3. Introduction
Safety Instrumented System Design per “ISA S84”* is
becoming a common practice
Poor documentation is being generated due to
“safety case” mentality
Current practices ignore audience of documents and
“good practices” for specifications in general
* ANSI /ISA 84.00.01-2004 (IEC 61511-Mod)
4. FEED Phase SIS Documents
List of Safety Instrumented Functions (SIF)
Grouping of Instrumented Protective Functions (IPF)
– Group by equipment or process
• Compressors
• Reactors
• Fired Heaters
P&ID representation of SIF
Logic description
– cause and effect tables
– Boolean logic diagrams
– Narrative (“plain English” description of operation)
Testing procedures (with documentation of results)
5. Preliminary Design Steps
SIF List should be precursor to SIL selection
HAZOP/LOPA without knowledge of typical SIF leads
to errors
HAZOP is a final check on a good design, not a
design task
Typical SIF based on experience, standards, codes,
and judgment
6. Instrumented Protective Function Groups
Group instruments together that are functionally
related
Typically based around major equipment
– Compressors
– Fired Heaters
– Reactors
Typically contains multiple SIF
Also can contain non-SIF instruments and logic
8. IPF Grouping for Separator
V-101
PT
101B
PV
101B
PT
101D
LT
101A
LT
101B
PI
101C
PIC
101B
H
L
A
D
PT
101C
PV
101A
PIC
101A
PT
101A
USC
101
USC
101
LG
101A
LG
101B
H
H
L
Detail “A”
Detail “A”
9. Advantages of IPF Grouping
Compact information with minimal duplication
Facilitates programming – programmer shielded for
single instruments in multiple SIF
Facilitates design and I/O counting
Facilitates test plan development and testing
10. P&ID representation
Symbology for SIS, specifically tag naming in
inconsistent (I, X, UC, USC)
Use of “S” is technically correct, but leads to more
confusion (PSV is always a relief valve??)
Use of typicals to minimize clutter
12. Safety Requirements Specs
Specifications (emphasis on ‘s’)
Limit information to what is required for audience (SIL
not required on C&E or P&ID)
Use “general requirements” statements for common
features such as bypassing
Refer to other documents for non-critical information
13. Typical Bypass Note
1.1 Bypass / Override SIS Logic Solver
Each of the functional groups that are described in this Safety Requirements
Specification shall require a shutdown bypass function for maintenance and testing. The
bypass functionality described in this note shall not be used for normal operations. If a
bypass is required for normal operations such as start-up, a dedicated hard-wired
bypass facility shall be provided.
The SIS shall be configured so that bypasses are implemented using a two-step process
that includes activation of a unit-specific “bypass enable” switch and activation of an
input-specific BPCS bypass soft switch. Only when both of these items are activated
shall the input be bypassed. When an input is placed in “bypass”, the SIS logic solver
shall hold the input in the non-trip state, regardless of the status of the bypassed input.
15. Conclusions
Room for improvement in SIS documentation
practices
Consider the audience for the documents
Use good engineering practice
Minimize data duplication
Leads to shorter preparation time and fewer errors
16. Business Results Achieved
Decreased implementation time and cost
– Compact documentation is easier to prepare and more
accurate
– Use of standard modules instead of custom development
– Minimal clarification and rework
Decreased ongoing maintenance effort and cost
– Updates only occur in one document
– Likelihood of inconsistent data in multiple documents
decreased
Safer processes
– Lower probability of systematic errors in system resulting
from poor documentation
17. Summary
SIS design can be made safer and more cost
effective through documentation method
improvements
Specification preparation time can be reduced by as
much as 50%*
Please fill out comment cards and e-mail any feed
back you have to the authors
Questions?!?
18. Where To Get More Information
ISA Bookstore – Safety Integrity Level Selection
Kenexis Web Site
– HTTP://www.kenexis.com/resources
Emerson SIS Lifecycle Workbook
– At Delta V SIS Booth during EGUE
– Contact Emerson After EGUE
Notes de l'éditeur
Ed to provide Kenexis logo.
Notes:
First bullet: added “more complete” name for what we commonly refer to as “ISA S84” or even “S84” for short.
Second and third bullets: Ed explains what is meant by “safety case” mentality. That following S84 point by point is the root cause of poor SRS documents resulting in a large document that is difficult for the user of the document – those involved in designing and building the SIS.
Maybe include an example of a “bloated” bad document versus the more user friendly format. Phone book versus People magazine…. Or better analogy.
Ed – Is the second bullet on a wish list of the right way to do things, whereas the others are more common place? Maybe reorganize with the typical on top and wish list at the end.
Ed to incorporate verbal narrative of how DeltaV is well suited to IPF’s, not necessary to have huge monolithic safety logic solver (as they are cumbersome, more difficult to maintain or implement changes over the years), etc.
Added sub-bullets to Logic description – not that this is implying a choice of one of the three but the best results are had when all three are present. Not all nuances can be captured in the cause and effect table (like reset actions), logic diagrams are bullet proof (if done correctly), but the plain English narrative makes it easy for someone not waist deep in the logic to understand what is supposed to happen (operators and managers…)
First bullet: I agree that the functions should be identified first before the discussion on severity and frequency of a failure on demand.
Second bullet: Can you cite an example of an error in the process hazard analysis (PHA) due to ignorance of the SIF? I’m not clear on this as I thought that the “true” hazard analysis is done on a process in the absence of protective instrumented functions. Or is the point being that someone that knows how to build safety systems be present in the PHA?
Third bullet: I like it - but kind of reverses the common man’s thinking (me too). Chicken and egg thing here? Does one do a generic PHA as part of the process design to identify the SIF’s, then do a HAZOP (trademark) on the final process including the SIS design?
Fourth bullet: You seem to be implying that experienced engineers can do the required process design work, with SIS, before the formal HAZOP. This makes sense but I’m sure it will be a comment that will stimulate some discussion – if someone interrupts, agree with their point and say that we’ll discuss this as the first question in the Q&A period – we’ll have a better chance of staying on time.