(148a) Analysis of Shared Device(S) between SIS and BPCS

In the design of Safety Instrumented Functions (SIFs) within the safety instrumented system (SIS), good engineering practice encourages the designer to employ the principle of independence from the Basic Process Control System (BPCS), considering all subsystems (e.g., sensors, logic solvers, final elements). In practice, particularly for existing facilities, there may be constraints that would make independence of all subsystems a design challenge. There may be opportunities to achieve the necessary risk reduction while sharing a device(s) between the SIS and BPCS.

According to the Functional Safety Standard, ANSI/ISA-61511-1-2018, a device used by the BPCS shall not be used by the SIS where a failure of that device may result in both a demand on the SIF and a dangerous failure of the SIF, unless an analysis has been carried out to confirm that the overall risk is acceptable. The standard continues to note that when part of the SIS is also used for control purposes and a dangerous failure of the common equipment would cause a demand on the function performed by the SIS, then a new risk is introduced. The additional risk is dependent on the dangerous failure rate of the shared device because if the shared device fails, a demand will be created immediately to which the SIS may not be capable of responding. For that reason, additional analysis can be necessary in these cases to ensure that the dangerous failure rates of the shared devices are sufficiently low. ANSI/ISA-61511-2-2018 (Part 2 of the standard) states that “sufficiently low” means the dangerous failure rate of the shared equipment combined with the probability of failures of other protection layers (other than the SIF) meets corporate risk criteria.

This paper will present a method of demonstrating whether the dangerous failure rate of the shared device(s) will result in a tolerable risk for the hazard scenario being evaluated. The method applies the principles of Layer of Protection Analysis (LOPA) and the Safety Integrity Level (SIL) verification guidance per Clause 11.9, Quantification of Random Failure. The results of the mathematical analysis will be a hazardous event frequency that can be compared to the corporate risk tolerance for the given consequence severity. This paper is of significant interest to industry leaders responsible for process safety, functional safety and risk management.