practice Guide, which has been published by
the Institute of Electrical and Electronics Engineers (IEEE) as ANSI/IEEE Std. 268-1992,
and future revisions, will be the reference guide for definitions, symbols, abbreviations,
and conversion factors.
It is the policy of ISA to encourage and welcome the participation of all concerned
individuals and interests in the development of ISA standards. Participation in the ISA
standards-making process by an individual in no way constitutes endorsement by the
employer of that individual, of ISA, or of any of the standards, recommended practices,
and technical reports that ISA develops.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
NAME
W. Johnson, Chair
V. Maggioli, Managing Director
R. Adamski
T. Ando
R. Avali
L. Beckman
J. Campbell
I. Chen
M. Coppler
M. Corbo
K. Dejmek
P. Early
K. Gandhi
J. Gilman
W. Goble
P. Gruhn
B. Hampshire
J. Harris
J. Jamison
R. Johnson
K. Klein
T. Layer
E. Marszal
N. McLeod
R. Peterson
G. Ramachandran
M. Scott
D. Sniezek
C. Sossman
R. Strube
A. Summers
L. Suttinger
R. Taubert
H. Thomas
T. Walczak
M. Weber
A. Woltman
P. Wright
D. Zetterberg
COMPANY
E I du Pont
Feltronics Corp
RA Safety Consulting LLC
Yokogawa Electric Co
Westinghouse Electric Corp
Safeplex Systems Inc
ConocoPhillips
Aramco
Ametek Inc
ExxonMobil
Baker Engineering & Risk Consultants
Langdon Coffman Services
KBR
JFG Technology Transfer LLC
Exida
ICS Triplex
BP
UOP A Honeywell Company
EnCana Corporation Ltd
Dow Process Automation SIS SME
Celanese Corp
Emerson Process Management
Kenexis Consulting Corp
ARKEMA
Lyondell Chemical Company
Shell Global Solutions US
AE Solutions
Lockheed Martin Federal Services
CLS Tech-Reg Consultants
Strube Industries
SIS-TECH Solutions LP
Savannah River Nuclear Solutions
Consultant
Air Products & Chemicals Inc
Conversions Inc
System Safety Inc
Shell Global Solutions
BHP Engineering & Construction Inc
Chevron Energy Technology Company
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
The following served as voting members of ISA84 and approved this technical report:
ISATR84.00.06
The following served as members of the ISA Standards and Practices board and approved this
technical report:
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
NAME
J. Tatera, VP
D. Dunn, VP Elect
P. Brett
M. Coppler
E. Cosman
B. Dumortier
R. Dunn
J. Gilsinn
E. Icayan
J. Jamison
D. Kaufman
K. Lindner
V. Maggioli
T. McAvinew
G. McFarland
R. Reimer
N. Sands
H. Sasajima
T. Schnare
I. Verhappen
R. Webb
W. Weidman
J. Weiss
M. Widmeyer
M. Zielinski
COMPANY
Consultant
Aramco Services Co
Honeywell, Inc
Ametek, Inc
The Dow Chemical Co
Schneider Electric
DuPont Engineering
NIST/MEL
ACES Inc
EnCana Corporation Ltd
Honeywell International Inc
Endress+Hauser Process Solutions AG
Feltronics Corp
I&C Engineering LLC
Emerson Process Mgmt Power & Water Sol
Rockwell Automation
DuPont
Yamatake Corp
Rosemount Inc
Industrial Automation Networks Inc.
ICS Secure LLC
WorleyParsons
Applied Control Solutions LLC
Kahler Engineering Inc
Emerson Process Management
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
Contents
Introduction ...................................................................................................................................... 9
1
Scope................................................................................................................................ 11
Criteria .............................................................................................................................. 11
2.1
2.2
2.3
2.4
2.5
Security .................................................................................................................... 13
2.6
Operation ................................................................................................................. 13
2.7
Diagnostics .............................................................................................................. 13
2.8
Documentation......................................................................................................... 13
2.9
Testability................................................................................................................. 14
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
References ....................................................................................................................... 19
Definitions ......................................................................................................................... 19
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
Introduction
Safety Fieldbuses are currently being used in various industrial sectors, such as automotive and
machinery, but they have only recently been introduced within the process sector for safety
instrumented systems (SISs). ISA84 committee members are concerned that generic Fieldbuses
may be incorrectly implemented in SIS applications. Consequently, the ISA84 committee formed
Working Group 1 (ISA84 WG1) to develop guidance on the implementation of Safety Fieldbuses
as part of an SIS for communicating between a safety logic solver and field devices.
