Safety instrumented system


A safety instrumented system consists of an engineered set of hardware and software controls which are especially used on critical process systems.

Examples

Safety instrumented systems are most often used in process facilities to provide protection such as:
A critical process system can be identified as one which, once running and an operational problem occurs, may need to be put into a "Safe State" to avoid adverse Safety, Health and Environmental consequences. A Safe State is a process condition, whether the process is operating or shutdown, such that a hazardous SH&E event cannot occur.
Examples of critical processes have been common since the beginning of the Industrial Age. One of the more well known critical processes is the operation of a steam boiler. Critical parts of the process would include the lighting of the burners, controlling the level of water in the drum, and controlling the steam pressure.

Requirement specification

What a SIS shall do and how well it must perform may be determined from Hazard and operability studies, layers of protection analysis, risk graphs, and so on. All techniques are mentioned in IEC 61511 and IEC 61508. During SIS design, construction, installation, and operation, it is necessary to verify that these requirements are met. The functional requirements may be verified by design reviews, such as failure modes, effects, and criticality analysis and various types of testing, for example factory acceptance testing, site acceptance testing, and regular functional testing.
The safety integrity requirements may be verified by reliability analysis. For SIS that operates on demand, it is often the probability of failure on demand that is calculated. In the design phase, the PFD may be calculated using generic reliability data, for example from OREDA. Later on, the initial PFD estimates may be updated with field experience from the specific plant in question.
It is not possible to address all factors that affect SIS reliability through reliability calculations. It is therefore also necessary to have adequate measures in place to avoid, reveal, and correct SIS related failures.

Hazard identification

A formal process of hazard identification is performed by the project team engineers and other experts at the completion of the engineering design phase of each section of the process, known as a Unit of Operation. This team performs a systematic, rigorous, procedural review of each point of possible hazard, or "node", in the completed engineering design. This review and its resulting documentation is called a HAZOP study. A HAZOP study typically reveals hazardous scenarios which require further risk mitigating measures which are to be achieved by SIFs. Via a Layer of Protection Analysis or some other approved method, Integrity Levels are defined for the SIFs in their respective scenarios. The Integrity Levels may be categorised as Safety Integrity Level or Environmental Integrity Level. Based on HAZOP study recommendations and the IL rating of the SIFs; the engineering for each unit operation is finalized.

System design

A SIS is engineered to perform "specific control functions" to failsafe or maintain safe operation of a process when unacceptable or dangerous conditions occur. Safety Instrumented Systems must be independent from all other control systems that control the same equipment in order to ensure SIS functionality is not compromised. SIS is composed of the same types of control elements as a Basic Process Control System. However, all of the control elements in an SIS are dedicated solely to the proper functioning of the SIS.
The specific control functions performed by an SIS are called Safety Instrumented Functions. They are implemented as part of an overall risk reduction strategy which is intended to eliminate the likelihood of a previously identified SH&E event that could range from minor equipment damage up to an event involving an uncontrolled catastrophic release of energy and/or materials.
The safe state must be achieved in a timely manner or within the "process safety time".

Equipment

The correct operation of an SIS requires a series of equipment to function properly. It must have sensors capable of detecting abnormal operating conditions, such as high flow, low level, or incorrect valve positioning. A logic solver is required to receive the sensor input signal, make appropriate decisions based on the nature of the signal, and change its outputs according to user-defined logic. The logic solver may use electrical, electronic or programmable electronic equipment, such as relays, trip amplifiers, or programmable logic controllers. Next, the change of the logic solver output results in the final element taking action on the process to bring it to a safe state. Support systems, such as power, instrument air, and communications, are generally required for SIS operation. The support systems should be designed to provide the required integrity and reliability.

International standards

International standard IEC 61511 was published in 2003 to provide guidance to end-users on the application of Safety Instrumented Systems in the process industries. This standard is based on IEC 61508, a generic standard for functional safety including aspects on design, construction, and operation of electrical/electronic/programmable electronic systems. Other industry sectors may also have standards that are based on IEC 61508, such as IEC 62061, IEC 62425, IEC 61513, and ISO 26262.

Related concepts

Other terms often used in conjunction with and/or to describe safety instrumented systems include: