Davide Arnoldi
top of page
Servizi: Servizi

IEC61511 Functional Safety Services

HAZOP study

The HAZOP study is aimed at identifying the process deviations related to safety, environment, asset and reputation risks and identifying possible improvements / corrective actions

For the realization of the HAZOP analysis, MYND provides a team composed of a Leader and a Scribe of experience, to better conduct the study and elaborate the final report necessary for the subsequent SIL analysis

For the HAZOP study, MYND provides all the preparation, development and final reporting activities:

  • Issuance of HAZOP TOR (procedure for conducting HAZOP meeting);

  • Identification of HAZOP nodes on P&ID;

  • Preparation of a final report including the following elements:

  • HAZOP action sheets;

  • List of recommendations raised;

The duration of the HAZOP seminar depends on the size of the plant and its complexity

Safety Integrity Level (SIL) study

In clause 9 of the IEC 61511 standard life cycle, it is essential to recognize the levels of protection that already exist and the risk reduction they can provide.

If a Safety Instrumented System (SIS) protection layer is required, a determination of the SIL level of each SIF assigned to the SIS will be required.

The SIS is therefore the container of all the "safety loops", consisting of the sensor up to the final element, which are called Safety Instrumented Function (SIF) and in which the SIS is used to implement one or more SIFs.

The peculiarity of the SIF is that it refers to a single function to be controlled, such as a trip at high or low pressure (dangerous situations), avoiding dangerous events and guiding the process towards a safe state.

The SIL level corresponds to the reduction of the required risk, which is determined considering the process risk, and checking that this is within the tolerability range.

This study is also normally known as "SIL allocation, SIL study, SIL analysis" etc.

For each project, a dedicated procedure for SIL classification must be implemented, with the recording of the classes of consequences. The reference standard is IEC61511 part 3 (Guide for determining the levels of safety integrity required)

There are several methods for determining the SIL level, but nevertheless the most used are:

  • Qualitative method: risk graph

  • Semi-quantitative method: protection layer analysis (LOPA)

Safety Integrity Level (SIL) verification

SIL verification is essential to verify whether the instrumented safety functions (SIF) designed meet the required SIL. For this verification it is necessary to verify the SIL level through "three barriers" such as:

  • SIL level from SIF architecture constraints

  • SIL level from Probability Failure on demand (PFD)

  • SIL level from systematic capacity of the installed instruments

The architecture of the SIF will depend on the SIL target of the function and also on the Safe Failure Fraction (SFF) of the subsystems of the function.

In general, for any configuration, the calculation of the PFD is determined by the contribution of the undetected dangerous failure rates of the SIF components and by the test test interval

The systematic capacity of the device is established by the quality management system verified according to the IEC 61508 standard. If the quality management system meets the requirements of the IEC 61508 standard, an evaluation of the SIL capacity is issued and the evaluation achieved depends on the effectiveness of the quality management system.

The lower SIL level deriving from the "three barriers" will be the SIL level of the safety function and must necessarily correspond to the SIL level assigned during the SIL allocation

Functional Safety Management

The objective of functional safety management (FSM Functional Safety Management) is to identify the requirements of the management activities necessary to ensure the achievement of the targets set for functional safety.

A safety management system must be designed to ensure that if instrumented safety systems (SIS) are used, they have the ability to keep the process safe.

The planning of functional safety management takes place to define the activities, criteria, techniques, measures, procedures and organization / people responsible for the purpose of:

  • Ensure the achievement of the functional integrity and safety requirements of the SIS

  • Ensure correct installation and commissioning of the SIS

  • Ensure the integrity of the security of the SIF after installation

  • Maintain integrity of safety during operation (test / coverage / fault analysis)

  • Manage process risks during maintenance activities on the SIS

The life cycle of the SIS is defined during security planning, including application programming activities.

Each phase of the SIS security lifecycle is defined in terms of inputs, outputs and verification activities

Safety Requirements Specification (SRS)

The objective of SRS (Safety Requirements Specification) is to specify the requirements, including any application programs, and to define the architecture of the SIS.

For IEC61511, SRS is a regulatory requirement

The purpose of SRS is to make the description of each SIF usable by anyone, anywhere and whenever there is a need to understand the SIF.

The security requirements derive from the assignment of the SIF and the requirements identified during H&RA. SIS requirements must be expressed and structured in such a way as to be clear, precise, verifiable, maintainable and feasible;
written to aid understanding and interpretation by those who will use the information at any stage of the security lifecycle.

In essence, the purpose of SRS is to define the functional and performance requirements for the instrumented safety functions (SIF)

The content of the specification of the safety requirements is listed and required in clause 10.3 of the IEC 61511 standard [16].

The specification of the safety requirements includes:

  • the provision of a description of all the safety functions necessary to achieve risk reduction, as determined by the SIL assessment.

  • the indication of the level of integrity for each instrumented safety function.

  • the provision of a safe state definition for each of the identified safety instrumented functions.

  • the definition of the state requirements for the test test intervals.

The SRS is subject to various revisions as further SIL assessments and detailed design advances are performed.

Functional Safety Assessment (FSA)

It is required by the IEC 61511 standard that a functional safety assessment (FSA) takes place at least once during the project, before the SIS is commissioned.
Section 5.2.6 of IEC61511 describes the content of the FSA and the possible phases of the project in which they could take place. It also describes the degree of independence from the project that the FSA auditor must have.
The purpose of an FSA is to express an opinion on the functional safety and on the integrity of the safety achieved by the instrumented safety system.
The FSA will examine the various phases of the SIS design, examining in particular the documentation relating to competence, risk assessment (HAZOP, assessment of the level of safety integrity), SIL validation, software development and configuration control, system test and validation (both factory and site) and operating and maintenance procedures.

bottom of page