The Safety Instrumented Function: An S-Word Worth Knowing

Understand the SIF to Control Confusion, Complexity and Cost of Safety Instrumented Systems

3 of 3 1 | 2 | 3 > View on one page

Definition of the SIF in the SRS

Standards IEC 61511 and ANSI/ISA 84.01 have specific requirements for defining the safety instrumented function (SIF) for the Safety Requirement Specification (SRS), including:

  1. A physical and functional description of the SIF.
  2. A definition of the safe or mitigated state of the process for the SIF.
  3. A definition of any interaction of the SIF's safe state with other concurrently occurring safe states or events that may create a separate hazard (i.e., overload of emergency storage, multiple relief to flare system, subsequent downstream or upstream tripping, etc.).
  4. Initiating causes (sources of demand) and frequency of causes (demand rate) of the hazard related to the SIF.
  5. Identification of the proof testing methods and intervals for off-line and online testing for the system and for individual components if they are not tested as a system.
  6. Response time (speed) requirements for the SIF to bring the process to a safe state. This includes detection time, decision time, final element action time, transmissions times, and time to bring the system to a safe or mitigated state.
  7. The safety integrity level (SIL) and mode of operation (demand/continuous) for the SIF.
  8. Identification of the SIF process measurements, their normal measurement ranges, normal operating ranges, and trip points.
  9. A description of the SIF process output actions (final element actions) and criteria for successful operation, i.e., tight shut-off, speed.
  10. The functional relationship between process inputs and outputs, including logic, mathematical functions, conditions, and any required permissives.
  11. Identification of any common-cause failure modes that affect the SIF.
  12. Requirements for manual shutdown.
  13. Requirements for resetting the SIF after a shutdown.
  14. Trip philosophy: energize-to-trip (ETT) or de-energize-to-trip (DTT).
  15. Identification of SIF failure modes and desired response of the SIF to them (e.g., alarms, automatic shut-down).
  16. Any specific requirements related to the procedures for starting up and restarting the SIF as well as for maintaining the SIF.
  17. Definition of all the interfaces between the SIF and any other systems (including the basic process control system and operators).
  18. A description of the modes of operation (normal and abnormal) of the plant that affect the SIF and the its response or operational mode for these modes of operations (startup, reduced rates, high rates, shutdown, different product grades, known upsets, etc.).
  19. Application software safety requirements pertinent to the SIF.
  20. Requirements for maintenance, testing, or operational overrides/inhibits/bypasses, including how they will be initiated, how they will be monitored while in place, and how they are cleared.
  21. Identification of any action necessary to achieve or maintain a safe state in the event of fault(s) being detected in the SIF. Any such action shall be determined taking account of all relevant human factors, procedures, training, etc.
  22. The mean-time-to-repair (or restoration) that is feasible for the SIF, taking into account the in-house maintenance capabilities, procedures and practices, spare part availability, etc. If the required maintenance is out of house then capability, travel time, location, spares holding location, service contracts, environmental constraints, etc., must be considered.
  23. Maximum allowable spurious trip rate. This should also consider whether there are any safety issues to spurious trips such as the potential hazards involved in restarting the SIF.
  24. For SIFs that have multiple final elements affecting different process functions (different equipment, valves that isolate or vent different process streams, etc.), identify any possible dangerous combinations of output states (where not all the final elements operate properly) that need to be avoided.
  25. Identify the extremes of all environment and abuse conditions likely to be encountered by the SIF. This may require consideration of temperature, humidity, contaminants, grounding, electromagnetic interference/radio frequency interference (EMI/RFI), shock/vibration, electrostatic discharge, electrical area classification, flooding, lightning, human factors, and other related factors.
  26. Definition of the requirements for the SIF necessary to survive a major accident event, i.e., time required for a valve to remain operational during a fire.
3 of 3 1 | 2 | 3 > View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments