In this small guide we will understand Safety Instrumented System requirements. But first we answer some basic questions such as,
What is a Safety Instrumented System?
The simplest explanation of a Safety Instrumented System (SIS for short) is ” a system comprised of active elements such as sensors, logic solvers and actuators, working together as a system, which acts to reduce the risk of an unwanted event in a plant or an equipment”. In other words, Safety Instrumented Systems are a special kind of industrial automation system used to bring the process (or equipment under its control) to a safe state.
An alternate way of understanding a SIS, is that it is simply a collection of SIFs (Safety Instrumented Functions). A SIF is designed to take the process to a safe state if it detects trouble. A SIF can have one or more sensors, logic solver(s) and final elements.
Here’s an example of a typical SIF. Note that this is a simple SIF, but we can also have more complex ones with voting, redundancy or more complexity. Note that the complexity of a SIF results from the aim to make it more reliable, so that it will (almost) always act when asked to (demanded to).
Safety Instrumented Systems Examples
There are a wide range of SIS ranging from the very simple, to the very complex. For example an SIS may be as simple as an Emergency Stop switch wired via a safety relay to disengage power from a machine, to bring it to a safe state. Or it may be more complex such as an Emergency Shutdown System, having thousands of I/Os, that is used to shutdown a large refinery in case an event necessitates it. There are many systems, in between which are specialized automated safety systems such as HIPPS (High Integrity Pressure Protection Systems) used mainly in the Oil and Gas industry and BMS (Burner Management Systems) used to control fired heaters in various industries. All of these are really SIS under a different name.
Safety Instrumented System Standards
The primary global standard for Safety Instrumented Systems is IEC 61508. IEC stands for the International Electrotechnical Commission and has almost all developed and developing countries as members. This is the main standard, from which other industry specific standards have been developed, such as IEC 61511 for the Process Industry sector (ISA S84 is the version of IEC 61511 that is used in the US) and IEC 62061 for Machinery. Find more about IEC 61511 and IEC 61508 here.
—— Download this excellent free ebook on Functional Safety & SIL today (Guide continues below) ——
Safety Instrumented System Requirements
Safety Instrumented Systems have several requirements, in order to be considered as a proper SIS. Some of the major ones are listed below, but there are many more.
1. An SIS should be highly reliable. This means then when a demand is generated on the SIS (for example somebody pushes the Emergency Stop button on the machine) then it MUST stop the machine, in other words, the SIS must work when wanted! In other words the SIS must have a low enough PFDavg (average Probability to Fail on Demand), depending on the amount of Safety Integrity needed. This means the SIS must have as little of Random Hardware failures as possible. Random hardware failures happen with any piece of equipment (such as resistors shorting, capacitors blowing up or mechanical links breaking), but the SIS should be designed to have as minimum of these failures as possible, by use of redundancy, good design engineering, testing, diagnostics and so on.
2. The SIS should ideally be not having any Systematic Faults at all (Systematic Failures are basically management related faults that can come from bad engineering, bad design, wrong data or specs, etc). In real life this means that the Systematic Faults should be at a minimum.
3. A SIS should ideally be completely separate from the main control system of the plant or machinery (also known as BPCS or Basic Process Control System) so that it should not depend on the BPCS for it to work.
4. A SIS should conform to a standard such as IEC 61508 and must be designed, built, installed, tested, maintained, modified (if required) and operated strictly according to the standard specified. This must be done by competent professionals, who are knowledgeable and certified to be competent (from example via a third party like Abhisam).
5. A SIS is used only for risk reduction, so the SIS must reduce the residual risk of the plant or machinery (equipment under control) to an acceptable level.
6. A SIS needs to be built as per the Safety Requirements Specifications, which are decided in the corresponding phase of the lifecycle and needs to match it.
7. A SIS should be protected against cyber threats. This is mandated in both the IEC 61508 and IEC 61511 standards. This is essential, as otherwise all the probability calculations of failures will not remain valid, if the SIS becomes the victim of a cyber attack. Thus cybersecurity of SIS is an important requirement. Abhisam’s Industrial Cybersecurity certification course can help you learn how to protect your SIS from these kind of threats.
