In Safety Instrumented System (SIS), Instrument sharing may be considered based on the system configuration and available sensors or final control elements with due caution to ensure that all protection layers are independent.
SIS Instruments Sharing
- The layer of Protection Analysis (LOPA) conservatively assumes that every Independent Protection Layer (IPL) is independent and provides integer order of magnitude risk reduction credits.
- Sharing Rules have been developed for practical application, using international standards such as IEC for guidance.
- Any sharing typically violates the assumptions and calculations behind LOPA.
Safety Instrumented System Sharing Basics
- Each Layer of Protection is like a barrier or wall that can prevent something from happening, hence proper care is to be considered while sharing instruments.
- Each IPL may have different strengths, or effectiveness (IPL credits) and hence diversified instruments can be considered while sharing.
- Each IPL must be independent – common elements (common mode failures) may reduce or eliminate the strength of some or all layers. when the instruments are designed for sharing ensure to avoid common power, instrument tapping, etc.
A basic example of Independent Protection Layer credits
If the protection layers are not independent, then the shared components must be made stronger to make up for the lack of independence.
The below picture shows the Independent protection layer (IPL) credits with
Safety Instrumented System – 1 credit
Safety Relief Protection System (Ex. Rupture disk) – 1 credit
Basic Process Control System – 1 credit
Pressure Safety Valve – 2 credits
Total – 5 credits
Transmitters Shared for BPCS and SIS Example
Basics of SIS Instruments Sharing
The Sharing basics as below
1. Sum of the LOPA credits
Design as SIL-2 (SIL-1 + BPCS LOPA credits).
2. Increased diagnostics
Shared instruments need 90% diagnostics.
70% for smart NAMUR instruments,
20% for “open/short circuit” detection plus Deviation Alarm between redundant sensors.
3. Independent usage of sensors
BPCS must select the signal (high or low) that will drive the process to a safe state.
- Sharing without an SIS is allowed (Like for Operator response to alarm & BPCS functions), but the shared components must be treated (designed, documented, tested, and audited) as SIS elements. [It may be less confusing to just make it a SIL-2 SIF!!]
- Duplication of shared code for independence (instead of different selection mechanisms).
- Sharing of the Initiating Event (if the sharing rules are allowed per calculation tools)
- It is allowed to share only once.
- It is not allowed to share a set of sensors between [BPCS, SIS & ALARM], [IE, SIS & ALARM], etc. The only exception is motor starters.
- The maximum “Sum of the LOPA credits” is 3.
Caution with Instruments Sharing
If shared components “could be” the cause of the initiating event, then it’s not allowed to share.
If you liked this article, then please subscribe to our YouTube Channel for Electrical, Electronics, Instrumentation, PLC, and SCADA video tutorials.
- What is HIPPS System?
- Emergency Block Valves
- SIS Common Cause Failure
- SIS Verification & Validation
- Testing and Repair Deferral