Safety Instrumented System (SIS) software simulation before commissioning of any SIF is important and also necessary to do simulation testing as and when there are changes in the safety instrumented function.
Below are the brief tests followed:
- Software program Verification
- The SIL program shall be verified against its specification prior to initial operation by all the below:
- Application program to be verified
- Application program to be validated by functional tests.
SIS Software Tests
Software tests objectives shall confirm – To verify the application program works & No outside interference from other programs exists.
Safety Instrumented System Simulation Program
- Items to be checked for Inputs:
- All inputs shall not violate physical limits or boundaries
- All inputs should produce approximately correct values
- All inputs should reflect dynamic behavior where required
- Test program to be created to ensure each module is checked.
- Untested modules, modified modules, or special software program needs to be thoroughly tested to ensure they have correct interactions & communications with other modules.
Software simulation checks shall include below minimum checks:
- Startup and shutdown.
- Normal operating behavior.
- Alarm conditions.
- Safe state when required
SIS Software Simulation Tests
Software simulation tests may be done in different stages of the project (Such as integration tests with DCS vendor and Factory Acceptance Test, or field Validation tests) to show that the application software achieved its requirements on the specified hardware and within the defined time as per safety requirements.
Below parameters needs to be ensured during the SIF requirement software simulation check.
- SIS trip at the proper setpoint
- Configuration permutations – for 2oo3, verify with multiple 2 sensors combinations.
- Verify the timing of the whole loop – from sensing the problem to the final action completed – conforms with the SIS loop response time as defined in the Safety Requirement Specifications (SRS).
- Verify if Diagnostics is accounted for in the logic. For example, for 1oo2D configuration, a diagnosed failed sensor is not voted to trip, but for 2oo3 it can be considered for the vote to trip.
Changes resulting from simulation and testing must follow plant management policies, including hazard analysis, if necessary.
- From the start of the formal testing, all changes to software functions and configuration data should be implemented strictly in accordance with a defined modification procedure (i.e. Management Of Change – MOC), because the program has already been verified during the SIS Assessment. Modifications without following the MOC process will invalidate the SIS Assessment.
- During application software integration, any modification to the software shall be subject to a safety impact analysis that shall determine:
a) All software modules impacted
b) Necessary re-design and re-verification activities.
Simulation and test results should be made available to the Safety Coaches for the assessment as per the SIS Work Process.
SIS Software Documentation
Software Simulation results need to be documented with the below details:
- Date of testing
- Type of test
- The person involved in testing
- Also update the simulation testing in Safety Requirements Specification (SRS) documents along with the Maximum Allowable Response Time (MART), and the SIS response time.
The SIS response time must be verified – as good as designed.
However, some things cannot be checked during simulation:
- For Valves – the time taken by the actuator to close the valve cannot be simulated accurately, hence there may be a mismatch with respect to design.
- For Temperature elements – the time for process temperature to increase the thermowell is impossible to simulate since it is a function of the thermowell design. Normally temperature sensor takes some time to sense the process temperature.
Hence it is important to check the Software simulation during the SIS-related project implementation/modifications, Factory Acceptance tests, Site Acceptance tests, Validation tests, etc. few manufacturers supply the application program along with an emulator to test the program offline before saving it in the controller.
If you liked this article, then please subscribe to our YouTube Channel for Electrical, Electronics, Instrumentation, PLC, and SCADA video tutorials.
You can also follow us on Facebook and Twitter to receive daily updates.
- SIS Component Selection
- SIS Safety Requirements
- Instruments Sharing in SIS
- Partial Stroke Testing Device
- Safety Systems Online Exam