A generic Fieldbus is multi-drop digital network consisting of digital communication cable,
terminators, hubs, links/couplers, power supplies, hosts and protocols, along with Fieldbuscompatible devices (Figure 1). It is used to communicate process information to and from
multiple field devices within a segment. Fieldbus is a network structure that allows daisy-chain,
star, ring, branch, and tree topologies.
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
10
technologies not currently utilized in safety systems (e.g., Fieldbuses), but that revisions to the
standard will address new technologies as they become available.
ANSI/ISA-84.00.01-2004, Clause 11.6.3 reflects ANSI/ISA-84.01-1996, Clause 7.4.1.3 above,
with an added statement that addresses the alternative of a digital bus communication with
overall safety performance that meets the integrity requirements of the SIF (safety instrumented
function) it services. Therefore, a Safety Fieldbus adds to the generic Fieldbus the additional
hardware and software features necessary to be compliant with ANSI/ISA-84.00.01-2004.
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
This technical report addresses the use of Fieldbus for multi-drop digital network communication
for implementation of Safety Instrumental Function (SIF) within a safety logic solver designed and
managed in compliance with ANSI/ISA-84.00.01-2004. If the reader chooses to implement the
safety logic in the Fieldbus segment only, the fieldbus and any instruments executing the safety
logic should be evaluated as a logic solver under the requirements of ANSI/ISA-84.00.01-2004.
This technical report does not address implementation of the SIF logic within the Fieldbus
segment.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
11
ISATR84.00.06
Scope
1.1
1.2
This technical report addresses Safety Fieldbus design and management. It does not
provide detailed implementation guidance, which would be different for each Fieldbus
technology.
1.3
Criteria
2.1
Safety Requirements
2.1.1
The Safety Fieldbus should meet the requirements of the highest safety integrity level
(SIL) of any safety instrumented function (SIF) it supports, as measured by the:
a.
hardware integrity
b.
c.
systematic integrity
d.
2.1.2
The software/firmware used to carry out the Safety Fieldbus diagnostics should meet the
requirements of the highest SIL it supports.
2.1.3
The likelihood of random hardware undetected failures for the Safety Fieldbus should be
sufficiently low in comparison to the overall safety integrity requirements. As a rule of
thumb, for a demand mode SIS, the Safety Fieldbus should have a PFDavg less than 1%
of the target PFDavg for the SIF.
2.1.4
The Safety Fieldbus protocol should be compliant with IEC 61508 requirements to the
applicable SIL claim limit.
2.1.5
2.2
Speed of Response
2.2.1
The response time of the Safety Fieldbus should be incorporated in the calculation of the
overall response time of the SIF (e.g., the time from process deviation detection through
the process response to final element action). It is good engineering practice that overall
response time should be no more than one-half the process safety time allocated to the
SIF.
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
12
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
2.2.2
The response time should be sufficient to meet the shortest process safety time
requirement of any SIF on the Safety Fieldbus.
2.3
2.3.1
The Safety Fieldbus selection should consider its ability to communicate with the field
devices and safety logic solver. It should support interoperability of devices without
degrading the safety integrity, the Risk Reduction Factor (RRF), the reliability (spurious
trip rate), or the communication speed of the Safety Fieldbus. When a manufacturer
claims interoperability of sensors, logic solvers, final elements, and the like, that claim
should be supported by analysis and testing.
2.3.2
The Safety Fieldbus should not be shared by non-safety devices. If non-safety devices
are used on the Safety Fieldbus, the non-safety devices should not impact the
functionality or integrity of the SIS. If the non-safety devices could affect the functionality
or integrity of the SIS, the non-safety devices should be designed and managed per
ANSI/ISA-84.00.01-2004 and Clause 2.4 of this technical report.
2.3.3
The Safety Fieldbus should ensure separation and independence of the Basic Process
Control System (BPCS) and the SIS. This will include independent security for
configuration and maintenance tools.
