Overall view and attention to details are required by process and functional safety management. Let's try to identify the key points of the IEC 61511 lifecycle in this mini guide.
Functional safety is part of the comprehensive approach to plant process safety. When dangerous events occur, it is important to know that instrumentation and automation devices such as sensors, control units, valves and other final elements can bring the process into a safe state. If applied correctly, functional safety principles ensure that any dangerous event is prevented or mitigated by equipment designed with the appropriate integrity level related to the risk.
Today Safety Lifecycle (SLC) is based on the standards IEC 61508 (2nd edition, 2010), IEC 61511 (2nd edition, 2016/17), and ANSI / ISA 61511 (2018). It is performance related (does not require mandatory constraints), requires a development cycle for software based on AP (Application Program) and severe testing, validation, and trial phases such as FAT (Factory Acceptance Test).
The safety lifecycle for the process industry sector has been defined by IEC 61511 standard. It has been designed considering the unpredictability of dangerous failures and in particular to recognize that failures can spread across systems from different sources and at different stages of the lifecycle. It is essentially a flowchart that describes the phases of different required activities (and related responsibilities, skills, and documentation) to assess the hazards and then develop levels of protection to prevent or reduce the risk.
The lifecycle of IEC 61511 standard focuses on Safety Instrumented Systems (SIS) as one of the critical levels of protection that require careful specification, design, testing and maintenance. A key element throughout the safety lifecycle is Functional Safety Management (FSM). Companies using SIS as part of their risk reduction measures should set up a robust FSM system. A well-designed FSM system ensures that all personnel are competent for lifecycle part under their responsibility. It provides effective policies, planning and procedures to control all lifecycle activities that affect the initial design of the SIS and its maintenance or modification. Different lifecycles are defined for diverse supply chain organizations and managers involved: end-users, engineering companies, EPCs, hardware /software developers, etc.
Activities that take place in the lifecycle require a few fundamental steps: analysis, development, operation and maintenance, management, planning and verification. These steps are quite common in engineering, but when systems designed for safety are taken into consideration, they need a new level of accuracy and importance.
Many projects involving functional safety and SIS get off on the wrong foot by assuming the false assumption that copying the lifecycle from the standard could be enough. In reality, it is important understanding what is required in the many clauses of the safety lifecycle, identifying the phases that characterize it.
In this phase, a rigorous analysis of the process’ dangers is carried out, comparing the probability that a risky scenario should occur with its consequences. The end user must define the maximum tolerable risk in the installation. Each risky scenario must be analyzed in detail and translated into the assignment of the necessary protection levels for the different devices and systems (safety valves, control system, etc.). If the “non-SIS” protection layers are not sufficient, another SIS protection layer with the required level is assigned. The SRS (Specification of safety requirements) is the most important document of this phase related to the lifecycle and is the basis of the functional safety assessment (FSA-1, Functional Safety Assessment-1).
In this phase, technological choices are fine-tuned, including hardware configuration and software programming. It starts with the design of the safety functions (SIF) defined in the previous phase of the SIS lifecycle. Then, the design is carried out so that the SIL level required in the SRS is satisfied. If necessary, the design of non-compliant SIFs is reviewed, and the SRS updated. Therefore, products and equipment procurement, construction and installation are implemented. The most important part is the validation of the SIS through FAT preliminary testing, the functional safety assessment (FSA-2) and the Site Acceptance Test (SAT) type followed by regulatory verifications (FSA-3).
Operation and maintenance phases
Operation and maintenance represent the longest phases of the SIS lifecycle. Preparing a good SIS maintenance plan is one of the key factors, as well as its correct execution and a good safety culture accompanied by a credible staff training plan. ln these phases trial tests, inspections, bypass management, repairs, breakdowns, and spare parts are fundamentals. Compliance with the SRS must be constantly monitored and if necessary, changes to the SIS must be considered. In phases 3 and 4 (FSA-3, FSA-4) regulatory and operational functional safety assessment is also essential.
Usually, the safety lifecycle takes the IEC 61511 / IEC 61508 standards as a model. The lifecycle starts with the planning of the design activities and ends with the validation of the system. The activities to be carried out during the lifecycle are grouped into phases. For each phase, the standard prescribes activities to be performed, necessary information, documentation that must be produced, and finally the methodologies and techniques to be used.
Would you like to know more? Watch our webinar “IEC 61511 Lifecycle overview” at GMI YouTube channel