Functional Safety Questions & Answers
What is PHA ?
Process Hazard Analysis: First step in an organized and systematic assessment of the potential hazards associated with an industrial process.
What is LOPA ?
Layer of Protection Analysis: A PHA tool that starts with data developed in the Hazard and Operability analysis and accounts for each hazard by documenting and initiating cause and protection layers that prevent or mitigatre the hazard.
What is SIS ?
Safety Instrumented System: IEC61511 defines SIS as an “instrumented system used to implement one or more safety instrumented functions. Composed of any combination of sensors, logic solvers, and final elements.”
What is SIF ?
Safety Instrumented Function: Designed to respond to the conditions within a plant that may be hazardous in themselves, or if no action is taken, could result in a hazardous event. Each SIF is assigned a particular SIL.
What is SIL ?
Safety Integrity Level: The output of the Process Hazards Analysis effort is the operational definition and the assignment of a SIL rating to each safety loop.SIL 3 is the highest rating used in the process industries.
What is SFF ?
Safe Failure Fraction: To achieve a specific SIL, a DEVICE must have less than the specified SFF. Probablilities are calculated using a FMEDA.
What is PFDavg ?
Probablity of failure on demand: To achieve a specific SIL, a DEVICE must have less than the specified PFDavg. Probablilities are calculated using a FMEDA.
What is FMEDA ?
Failure Modes, Effects, and Diagnostic Analysis. Actual targets required for DEVICES vary depending on the likelihood of a demand, the complexity of the devices, and the types of redundancy used.
Abbreviation of IEC ?
International Electrotechnical Commission
SIF vs SIL Relation
Based on the specific process application, a risk reduction factor (SIL rating) must be defined for each safety loop (SIF) The required SIL of a specific SIF is determined by taking into account the required risk reduction factor provided by that function. SIL varies for SIFs that operate continuous vs demand mode.
What is IEC-61508 ?
SIS Hardware/Software Design Guidance: Targeted at suppliers of systems used for the reduction of risk. Defines standards for functional safety of electrical/electronic/programmable electronic (E/E/PE) safety related systems.
What is Functional Safety ?
The overall program to ensure that the safety-related E/E/PE system brings about a safe state when called upon to do so.
Parts of IEC-61508 ?
General safety requirements, specific system and software requirements, and guidelines to applications.
IEC-61508 SIS Vendor Software Quality Plan ?
Part 3, Clause 7 includes software safety lifecycle requirements:
- 7.1: General requirements
- 7.2: Software safety requirements specification
- 7.3: Software safety validation planning
- 7.4: software design and development
- 7.5: programmable electronics integration (hw and sw)
- 7.6: software operation and modification procedures
- 7.7: software safety validation
- 7.8: software modification
- 7.9: software verification
IEC61508-3 ANNEX A
provides a listing of “techniques and measures” used for software development where different development techniques are chosen depending on SIL level of software
IEC61508-3 ANNEX B
Nine detailed tables of design and coding standards as well as analysis and testing techniques that are to be used in the safety-related software development, depending on the SIL of the software and in some cases the choice of the development team.
SIS Design Guidance for the Process Industry Sector
2 parts of IEC61511
The safety lifecycle and safety integrity levels.
The engineering process that includes all of the steps necessary to achieve required functional safety
Basic philosophy behind the safety lify cycle
Develop and document a safety plan, execute that plan, document its execution (to show that the plan has been met) and continue to follow that safety plan through decommissioning – with further appropriate documentation being generated throughout the life of the system.
Framework, definitions, system, hardware and software requirements
Guidelines on the application of 61511-1
Guidance for the determination of the required safety integrity levels
IEC61511 vs ANSI/ISA-84.00.01-2004
Standards mirror each other with the exception of the “grandfather clause” in ISA-84. Each has 3 main parts, but ISA-84 also includes a series of technical reports
ISA-84 Grandfather Clause
“For existing SIS designated and constructed in accordance withcodes, standards and practices prior to the issuance of ISA-84, the owner/operator shall determine that the equipment is designed, maintained, inspected, tested, and operating in a safe manner” originated with OSHA 1910.119
Safety Lifecycle – Throughout the Lifecycle
- Management of functional safety and functional safety assessment and auditing
- Safety lifecycle structure and planning
Safety Lifecycle – Analysis Phase
- Hazard and risk assessment
- Allocation of Safety Functions to protection layers
- Safety requirements specifications for the SIS
Safety Management System: Ensures that functional safety objectives are met and appropriate auditing processes are defined.
Safety Requirements Specification: document that ensures the safety requirements are adequately specified prior to proceeding to detailed design.