2.3.4
All devices that perform a safety function on a Safety Fieldbus should communicate using
a protocol that is designed in compliance with IEC 61508 and has been demonstrated to
work in the operating environment.
2.3.5
The integrity and reliability of the Safety Fieldbus devices should be considered in the SIL
verification calculations in accordance with ISA-TR84.00.02-2002.
2.4
Fault Tolerance
2.4.1
Fault tolerance may be achieved either through redundant Safety Fieldbuses or through
redundant subsystems/components on independent Safety Fieldbuses.
2.4.2
The nuisance trip rate of the Safety Fieldbus should support the assumptions in the
safety requirements specification (SRS). The impact of safe failures should be assessed
during the hazards and risk analysis.
2.4.3
A failure of any field device(s) connected to the Safety Fieldbus should not degrade the
Fieldbus operation nor degrade the integrity or reliability of any safety devices connected
to the Fieldbus.
2.4.4
A failure of any single Safety Fieldbus in a multiple Fieldbus SIS should not degrade the
performance of the other Fieldbuses nor degrade the performance of any devices
connected to other Fieldbuses. The design of the Fieldbus should be assessed to ensure
that the likelihood of common cause, common mode and dependent failures between
protection layers and between protection layers and the BPCS are sufficiently low in
comparison to the overall safety integrity requirements of the SIS.
2.4.5
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
13
ISATR84.00.06
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
2.5
Security
2.5.1
The Safety Fieldbus should have sufficient security to prevent inadvertent changes to the
SIS configuration.
2.5.2
Safety Fieldbus devices should have a means to ensure configuration parameters are
protected. For example, inadvertent changes can be prevented through write-protection.
2.5.3
2.5.4
Industrial cyber security practices should be implemented (e.g., see the ISA-99 series of
standards, www.isa.org).
2.6
Operation
2.6.1
On-line replacement of field devices should be possible without affecting the SIF
operation (i.e., the absence of device should not impact the bus integrity). Field device
replacement should be completed within the MTTR (mean time to repair) assumed in the
SRS unless otherwise approved by management of change.
2.6.2
The Safety Fieldbus should be capable of performing its SIFs irrespective of the
communication media.
2.6.3
The Safety Fieldbus should be designed to take a specified safe state on loss of support
systems (e.g.,off state for de-energize to trip applications).
2.6.4
Fieldbus communication interruption, lasting longer than the shortest process safety time
(see 2.2.2), should cause the SIF final elements to take the specified safe state, unless a
hazards analysis team approves otherwise.
2.6.5
When communication faults are detected, the Safety Fieldbus should be configured to
take the SIF final elements to the specified safe state.
2.7
Diagnostics
2.7.1
Timely notification of operational status of the Fieldbus and attached devices should be
readily available to the user via the Fieldbus interface. Diagnostics is typically
implemented in a manner transparent to the user.
2.7.2
The Safety Fieldbus should capture and communicate diagnostic information from the
sensors and final elements as specified in the SRS.
2.7.3
Diagnostics should consider known failure modes which include, but are not limited to,
complete failure of the transmission channel, transmission errors, repetitions, deletions,
insertions, re-sequencing, delay and masquerade.
2.7.4
The software and firmware used by the communication or diagnostic processes of the
Safety Fieldbus should be designed and managed per IEC 61508.
2.8
Documentation
2.8.1
The safety manual should define the industry sector(s) (e.g., process, machinery, rail,
avionics) that the Safety Fieldbus was designed to support.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
14
2.8.2
The safety manual should include sector-specific guidance where relevant, since one
Fieldbus may not be suitable for all sectors.
2.8.3
2.8.4
The safety manual should include analysis boundary and assumptions supporting the
claimed SIL and nuisance trip rate.
2.8.5
The safety manual should describe any limitations on the use of the Safety Fieldbus,
such as the inability to support SIFs across segments or to diagnose faults across
segments.
2.8.6
The failure modes that are detected by automatic diagnostics should be documented in
the safety manual along with the related diagnostic intervals.
2.8.7
The failure modes that are not detected by automatic diagnostics should be documented
in the safety manual along with associated failure rates due to both random hardware
failures and communications errors in the operating environment.
