PROCESSWEST Magazine Online

Establishing functional safety: planning from the ground up 

Don Horne   

For safety systems designers and safety officers, particularly those in the petroleum and petrochemicals sectors, knowing the very detailed and exacting requirements for maintaining a safe operating environment is a must.

For those in supporting positions, or anyone who could use a refresher, the design of effective and regulatory-compliant safety systems begins with a thorough understanding of the many standards and definitions involved and how they are applied to the physical design.

Any company with operations that potentially present a potential hazard for staff, local residents or the environment must minimize the risk present under fault conditions, meaning when something goes fails.

The foundation for the protective measures and redundancies put in place to guard against such events are the SILs (Safety Integrity Levels) determined for the various systems, which ranks safety threats from potentially capable of slight harm to capable of causing a catastrophic event.


This is where the design of safety systems begins.

To download the latest Industrial Automation handbook, click here.

The SIL establishes a relative level of risk reduction, setting a target level of reduction for designers. It creates a measurement of the probability of failure on demand (PFD) and is refined according to factors such as frequency of exposure time, potential for harm reduction and probability of occurrence.  It is further shaped by breaking down the assessment risk by its potential imminence – the probability of failure per hour (PFH) , which estimates the probability that a failure will occur during continuous use.

If the various factors that determine how a SIL is determined have you intrigued, and there are more below, by all means look at our Festo whitepaper “An Overview of Functional Safety in the Process Industry” where each contributing element is explained further, as well as how these factors are synthesized to arrive at a final SIL determination.

To download the whitepaper, click here.

This whitepaper also covers other system and component integrity values that that are considered as part of calculating a SIL. These include the Safe Failure Fraction (SFF), Meantime Between Failures (MBF), Hardware Failure Tolerance (HFT), Device Types A and B, and the Failure Rate .

Functional safety systems to guard against these risks and reliability issues are created according to two standards: IEC 61508 and IEC 61511. The former is the basic standard for establishing functional safety on a systemic basis, covering electrical, electronic and programmable electronic safety-related systems and not on an individual component basis. It only applies to a complete Safety Instrumented Systems, or SIS.

Redundancy is a principal tool of an effective SIS. The greater the redundant protection, the more complex and expensive it usually is. The value is opaque; avoidance of accidents, serious damage and downtime. In petroleum, gas processing, petrochemicals and in the handling of other hazardous substances, the SIS architecture determination is critical for both safety and to protect operational reliability.

IEC 61508 and IEC 61511 recommend diverse redundancy to increase the safety integrity of programmable electronic system. SIS architectures, which progress from basic to most advanced based on the degree of redundancy, place process safety and reliability at the forefront of hardware design. In assessing possible SIS architectures, there may be some latitude in the degree of functional safety achieved – what’s good, better and best – for given systems, leaving it up to operators to decide their own risk tolerance within the bounds of their environmental, social and governance goals.

Designing and testing the system in either a new installation or retrofit is the final stage of the project.



Stories continue below

Print this page

Related Stories