Functional safety with IEC 61511 Edition 2: is your plant ready?
With the release of IEC 61511 Edition 2, Australian companies in the process industries will be required to achieve compliance, not only on greenfield sites, but existing sites as well.
The Australian release of IEC 61511 Edition 2 is almost upon us and one of the many updates includes the addition of a ‘grandfather’ clause that has been adopted from the ANSI/ISA 84.00.01-2004 standard.
What this essentially means is existing plants now have a responsibility to ensure compliance. The clause states:
“For existing Safety Instrumented Systems (SIS) designed and constructed prior to the issuance of this standard, the user shall determine that the equipment is designed, maintained, inspected, tested, and operated in a safe manner.”
It is no longer enough to implement current safety standards on greenfield sites and during plant upgrades — now brownfield installations must also comply. The question then is, does you organisation have the resources and skills to meet this extended compliance requirement? Engaging a functional safety consultant is therefore recommended to assist with adherence to these new requirements for existing plants built prior to 2003, which are now subject to the grandfather clause.
Additionally, if you are working on a new project, certified safety consultants can assist you to deploy proper safety solutions from initial concept, design and implementation, through to operation and maintenance.
Consultants can provide services that align with the AS IEC 61511 Safety Lifecycle (Figure 1). These services can assist plant owners to meet their obligations to comply with the standard, regardless of the lifecycle stage being examined. Whether it be from the preparation stage through to report finalisation, functional safety consultants work closely with clients to ensure that all gaps are bridged and the activity is carried out as efficiently and smoothly as possible.
The AS IEC 61511 Safety Lifecycle steps outlined below provide an insight into the value that can be provided by partnering with an experienced, certified process safety organisation. Each of the phases outlined in the IEC 61511-1 Safety Lifecycle (Figure 1) has a specific assessment process to ensure certified outcomes are met. The assessment process and implementation timing is described below.
Safety conceptual phase
Hazard and Risk Assessment (HAZOPs)
The very first step in the process safety lifecycle is to ensure all potential hazards in the process and the associated equipment are identified. This step is crucial, as all subsequent functional safety activities are designed around preventing these hazards or mitigating their impact.
Functional safety consultants work closely with the site plant engineers. All aspects of the safety process is scrutinised node by node to identify hazard and operational issues. During this critical assessment, safeguards including safety instrumented functions (SIFs) are identified and recorded for each of the situations.
Organisations should utilise experienced functional safety consultants who are skilled in systematic hazard identification methods to ensure all potential hazards in the process plant are identified. Upon completion of the Hazard and Risk Assessment, clients should be provided with:
- an overview of all possible unwanted disturbances and their initiating events;
- determination of existing or new SIFs and other safeguards for each hazard;
- documentation of the HAZOPs results and justification for safety functions;
- action planning for improvements of the process or required clarifications.
Safety Integrity Level (SIL) selection
The challenges faced by facilities include accurately budgeting for process safety equipment and allowing for the protection of people and plant, while complying with government regulations. Through following the Hazards and Risk Assessment, the IEC 61511 safety lifecycle model requires that identified SIFs are assigned a target measure of their reliability to perform the safety function.
Functional safety consultants facilitate this process in allocating Safety Integrity Levels (SILs) to the plant’s SIFs. This facilitation is normally achieved through a SIL selection workshop, where all required and critical information is collated providing comprehensive information to accurately select the safety integrity levels. Their aim is to provide a comprehensive and accurate result, to help plants protect their people and plant assets, and comply with legislation — while at the same time ensuring that expenditure on equipment is budgeted realistically. Using industry-proven methods, which include layers of protection analysis (LOPA), risk graphs and a risk matrix in SIL selection workshops, plants are provided with:
- a comprehensive list of all uniquely identified SIFs;
- the SIL target for each SIF with respect to people protection, environmental protection and asset protection;
- allocation of safety requirements to all layers of protection.
SIL verification
Functional safety consultants can help ensure legislative safety requirements are met prior to final plant design — avoiding costly redesign and rework of the process safety system — by determining the intended SIS design meets all safety targets specified in the SIL selection workshops. During the verification process, if SIFs are found not to meet their target SIL, consultants will investigate options and advise the best course of action to take to reach a resolution for all issues discovered.
Carrying out this exercise early is insurance for plant designers to avoid costly redesign and associated rework, due to the inability to meet safety requirements in later stages of the project. Using reliability block diagrams, fault tree modelling and SIL verification tools, safety consultants can provide clients with:
- a comprehensive report on verified SIFs;
- assurance that the SIS design meets the required safety level.
Safety Requirement Specification (SRS)
The Safety Requirements Specification ensures that the safety specifications consider all aspects of process safety and that the SIS is designed and engineered to correct specifications prior to plant implementation. These specifications need to be maintainable and verifiable throughout the process safety lifecycle.
