Previous Page  103 / 160 Next Page
Information
Show Menu
Previous Page 103 / 160 Next Page
Page Background

March

2017

101

HYDROCARBON

ENGINEERING

M

uch effort and attention is taken to develop

and design a safety instrumented system (SIS) so

that it is compliant with the IEC-61508 and

IEC-61511 standards. First a hazard and

operability study (HAZOP) is carried out; then the safety

instrumented functions (SIFs) are assigned a safety integrity

level (SIL), and, in many cases, this is confirmed in a

so-called SIL verification.

The safety system is only one of several ‘layers of

protection’ in a plant, alongside, for example, a rigid review

of the design and control of the process. Another layer is

the mechanical layer where pressure relief valves, rupture

disks and break-pins can reduce the frequency of hazards

coming from the process. Finally, should something go

wrong despite the other three layers of protection, the

‘mitigation’ layer is there to reduce the consequences.

In a previous article published in

Hydrocarbon

Engineering

, Mark Hellinghuizer and Ton Beems pointed out

that functional safety systems are designed on the

assumption that any danger is likely to originate in the

process rather than any external sources.

1

However, system

and network security is becoming increasingly important

– something that is substantiated by the latest edition of

IEC-61511.

Safety requirement specification

After SIL verification has been completed, the scope for

the different layers of protection is clear and responsibility

can be allocated to vendors or suppliers. However, for the

SIS layer, the IEC standards require a little more in the

shape of a special safety requirement specification (SRS),

which is targeted at the suppliers of the safety system.

Once this is completed, the SIS supplier, contractor or

system integrator can start the engineering of the SIS.

This process is designed to be structured and well

documented, with every document written evaluated by a

competent reviewer (someone other than the author) and

everything that is built (whether hardware or application

programs) is thoroughly tested by a competent tester

(similarly, someone other than the engineer). At the end of

this process, the client accepts or declines the safety

system during a factory acceptance test. This test is a

validation of the SRS, in which all intermediate verifications

are checked along with document reviews, internal testing,

Ton Beems, Yokogawa Europe,

the Netherlands,

explains how

compliance with IEC-61508 and IEC-61511

standards can be ensured through the

operational phase of the safety lifecycle.

SAFE AND

SOUND

1 98 99 100 101 102 103 104 105 106 107 108 109 160