Life cycle study of Safety Instrumented Systems & Functions

 Industry accidents have driven the development of Life cycle study of Safety Instrumented Systems and the international standards for safety systems. The lifecycle of SIS(Safety Instrumented Systems) methodology is based on industry standards such as IEC 61508, IEC 61511 and ANSI/ISA-84.00.01.2004. It provides a means of defining the SIS system along with all the associated Safety Instrumented Functions (SIF). The SIF’s are evaluated and assigned a Safety Index Level (SIL) as defined by IEC 61511. The SIL level can be assessed by risk matrix like Risk Graph, Fault Tree analysis and Event tree analysis or Layer of Protection Analysis (LOPA). The typical life cycle of safety instrumented systems and functions is depicted as under:

Analysis:

Hazop: Hazop(Hazard operability) is a methodology which determines the potential Hazards in any industry due to instrumented functions. Its step wise approach which guides to the failure modes its consequences, unmitigated risk and then perform mitigated risk assessment which will be either through adding the SIF( Safety instrumented function) or adjusting the proof test intervals.

SIF: Safety instrumented function is defined during analysis state which is a combination of sensor, logical controller & final element. This is required to achieve a safety integrity level in the event any hazardous situation occurs.

SIL Assessment: SIL( Safety integrity level) is a qualitative or semi quantitative approach to assess the risk of the safety instrumented function. It is imperative that SIL assessment needs to be carried out meticulously which requires a proof from earlier work history data, SCADA events in log. We need to categorize the SIL as per risk levels provided by IEC. The semi-quantitative approach used for SIL assessment is LOPA( Layer of protection analysis). LOPA basically provides a defined Probability of failure on demand gap that safety instrumented system has to fulfill in-order to reach a tolerable level. The data can be gathered from different disparate sources like scada events, or log files.

Design:

During the design phase when the equipment is installed, the safety specifications are considered and detailed safety instrumented system is designed. A safety instrumented system has more than one SIF and PIF(Protected instrumented function) connected to it. For example a PLC or DCS may be considered as a safety instrumented system.

Validation:

In the validation phase, for instance, the single channel system will be validated by adding the failure rates of the individual items & the overall failure rate will be calculated and then compared with SIL assessment as defined by IEC.(International Electro comission) SIL levels are then compared by actual SIL obtained and as defined by SIL loop in reliability databank. Actual SIL levels are a fall back from SFF (Safe failure fraction) which is a combination of dangerous detected, dangerous undetected, safe detected and safe undetected failure rates which is further assessed by FMEDA( Failure mode effect and diagnostic analysis) These failure rates are available in the databanks of reliability publishing. The same methodology is adopted for 1oo2,1oo3,2oo2,2oo3 logics. If the SIL level required doesn’t match with SIL obtained then the recommendation of reducing or increasing proof test intervals or addition of SIF is recommended.

Operate and Maintain Phase:

A typical SIF cycle is 20 years. In a typical life cycle phase of safety instrumented systems 75% is consumed in operate and maintain phase. Once the SIL is validated then the contribution to failures from SIF is obtained. The proof testing is done in order to optimize the intervals. The proof testing is done on a complete loop level. For example the above single channel system pressure switch will be provided the pressure in steps (analog command) in-order to check whether digital output to solenoid is functioning properly.(Digital output). In the event, the proof testing intervals cannot be optimized then a redundant input or output is taken into system which will match the system SIL requirements and system architecture. Once the proof testing is done and work-order is closed in the loop then the work history is extracted post collection of data points. These data points play a very important role in eliminating the failures and optimizing the calibration or testing intervals.

For instance data collected from Work history for optimizing calibration intervals.

Suppose you have 2000 instruments (Transmitter) in your organization and cost of calibration is INR100 each. So 2000 instruments have total cost of calibration 0.2Million INR.Lets do criticality analysis by Weibull. Check B1,(High critical) B5(medium critical)and B20 life(Low critical).We have applied B1 (1% FAILURE for High critical) B5(5% FAILURE for Medium) &B20(20% Failure for Low critical).B1(99% will be in calibration =2.4 approx. 2 instruments).Also, we can see high infant mortality in calibration intervals means poor quality of calibration process.So, the calibation would be performed on the prescribed intervals suggested by history.

The proof testing intervals also show the failure records which can be entered in the work history and then similar analysis is performed to predict the next failure rate. The life cycle cost of the system is also calculated by the same methodology