ANSI/ISA standard affects existing SISs

By Dr. Angela E. Summers, PhD, PE

IN SEPTEMBER 2004, the European Committee for Electrotechnical Standardization (CENELEC) and the American National Standards Institute (ANSI) accepted a new process sector standard. With its adoption, this standard becomes the primary driving force behind the work processes that should be followed to design and manage safety instrumented systems (SIS). These systems consist of the instrumentation and controls intended to achieve (or maintain) a safe state with respect to a specific process risk. This standard is IEC 61511, or EN IEC 61511, or ANSI/ISA 84.00.01-2004 Parts 1-3 (IEC 61511 Mod). This article concerns the United States version, which will be referred to as S84.01-2004.

S84.01-2004 is identical to IEC 61511 with one exception. The United States added a “grandfather clause” for existing SISs. The standard integrates the various process safety management approaches used successfully throughout the world. The SIS lifecycle provides a framework for the various activities that are considered essential to the assessment, design, maintenance, inspection, testing, and operation of SIS. A quality management system is also defined to minimize the systematic errors during major project phases, such as:

• Hazard assessment
• Design
• Engineering, Installation, Commissioning, and Validation
• Operating and Maintenance
• Change management

The standard uses a performance metric, the safety integrity level (SIL), to establish order of magnitude levels of analysis, design, diagnostics, testing, and management rigor. The SIL is related to the risk reduction allocated to the SIS to mitigate a specific process risk to a tolerable level.

A new technical report, ISA TR84.00.04, will soon be released by the SP84 committee, which is titled, “Guideline on the Implementation of ANSI/ISA 84.00.01-2004 Parts 1-3 (IEC 61511 Mod).” The technical report is divided into two parts. Part 1 provides the differences between S84.01-1996 and S84.01-2004 and addresses a variety of topics in a series of annexes. Part 2 is an example of the implementation of the new standard on a hypothetical SIS project. Some topics of particular interest in TR84.04 are:

• Evaluation of the applicability of the grandfather clause
• Management of functional safety (e.g., identification of worker roles and responsibilities)
• Selection of SIS devices
• Basic Process Control System and its relationship to the SIS
• Operator initiated safety function – human error considerations

This article will now focus on the grandfather clause and its implications to existing instrumentation and controls. S84.01-2004 should be incorporated into the design premise of any new or expanded process unit and into the design specification for the upgrade of existing SIS.

Grandfather Clause
S84.01-2004 Part 1 Clause 1y is considered the “grandfather clause” and states the following:

“For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issuance of this standard (e.g. ANSI/ISA 84.01-1996), the owner/operator shall determine and document that the equipment is designed, maintained, inspected, tested, and operating in a safe manner.”

This grandfather clause is similar to the one contained in S84.01-1996, which was developed by the ISA SP84 committee to document the instrumentation and controls lifecycle associated with OSHA 1910.119 Process Safety Management. OSHA specifically requested that a grandfather clause be included when they reviewed S84.01-1996. After confirming its presence, OSHA issued a letter acknowledging the standard as representing good engineering practice.

However, making a claim that an existing system meets the intent of the grandfather clause should not be taken lightly. The Clean Air Act Amendments require owners/operators “to design and maintain a safe facility.” OSHA requires that owners/operators provide a place of employment that is “free from recognized hazards.” When investigating incidents, OSHA looks to current good engineering practices to benchmark the owner/operator design and management practices.

As an example, consider an OSHA citation issued 10/22/2004 to Formosa Plastics Corporation, Illiopolis, Ill. The citation was related to an April 23, 2004 explosion in which five workers died, three workers were seriously injured, and the facility was seriously damaged. Numerous items were cited, but three items are particularly notable.

First, citation 1 item 7a specifically referenced S84.01-1996 (accepted as an ANSI standard in 1997):

“…did not document that its PVC1 and Past programmable logic controllers (PLC) and distributed control systems (DCS), installed prior to 1997, complied with recognized generally accepted good engineering practices such as ANSI/ISA 84.01, ‘Application of Safety Instrumented Systems for the Process Industries,’ the current consensus safety standard for such systems in that the devices were not being maintained, inspected, tested and operated in a safe manner as no maintenance was being done on the units, no inspections or tests were done, and the access to them was not controlled.”

When an owner/operator has an incident, its practices are compared to published good engineering practices. It is the responsibility of the owner/operator:

• To determine that existing SISs meet the intent of the grandfather clause
• To document the operating, testing, inspection and maintenance conditions under which this will remain true.