Is Your SIS Up to Current Standards?

People charged with process safety should review existing safety instrumented system designs, understand the standards, and know that certification doesn’t necessarily mean equipment standards are met.

By Paul Gruhn, P.E., ISA Fellow, Global Process Safety Consultant, Rockwell Automation

Editor's Note: This article is adapted from Paul's full white paper, “Is your existing Safety Instrumented System up to current standards?” Visit http://goo.gl/2aHIXA to download this free, comprehensive white paper to learn even more about SISs, standards and how to determine if your systems comply.

Process safety is a major concern to anyone who works in a process facility. An estimated 25,000 facilities covered by the Occupational Safety and Health Administration (OSHA) Process Safety Management of Highly Hazardous Chemicals regulation will most likely have safety instrumented systems (SIS), also known as emergency shutdown systems.

Guidelines and standards for the design and implementation of safety systems have been in place in a variety of industries since the 1990s. Many things change, even standards. However, many other things don't change — or change very little — such as industrial processes that have been running for decades.

So what are you expected to do with safety systems installed prior to current standards? Are previous designs automatically assumed to be acceptable, or must all older systems be ripped out and replaced? We explore this topic.

How can I determine if my existing system is acceptable?

There are two fundamental steps to determine if your existing systems are acceptable:

• Step #1: Identify all safety instrumented functions (SIFs) and determine what level of performance they need to meet — that is, determine the required SIL of each SIF.

• Step #2: Analyze/model/calculate the performance of the actual hardware to see if it will meet the required performance.

To help address step one, Figure 1 shows the performance requirements for the different SILs. Part 3 of the standard summarizes several different techniques used around the world for determining SIL, including the risk matrix, risk graph and layer of protection analysis (LOPA). It's worth noting a statement made in the introduction that says, “The information provided is not of sufficient detail to implement any of these approaches.”

According to the U.S. process safety management regulation, process hazard analyses must be reviewed every five years. Such review cycles are an ideal time to formally identify all safety functions and determine their required performance targets.

To address step #2, many standards, technical reports and books exist that describe how to analyze hardware performance hardware to see if it will meet the required performance. For example, Clause 11.9 of the standard requires the performance of a function to be verified by a calculation. The standard also includes fault-tolerant tables to show what configurations of logic solvers and field devices are suitable for different integrity levels. Figure 2 shows examples of technologies and configurations that can meet different integrity levels.

For example, let's imagine that your team performs a SIL selection/determination study and determines that a function needs to meet SIL 1. The function and its field devices are separate from the control system. The safety hardware consists of a pressure switch, wired to a relay logic panel, which is then wired to a single solenoid operated valve. All of the components are tested on a yearly basis. Such hardware would meet SIL 1 performance levels, and no changes would be necessary.

However, let's say the function needed to meet SIL 2 and consists of a single standard transmitter, wired to a general purpose programmable logic controller (PLC), which is then wired to a single solenoid operated valve. Such a configuration would not meet SIL 2 performance requirements, nor the fault tolerance table requirements, and a change would be necessary. There are exceptions to every rule, but those are beyond the scope of this article.

Does using certified devices mean you will now comply?

There is a growing — and disturbing — trend for users to specify that all field devices be SIL rated and third-party certified, usually to SIL 2 requirements. Vendors might also be using scare tactics to get users to replace older noncertified devices with newer certified ones.

The standards are clear that devices don't require certification. They have always permitted the use of devices based on “proven-in-use” criteria. However, many end users find it difficult to thoroughly document the proven-in-use criteria.

However, using certified devices isn't the magic answer, and using such devices alone doesn't mean a company will be in compliance with the standards.

Safety Leaders Must Keep Up

Process safety remains a concern, with SIS standards constantly changing. People charged with maintaining the safety of the facility must not only familiarize themselves with the latest standards, but with so-called “grandfather clauses” such as in ISA 84. Process safety involves a comprehensive understanding of these standards and how they correlate to age old industrial processes that have not changed.

Your safety instrumented systems supplier can help you determine if your current equipment meets the standards in place and help you select the solution that can meet your requirements based on cost, safety integrity level, performance, and availability.

Rockwell Automation Process Solutions

The Journal From Rockwell Automation and Our PartnerNetwork is published by Putman Media, Inc.


Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Recommended For You