Perhaps you have installed safety systems which date from the 1990's or early turn of this century. If so, you might be wondering whether you need to follow IEC 61511 edition 2 for Safety Integrity Level (SIL) conformance?
If your safety system installation pre-dates 2004 then you are highly unlikely to have experienced the full requirements of IEC 61511 edition 1, and even less likely still to have much idea of the edition 2 changes that were introduced in 2016 (late 2017 in UK).
However, if you are the duty holder you should certainly be aware that IEC 61511 edition 2 now requires functional safety assessment for existing installations. Specifically, a Functional Safety Assessment (FSA) is now required "periodically" during the operations and maintenance phase (see IEC 61511-1 edition 2 clause 18.104.22.168.10).
The FSA activity must be led by a senior competent person who is not involved with the step or steps being analysed. For operation and maintenance of an existing system, this means appointing an independent person from your operations and maintenance team, and that person must have an in-depth understanding of IEC 61511 requirements.
In addition to demonstrable competence, the independent person must be empowered to deliver judgements, positive or negative, about whether the standard's objectives and technical activities are being adequately met.
Of course, if this were a completely new system then you would hope that following IEC 61511 requirements for hazard and risk assessment, SIL determination, design, engineering and eventual validation of the system would put you in great shape for eventual operations and maintenance.
But what do you do for an existing system that never followed SIL design requirements?
FSA is recommended at five stages during major project or system lifetime milestones, as shown in the following diagram. FSA 4 is identified in the IEC 61511 text as taking place "after some time in normal operation and maintenance of the safety system".
You may be hoping that FSA requirements do not apply to existing systems that pre-date the IEC 61511 standard, but there is no indication of any exclusions.
Thinking about how accidents can happen when safety systems are not proof-tested, are tested poorly, or are inadequately maintained, one can only conclude that the intent is clear; FSA 4 is a necessary "gap check" that could highlight significant systematic failings.
There are many aspects to IEC 61511 that require close attention. The usual training courses in this field tend to focus on calculation of probability of failure and other design issues, but in my view this is inadequate.
Here are the promised ten (10) elements that you MUST be considering if you are an end user duty holder with an existing safety instrumented system preparing for FSA 4:
- SIL determination review (re-validation).
- BPCS / IPL / SIS hardware and software as-built asset register.
- Security risk assessment.
- Personnel training and and competence assessment.
- Bypass logging.
- Safety system demand and failure logging.
- Inspection and proof test procedures and records.
- SIS spare parts and secure software backup.
- Modification procedure.
- Decommissioning review procedure.
Read more about Functional Safety Assessment and Functional Safety Audit.