Safety instrumentation is not exclusively a matter of instrument engineering and control.The successful implementation of a security system project depends on the support and knowledge of other disciplines, in addition to relying on a total commitment of the management structures of the company. It requires the environment of a well-defined security management system within the company. Without adequate support structures and a good understanding on the part of everyone involved in the definition of safety requirements, it is unlikely that safety instrumentation alone will provide the levels of safety expected from it. Support structures are a crucial part of the scope of evaluation to comply with the new IEC 61508 and 61511 standards. It is the responsibility of the instrument engineer to involve colleagues from other disciplines in the safety package. It is the responsibility of management to see that safety activities are clearly assigned and supported.
Definition of Safety Instrumented Systems
Safety Instrument Systems are control systems that take the process to a safe state in terms of conditions that may be hazardous or could eventually give rise to a hazard if no action were taken. They perform “safety instrumented functions” by acting to prevent the hazard or mitigating the consequences.
Safety Instrumented Systems are normally structured into three parts within a framework or boundary that defines it:
• Sensor sub-system: To capture the data on line from the process
• Logic solver sub-system: To evaluate the data and make decisions on when and how to act
• Actuator sub-system: To execute the required actions on a plant
Risk reduction and safety integrity
There is a common saying in the control systems world: “if you want to control something, first make sure you can measure it.” We need to control the risks of harm or losses in the workplace due to hazards of all forms. Therefore, Risk is to be measured before controlling it.
Measurement of risk
The risk can be evaluated qualitatively or quantitatively. The qualitative approach it requires that the risk be described in terms such as “high” or “low” or “moderate”. These terms are only effective if everyone has a good understanding of what means in the context of use. Therefore, a “high risk neighborhood” is not popular with Insurance companies. If the terms are well defined or “calibrated” on a scale of generally accepted values, the qualitative measurement of risk can be very effective. The quantitative approach is easier to define in terms of frequency of events and then, the number of people who get hurt, but often it’s hard to extract a company number of a situation without much statistical evidence.
The degree of confidence that can be placed in the reliability of the SIS to perform its intended safety function is known as its “Safety Integrity”. The concept of safety integrity includes all aspects of a safety system that are needed to ensure that it is the job it is intended to perform. One of these aspects will be the hardware reliability of the equipment and the way it responds under all conditions. Other aspects include the accuracy with which it has been designed and the level of understanding of the hazards that went into its original design
Now that we see the SIS as a risk reduction element, it is helpful to see how it fits into the context of overall plant safety. This will enable us to see how the SIL target can be adjusted to provide best overall value from the plant safety systems
Above Figure shows the concept where the core risk, due to a hazard, is seen to be contained by successive layers of protection leaving a minimal or acceptable risk level at the outside boundary.
Protection layers can be divided into two main types:
• Prevention layers: try to stop the dangerous event happening
• Mitigation layers: mitigation layers reduce consequences after the hazardous event has taken place
In summary, SIS is just one component of a general risk management strategy for a dangerous activity in a manufacturing plant. For a SIS to be effective designed and implemented, the following key aspects of an SIS project should be be sure.
• Identify hazards and estimate risks: hazard studies and risk analysis
• Define the general security objectives for each type of risk: the total amount of risk reduction necessary for the hazard must be defined by someone who knows what is acceptable: this is a management or corporate responsability
• Assign risk reduction functions and RRF to layers of protection: This defines the risk reduction contribution of the SIS and, therefore, define your SIL goal
• Ensure that each security layer is administered to deliver the required risk Reduction: this requires correct design procedures in each discipline and requires that procedures and work responsibilities be defined and supported by management
• Ensure that the SIS provides the required functional safety
The fundamental components of safety management will include:
- Having a systematic method of identifying and recording all hazards and risks presented by the subject plant or equipment
- Ensuring that all unacceptable risks are reduced to an acceptably low level by recognized and controllable methods that can be sustained throughout the life cycle of the plant
- Having a monitoring and review system in place that monitors implementation and performance of all safety measures
- Ensuring all departments and personnel involved in safety administration are aware of their individual responsibilities
- Responding to regulatory requirements from national and local authorities for the provision of adequate safeguards against harm to persons and the environment.