It’s hard to believe that the IEC61511 standard has been in existence since 2003, and most companies operating in the process, chemical, and refining industries (or any other hazardous process manufacturer) have adopted its practices. It’s also significant that any plants that were built back then with a Safety Instrumented System (SIS) will now be halfway through their useful life. This begs the question of how well have companies been recording the performance of their SIS systems, in terms of failures, spurious trips, and proof testing results? IEC 61511 defines a safety lifecycle that covers the complete lifecycle for a SIS, including operation and maintenance. Specifically, IEC 61511-1 clause 16 addresses SIS operation and maintenance, which specifies that operation and maintenance planning for the SIS shall be carried out with operation and maintenance procedures being developed in accordance with this safety planning.
What this means is that, during operation and maintenance, the Safety Integrity Level (SIL) of each Safety Instrumented Function (SIF) within the SIS needs to be maintained, as well as ensuring the SIS maintains the designed functional safety for the plant/process.
Operation and maintenance planning for the SIS involves covering routine and abnormal activities:
- Proof testing, preventative, and breakdown maintenance activities
- Procedures, measures, and techniques for operation and maintenance
- Verification of adherence to operations and maintenance procedures
- Timing for these activities and the responsible personnel
More importantly, the results of any system failures and demand rates placed on the SIS have to be recorded, along with the results of any audits and tests performed on the SIS. This includes Proof Test results. This means that operators need to be properly trained to ensure they understand how the SIS functions (what are the trips points and the expected actions to be taken by the SIS), the hazards the SIS is protecting against, the operation of bypasses and under what circumstance these are used, what action has to be taken when a SIS diagnostic alarm occurs. Maintenance personnel will also need to be trained to be able to sustain full functional performance of the SIS (in terms of hardware and software) to its targeted integrity.
So some important questions are:
- How well trained are your operations and maintenance personnel?
- How often are they evaluated?
- How well do they record spurious trips and/or abnormal test results?
- How good is the documentation system and is it automated?
- How do they ensure the SIL of any SIFs is maintained after modification?
- How frequently is the SIS audited?
We at exida recognize that fulfilling the requirements of IEC 61511 Clause 16 is demanding and requires the appropriate level of training for operations and maintenance personnel, along with proper operation and maintenance procedures. Testing and documenting the performance of the SIS is an essential part of ensuring that the SIS is able to fulfill its designed functional safety requirements. This is especially true as the SIS approaches its end of useful life.