This is a topic which comes up time and again, especially when reviewing legacy systems.  Although IEC61511 doesn’t preclude the use of shared devices, it does however provide guidance under Clause 11 of what the constraints are.  Even though the Safety Instrumented System (SIS) and Basic Process Control System (BPCS) may be performing similar functions, the reliability requirements are somewhat different.  The SIS is specifically designed for the purpose of mitigating risk, which means it can act in multiple ways to prevent multiple harmful outcomes.  The individual Safety Instrumented Functions (SIFs) within a SIS will have specific integrity requirements (SILs) defined that must be met.  One of the SIF design objectives is to meet the systematic requirements of IEC61511.  This means that the choice and justification of the equipment used in a SIF can only be via the use of IEC61508 certified equipment or Prior Use justification.  These requirements do not apply to the BPCS.

Typically, what we at exida have seen, is that the final element has often been shared between the SIS and the BPCS.  This poses two issues.  Firstly, depending upon the SIF SIL target, the BPCS equipment, including the application software, would need to meet the SIL requirements.  If this is not the intent then the SIS and BPCS equipment must be separated; secondly, the valve would need to meet the systematic requirement.  If the valve is not certified then a Prior Use justification would be required, along with a common cause analysis.  The purpose of the common cause analysis would be to ensure that the probability of the dangerous failure of the shared device due to common cause, was sufficiently low enough.  More often, than not, failure of the shared device places an additional demand on the SIS and, at the same time, reduces the overall SIS and SIF reliability.  This is not a good position to be in.

Wherever possible, it should be the intention of separating SIS and BPCS equipment to enable the integrity of the SIS to be maintained and not compromised, as a direct consequence of the common cause introduced by sharing components.

If you would like to know more about the implications of sharing devices, then look out for the upcoming webinar on the subject.

Related Items

exida Functional Safety Services for the Process Industry

Tagged as:     Steve Gandy     SIS     IEC 61511     BPCS  

Other Blog Posts By Steve Gandy