The aim of this paper is to give a new insight into some fundamental concepts of the IEC 61508 standard. In a first part, we examine low and high or continuous demand modes of operation. We study how to determine the accident frequency in the case the system under study is made of one element under control and its associated safety instrumented system. In a second part, we study the relationship between the average probabilities of failure on demand and the risk reduction factor. Finally, we consider the probability of failure per hour of a safety instrumented system. We propose different ways to compute it.
Auteur
F.Innal, Mr. Yves Dutuit, Mr. A. Rauzy, Mr. Jean-Pierre Signoret, Mr.
Over the past 25 years there have been a number of initiatives worldwide to develop guidelines and standards to enable the safe exploitation of programmable electronic systems used for safety applications. In the context of industrial applications (to distinguish from aerospace and military applications) a major initiative has been focussed on IEC 61508 and this standard is emerging as a key international standard in many industrial sectors. This paper looks at the background to the development of IEC 61508, considers some of the key features and indicates some of the issues that are being considered in the current revision of the standard.
This paper is an updated version of a paper by the Health & Safety Executive, UK (Author; Ron Bell) 2005. The paper first appeared in the ACS Workshop on Tools and Standards, Sydney, Australia 2005. This version: May 2007 Reproduced under the terms of the Click-Use License. May 2007
This paper presents main results from a project that prepared a guideline for use of the standards IEC 61508 and IEC 61511 in the offshore industry of Norway. There is a focus on the determination of Safety Integrity Level (SIL) for main equipment. Also the paper will discuss the elements contributing to safety unavailability and the calculation of the Probability of Failure on Demand (PFD), which is crucial for the determination of SIL.
The purpose of this document is to introduce the concept of functional safety and give an overview of the international standard IEC 61508. You should read it if you are:
Wondering whether IEC 61508 applies to you,
Involved in the development of electrical, electronic or programmable electronic systems which may have safety implications, or
Drafting any other standard where functional safety is a relevant factor.
Section 2 of this document gives an informal definition of functional safety, describes the relationship between safety functions, safety integrity and safety-related systems, gives an example of how functional safety requirements are derived, and lists some of the challenges in achieving functional safety in electrical, electronic or programmable electronic systems. Section 3 gives details of IEC 61508, which provides an approach for achieving functional safety. The section describes the standard’s objectives, technical approach and parts framework. It explains that IEC 61508 can be applied as is to a large range of industrial applications and yet also provides a basis for many other standards.
Source – International Electrotechnical Commission (IEC)
IEC 61511 was released as an international standard in 2004. The United States ISA SP84 committee has accepted ISA 84.01-2004 as the replacement for ANSI/ISA 84.01-1996 (ISA 84.01-1996). The new standard will be called ANSI/ISA 84.00.01-2004 (IEC 61511). […] The SP84 committee is now completing a guidance document, ISA TR84.00.04, concerning implementation of ISA 84.01-2004 in the United States. […]Although ISA 84.01-2004 uses a lifecycle concept, it is no mirror image of ISA 84.01-1996. An international standard must harmonize the standards of many countries. Consequently, the standard will add new requirements for component selection, design architecture, software development, pre-startup safety reviews, operation and maintenance, and management of change. […] this paper will focus on the most significant differences between ISA 84.01-2004 and ISA 84.01-1996, highlighting what end users need to consider in migrating their current ISA 84.01-1996 programs into ISA 84.01-2004 programs.
Safety Integrity Levels as defined by IEC 61508 provide the plant designer with the opportunity to optimise the design of protection system against potential hazards based on knowledge of the consequences of failure. This paper details the reasons behind the development of the standard, and describes the techniques that can be used for integrity level evaluation. A case study is then presented that demonstrates approaches for assessment and implementation of the safety integrity requirements.
This article reviews the principle requirements of IEC 61508 relating to the specification and design of hardware and software in programmable electronic systems intended for use in safety-related applications.
This paper was originally published in the Computing & Control Engineering Journal, vol. 11, no.11, February 2000 Institution of Electrical Engineers, London, UK
This paper describes the complementary requirements to be applied for a dedicated electric/electronic programmable electronic safety related systems that is used for a situation of explosive atmospheres where the ATEX 137 directive (1999/92/EC), the ATEX 100A directive (94/9/EC) and standard EN-IEC 61508 apply. Although the fact that EN 61508 is a basic safety publication and therefore not part of the reference list of harmonized standards under the ATEX 100A directive, it is concluded in this paper that EN-IEC 61508 can contribute to the implementation of the ATEX 137 and 100A directives. ATEX 137 concerns minimum requirements for improving the safety and health protection of workers potentially at risk from explosive atmospheres. ATEX 100A comprises legislation concerning equipment and protective systems intended for use in potentially explosive atmospheres. Particularly, concerning the execution of the risk assessment and the establishment of the required risk reduction (as required by ATEX 137) and safety requirements (as required by ATEX 100A) on equipment and safety systems, the use of the defined safety integrity levels for electric/electronic programmable electronic safety related systems appears to be beneficial. Finally, a practical example is discussed that shows how an electric/electronic programmable electronic safety related systems can be used, in compliance with the ATEX directives and EN 61508 in situations with explosive atmospheres.
Process industry sector specific international standard IEC 61511 is being adopted by most national safety governing bodies around the world. Although SIS hardware manufacturers are referred to IEC 61508, the “Prior Use Clause” of IEC 61511 would appear to open the door for the use of field elements as well as Logic Solvers that have not been designed to meet IEC 61508.
It could be argued that the standards are usually only enforced after a safety or environmental incident. However, it is not a good feeling for the plant manager to get his wake-up call from an attorney.
The questions asked are: Should I use non-certified hardware for my Safety Instrumented System (SIS)? What are the restrictions? Who has the burden of proof? What level of documentation is involved? How do you define similar prior operating and physical environments? Can I use a transmitter with proven experience in a control system environment for my SIS? Can I use a non-certified PLC (Logic Solver) for safety?
This paper reviews the conditions and guidelines outlined in the standards. Issues addressing safe failure fraction, minimum hardware fault tolerance, operating environment restrictions, etc, are analyzed for safety, practicality and lifecycle costs.
The conclusions provide the plant operator with the elements conducive to making an intelligent decision when faced with the options of using third party certified subsystems or proven in-use non-certified equipment in a SIS.
This paper discusses the International Electrotechnical Commission (IEC) 61508 Standard: Functional safety of electrical/ electronic/ programmable electronic safety-related systems, Parts 1 through 7. The concepts of risk, safety integrity and safety lifecycle for electrical/ electronic/ programmable electronic (E/E/PES) safety-related systems utilized in the IEC 61508 Standard are discussed. This paper utilizes information from various parts of the standard so the concepts and methodologies can be presented in an abridged form.
Since its inception and early use in the European offshore industry, applying IEC61508 has proved problematic in many areas, especially that of SIL assessment. Since this is part of the fundamental process of establishing the required risk reduction, its mis-application will result in either insufficient protection or the installation of over-complex systems with their associated maintenance and testing burden. This confusion and uncertainty has several causes – lack of clarity in the standard, inappropriate starting documentation, failure to understand the importance of the relationship between risk graph calibration and residual risk, etc. From the learning experience of carrying out SIL assessments on real projects, the speaker will address some of the main problem areas in SIL assessments and describe techniques to make the process both more effective and less time consuming.
