The aim of the standard IEC 61511 is to yield a safety instrumented system that can be confidently entrusted to place and/or maintain the process in a safe state. The standard states requirements for the specification, design, installation, operation, and maintenance of the safety instrumented system. (IEC 61511-1 2003)
Assigning SIL to safety instruments was first introduced in the U.S. It was introduced in Europe 1998 with the standard IEC 61508.
The standard IEC 61508 includes all parts of a safety instrumented system and how to construct them, while IEC 61511 is the sector standard for the process industry. This standard only includes how to use the components. Definitions of the ranges in SIL are described in table 1. (Beckman 1998) Table 1 Definitions of SIL
SIL PFD Risk reduction 4 10-4-10-5 10 000 – 100 000 3 10-3-10-4 1 000 – 10 000 2 10-2-10-3 100 – 1 000 1 10-1-10-2 10 – 100 - >10-1 <10
Standard IEC 61511 only states what to achieve, not how to do it.
Overview of methods
When assigning SIL to the instruments, in one part of the process, there are a number of different methods to use. The methods are divided into groups depending on how detailed they are. In this report qualitative, semi quantitative, and quantitative methods are described.
Which method to select is dependent on different factors such as: complexity of the applications, the information available, the nature of the risk, the required risk reduction, and the experience and skills of the persons available to undertake the work. (IEC 61511-3 20061511-3)
Qualitative methods have the benefit of limited resources requirements. The ones described in the report are: corporate mandated SIL, consequence only, modified HAZOP, risk matrix, and risk graph. These methods are suitable for old processes where the experiences of the process are good.
(Summers 1998)
A semi quantitative method called “Layer of Protection Analysis” is described. This
method is more systematic than the qualitative methods and it is easier to document the work.
The quantitative methods are the most extensive and time-consuming methods.
They are mostly used when the access to historical data is limited or if the process is complex. These methods can give more objective results than the qualitative and semi quantitative methods but there is still some subjective assessments left. Fault Tree Analysis and Financial Risk Analysis are the quantitative methods described in the report.
Developing the new method
The developed method consists of three parts:
• screening analysis
• extended HAZOP-analysis
• detailed analysis
The screening analysis is used to identify the scenarios with significant risks. Identified risks are analysed using the extended HAZOP analysis to assign SIL. If the consequences are severe or if the resulting SIL is 3, the detailed analysis is used. In figure 2 there is an overview of the different steps in the method.
Classification of safety instrumented systems in the process industry sector
The screening method uses a matrix to classify risks. Probability and consequences are estimated on a five-degree scale. If the risk is classified in one of the coloured fields in the matrix, figure 3, the extended HAZOP analysis is used.
The extended HAZOP is like an ordinary HAZOP at the beginning but there is more than identifying risks. When performing the analysis, the IPLs already installed should not be taken into consideration. The identified risks are once again classified in a matrix.
Which matrix to use is dependent on the number of available IPL. Counting IPLs are made in a simplified barrier analysis as an extension of the HAZOP analysis. If there is one IPL available the matrix to use is the one in figure 4.
Consequence
1 2 3 4 5 5
4
3 2
Probability
1
Figure 3 Screening matrix. Risks in the coloured fields need further analysis.
Consequence
1 2 3 4 5 5 SIL
1 SIL
1 SIL
2 SIL
3 SIL
3
4 SIL
1 SIL
2 SIL
3
3 SIL
1 SIL
2 SIL
3
2 SIL
1 SIL
2
Probability
1 SIL
2 Figure 4 Matrix for SIL assignment if there is one independent protection layer.
The detailed analysis is a barrier analysis in which the probability of the unwanted scenario is analysed more carefully. The consequence classification remains the same as in the HAZOP analysis.
When modifications are made it is enough to update relevant parts of the analysis, it is not necessary to make the analysis from the beginning again. While using the method for new projects it is important to remember that risk analyses need to be made at an early stage. It is in the beginning of the project that the risks can be changed through inherent safety, without enormous costs. To change an idea is a lot cheaper than to change installed equipment. During the construction of the safety instrumented system one should remember not to make the system complex, simplicity is preferred. Complex systems are hard to overview and it is difficult to decide whether the safety standards are fulfilled or not.
Evaluating the new method
Evaluation of the new method has been done by analysing parts of the existing plant at Hydro Polymers. The chosen parts are:
• general risks at the steam boiler
• leakage from a large outdoor chlorine pipe
• overpressure in the cell room chlorine system
• a run-away reaction
As the screening analysis in the method is not new, it has not been evaluated within this work. In the evaluation of the extended HAZOP analysis focus was on the classifica-tions of consequences and probability and the simplified barrier analysis. The complete methodology of the detailed analysis has been evaluated, as it is completely new for the company.
During the first tests of the extended HAZOP analysis the experience was that it was hard to classify the risks without considering the IPLs already installed. After a few tests the analysis team got used with the way of thinking and it became easier. The simplified barrier analysis had a few questions as well:
• What counts as an IPL?
• What area is the assigned SIL assigned to?
When tested, the detailed analysis was found complicated. There was a few questions on how to perform the analysis, but the results where good anyway. No need for major changes is foreseen at this stage. The analysis team not being familiar with the method is the most problematic aspect. As the detailed analysis is not expected to be frequently used, it is allowed to be more complex.
Abbreviations
ALARP As Low As Reasonably
Possible
BPCS Basic Process Control System
IPL Independent Protection Layer
PFD Probability to Fail on
Demand
SIL Safety Integrity Level SIS Safety Instrumented System References
IEC 61511-1 (2003) Functional Safety – Safety Instrumented Systems for the Process Industry Sector – Part 1: Framework, Definitions, System, Hardware and Software requirements, IEC
IEC 61511-3 (2003) Functional Safety – Safety Instrumented Systems for the Process Industry Sector – Part 3: Guidance for the Determination of the Required Safety Integrity Level, IEC
Summers, A. E. (1998) Techniques for assigning a target safety integrity level, ISA Transactions, 37, 95-104
Weibull, B. (2004) Säkerhetskritisk instrumentering Vad innebär IEC 61511 för processindustrin, IPS Guide
Wiegerinck, J. A. M. (2002) Introduction to the Risk based design of Safety Instrumented Systems for the process industry, Proceedings of the 7th International Conference on Control, Automation, Robotics and Vision (ICARCV’02), 1383-139
Classification of process equipment – a basis for risk based maintenance
113