SIS Software Simulation – Safety Instrumented System

Safety Instrumented System (SIS) software simulation before commissioning of any SIF is important and also necessary to do simulation testing as and when there are changes in the safety instrumented function.

Below are the brief tests followed:

  • Software program Verification
  • The SIL program shall be verified against its specification prior to initial operation by all the below:
  • Application program to be verified
  • Application program to be validated by functional tests.

SIS Software Tests

Software tests objectives shall confirm – To verify the application program works & No outside interference from other programs exists.

Parts of Safety PLC
Example: Pressure transmitters with voting 1oo2 logic. Image Courtesy: Endress Hauser

Safety Instrumented System Simulation Program

  • Items to be checked for Inputs:
    • All inputs shall not violate physical limits or boundaries
    • All inputs should produce approximately correct values
    • All inputs should reflect dynamic behavior where required
    • Test program to be created to ensure each module is checked.
    • Untested modules, modified modules, or special software program needs to be thoroughly tested to ensure they have correct interactions & communications with other modules.

Software simulation checks shall include below minimum checks:

  1. Startup and shutdown.
  2. Normal operating behavior.
  3. Alarm conditions.
  4. Safe state when required

SIS Software Simulation Tests

Software simulation tests may be done in different stages of the project (Such as integration tests with DCS vendor and Factory Acceptance Test, or field Validation tests) to show that the application software achieved its requirements on the specified hardware and within the defined time as per safety requirements.

Below parameters needs to be ensured during the SIF requirement software simulation check.

  • SIS trip at the proper setpoint
  • Configuration permutations – for 2oo3, verify with multiple 2 sensors combinations.
  • Verify the timing of the whole loop – from sensing the problem to the final action completed – conforms with the SIS loop response time as defined in the Safety Requirement Specifications (SRS).
  • Verify if Diagnostics is accounted for in the logic. For example, for 1oo2D configuration, a diagnosed failed sensor is not voted to trip, but for 2oo3 it can be considered for the vote to trip.

Changes resulting from simulation and testing must follow plant management policies, including hazard analysis, if necessary.

  • From the start of the formal testing, all changes to software functions and configuration data should be implemented strictly in accordance with a defined modification procedure (i.e. Management Of Change – MOC), because the program has already been verified during the SIS Assessment. Modifications without following the MOC process will invalidate the SIS Assessment.
  • During application software integration, any modification to the software shall be subject to a safety impact analysis that shall determine:

a) All software modules impacted

b) Necessary re-design and re-verification activities.

Simulation and test results should be made available to the Safety Coaches for the assessment as per the SIS Work Process.

SIS Software Documentation

Software Simulation results need to be documented with the below details:

  • Date of testing
    • Type of test
    • The person involved in testing
  • Also update the simulation testing in Safety Requirements Specification (SRS) documents along with the Maximum Allowable Response Time (MART), and the SIS response time.

The SIS response time must be verified – as good as designed.

However, some things cannot be checked during simulation:

  • For Valves – the time taken by the actuator to close the valve cannot be simulated accurately, hence there may be a mismatch with respect to design.
  • For Temperature elements – the time for process temperature to increase the thermowell is impossible to simulate since it is a function of the thermowell design. Normally temperature sensor takes some time to sense the process temperature.

Hence it is important to check the Software simulation during the SIS-related project implementation/modifications, Factory Acceptance tests, Site Acceptance tests, Validation tests, etc. few manufacturers supply the application program along with an emulator to test the program offline before saving it in the controller.

If you liked this article, then please subscribe to our YouTube Channel for Electrical, Electronics, Instrumentation, PLC, and SCADA video tutorials.

You can also follow us on Facebook and Twitter to receive daily updates.

Read Next:

Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

Leave a Comment