Safety instrumented system
A safety instrumented system (SIS) consists of an engineered set of hardware and software controls which are especially used on critical process systems.
What a SIS shall do (the functional requirements) and how well it must perform (the safety integrity requirements) may be determined from Hazard and operability studies (HAZOP), layers of protection analysis (LOPA), risk graphs, and so on. All techniques are mentioned in IEC 61511 and IEC 61508. During SIS design, construction, installation, and operation, it is necessary to verify that these requirements are met. The functional requirements may be verified by design reviews, such as failure modes, effects, and criticality analysis (FMECA) and various types of testing, for example factory acceptance testing, site acceptance testing, and regular functional testing.
The safety integrity requirements may be verified by reliability analysis. For SIS that operates on demand, it is often the probability of failure on demand (PFD) that is calculated. In the design phase, the PFD may be calculated using generic reliability data, for example from OREDA. Later on, the initial PFD estimates may be updated with field experience from the specific plant in question.
It is not possible to address all factors that affect SIS reliability through reliability calculations. It is therefore also necessary to have adequate measures in place (e.g., procedures and competence) to avoid, reveal, and correct SIS related failures.
A formal process of hazard identification is performed by the project team engineers and other experts at the completion of the engineering design phase of each section of the process, known as a Unit of Operation. This team performs a systematic, rigorous, procedural review of each point of possible hazard, or "node", in the completed engineering design. This review and its resulting documentation is called a HAZOP study. A HAZOP study typically reveals hazardous scenarios which require further risk mitigating measures which are to be achieved by SIFs. Via a Layer of Protection Analysis (LOPA) or some other approved method, Integrity Levels (IL) are defined for the SIFs in their respective scenarios. The Integrity Levels may be categorised as Safety Integrity Level (SIL) or Environmental Integrity Level (EIL). Based on HAZOP study recommendations and the IL rating of the SIFs; the engineering (including the BPCS and the SIF designs) for each unit operation is finalized.
A SIS is engineered to perform "specific control functions" to failsafe or maintain safe operation of a process when unacceptable or dangerous conditions occur. Safety Instrumented Systems must be independent from all other control systems that control the same equipment in order to ensure SIS functionality is not compromised. SIS is composed of the same types of control elements (including sensors, logic solvers, actuators and other control equipment) as a Basic Process Control System (BPCS). However, all of the control elements in an SIS are dedicated solely to the proper functioning of the SIS.
The specific control functions performed by an SIS are called Safety Instrumented Functions (SIF). They are implemented as part of an overall risk reduction strategy which is intended to eliminate the likelihood of a previously identified SH&E event that could range from minor equipment damage up to an event involving an uncontrolled catastrophic release of energy and/or materials.
The safe state must be achieved in a timely manner or within the "process safety time".
The correct operation of an SIS requires a series of equipment to function properly. It must have sensors capable of detecting abnormal operating conditions, such as high flow, low level, or incorrect valve positioning. A logic solver is required to receive the sensor input signal(s), make appropriate decisions based on the nature of the signal(s), and change its outputs according to user-defined logic. The logic solver may use electrical, electronic or programmable electronic equipment, such as relays, trip amplifiers, or programmable logic controllers. Next, the change of the logic solver output(s) results in the final element(s) taking action on the process (e.g. closing a valve) to bring it to a safe state. Support systems, such as power, instrument air, and communications, are generally required for SIS operation. The support systems should be designed to provide the required integrity and reliability.
International standard IEC 61511 was published in 2003 to provide guidance to end-users on the application of Safety Instrumented Systems in the process industries. This standard is based on IEC 61508, a generic standard for functional safety including aspects on design, construction, and operation of electrical/electronic/programmable electronic systems. Other industry sectors may also have standards that are based on IEC 61508, such as IEC 62061 (machinery systems), IEC 62425 (for railway signalling systems), IEC 61513 (for nuclear systems), and ISO 26262 (for road vehicles). SIL Validation reports.
Other terms often used in conjunction with and/or to describe safety instrumented systems include:
- Critical control system
- Safety shutdown system
- Protective instrumented system
- Equipment protection system
- Emergency shutdown system
- Safety critical system
- Interlock (engineering)
- Interlocking (railway signalling)
- Wrap around protection
- Emergency shutdown systems
- Process shutdown systems
- Distributed control system, (DCS).
- Industrial control systems, (ICS).
- Industrial safety systems
- Spurious trip level
- Safety integrity level, (SIL).
- ISO 26262
- IEC 61511
- ANSI Standards Purchase IEC 61511
- Safety Equipment Reliability Handbook, 4th Edition for use in Safety Instrumented System (SIS) conceptual design verification in the process industry
- ISA Standards Purchase ANSI/ISA 84.00.01-2004
- Center for Chemical Process Safety book, Guidelines for Safe and Reliable Instrumented Protective Systems
- Article about performance level d
- Example Safety Requirement Specification (SRS) document