Safety Instrumented System(SIS) Interview Questions and Answers

 It is critical to understand the core ideas and important terminology associated with functional safety in order to prepare for interviews focusing on Safety Instrumented Systems (SIS). Here’s a detailed look at some of the most often asked interview questions and answers in the field of Safety Instrumented Systems:

1.What is a Safety Instrumented System (SIS)?

• A Safety Instrumented System, or SIS, is a designed safeguard against hazardous events.
•  Its primary function is to prevent or mitigate hazardous events by transitioning the process to a safe state when predetermined conditions are violated. 
• SIS is a type of safety interlock system that is also known as emergency shutdown systems (ESD) and safety shutdown systems (SSD). SIS consists of logic solver(s), sensor(s), and final element(s).
• A Safety Instrumented System (SIS) may consist of one or more Safety Instrumented Functions (SIF).

2.What is a Safety Instrumented Function (SIF)?

• A Safety Instrumented Function (SIF) is a component within an SIS designed to prevent or mitigate hazardous events. 
• It encompasses logic solver(s), sensor(s), and final element(s), and is assigned a Safety Integrity Level (SIL) based on the required risk reduction.

3.What is Safety Integrity Level (SIL)?

• SIL, or Safety Integrity Level, quantifies the performance of a safety system in terms of the probability of failure on demand (PFD)  for a SIF or SIS.
• SIL levels range from 1 to 4, with higher levels indicating better system performance. 
• The choice of SIL level considers the need to reduce process risk and the associated cost and complexity.
• Systems that have higher SIL levels also have to be more complex and expensive.
• A system as a whole is covered by a SIL level. SIL ratings don’t exist for individual items or parts. When establishing a SIF that has to lower the present intolerable process risk level to a range of acceptable risks, SIL levels are used.

4.What is Functional Safety?

• Functional safety refers to a safety system’s dependency on the correct functioning of the logic solver, sensors, and final elements to achieve the desired risk reduction level. 
• It ensures that Safety Instrumented Functions (SIFs) are successfully executed, leading to a reduction in process risk.

5.Why were ANSI/ISA 84, IEC 61508, and IEC 61511 standards developed?

• These standards evolved to formalize and quantify methodologies for reducing process risk and improving safety. 
• IEC 61508 specifically addresses the increasing use of software, providing guidelines for system and product designers to ensure acceptable safety in their intended applications.

6.When is a Safety Instrumented Function or System (SIF/SIS) necessary?

• The underlying principle of safety standards emphasizes the implementation of Safety Instrumented Systems (SIS) or Safety Instrumented Functions (SIF) only when alternative non-instrumented methods are insufficient for adequately eliminating or mitigating process risks.
• In particular, when a hazardous event cannot be prevented or mitigated with anything other than instrumentation, the ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) recommends a multi-disciplined team approach that follows the Safety Lifecycle, conducts a process hazard analysis, designs a variety of layers of protection (i.e., LOPA), and finally implements a SIS.

7.What is a Proof-Test Interval?

• Proof testing is an important need for safety instrumented systems, as it ensures that each component performs as intended. This thorough evaluation covers the complete system, including the logic solver, sensors, and final elements.
• Proof testing frequency varies by Safety Instrumented System (SIS) and is determined by criteria such as technology used, system architecture, and the approved Safety Integrity Level (SIL). The proof-test interval, which represents the period during which testing takes place, is critical in calculating the system’s Probability of Failure on Demand. This interval is critical to the effectiveness and reliability of the safety instrumented system.

8.What is a Process Hazard Analysis (PHA) and who conducts it?

• A Process Hazard Analysis (PHA) is an OSHA–directed assessment identifying safety problems and risks within a process. 
• Conducted by a diverse team with specific expertise, PHA methodologies include What-If Analysis, Hazard and Operability Study (HAZOP), Failure Mode and Effects Analysis (FMEA), and Fault Tree Analysis.

9.What voting configurations are required for each SIL level?

• Achieving a specific SIL level relies on various factors. The technology used, the quantity of system components, the probability of failure on demand (PFD) for each component, the system architecture (such as redundancy and voting), and the intervals for proof testing all contribute significantly to determining the SIL level. 
• There is no standardized answer regarding the voting configurations needed for each SIL level. The analysis of voting architecture must consider all the aforementioned factors.

10.Will a SIL rated system require increased maintenance?

