Safety Instrumented Systems

Latest IEC 61511 second edition updates

By Jim Montague

Several important changes have been made to IEC 61511, Parts 1, 2 and 3, second edition, "Functional safety—safety instrumented systems for the process industry sector." It was released in 2016, and adopted as U.S. national standard, ISA-61511, in late 2017 by the ISA 84 committee.

Angela Summers, instrumentation, control and safety instrumented system (SIS) guru, and president at engineering consultant SIS-TECH ( in Houston, reports significant modifications to IEC 61511, second edition, include:

  • Evaluation of existing SIS is covered by functional safety management. Changes to the SIS must meet IEC 61511. (See Summers’ article, "Does your existing SIS get the job done?")
  • Functional safety assessments must now be performed periodically throughout the SIS’s life.
  • Risk reduction claimed for a basic process control system (BPCS) is limited to two protection layers for a total risk reduction of 100 because the BPCS is not designed in accordance with IEC 61511.
  • Multiple instrumented safeguards claimed for the same hazardous event must be evaluated for common cause and systematic failures. Risk reduction claims >10,000 must be justified based on quantitative analysis of systematic failures.
  • Compensating measures are needed to address risk when a SIF is out of service for any reason while hazards are present.
  • Security risk assessments must be performed on SIS to identify cyber-threats and the countermeasures necessary to enhance SIS resilience.
  • More emphasis on monitoring performance of the installed SIS in the operating environment and verifying reliability assumptions made during design.

"Control engineers need to be aware of IEC 61511 because it impacts how control and safety systems are integrated with plantwide systems and operator interfaces,” adds Summers. "There's a common misconception that if you're not personally responsible for a SIS that you don’t need to worry about it. However, the control system engineer is responsible for ensuring that the control system only communicates approved information to the SIS and that the operator interacts with the SIS in a manner that sustains safe operation.

"For U.S. industry, the compliance clock started more than 20 years ago. Many refineries and chemical facilities have been working with ISA and the Center for Chemical Process Safety (CCPS) to publish cost effective and practical approaches for compliance. People new to the standard may feel overwhelmed on first read, but there are thousands of pages of guidance and multiple training courses to help them catch up.”

Like this article? Sign up for the twice weekly Control Update newsletter and get articles like this delivered right to your inbox.