Several important changes were made to IEC 61511, Parts 1, 2 and 3, second edition, "Functional safety—safety instrumented systems for the process industry sector," issued last year. The U.S. uses a modified, nearly identical version, ANSI/ISA 84—Parts 1, 2 and 3 (61511 modified), which is presently being updated based on IEC 61511, 2nd edition, according to Robert Ancrum, instrumentation, control and safety instrumented system (SIS) consulting engineer.
Ancrum adds that modifications to IEC 61511, 2nd edition, include:
- Digital (cyber) security assessment must be performed on safety instrumented systems (SIS) to prevent unauthorized changers and potential external hacking.
- Regular functional safety audits (FSA) must now be performed during operating and maintenance parts of the SIS lifecycle. (The old standard only mandated an FSA before the SIS went into service.)
- Competency requirements were modified to require more details, including training records and regular scheduled competency training.
- Requirements for safety requirement specifications (SRS) were increased to include I/O lists, process measurement ranges and accuracy.
- Process safety time (PST) has been defined, and safety instrument function (SIF) response time must be shown and documented to be less than the PST.
- Specific requirements added for managing a SIF bypass during the operation and maintenance part of the SIS lifecycle.
- More emphasis that failure rates used during the reliability calculations of the SIS design are "credible, traceable, documented and justified."
- Systematic and random failures are better defined.
- Safety Manuals must be developed to maintain and proof-test the SIS to maintain it to the design SRS.
- Better definition of high and low demand rates.
"Control engineers need to be aware of the standards, IEC 61511 and nearly identical U.S. version ANSI/ISA 84, because it's common to see independent protection layers (IPL) in control systems," adds Ancrum. "There's a common misconception that all the process safety protection layers are in the SIS. It's quite common to take credit for control loops and control system process alarms as layers of protection in a LOPA to mitigate a process hazard. However, two common problems are these control system IPLs aren't communicated to the control engineers, and they're typically not trained in functional safety. For any refinery or chemical facility, there are at least two functional safety engineers, the SIS engineer and the control engineer.
"ISA S84 came out with the first SIS standard ANSI/ISA S84 in 1996, IEC-61511 came latter. ISA is now on its third revision whereas IEC-61511 just completed its second addition. For the U.S., the clock started over 20 years ago to be complaint. Many refineries and chemical facilities from what I hear are still well short of full compliance. Companies keep this compliance data very confidential."