The recently updated process sector safety instrumented system (SIS) standard IEC 61511 now requires that a "security risk assessment is carried out to identify security vulnerabilities of the SIS" [1]. But how should such an assessment be approached, and what can you do to prepare for it?

There have been well publicized examples of cyber-security breaches in the public domain, including the 2017 National Health Service (NHS) "Wannacry" ransomware as an example. Perhaps less well known by the general public was the 2017 "Triton" attack on Schneider Electric's Tricon TMR safety systems on a Saudi Arabian Petrochemical plant. That led to an unplanned shutdown of the process rather than any major hazard, but it could easily have been a very different outcome.

Read on to see the software buyer's guide table...a comparison of 4 cloud-based software solutions. This blog will will look at the main reasons why using such software is better than many traditional approaches, which companies are working in the domain and the questions you should ask before you choose a solution.

The safety life-cycle was a term first used in IEC 61508 [1] to describe the different steps of activity required to develop an electrical/electronic or programmable electronic safety system. Today, that standard is mostly applied when an equipment manufacturer is developing a new safety-related product or system. A similar safety life-cycle was also framed by IEC 61511 [2]. This one is more applicable to a safety system projects where the equipment from different suppliers is put together to form an overall system used in a safety duty. This IEC 61511 safety life-cycle is the main context for the software being reviewed in this blog.

Without effective functional safety assessment and audit, you may never know whether your safety system will perform when it is really needed. That is perhaps a bold statement, but read on if you think you disagree...

Automated systems have been used in safety applications now for a few decades. As a result we should have some good collective experience for handling projects that involve using these systems to reduce risk.

The safety systems I'm writing about in this blog are variously called ESD, HIPPS, BMS, IPS, ICSS, SIS, SRECS [1] or possibly some other multi-letter abbreviation that I've forgotten to mention. These systems typically use discrete (on/off) or analog sensors to detect hazards, programmable logic to decide how to act, and final elements that take action; usually without human intervention.

How do you ensure a Safety Instrumented System in operation will maintain its original design integrity for a lifetime of 15+ years?

The IEC 61511 (2016) safety life-cycle provides some brief guidance for operation and maintenance of a safety instrumented system (SIS) in clause 16. The stated objectives are to ensure that the validated system’s safety integrity is not compromised in any way, and that the SIL for each safety instrumented function (SIF) is sustained over the whole system lifetime.

Once an SIS reaches the operation stage, it's important that equipment is regularly inspected and maintained. Proof test procedures should have been developed for each safety function. The frequency of carrying out these inspections and tests should already have been determined by probability of failure calculations.

The process sector standard IEC 61511 is aimed at applications where instrumented systems are used for risk reduction in the process industry sector - including applications in chemicals, oil and gas, pulp and paper, pharmaceutical manufacturing, food and beverage, and non-nuclear power generation. Reduction of risk can be applied in the context of people, the environment and asset loss.

The original standard was published in the early 2000's, so edition 2 is a planned update. The intent of re-publishing it is to amend things that were not clear or simply were not working so well.

Hazardous process industry sites must carry out periodic functional safety assessment (FSA) of safety instrumented systems. But why?

Many hazardous process industry sites have viewed Functional Safety Assessment (FSA) as a project activity to be completed when a new safety instrumented system (SIS) gets installed, and of course, that is absolutely correct. Some have also registered that FSA is required for modifications, and a few have acknowledged that it must even be completed for minor changes to an SIS.

But what about existing, or "legacy" systems where apparently nothing is being changed and no SIS equipment is being modified? The system didn't fail last time it was needed, so surely it will be perfectly good next time?

Since launching our IChemE accredited online Safety Instrumented Systems (SIS) e-Learning course last year, we have now reached customers as far and wide as Australia, Canada, Malaysia, Saudi Arabia, Oman, UAE, USA and of course the UK where we're based.

Our SIS e-Learning topics include many popular process safety related modules, including the SIS safety lifecycle, functional safety management, functional safety assessment, HAZOP, LOPA, ALARP demonstration, Safety Requirements Specification, SIS design and safety engineering, verification and validation, SIS operation and maintenance and proof testing techniques.

My Father used to say this a lot. "There's no such thing as a free lunch". I never got the meaning as a child...all my lunches seemed to be free? Sadly, he passed away when I was in my teens, so I guess I never really understood the real meaning until later on in life.

Of course, I think I understand now. If you are offered anything for FREE then there is usually a "catch" of some sort. The catch might be an associated sales pitch, or a later charge for something you don't really want or need, but forgot to cancel because someone has your card details. I've been a victim of this myself, so would not inflict this approach on others.