• SIL solutions aren’t always the most cost-effective for minimizing process risk. Many times, opting for a SIL solution means more equipment, leading to increased maintenance. 
• Additionally, higher SIL levels often mean more frequent proof testing, potentially raising overall system maintenance. Hence, standards advise choosing a SIL-based solution only when other methods, determined by LOPA, cannot sufficiently reduce process risk.

11.Can a Fire and Gas (F&G) system be a SIF or SIS?

• A Fire and Gas (F&G) system, which automatically triggers process actions to prevent or mitigate a hazardous event and subsequently brings the process to a safe state, can be deemed a Safety Instrumented Function/Safety Instrumented System. 
• However, in an F&G system, ensuring optimal sensor placement is absolutely crucial. If gas/flame detectors are incorrectly positioned and fail to detect hazardous gasses and flames adequately, the effectiveness of the Safety Instrumented Function/System (SIF/SIS) will be compromised. 
• Proper sensor placement holds more significance than deciding whether an F&G SIF/SIS should be SIL 2 or SIL 3.

12.What is SIL 4?

• The highest degree of risk reduction that a Safety Instrumented System may achieve is SIL 4.
• Unfortunately, this is not a realistic level in the process industry, and at the moment, there are very few, if any, systems or products that support this level of safety integrity.
• SIL 4 systems are usually too expensive and complicated to be implemented profitably.
• Furthermore, there is an inherent issue with the process design that must be fixed by a process modification or other non-instrumented approach if a process carries enough risk that a SIL 4 system is needed to get it to a safe condition.

13.Can an individual product be SIL rated?

• No, individual products do not have SIL ratings. SIL levels apply to the entire Safety Instrumented Function/System, emphasizing the holistic nature of safety systems.

14.What communication protocols are applicable for SIL 2 or SIL 3 systems?

• The choice of communication protocol suitable for a SIL 2 or SIL 3 system depends on the platform used. Options include, but aren’t limited to: 4-20 mA output signal, ControlNet (Allen Bradley), DeviceNet Safety (Allen Bradley), SafetyNet (MTL), and PROFIsafe. 
• The ISA SP84 committee is presently developing guidelines for a safety bus to ensure compliance with IEC 61508 and IEC 61511 standards. Anticipated in 2008, the first devices with a safety bus will emerge. 
• The Fieldbus Foundation actively engages in the committee, establishing the Foundation Fieldbus Safety Instrumented Systems (FFSIS) project to collaborate with vendors and end users in developing safety bus specifications.

15.How can I access PFD and MTBF data for General Monitors products?

• General Monitors SIL certificates contain PFD, Safe Failure Fraction (SFF), and SIL numbers. MTBF data can be provided upon request.

16.Can a manufacturer claim their products are “SIL X certified”?

• Products are exclusively suitable for SIL environments, and a SIL level is applicable to a Safety Instrumented Function/System. Manufacturers issue product certificates through self-certification or other independent agencies. These certificates demonstrate adherence to the correct processes, inclusive of calculations and analyses, confirming compatibility within a given SIL level system.
• Full IEC 61508 certification extends to a manufacturer’s processes, signifying compliance with standards outlined in sections 2-3 of IEC 61508, covering hardware/system and software. Obtaining full certification from an accredited notifying body assures end-users that the manufacturer’s engineering process, electrical content, firmware, and logic align with standard guidelines.
• Nationally accredited bodies with the authority to issue certifications are limited. Alternatively, consulting firms provide certificates indicating independent third-party reviews of the product/process.

17.Can a manufacturer state their products meet all parts of IEC 61508?

• IEC 61508 encompasses various parts, categorized under the title “Functional Safety of electrical/electronic/programmable electronic safety-related systems”:
  • Part 1: General requirements
  • Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
  • Part 3: Software requirements
  • Part 4: Definitions and abbreviations
  • Part 5: Examples of methods for the determination of safety integrity levels
  • Part 6: Guidelines on the application of parts 2 and 3
  • Part 7: Overview of techniques and measures
• To comply with the standard, adherence to Parts 1-3 is necessary, as Parts 4-8 are informative and contribute to understanding the standard but lack requirements for conformity. Manufacturers typically meet Section 2 requirements by conducting FMEDA analyzes to ensure their products suit a specified SIL level.
• Companies opting for full IEC 61508 certification for their engineering processes will also align with Section 3, particularly concerning software development.

18.What does “SIL X suitable” mean?

