Functional Safety Engineering

FUNCTIONAL SAFETY COURSE

SAFETY INSTRUMENTED SYSTEMS
FOR
ENGINEERS
USING
IEC 61511 AND IEC 61508
 Function Safety Engineering

Objective of this Workshop

To provide a basic knowledge of the fundamental principles of

functional safety and good practice in the specification, design and
management of safety instrumented systems in the process industry

To encourage a multi-disciplined approach to the management of

functional safety
 Function Safety Engineering

Content of the Workshop

Overview of key topics of interest covering the design and

implementation of safety instrumented systems based on
the functional safety lifecycle.

The workshop uses the functional safety lifecycle as a

framework for applying the standards IEC 61508 and IEC
61511
 Function Safety Engineering

Contents

 Functional Safety Lifecycle

 Hazard and Risk Analysis
 Risk Reduction and Safety Allocation
 Safety Integrity Level Determination Methods
 Achieving Safety and Availability Targets
 Hardware
 Safety Integrity Level Verification Methods
 Software
 Diagnostics and Proof Testing
 Function Safety Engineering
Safety Through Layers of Protection Slide acknowledgement: Emerson

Plant and x x
Emergency Emergency response layer
Response
Mitigate
Dike Passive protection layer

Relief valve,
Active protection layer
Rupture disk

Safety Emergency
Instrumented Safety layer
System Shut Down
Prevent Trip level alarm
Process
Operator
Shutdown Process control layer
Intervention

Process alarm
Basic
Process Process Process control layer
Control Value Normal behaviour
System
 Function Safety Engineering

What is Functional Safety?

 A safety system is functionally safe if:

 Random, common cause and systematic failures do not
lead to malfunctioning of the safety system and do not
result in:
 Injury or death of humans
 Spills to the environment
 Loss of equipment or production
 Function Safety Engineering

Functional Safety Standards

 For safety instrumented systems there are two

important standards when it comes to functional
safety:

 IEC 61508: Functional safety of electrical/electronic /

programmable electronic safety-related systems

 IEC 61511 / ANSI/ISA 84.00.01 Modified: Functional

Safety: safety instrumented systems for the process
industry sector
 Function Safety Engineering
Introducing Standard IEC61508

International Electro-technical Commission

Title:
Functional safety of electrical/electronic/programmable electronic safety-
related systems –

Part 0: Introduction to functional safety

Part 1: General requirements
Part 2: Requirements for electrical / electronic /programmable
electronic systems
Part 3: Software requirements
Part 4: Definitions and abbreviations
Part 5: Examples of methods for the determination of safety
integrity levels
Part 6: Guidelines on the application of parts 2, 3
Part 7: Overview of techniques and measures
 Function Safety Engineering

Umbrella Standard

IEC 61508

IEC 61511 IEC 61513

Process Nuclear
Industry Industry

EN 50128 ANSI/ISA EN 50402 IEC 62061

Railway 84.00.01 Pressure Machinery
Process Sensors
Industry
 Function Safety Engineering

Application Area of IEC 61508

 The IEC 61508 applies:

 To any electrical/ electronic / programmable electronic
(E/E/PE) safety related systems
 Especially where no functional safety standard exists
 Anywhere in the world where it is accepted
 Function Safety Engineering

Application Area of IEC 61508

 Typical applications are:

 Programmable electronic system (PES)
 Safety instrumented systems (SIS)
 Emergency shutdown systems (ESD)
 High integrity pressure protection systems (HIPPS)
 Burner management systems (BMS)
 Fire and gas system (F&G)
 High speed over protection system
 Emergency brake of a train
 Function Safety Engineering

IEC61511
Functional Safety- Safety Instrumented Systems for the Process Industry
Sector

Part 1: Framework, definitions, system hardware and software requirements

Part 2: Guidelines in the application of part 1

Part 3: Guidance for the determination of safety integrity levels

IEC: International Electro technical Commission,

PO Box 131, CH –1211, Geneva, Switzerland
Webstore at www.iec.ch.
 Function Safety Engineering

Application Area of IEC 61511

 IEC 61511 applies:

 To safety instrumented system
 Instruments (E/E/PE or not)

 Logic solver (E/E/PE or not)

 Actuators (E/E/PE or not)

 Function Safety Engineering

IEC 61508 vs. IEC 61511

Process Sector
Safety Instrumented System Standards

Manufacturers and Safety Instrumented

suppliers of devices Systems designers,
IEC 61508 Integrators and users
IEC 61511
 Function Safety Engineering

Safety Integrity Level

 What is this SIL?

