The IEC 61511 standard specifies requirements that must be sufficient to design the SIS and include the following:
- A description of all the necessary SIFs to achieve the required functional safety.
- Requirements to identify and take account of common cause failures
- A definition of the safe state of the process for each identified SIF.
- A definition of any individually safe process state which, when occurring concurrently, creates a separate hazard.
- The assumed sources of demand and demand rate of each SIF.
- Requirements for proof-test intervals.
- Response time requirements for the SIF to bring the process to a safe state.
- The SIL and mode of operation (demand/continuous) for each SIF.
A description of process measurements and their trip point.A description of process output actions and the criteria for successful operation (e.g. requirements for tight shut-off valves).- The functional relationship between process input and output, including logic, mathematical functions, and any required permissions.
- Requirements for manual shutdown.
- Requirements relating to energize or de-energize to trip.
- Requirements for resetting the SIF after a shutdown.
- Maximum allowable spurious trip rate.
- Failure modes and desired response of the SIF
- Any specific requirement related to the procedures to initiate and restart the SIF.
- All interfaces between the SIS and any other system, including BPCS and operators.
- A description of the operation modes of the plant and identification of the SIF required to operate within each mode.
- Application software safety requirements.
- Requirements for
cancellations / inhibitions / deviationsdelete . - The specification of any action necessary to achieve or maintain a safe state in the event that flaws in the SIF are detected.d.
- The mean time to repair which is feasible for the SIF.
- Identification of the dangerous combinations of exit states of the SIS that should be avoided.
- Identification of the extremes of all environmental conditions that the SIS is likely to encounter.
- Identification of normal and abnormal modes for the plant as a whole (for example, start-up of the plant) and individual operating procedures of the plant.
- Definition of the requirements for any safety instrumented function necessary to survive a serious accident event.
