Introduction

Safety instrumented systems have been used for many years toperform safety instrumented functions in the process industries. Ifinstrumentation is to be effectively used for safety instrumented functions, itis essential that this instrumentation achieves certain minimum standards andperformance levels.

This standard addresses the application of safetyinstrumented systems for the process industries. It also requires a processhazard and risk assessment to be carried out to enable the specification forsafety instrumented systems to be derived. Other safety systems are onlyconsidered so that their contribution can be taken into account whenconsidering the performance requirements for the safety instrumented systems.The safety instrumented system includes all components and subsystems necessaryto carry out the safety instrumented function from sensor(s) to finalelement(s).

This standard has two concepts which are fundamental to itsapplication; safety lifecycle and safety integrity levels.

This standard addresses safety instrumented systems whichare based on the use of electrical/electronic/programmable electronictechnology. Where other technologies are used for logic solvers, the basicprinciples of this standard should be applied. This standard also addresses thesafety instrumented system sensors and final elements regardless of thetechnology used. This standard is process industry specific within theframework of IEC 61508 (see Annex A).

This standard sets out an approach for safety life-cycleactivities to achieve these minimum standards. This approach has been adoptedin order that a rational and consistent technical policy is used.

In most situations, safety is best achieved by an inherentlysafe process design. If necessary, this may be combined with a protectivesystem or systems to address any residual identified risk. Protective systemscan rely on different technologies (chemical, mechanical, hydraulic, pneumatic,electrical, electronic, programmable electronic). To facilitate this approach,this standard

• requires that a hazard andrisk assessment is carried out to identify the overall safety requirements;

• requires that an allocationof the safety requirements to the safety instrumented system(s) is carried out;

• works within a frameworkwhich is applicable to all instrumented methods of achieving functional safety;

• details the use of certainactivities, such as safety management, which may be applicable to all methodsof achieving functional safety.

This standard on safetyinstrumented systems for the process industry

• addresses all safetylife-cycle phases from initial concept, design, implementation, operation andmaintenance through to decommissioning;

• enables existing or newcountry specific process industry standards to be harmonized with thisstandard.

This International Standard is intended to lead to a highlevel of consistency (for example, of underlying principles, terminology,information) within the process industries. This should have both safety andeconomic benefits.

In jurisdictions where the governing authorities (forexample, national, federal, state, province, county, city) have establishedprocess safety design, process safety management, or other requirements, thesetake precedence over the requirements defined in this standard.

Scope

This International Standard gives requirements for thespecification, design, installation, operation and maintenance of a safetyinstrumented system, so that it can be confidently entrusted to place and/ormaintain the process in a safe state. This standard has been developed as aprocess sector implementation of IEC 61508.

In particular, thisstandard

a) specifies the requirementsfor achieving functional safety but does not specify who is responsible for implementingthe requirements (for example, designers, suppliers, owner/operating company,contractor); this responsibility will be assigned to different partiesaccording to safety planning and national regulations;

b) applies when equipment thatmeets the requirements of IEC 61508, or of 11.5 of IEC 61511-1, is integratedinto an overall system that is to be used for a process sector application butdoes not apply to manufacturers wishing to claim that devices are suitable foruse in safety instrumented systems for the process sector (see IEC 61508-2 andIEC 61508-3);

c) defines the relationshipbetween IEC 61511 and IEC 61508 (Figures 2 and 3);

d) applies when applicationsoftware is developed for systems having limited variability or fixedprogrammes but does not apply to manufacturers, safety instrumented systemsdesigners, integrators and users that develop embedded software (systemsoftware) or use full variability languages (see IEC 61508-3);

e) applies to a wide variety ofindustries within the process sector including chemicals, oil refining, oil andgas production, pulp and paper, non-nuclear power generation; NOTE Within theprocess sector some applications, (for example, off-shore), may have additionalrequirements that have to be satisfied.

f) outlines the relationshipbetween safety instrumented functions and other functions (Figure 4);

g) results in the identificationof the functional requirements and safety integrity requirements for the safetyinstrumented function(s) taking into account the risk reduction achieved byother means;

h) specifies requirements forsystem architecture and hardware configuration, application software, andsystem integration;

i) specifies requirements forapplication software for users and integrators of safety instrumented systems(clause 12). In particular, requirements for the following are specified:

– safety life-cycle phases and activities thatare to be applied during the design and development of the application software(the software safety life-cycle model). These requirements include theapplication of measures and techniques, which are intended to avoid faults inthe software and to control failures which may occur;

– information relating to the softwaresafety validation to be passed to the organization carrying out the SISintegration;

– preparation of information andprocedures concerning software needed by the user for the operation andmaintenance of the SIS;

– procedures and specifications to bemet by the organization carrying out modifications to safety software;

j) applies when functionalsafety is achieved using one or more safety instrumented functions for theprotection of personnel, protection of the general public or protection of theenvironment;

k) may be applied in non-safetyapplications such as asset protection;

l) defines requirements forimplementing safety instrumented functions as a part of the overallarrangements for achieving functional safety;

m) uses a safety life cycle(Figure 8) and defines a list of activities which are necessary to determinethe functional requirements and the safety integrity requirements for thesafety instrumented systems;

n) requires that a hazard andrisk assessment is to be carried out to define the safety functionalrequirements and safety integrity levels of each safety instrumented function;NOTE See Figure 9 for an overview of risk reduction methods.

o) establishes numerical targetsfor average probability of failure on demand and frequency of dangerousfailures per hour for the safety integrity levels;

p) specifies minimumrequirements for hardware fault tolerance;

q) specifies techniques/measuresrequired for achieving the specified integrity levels;

r) defines a maximum level ofperformance (SIL 4) which can be achieved for a safety instrumented functionimplemented according to this standard;

s) defines a minimum level ofperformance (SIL 1) below which this standard does not apply;

t) provides a framework forestablishing safety integrity levels but does not specify the safety integritylevels required for specific applications (which should be established based onknowledge of the particular application);

u) specifies requirements forall parts of the safety instrumented system from sensor to final element(s);

v) defines the information thatis needed during the safety life cycle;

w) requires that the design of asafety instrumented function takes into account human factors;

x) does not place any directrequirements on the individual operator or maintenance person.