Autopro Blog

Four Questions to Ask about Your Safety Instrumented System

February 18, 2016



The Safety Instrumented System (SIS) is a critical aspect of process control, and is fundamental to an organization’s ability to mitigate risk related to the health, safety, and environmental impacts of their operations. 

For many companies, implementing an effective SIS can be a confusing balancing act between industry regulations, safety standards, and corporate risk management requirements.

There are a number of questions that need to be asked and answered in order to assess the effectiveness of your SIS. The four questions listed below are a common starting point for many companies.

What standard(s) do you follow for the specification, design, installation, operation and maintenance of your Safety Instrumented System(s)?

For the process industry, IEC 61511 is the key standard that outlines the requirements for the specification, design, installation, operation and maintenance of a safety instrumented system. The IEC 61511 standard is a “process sector implementation” of the IEC 61508 standard which sets out a more generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic (E/E/PE) elements. (IEC 61511, IEC 61508)

Adhering to the requirements of IEC 61511 will ensure that implementation of safety instrumented systems meet minimum common standards and will give confidence that a process will be taken to a safe state by the safety instrumented system when unsafe conditions occur.

Does your insurance company consider the manner in which your safety instrumented system is designed, operated and maintained in the evaluation of your premiums?

The correct answer here is if they don’t, they should. A safety instrumented system that is well designed, operated, and maintained accordingly to the IEC 61511 standard demonstrates that the owner of the process has systematically identified significant risks at the process facility and is taking active measures to eliminate or reduce those risks to tolerable levels. This demonstrates due diligence, and the result is a significant reduction in negative impacts to personnel, the environment, operations, and the business.

How do you document the discrepancies between the expected behavior and actual behavior of your control and safety system (for example, when your systems fail to do what it was supposed to do or it trips when it really shouldn’t have)?

By following the IEC 61511 standard, the processes of verification and validation will give you confidence that the safety instrumented function(s) will perform as specified when demands occur. If the safety instrumented function does not perform as expected, then the cause of the problem must be determined, documented, and proper modifications made to the safety instrumented system following management of change procedures that align with the safety lifecycle outlined in IEC 61511.

There are numerous potential reasons why a safety instrumented system may fail to do what it is supposed to when a demand occurs. Some examples are:

  • Failure to conduct proper validation of the safety instrumented system after installation and commissioning,
  • Poor maintenance of the safety instrumented system
  • Failure to perform adequate proof tests at required periodic intervals
  • Improper specification of the requirements for the safety instrumented system
  • Failure of equipment in the field may be more frequent than what was anticipated based on failure rates obtained from industrial data sources.

Field failures of the safety instrumented system should be tracked and documented so that appropriate modifications can be made to ensure the safety instrumented system is meeting the specified requirements.

How frequently are your critical trips tested?

The critical trips or safety instrumented functions should be tested as frequently as specified in the safety requirements specification. Not only do the tests simply need to be conducted at the specified interval, but the quality of the test must be such that the specified proof test coverage is achieved.

The periodic proof tests are essential to maintaining the required safety integrity level of the safety instrumented function throughout its specified mission time.

Autopro is a vendor-independent engineering services provider with extensive experience designing and optimizing Safety Instrumented Systems within a range of industries. Our functional safety experts can work either as single analysts and facilitators or with their partners within multi-disciplinary teams to conduct process hazard analyses, layer of protection analyses (LOPA), and safety integrity level (SIL) assessments.