Process industry safety standard IEC 61511 and its parent, functional safety standard IEC 61508, have been in existence for several years now, and have enjoyed widespread acceptance as an effective method for managing high levels of industrial risk. Despite this success, some may view these standards as another complex, onerous burden imposed by regulators, with little tangible benefit to the end user. However, as we will explore in this article, the reality is far different.
The standards, which have grown out of industry needs rather than being imposed from outside, bring considerable benefits if applied properly. These benefits take the form of improved safety, cost-effective design and maintenance processes, and reduced downtime – all of which impact positively on the bottom line. Compliance also helps to demonstrate to the authorities that all reasonable precautions are being taken to prevent major accidents, as required by safety legislation nowadays.
Functional safety concept
The underlying need for IEC 61511 arises from the fact that processes involve major hazards, with significant potential to cause losses and harm. The risk of these undesirable outcomes is a function of both their severity – for example, how many people injured or killed, and how much damage and lost production – and their frequency, that is, how often such an event can be expected to occur.
We seek to control these hazards by reducing the risk to a tolerable level. How we do that is up to us, but it usually involves a range of measures, some engineering,some procedural, and some down to process technology.
But even after applying as many of these measures as we can, it is likely that a number of risks will still be too high. Simply loading up our plants with more alarms, relief valves and operating procedures will not resolve the issue; a law of diminishing returns applies, for reasons beyond the scope of this article. In such cases, we have to go to our next line of defence: active, automated trip systems, known properly as safety instrumented systems (or SISs).
Because of the weight of risk- reducing responsibility placed on SISs, we must employ them with great care. There is no such thing as an off-the-shelf SIS, or a one-size-fits-all trip that we can simply install and forget. Each risk has to be matched with a custom- designed safety function from the SIS. If we don’t design, install and maintain these correctly, they are more likely to fail on demand, trip when not required, or provide insufficient protection against the harm we are seeking to avoid. For the process industry, our guiding hand through the complex and challenging world of SIS is the international standard IEC 61511. It explains that our SIS needs our attention from cradle to grave – and even before the SIS arrives in the cradle, when we are still wondering whether we need to install a SIS at all.
The standard addresses this lifetime care through the concept of a safety lifecycle. Broadly speaking, the lifecycle can be separated into three periods, in which we ask respectively:
• Do I need a SIS, and if so, what type?
• How can I design a SIS to meet that need?
• When I’m up and running, how can I make sure the
SIS keeps working?