Safety Lifecycle – Implementation Phase
- Design and Engineering of SIS
- Design and development of other means of risk
- Installation, commissioning, and validation
Safety Lifecycle – Operation Phase
- Operation and maintenance
Common PHA Methods
- What if?
- What if/checklist
- FMEA (Faliure mode effect analysis)
- Fault tree analysis
- Event tree analysis
Assignment of SIL
There are no regulations to assign a SIL to a particular process or hazard. The SIL assignment is a company based decision based on risk management and risk tolerance philosophy.
Does OSHA require an SIS?
NO, but . . . “ANSI/ISA S84.01-1996 does mandate that companies should design their safety instrumented system to be consistent with similar operating process units within their own companies and at other companies. Likewise, in the US, ASHO PSM and EPA RPM require that industry standards and good engineering practice be used in the design and operation of process facilities. This means that the assignment of safety integrity levels must be carefully performed and thoroughly documented.”
Common methods used to convert PHA data into SIL?
- Modified HAZOP
- Consequence only
- Risk matrix
SIL assignment method – Actually an extension of HAZOP and relies on SUBJECTIVE assignment based on the team’s expertise. Since it’s subjective, team memeber consistency from project to project needs to be addressed.
SIL assignment method – Uses estimation of potential consequence of the incident and doesn’t take into effect the frequency.Simplest to use, but most conservative.
SIL assignment method – provides correlation of risk severity and risk likelyhood to the SIL, based on EVENT SEVERITY and EVENT LIKELIHOOD. Commonly used.
SIL assignment method – provides correlation of:
- Frequency and exposure time
- Possibility of avoiding the hazardous event
- Probability of the unwanted occurrence
Quantitative Assessment (i.e. fault tree or process demand)
SIL assignment method – determines the process demand or incident likelihood and requires an extensive understanding of potential causes and probability of failure. MOST RIGOROUS TECHNIQUE!
Company Mandated SIL
SIL assignment method – assumes that the greatest cost increase occurs when a SIL is greater than 1; therefore, the company takes the approach that all SIFs shall be SIL3. This assignment is the least time comsuming, reduces documentation of SIL selection and ensures consistency.
Failure Rates of SIS Components
- 50% – Final element (Valve, etc.)
- 42% – Sensor (switch, transmitter, etc.)
- 8% – Logic solver
Abbreviation of FMEA
Failure Modes and Effects Analysis
Common Cause Failure
Failure which is the result of one or more events, causing failures of two or more seperate channels on a multiple channel system, leading to system failure.
Common Mode Failure
Failure of two or more channels in the same way, causing the same erroneous result
Failure which has the potential to put the safety instrumented system in a hazardous or fail-to-function state
External Risk Reduction Facilities
Measurs to reduce or mitigate the risks, which are seperate and distinct from the SIS
Part of a safety instrumented system which implements the physical action necessary to achieve a safe state.
Acitivity of determining the effect that a change to a function or component will have to other functions or components in that system as well as to other systems
Action that reduces the consequences of a hazardous event
Any independant mechanism that reduces risk by control, prevention or mitigation
When a documented assessment has shown that there is appropriate evidence, based on the previous use of a component, that the component is suitable for use in a safety instrumented system
Freedom from unacceptable risk
Failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or the manufacturing process, operational procedures, documentation or other relevent factors
Deals with programming languages and defines 2 graphical (LD=ladder and FBD = function block diagram) and 2 textual (ST = structured text and SFC = sequential function chart)
Machine Safety Standard
Breakout of Safety I/O Type in Process Industry
- SIL1 – 51%
- SIL2 – 32%
- SIL3 – 8%
- SIL4 – 1%
- No SIL – 8%
Two types of Risk Analysis
- Quantitative Risk Analysis
- Qualitative Risk Analysis
Abbreviation of ALARP
As Low As Resonably Practicable
Abbreviation of RRF
Risk Reduction Factor
Abbreviation of CEM
Cause and Effect Matrices
Looks at a sequence of event and analyzes the tendency of one event to be followed by another.
The IEC 61511 standard lists goals for safety planning. List three of the five goals of safety planning
According to IEC 61511, safety planning has five goals. They are:
- ensure that the functional safety objectives and the safety integrity level objectives are achieved for all relevant modes of the process
- ensure proper installation and commissioning of the safety instrumented system
- ensure the safety integrity of the safety instrumented functions after installation
- maintain the safety integrity during operation (e.g., proof testing, failure analysis, etc.)
- manage the process hazards during maintenance activities on the safety instrumented system
Also Read : Safety Systems Interview Questions