Safety Instrumented System (SIS) – The application program is very vital for SIS Logic solvers. Users have to follow a uniform approach based on the conditions set by International Safety approval agencies for successful SIS implementation.
SIS Application Program Configuration Requirements
- The programming (application code) is to be taken up subsequent to logic solver selection to execute the Safety Instrumented Functions. The application program must follow the manufacturer’s specifications described in the safety manual to ensure safety and reliability.
- Supporting documentation such as programming criteria, Safety Manual, and a specific platform’s design specification is required for application program development.
- SIFs implemented on a certified logic solver, must follow the Safety Manual for that logic solver which is subjected to International safety certification agencies.
- Written security procedures shall exist to prevent unauthorized or inadvertent changes to the software (SIF) program.
- The Plant Production in charge shall designate those persons allowed to make changes to the code and those that are allowed to perform program loads
- Wherever SIF and BPCS application programs are implemented on a single, certified logic solver, the SIF code must either be separated from BPCS code (e.g., separate partitions) or be clearly identified in the program so that it can be distinguished from other programs.
- All Safety Instrumented Systems and approved Critical Instrument Systems shall have safety trip setpoints protected from unauthorized changes (for example, unchangeable constants). Different levels of Authorization for the Technician/Supervisor and Plant control engineers shall be configured.
- SIF designs employing single component (i.e. 1oo1) configurations with diagnostics or automatic testing must have an alarm on detected failure. The SIF final element must either go immediately to the safe state or a risk mitigation hazard assessment and alternate management to be developed by Operation personnel and Plant operators need to be trained in this response to sustain the plant operations when SIS Instruments goes out of service
- The Safety Instrumented Systems (sensors and final elements) shall be clearly marked on P&IDs and in the Computer software documentation. Implementation of SIS Design Manual recommendations to meet this requirement.
- New or modified Safety Function programming shall be verified against its specification by application code review or simulation (by Emulator software where possible), assessment by an independent Safety system coach, and validated by functional tests prior to initial operation
- The Safety Requirements Specification (SRS) and Safety Instrumented System Work Process meet the intent of this requirement.
Standard software functions are to be used wherever possible for Safety System programming. Standard templates are available for common SIS functions on most certified systems.
The Safety Interlock Programming guide shall define file structure when implementing SIS.
Extreme care to be considered for the Safety application program code must provide protection against changes to sensor ranges, sensors being placed in manual, final elements being placed in non-safe conditions, changes to SIS set points and delay timers, and SIF conditions being bypassed
Accessing Application program
Assessments of the new Application program and safety program changes are required prior to implementation.
Plant control Engineers, Safety System Coaches who are not involved in SIS application program design and development conduct the assessments for the safety application program.
The Safety System Coach to complete the program review prior to startup of new or modified SIS readiness to be put into service:
SIS Safety Lifecycle Requirements
Further SIS Application program Development and Maintenance shall follow the SIS safety life-cycle requirements as below.
Application Program Development & Architecture
- Application program architecture to fulfill the specified requirements for application program safety.
- Review and evaluate the requirements placed on the application program by the hardware architecture of the SIS.
- Specify the procedures for the development of the application program.
Application Program Design
- Develop the application program design.
- Identify a suitable set of configuration, library, management, and simulation and test tools, over the safety life-cycle of the application program.
Application Program Implementation
- Implement the application program that fulfills the specified requirements for application safety.
- Use appropriate support tools and programming languages.
Application Program Verification
- Verify that the requirements for application program safety have been achieved.
- Show all SIS application programs interact correctly to perform their intended functions.
SIS integration Test
- Integrate the application program onto the target logic solver, including interaction with a sample set of field devices and or simulator.
Operation & Maintenance Responsibilities
- Operations need ready access to details about what instrumentation is involved in safety programming.
- Control engineers need proper design documentation to ensure that safety functions are not compromised during program maintenance.
- Maintenance personnel needs to know that the instrument they are working on is an SIS instrument, to which application program it is connected, and take proper care while carrying out maintenance.
The sample Application program with function blocks is shown below.
“Functional Safety: Safety Instrumented Systems for the process industry sector: Part Framework, definitions, system, hardware, and software requirements,” IEC 61511-1
If you liked this article, then please subscribe to our YouTube Channel for Electrical, Electronics, Instrumentation, PLC, and SCADA video tutorials.
- ESD System
- How to do a Proof Test?
- Common Cause Failures
- SIS Verification & Validation
- Probability of Failure on Demand