It is a detailed document that describes functional and safety integrity requirements for the SIFs, specifying all aspects of the Safety Instrumented System. It covers the SIS behaviour for all modes of plant operation, ensuring no stone is left unturned in the pursuit of process safety. These specifications need to be determined and documented referencing the HAZOPs, SIL classification and SIL verification reports generated prior.
The end result is a comprehensive document that describes overall SIS requirements as well as details of each SIF’s safety and functional behaviour, ensuring that SIS Safety Requirements Specification can be used to validate the SIS in later phases of the IEC 61511 process safety lifecycle.
Safety implementation phase
Design and engineering of the Safety Instrumented System
Once the Safety Requirements Specification has been produced, the next step is the design of the actual Safety Instrumented System (SIS). Through partnering with a trusted and experienced safety solution designer, the engineering and safety systems manufacturer can help to ensure that safety outcomes are achieved without leaving anything to chance.
Safety assessment and FSM audit
Regardless of the safety system ‘brand’ in place, a Functional Safety Audit (FSA) should be carried out prior to plant start-up. SIS validation activities are reviewed for completeness and any technical deficiencies present in the prior IEC 61511 process safety phases are identified. Readiness of the plant to move into the next phase of the safety lifecycle needs to be thoroughly assessed.
Consultants also conduct SIS Functional Safety Management (FSM) audits to ensure the plant has a compliant FSM system in place. Different areas of FSM are scrutinised to ensure the plant has adequate procedures and systems in place to comply with FSM requirements. An FSM audit is included as part of the Stage 3 FSA prior to plant start-up.
In FSAs during the operational phase, consultants analyse whether actual process safety indices and SIS performance are matching the design assumptions. Identified weak links are addressed together with plant engineers to bridge any gaps, ensuring safety is not compromised.
The advantage of utilising functional safety consultants is that they provide an independent assessment and review of the processes and preparation leading up to plant start-up. Gaps are identified and improvements are recommended and addressed towards a satisfactory resolution. In addition, functional safety assessments in the operational phase ensure SIS performance and plant safety are matching with expectations.
Safety operational phase
Safety Function Monitoring (SFM)
Most facilities collect large amounts of safety data from several sources. Making sense of this data can be challenging, especially when applying HAZOP and LOPA safety designs.
Having large amounts of data without access to rationally compiled safety KPIs and reports makes the current performance of a facility difficult to understand and compare against design expectations. This can compromise both the understanding and decision-making with regard to which safety elements require attention, especially those which impinge on the safety design.
SFM application software is available today that can help improve safety monitoring in process industries such as oil and gas production and midstream, refining and petrochemicals, chemicals, and power and energy. Such applications provide:
- plant-wide monitoring, analysis and reporting of functional safety performance, across safety systems (SIS) and devices (sensors, actuators);
- mapping of operational information from system and device activity against LOPA or HAZOP risk analysis to report the effectiveness of actual safety performance against the design targets;
- notification of deviations from safety design expectation.
The benefits of using SFM software throughout the lifecycle of the plant include:
- improved operational safety;
- visibility of safety performance at both system and device level;
- identification and reduction of spurious trips;
- optimisation of testing intervals;
- significant reduction in time and effort to produce regulatory reports;
- comprehensive information for safety validation and improvement programs;
- quick identification of safety events such as SIF Activations, Overrides/Inhibits and Protection Layer Availability to increase user efficiency and accuracy;
- benchmarking of safety performance against design expectations to highlight variations that may indicate possible safety issues.
Function safety training for technicians and operators
Any personnel involved in the safety lifecycle activities are required to be competent for the roles they fill. Plant operators and technicians need to equip themselves with the necessary knowledge to perform their functions.
Technician and operator training courses are specifically designed to provide the necessary level of understanding of functional safety to plant operators and technicians to help them carry out their duties. At the end of the course they will have a sound understanding of safe practice in operation and maintenance as well as a clear understanding of how their actions affect process safety.
Those who deliver the safety training should be accredited Functional Safety Experts with many years of industry experience. Bringing this experience into the classroom adds the necessary practical dimension when delivering the Functional Safety Engineers course, where real-world examples and practical learnings are brought to the attention of attendees.
Such a course is designed to provide an understanding of the real-world challenges safety engineers and operators face in the industry and provides formal recognition of their achievement upon passing an assessment. Certification workshops can be held at an organisation’s premises or in an off-site training facility.
Conclusion
With the release of IEC 61511 Edition 2, Australian companies in the process industries will be required to achieve compliance, not only on greenfield sites, but existing sites as well. This presents a number of challenges that many organisations would struggle to overcome with lean internal resources. TÜV Rheinland accredited functional safety consultants and trainers can help fill the gap, providing the standards-compliant analysis, design and auditing services needed to meet compliance, as well as providing the training needed for plant technicians and operators.
Integrating standard signals into functional safety
Non‑binary signals such as analog inputs and encoder readings are very common and should be...
Light curtain or safety laser scanner?
Safety light curtains and safety laser scanners are the two most common machine protection...
SIS logic solvers: more choices are needed
Most safety applications can be handled by safety PLCs; however, they are frequently overkill...