2023 Spring Meeting and 19th Global Congress on Process Safety

(9e) SIS Design with Credible Failure Rates: The Key to Achieving Plant Safety

Author

The concept of a safety system to protect the plant and humans from hazardous scenarios has existed since the beginning of process automation. Prior to IEC61508/IEC61511 standards, the requirements of Emergency Shutdown Systems (ESD) were prescriptive. Depending on the application, the hardware, the redundancy, and the voting architecture were prescribed. IEC61511 -1st edition (2003) introduced the performance-based approach for designing the Safety Instrumented System (SIS) with additional minimum redundancy requirements because high quality device failure rates were not available. In IEC61511 -2nd edition (2016) the minimum redundancy requirements were relaxed due to the assumption that over time, the device failure rates were now available with a high degree of confidence.

This decision had an unintended consequence. The design of SIS now largely depends on the Dangerous Undetected failure rate (lDU). If one obtains devices with very low lDU and uses these device failure rates in Safety Integrity Level (SIL) calculations without any due diligence, one can in theory meet higher SIL even with longer proof test intervals, e.g., 4 years or more. In theory, one would meet all requirements of IEC61511, yet the required process safety will not actually be achieved in the field. The standards have put the burden of verifying the credibility of device failure rates on the end users.

This paper explains some of the reasons why the lDU published in some certificates and safety manuals could be unrealistically low. To address this challenge, ISA TR84 committee Working Group 02 has undertaken an effort to develop a failure rate credibility assessment tool. In this tool, the user will answer a series of questions and the weighted score of answers will provide a credibility rank for the published device failure rate. This paper will explain in detail the approach of this tool, consider its challenges, and provide guidance for users, manufacturers, and certifying agencies.