Introduction
Each phase of the lifecycle requires input information and delivers output information. The relevant clauses of the standards define the inputs, activities and outputs for each phase. IEC 61508 offers a safety lifecycle model that will serve any project and many companies may elect to use this version for their applications. IEC 61511 SLC Version offers a similar project model but it has been designed specifically for process applications.
The idea of a safety lifecycle model is to plan and control the various activities of a project so that each step follows logically and accurately from the previous step. The main steps are:
• Identification of plant scope and its hazards
• Evaluation of any risks to determine risk reduction needs
• Allocation of risk reduction duties to SIS and non-SIS layers of protection
• Development of the safety requirements specification
• The building and testing of the SIS to specification (known as the realization phase)
• Installation and testing of the SIS
• Operation and maintenance of the SIS
• The managing of changes to the SIS design or equipment
Also read What is Safety instrumentation system?
IEC 61508 SLC version
IEC 61508 version of the SLC is the most general version and forms the basis of all the IEC standards. Box numbers are used to reference a detailed set of clauses defining the requirements of the standard for that activity
The clauses are easy to follow because they are defined in terms of:
• Scope
• Objectives
• Requirements
• Inputs from previous boxes
• Outputs to next boxes
Developing the overall safety requirements: The first 4 phases are concerned with the tasks of defining the scope of the plant, identifying risks and risks and deciding the general safety requirements. This work has been defined as an integral part of the standard, since it must be done in accordance with the correct procedures to achieve compliance.
Safety allocations: Once the general safety objectives have been established, the SLC goes on to the “Safety Allocations” phase where the various layers of protection are defined and assigned a certain portion of the risk reduction task. This results in the SIS risk reduction task being clearly identified and, therefore, the SIL objectives can be defined for each individual safety function.
Realization phase: These stages are followed by the “realization” phase. This term describes the work of actually building the security system and implementing any software it contains. Large sections of IEC 61508 refer to the details of the completion phase and complete life cycle models for the activities included in this stage.
Validation and operations: Once the SIS has been built, the life cycle activities move on to the “installation, commissioning and validation”. All the standards place great emphasis on validation. This activity is seen in particular in the form of the end site acceptance testing using methods that test the SIS response under plant operating conditions in the most realistic way possible. Finally we get to use the safety system for real duties and arrive at the operating
and maintenance phase.
IEC 61511 SLC Version
Figure shows a version of the SLC model. Comparing this version with the 61508 model, we can see that the tasks have been grouped into more familiar sets of activities that will match up easily to the natural progression of a process
safety project.
Phase 1: Hazard and risk assessment The model refers us to Clause 8. This describes objectives and requirements.
The first phase of the SLC delivers a sound basis of information about the hazards and records assumptions made about the risks. It is the essential foundation for the safety functions that will be needed. IEC 61511 does not set out to provide detailed requirements for the hazard and risk assessment phase. It restricts itself to those aspects relevant to specifying the SIS requirements.
Phase 2: Allocation of safety functions to protection layers: clause 9 The idea of this phase is to decide on how much risk reduction is to be allocated to the identified or planned layers of protection. The objectives of this phase are to:
• Allocate safety functions to protection layers
• Determine required safety instrumented functions (SIF)
• Determine the associated SIL for each SIF
The requirements clause requires us to identify all risk reduction measures and define each Safety Function (SIF) with its own SIL.
SIS safety requirements specification: clause 10
The Safety Requirements Specification (SRS) is a formalized and detailed document describing all essential functions of the SIS needed for the plant. This phase with the preceding two included is known in IEC 61511 as “Stage 1”.
SIS design and engineering: clauses 11 and 12
The requirements of this section comprise all the essential design constraints that the standard mandates. This is therefore the place to look for any design rules that are to be imposed on the SIS. Clause 12 describes the requirements for the application software engineering and includes selection criteria for the utility software. This is the programming tools, compilers and display software that enables an engineer to configure the application logic using a high level language such function block or ladder logic. The specially restricted versions used in safety PLCs are described here as
“Limited Variability Languages “or LVLs.
The end of this phase is achieved when all the design has been done, all the components and instruments have been decided and the software has been written, tested, integrated into the hardware platform and tested as a complete logic solver. Completion of the design and engineering activities is also known in the standard as “Stage 2”. Optionally this stage can include the Factory Acceptance Test (FAT).
SIS Installation, commissioning and validation: clauses 12.3,14, 15
This phase begins with the equipment at site and the logic solver FAT completed. Clause 12.3 is included here as this concerns safety validation planning.After installation, Clause 14.2.3 outlines the commissioning requirements in terms
of essential features that must be checked. The list includes things such as power supplies, removal of packaging, instruments calibration, instruments and logic solver operations and loops to be checked.
Clause 15 then describes the essential requirements for safety validation. In process control terminology this is the start up acceptance testing. Validation is of critical importance to safety system installations because it is the only way of
knowing that the final result of the design and building effort can provide the required safety. Completion of these activities is also known in the standard as “Stage 3”.
SIS operation and maintenance: clause 16
This phase covers the operating life of the SIS on the plant. Clause 16 of the standard defines the essential subjects for routine and abnormal operation of the SIS. The objectives are to ensure that the required SIL is maintained during
Operation and Maintenance (O&M) and conversely to see that maintenance is adequate to keep the SIL at its intended level. This stage is also known in the standard as “Stage 4”.
SIS modifications: clause 17
The objectives of this phase, defined in clause 17, are: “those modifications to any
safety instrumented system are properly planned, reviewed and approved prior to making the change; and to ensure that the required safety integrity of the SIS is maintained despite any changes made to the SIS.”
The completion of a modification activity is also known as “Stage 5”
SIS decommissioning: clause 18
This phase is similar to the modification phase because it requires an impact analysis on the effects on safety of de-commissioning.
Verification activities: clause 7 and 12.7
Clause 7 of IEC 61511 details the requirements for verification, which is essentially aimed at establishing that each phase has been completed properly and that the results are verified to be in accordance with the objectives of that phase and is traceable to the input information.
Assessment, auditing and revision: clause 5
Functional safety assessment and auditing are part of the overall requirements of IEC 61511 for management of functional safety. Clause 5 of IEC 61511 discusses these requirements. We have considered the organizational issues but when it comes to any of the project life cycle, the standard also requires that we carry out an assessment of how well the safety objectives have been met for that project.
