The international standard IEC/EN 61508 has been widely accepted as the basis for the specification, design, and operation of safety instrumented systems (SIS). In general, IEC/EN 61508 uses a formulation based on risk assessment: An assessment of the risk is undertaken and, on the basis of this assessment, the necessary safety integrity level (SIL) is determined for components and systems with safety functions. SIL-evaluated components and systems are intended to reduce the risk associated with a device to a justifiable level or “tolerable risk.”
When considering safety in the process industry, there are several relevant national, industry, and company safety standards used when determining and applying safety within a process plant.
- IEC/EN 61508 (product manufacturer)
- IEC/EN 61511 (user)
- ISA84.01 (USA) (user)
These standards need to be implemented by the process owners and operators with the relevant health, energy, waste, machinery, and other directives. These standards, which include terms and concepts that are well-known to specialists in the safety industry, may be unfamiliar to the general user in the process industries.
Essentially, the standards give the framework and direction for the application of the overall safety life cycle (SLC), covering all aspects of safety, including conception, design, implementation, installation, commissioning, validation, maintenance, and decommissioning.
The standard IEC/EN 61508 deals specifically with functional safety relating to electrical, electronic, and programmable electronic safety-related systems (E/E/PES). Manufacturers of process instrumentation interface equipment develop and validate devices following the demands of IEC/EN 61508 and provide the relevant information to enable the use of these devices by others within their SIS.
To implement their strategies within these overall safety requirements, plant operators and designers of safety systems follow the directives of IEC/EN 61511, utilizing equipment developed and validated according to IEC/EN 61508 to achieve their defined SIS.
Within the SLC, the various phases or steps may involve different personnel, groups, or even companies to carry out the specific tasks. For example, the steps can be grouped together and the various responsibilities understood as identified below.
The first five steps can be considered as an analytical group of activities and would be carried out by the plant owner/end user, probably working together with expert consultants:
- Overall scope definition
- Hazard and risk analysis
- Overall safety requirements
- Safety requirements allocation
The outputs of these definitions and requirements are considered the inputs to the next stages of activity.
The implementation group comprises the next eight steps and would be conducted by the end user together with chosen contractors and equipment suppliers.
- Operation and maintenance planning
- Validation planning
- Installation and commissioning planning
- Safety-related systems: E/E/PES implementation
- Safety-related systems: other technology implementation
- External risk reduction facilities implementation
- Overall installation and commissioning
- Overall safety validation
It must be noted that while each of these steps has a simple title, the work involved in carrying out the tasks can be complex and time-consuming.
The third group is essentially one of operating the process with its safeguards and involves the final three steps. These steps are normally carried out by the plant end user and contractors:
- Overall operation and maintenance
- Overall modification and retrofit
Within the overall SLC, we are particularly interested in considering Step 4 of the implementation phase in greater detail. This step deals with the aspects of any electrical/electronic/programmable electronic systems.
Two groups, or types, of subsystems are considered within the functional safety standards:
- The equipment under control (EUC) carries out the required manufacturing or process activity
- The control and protection systems implement the safety functions necessary to ensure that the EUC is suitably safe
Fundamentally, the goal here is the achievement or maintenance of a safe state for the EUC. You can think of the “control system” causing a desired EUC operation and the “protection system” responding to an undesired EUC operation.