I am often asked whether extending proof test intervals will be a problem. 

This is a tricky question. The design and engineering SIL calculations for the Safety Instrumented Functions (SIFs) are taking credit for a specific proof test interval with a defined level of coverage, as defined within the Safety Requirements Specification (SRS), thereby providing a defined level of risk reduction. By extending the proof test interval, the operations team could be increasing risk by reducing the effectiveness of the SIF.

Therefore, it depends. For example, if the proof test interval was defined as 18 months and we miss the planned date by 2 weeks, it’s not going to have a major impact; although, it should be recorded for further review under the FSA 4 requirements (i.e. the periodic performance review). However, if the 18-month interval is missed by 2 months, this will have a detrimental impact on the SIF(s) risk reduction (i.e. lower RRF for low-demand SIFs). The general rule of thumb is to not exceed the proof test interval by more than 10%.

One of the primary intentions of IEC61511 is for end users to be able to measure and assess performance, ensuring the Safety Instrumented System (SIS) and its SIFs are achieving the design and performance requirements targets defined within the SRS. The plant operations team needs to be able to clarify and reconfirm the length of the request, as well as review the design assumptions and the basis for the calculation. The team must also consider published failure rates and the site history with the SIF(s) and its associated equipment, together with the consequences if the device fails to function as defined. 

If the team finds that the performance of the SIS and its SIFs, in terms of reliability performance, is better than originally designed, then consideration can be given to extending the proof test interval. If this is the case, then a re-verification of the SIF(s) risk reduction (SIL) will be required with the revised proof test interval, assuming the same proof test coverage factor. Usually, this is performed as a “cold-eye” review by an independent third party.

Typically, the site team has a work process that guides the effort to maintain the quality and validity of the review to ensure consistency and level of confidence in the process.  

The high-level work process to address the proof test extension:

• Document scope and length of extension 
• Review design basis 
• Review the engineering calculations 
• Review the assumptions 
• Review the consequences of failure to operate as designed
• Cold-eye review by third party 
• Document finding, recommendations, and justification 

A key point to communicate to the plant manager and all stakeholders is this: “A thorough review of the proof test points listed above may document findings and a recommendation that the proof test cannot be extended.” However, there are cases in which enough confidence of review guarantees the performance level and a limited approach to the length of time of the request justifies an extension. 

For a quick overview of proof test coverage and how it affects the SIL rating of SIFs,check out this video.