2.8.8
The hardware fault tolerance should be documented in the safety manual and should
meet the requirements of ANSI/ISA-84.00.01 Part 1, Clause 11.4.
2.8.9
The response time of the Safety Fieldbus should be documented in the safety manual,
together with hardware and/or configuration requirements necessary to achieve the
response time.
2.9
Testability
2.9.1
The operation of any new or modified Safety Fieldbus should be validated against the
SRS. Determination that proper communication occurs is not sufficient for validation or
periodic testing. Individual elements of the system should be periodically tested to
demonstrate that the element operates according to the SRS.
2.9.2
Tests of individual elements should demonstrate that the Safety Fieldbus has been
properly integrated with other system elements. The integration tests should proceed
according to documented specifications. Integration tests should include devices on the
Safety Fieldbus and host systems including engineering, maintenance, and operational
interfaces.
2.9.3
Fieldbus applications should be restricted to functions that have been validated through
formal documented proof test procedures supported by written specifications.
2.9.4
2.9.5
Specifications and tests should have clearly defined boundaries with sufficient overlap to
assure complete test coverage.
3
3.1
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
ISATR84.00.06
15
ISATR84.00.06
3.2
Every Safety Fieldbus should be designed and managed to achieve the safety
requirements throughout all ten lifecycle phases shown in Table 3.1. The phases include
initial design and implementation, as well as long-term operation and maintenance (which
includes modifications such as changes, additions and deletions).
3.3
Any Safety Fieldbus should adhere to the nine basic criteria outlined in Section 2 above.
3.4
Any Safety Field bus that has already been commissioned and is in the operation and
maintenance phase of its Safety Lifecycle is most vulnerable to problems whenever
modifications are performed. Table 3.1 provides guidance to Safety Fieldbus users
regarding which lifecycle phases should be addressed due to these modifications,
additions or deletions. The lifecycle phases addressed are dependent on the nature of
the modification, addition or deletion. Ultimately, the modified Safety Fieldbus should
conform to the nine basic criteria.
3.5
3.6
The first lifecycle phase involves the use of hazard and risk analysis to identify the safety
functions needed to achieve or maintain a safe state of the process equipment in
response to unacceptable hazardous condition. The phase is independent of SIS
technology. Therefore, the application of a Safety Fieldbus within the SIS does not
generate additional requirements outside those already specified in ANSI/ISA-84.00.012004.
3.7
The second lifecycle phase involves allocating the safety functions to protection layers
(also known as classifying).
3.8
The third through seventh lifecycle phases (i.e., SIS SRS, SIS Design & Engineering, SIS
Installation, Commissioning and Validation, SIS Operation and Maintenance and
Management of Change) should consider adherence to the nine basic criteria outlined in
this technical report. Modifications to the Safety Fieldbus should be carefully analyzed to
ensure that Safety Fieldbus functionality is not compromised.
3.9
3.10
The ninth lifecycle phase (SIS verification) is primarily a lifecycle process check.
Consequently, there are no specific requirements that need to be addressed as part of
this phase.
3.11
The tenth and last lifecycle phase is primarily an auditing step to determine whether or
not the desired functional safety has been achieved by a SIS. This phase evaluates the
SIS to determine whether it is achieving the desired functional safety with regard to the
Safety Requirements, Speed of Response, Interoperability, Operation and Testability.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Fieldbus segment require anywhere from no functional testing to full recursive testing of
each criteria for each device on that bus (i.e., infinite testing permutations).
ISATR84.00.06
16
Table 3.1 Lifecycle phases
ANSI/ISA
84.00.01
Lifecycle
Phase
Lifecycle
Phase
Description
Applicable
Safety
Fieldbus
Criterion
Considerations
During Initial
SIS Safety
Fieldbus Design
&
Implementation
Hazard and
Risk
Assessment
None apply.
None
apply.
Hazard and risk
assessment are
process related
and
are
independent of
SIS technology.
None apply.
Allocation of
safety
functions to
protective
layers.
Safety
Requirements
(Clause 2.1)
Safety
Requirements
(Clause 2.1)
SIS Safety
Requirements
Specification
(SRS).