• “SIL X suitable” may not be a valid statement according to the IEC 61508 standard. SIL, or Safety Integrity Level, quantifies safety system performance, measured by the probability of failure on demand (PFD) for a Safety Instrumented Function (SIF) or Safety Instrumented System (SIS). 
• There are four distinct integrity levels linked to SIL, with higher levels indicating lower failure probabilities and improved system performance. It’s crucial to recognize that higher SIL levels often correspond to increased system complexity and cost. 
• SIL is applicable to an entire system when it effectively reduces risk to an appropriate level. Individual components lack SIL ratings. Implementing a Safety Instrumented Function is the responsibility of the end user, ensuring compliance with standards through proper procedures, correct proof testing, and comprehensive documentation. 
• To achieve the desired risk reduction, equipment must be used as intended; merely purchasing components labeled as SIL 2 or SIL 3 suitable does not guarantee the corresponding system integrity level.

19.Does using a SIL 3 logic solver mean I have a SIL 3 system?

• Using a SIL 3 logic solver does not guarantee a SIL 3 system. It is crucial to design the entire system in accordance with SIL 3 requirements. 
• The overall system PFD is vital, and if proper redundancy and components with correct PFD calculations are not incorporated, the system may not comply with SIL 3 standards.

20.Are SIL 3 suitable products better than SIL 1 or SIL 2 suitable products?

• Not necessarily. While higher SIL levels correspond to lower PFD, SIL 2 suitable products may suffice in a SIL 3 environment with adjusted proof testing intervals or redundancy.
• It is very important for the end user to know how to operate the products in a certain SIL setting so that the products keep their SIL suitability levels after they are installed. If the products are not installed, tested, or set up correctly, the SIL suitability level might not be right.

21.Who can issue SIL certifications?

• Very few nationally accredited bodies, such as FM, TUV, and Sira, can issue nationally accredited SIL certifications. 
• Some unaccredited consulting organizations offer certificates attesting to their examination of the product and/or process for compliance with specific IEC 61508 standard requirements.
• Unaccredited consulting firms may also issue certificates, but independent third-party validation is crucial.

22.Can a vendor determine whether a system meets IEC 61511 requirements?

• No. The implementation of the safety system in a way that complies with the standards is able to be verified by the end user. 
• It is the user’s responsibility to make sure that standards have been followed correctly, that proof testing has been carried out appropriately, and that adequate documentation of the design, process, and procedures is in place.
• In order to successfully achieve the intended risk reduction level, the equipment or system needs to be used as intended. A SIL 2 or SIL 3 system cannot be assured by just purchasing SIL 2 or SIL 3 compatible components.

23.Must a customer purchase a complete SIL-based solution for all functions?

• For most applications, only specific SIF functions within a system require SIL ratings. Specifying SIL levels for the entire system without considering individual functions may add unnecessary cost.

24.Are “Safety” and “Reliability” the same?

• No, Safety and reliability, though often associated, are distinct concepts.
• IEC 61508 defines safety as “freedom from unacceptable risk.” A system must ensure protection from hazards, irrespective of its reliability. Safety engineering anticipates failures and designs systems to perform as required even in failure scenarios. 
• Reliability measures a system’s effectiveness in performing its intended functions under specific conditions. While a reliable system may not always be safe, the challenge in functional safety lies in achieving both reliability and safety simultaneously.

25.Explain SIL and SIS and their relation?

• Safety Instrumented System (SIS) refers to an instrumented system implementing safety instrumented functions, comprising sensors, logic solvers, and final elements. It encompasses safety instrumented control and protection functions, crucial in risk-prone industries like chemicals and oil & gas. SIS is intricately designed to mitigate the likelihood or severity of emergency events, safeguarding personnel, equipment, and the environment.
• Safety Integrity Level (SIL) serves as a quantifiable risk measurement, establishing safety performance targets for SIS systems. IEC standards outline SIL levels (SIL1 to SIL4), with ISA S84.01 recognizing up to SIL3.
• In the Safety Design domain, a Safety Instrumented Function (SIF) is a safety function with a specified SIL, vital for achieving functional safety. It can be a safety instrumented protection function (SIPF) or a safety instrumented control function (SICF).
• Safe Failure Fraction (SFF) is a term emerging from IEC 61508 and IEC 61511, quantifying fault tolerance and determining the minimum redundancy needed in a safety instrumented function. IEC defines SFF as the ratio of the total safe failure rate and dangerous detected failure rate to the total failure rate of a subsystem. The four types of random hardware failures are Safe undetected (SU), Safe detected (SD), Dangerous detected (DU), and Dangerous undetected (DD). SFF calculation involves summing the first three and dividing by the sum of all four. The operator’s expected action based on detected dangerous faults deems a device safe, even if it has a substantial fraction of dangerous failures.