Safety Instrumented System (SIS) – By the name it refers to protecting the Personnel, Plant Equipment, and Environment. In the process industry, SIS handles various hydrocarbons, Oil & Gas, or Nuclear Power plant installations.
The SIS layer acts as a Protection layer above the Process control layer (viz. DCS). In the event of any hazardous events happening in the plant, SIS acts by using high performance/fast-acting Emergency Shutdown System to contain the hazard.
Various International Standards such as IEC, ISA & ANSI govern the requirements of SIS design.
SIS is an instrumented protection layer that is designed to move the process to a safe state.
SIS system comprises of – Sensor, Logic solver & Final control element.
An instrument that measures process conditions. Sensor devices that measure temperature, pressure, flow, liquid level, etc.
An intelligent device that performs logic functions to convert sensor input into an action command to be carried out by the final element.
An equipment that performs the physical action commanded by the logic solver. Final element devices may be control valves, motor/switchgear, etc.
International Electrotechnical Commission IEC61511 (Functional Safety: Safety Instrumented Systems for the Process Industry Sector) defines the below steps for SIS Design. Many countries have adopted this international standard.
ANSI/ISA-84.00.01-2004.is an alternate standard for IEC, being adopted in a few countries.
Steps | SIS Work process Description |
---|---|
1 | Identify and define hazards (PHA/LOPA Study) |
2 | Identify and evaluate the highest Risk & target factor scenarios |
3 | Perform Risk Analysis and Protection Strategy |
4 | Select alternatives protection methodology and document |
5 | Define and design the Instrumented Protection System (IPS) |
6 | Verify Instrumented Protection System (IPS) design |
7 | Develop Instrumented Protection System (IPS) – Operating methods and training |
8 | Develop Instrumented Protection System (IPS) Application software |
9 | Prepare procedures for Instrumented Protection System (IPS) hardware commissioning |
10 | Simulate the Instrumented Protection System (IPS) software & test |
11 | Assessment of Instrumented Protection System (IPS) application software and SIS policies with respect to the Area authorities |
12 | Validate the Instrumented Protection System (IPS) software and hardware |
13 | Register the Instrumented Protection System (IPS) in the ERP system |
14 | Operate, maintain, and test Instrumented Protection System (IPS) |
15 | Modify the Instrumented Protection System (IPS) |
16 | Decommission the Instrumented Protection System (IPS) |
From the above table, we’ll focus on Step.5 – Design SIS
SIS Design to ensure that Management shall develop policy, strategy, and procedures to implement safety to protect the people and environment.
Each plant shall establish a system for management of change to Safety Instrumented Systems which covers the Design of software and hardware.
Many written procedures are required for SIS.
This operating procedure shall include:
The main contributor of a protection layer, in which the performance of a protection layer is not affected by the initiating cause of a hazardous event or by the failure of other protection layers.
Independence ensures that all components of the designed protection layer will not negatively impact each other.
If there are two (2) Independent Protection Layers (viz. DCS, SIS) used in the same case require SIS Design shall consider separate sensors, logic solvers, and final elements.
Software for safety functions shall be independent and separated from software for the Distributed Control System function.
Functionality ensures that the operation of the Safety Instrumented Systems matches the requirements defined in PHA/LOPA for the independent protection layers.
Defining the “fail-safe state” of all elements shall be declared in the SIS specifications in order to define the Safety Instrumented Function (SIF)
External influences can create problems, a few examples are mentioned below.
Another factor of a protection layer is related to its ability to perform the specified function under all stated conditions in a specified time.
All Safety Instrumented Systems and properly approved Critical Instrument Systems shall have safety trips programmed as unchangeable constants.
The ability of an instrument to diagnose its own failures is important in designing an effective SIS and assigning an acceptable test frequency
This is measured by the Probability of an SIS system, that it will perform correctly under stated conditions for a specified time period or for a specified demand.
Different methods of measurement can maximize the reliability of a redundant system since they minimize common cause failure.
Safety Instrumented System reviews for new installations shall be done during the Safety, Health, Environment, hazard conditions related inputs and reviews that are part of the study.
Reviews and Audits of the Safety Instrumented Systems shall be done at least every 5 years.
Robust Administrative policies and procedures shall be developed to monitor, control, and audit the SIS system.
As a measure of physical security SIS Design to take care with independent equipment supported by barriers, such as keys, locks, and passwords
The below mentioned are different terms used in SIS.
A categorization that represents the average probability of a system being able to satisfactorily perform its required function under all stated conditions within a stated period of time. SIL Level 4 is the highest level and Level 1 is the lowest level on this scale.
PFD is the probability that a system will fail to perform a specified function on demand.
It shall be equal to (or less than) the target failure measure as specified in the Safety Requirements Specification
The maximum time a sensor is allowed to continue to operate on a single sensor during repair or test activities.
Testing that occurs after start-up as part of routine maintenance.
Written proof-testing procedures specific to that SIS and SIS component define what and how the SIS components are to be tested, as well as specify qualified technical personnel requirements.
Testing that occurs after construction and before process startup (i.e., Pre-Startup Tests). This testing ensures that the system, as a whole, is operational and performs as intended.
This is a “whole loop” test using the installed field sensors, logic solver computer program, and the actual field equipment including control and mechanical devices (e.g. pumps, generators, etc.).
We’ve gone through the SIS Design concepts, Work process steps, and various contributing factors.
One has to understand, design & implement the SIS components thoroughly with the help of certified SIS professionals. For further understanding of SIS Lifecycle design concepts, various courses are being offered.
Reference:
IEC 61511: “Functional safety – Safety instrumented systems for the process industry sector”
In this article, a simple example will teach you the conversion from Boolean algebra to…
In this article, you will learn the PLC cooking timer example for kitchen automation using…
Learn an example PLC program to control a pump based on level sensors using ladder…
In the PLC timer application for security camera recording, when motion is detected then camera…
In this example, we will learn batch mixing with PLC ladder logic program using timer…
This PLC example on manufacturing line assembly is an intermediate-level PLC program prepared for the…