All apply:
Safety
Requirement
s (Clause
2.1)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Fault
Tolerance
(Clause 2.4)
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
Interoperability
(Clause 2.3)
All
Safety
Fieldbus criterion
requirements
need to be met
during
initial
design of the SIS
Safety Fieldbus.
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
17
ANSI/ISA
84.00.01
Lifecycle
Phase
Lifecycle
Phase
Description
Applicable
Safety
Fieldbus
Criterion
Considerations
During Initial
SIS Safety
Fieldbus Design
&
Implementation
ISATR84.00.06
Fieldbus?
Same as for additions
Parameter changes (For example set
point change.)
o Clause 2.6 but only for the SIF
being modified.
o Clause 2.8 but only for the . SIF
being modified.
o Clause 2.9 but only for the SIF
being modified.
4
SIS Design
and
Engineering
Includes
Factory
Acceptance
Test (FAT)
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
SIS
Installation,
Commissionin
g and
Validation
Site
Acceptance
Test (SAT)
All apply:
Safety
Requirement
s (Clause
2.1)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Fault
Tolerance
(Clause 2.4)
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
All apply
Additions:
Same as for Phase 3 above.
Deletions:
Same as for Phase 3 above.
Modifications in Segments:
Same as for Phase 3 above.
What is the
best SIS Safety
Fieldbus
installation for
the
application?
Has the SIS
Safety Fieldbus
been installed
per installation
guidelines?
Was the SIS
Safety Fieldbus
installed by
qualified
personnel?
Additions:
Same as for Phase 3 above.
Deletions:
Same as for Phase 3 above.
Modifications:
Same as for Phase 3 above.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
ANSI/ISA
84.00.01
Lifecycle
Phase
Lifecycle
Phase
Description
SIS Operation
and
Maintenance
Modification
Decommissioning
18
Applicable
Safety
Fieldbus
Criterion
Considerations
During Initial
SIS Safety
Fieldbus Design
&
Implementation
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
Were
operations
personnel
properly trained
on the SIS
Safety
Fieldbus?
Were
maintenance
personnel
properly trained
on the SIS
Safety
Fieldbus?
None apply as
this Phase only
addresses SIS
modifications.
Safety
Requirement
s (Clause
2.1)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Fault
Tolerance
(Clause 2.4)
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
Safety
Requirement
s (Clause
2.1)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Fault
Tolerance
(Clause 2.4)
Operation
(Clause 2.6)
Diagnostics
Additions:
Same as for Phase 3 above.
Deletions:
Same as for Phase 3 above.
Modifications:
Same as for Phase 3 above.
This phase is
important from
an overall SIS
standpoint but
is independent
of SIS
technology
selection.
This phase
would have the
same effect on
Safety Fieldbus
as modification.
Deletions:
Same as for Phase 3 above.
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
19
ANSI/ISA
84.00.01
Lifecycle
Phase
Lifecycle
Phase
Description
SIS
Verification
10
SIS Functional
Safety
Assessment
Applicable
Safety
Fieldbus
Criterion
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
None apply
All apply:
Safety
Requirement
s (Clause
2.1)
Speed of
Response
(Clause 2.2)
Interoperabilit
y (Clause
2.3)
Fault
Tolerance
(Clause 2.4)
Security
(Clause 2.5)
Operation
(Clause 2.6)
Diagnostics
(Clause 2.7)
Documentati
on (Clause
2.8)
Testability
(Clause 2.9)
Considerations
During Initial
SIS Safety
Fieldbus Design
&
Implementation
ISATR84.00.06
None apply
Definitions
4.1
Fieldbus a digital, two-way, multi-drop communication link among controllers and its
remote I/Os, sensors, actuators and inter-networking components.
4.2
Safety Fieldbus a Fieldbus whose purpose is to implement safety functions that achieve
or maintain a safe state of the process when abnormal process conditions are detected to
reduce the risk of an identified hazardous event.
4.3
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISATR84.00.06
20
References
5.1
5.2
5.3
5.4
5.5
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT
ISBN: 978-1-936007-33-2
--``,,`,`,`,````,``,`,``,``,``,,-`-`,,`,,`,`,,`---
Licensee=BP International/5928366101
Not for Resale, 10/04/2012 08:03:00 MDT