 First of all it is a qualitative measure of safety
 Second, it is a quantitative reliability metric
 There are 4 SIL levels, 1-4

 What is not SIL?

 Only a probability calculation …
 Function Safety Engineering
Safety Instrumented Systems act independently of the process or
its control system to try to prevent a hazardous event.

Control
System

Operating
Equipment

SIS
 Function Safety Engineering
The SIS achieves risk reduction by reducing the frequency
(likelihood) of the hazardous event

Control
System

Operating
Equipment

SIS
 Function Safety Engineering
The amount of risk reduction allocated to the SIS determines its
“target Safety Integrity Level” i.e. SIL

Control
System

Operating
Equipment

SIS
 Function Safety Engineering
Safety Integrity Level

 Three important SIL properties

 Applies to the complete safety function/loop
 Higher SIL means stricter requirements
 There are technical and non-technical requirements

SIL PFD Safety Availability Risk Reduction

4 0.0001 - 0.00001 0.9999 – 0.99999 10000 - 100000

3 0.001 – 0.0001 0.999 – 0.9999 1000 - 10000
2 0.01 – 0.001 0.99 – 0.999 100 – 1000
1 0.1 – 0.01 0.9 – 0.99 10 - 100
 Function Safety Engineering
Summary of IEC61511 Safety Lifecycle Phases

Scope of the plant, identify the hazard and evaluate the risks
1

Define the risk reduction requirements. Allocate to

protection layers. Define SIFs and SILs 2and 3

Detailed engineering activities

Verification 8 4
to design and build the SIS

Installation, commissioning and validation

stages 5

7 Manage the modifications Operating and maintenance regime 6

De-commissioning 8
 Function Safety Engineering

Scope of a Safety Instrumented System

Logic solver

Sensor Logic Solver Actuator

(Hardware and Software)
 Function Safety Engineering
Risk Parameters: SIL Classification by Risk Parameters Chart W3 W2 W1

C – Extent of Damage a - -
CA
CA: Slight injury PA 1 a -
CB: Severe irreversible injury to FA
one or more persons or death CB PB
of a person
CC: Death of several persons FB 2 1 a
CD: Catastrophic consequences PA
multiple deaths Starting FA
CC PB
point 3 2 1
F – Frequency & Exposure time FB
PA
FA: Seldom to relatively frequent FA
FB: Frequent to continuous CD PB 4 3 2
P – Hazard Avoidance / Mitigation FB PA
b 4 3
PA: Possible under certain conditions PB
PB: Hardly possible
W – Occurrence Probability - = No safety requirements
a = No special safety
W1: Very low requirements
W2: Low b = A single E/E/PES is not
W3: Relatively high sufficient
1,2,3,4 = Safety integrity level
 Function Safety Engineering
SIL Classification by Risk Parameters Chart: W3 W2 W1
Example
Risk Parameters:
a - -
C – Extent of Damage
C – Extent of Damage CA
PA 1 a -
CA: Slight injury FA
CB: Severe irreversible injury to
one or more persons or death CB PB
of a person FB 2 1 a
CC: Death of several persons
CD: Catastrophic consequences Starting PA
FA
multiple deaths point CC PB
3 2 1
F – Frequency & Exposure time FB
FA: Seldom to relatively frequent PA
FB: Frequent to continuous FA
CD PB 4 3 2
FB PA
P – Hazard Avoidance / Mitigation
PA: Possible under certain conditions b 4 3
PB
PB: Hardly possible

W – Occurrence Probability - = No safety requirements

W1: a = No special safety requirements
W2: Very low b = A single E/E/PES is not
W3: Low sufficient
Relatively high 1,2,3,4 = Safety integrity level
Function Safety Engineering

End