Safety Instrumented System Functional Safety Assessment Experiences

by Jon Keswick, CFSE  - April 12, 2019

Functional Safety Assessment may be a dry topic even at the best of times, so much so that I took it as a personal challenge to try and write a paper about it!

The paper highlights experiences from several different projects and concludes with some simple recommendations to save time, money and mistakes.
The paper featured at the IChemE Hazards 29 conference, which took place in late May 2019.

Paper Abstract

The full Paper was delivered on Thursday 23rd May 2019 at the International Convention Centre in Birmingham, UK.

Given that the process industry now has more than fifteen years of experience with the functional safety life-cycle, it is not unreasonable to expect that there have been some improvements in the specification, design, testing, operation, maintenance and modification of Safety Integrity Level (SIL) rated safety systems.

There are, however, significant challenges in demonstrating conformance with functional safety standards for the design and testing of new safety systems, and even greater challenges for existing safety systems which require modification. Independent functional safety assessment and functional safety audit should highlight when non-conformances are occurring.

This paper will seek to describe some of the challenges that were witnessed at first-hand during functional safety assessments, functional safety audits, and in general during projects involving Safety Instrumented Systems (SIS) during the past ten to fifteen years.

It is hoped that by sharing experiences of real-world functional safety assessment and audit non-conformances, duty holders, engineering service companies and equipment suppliers will be able to learn how to avoid costly re-work and potentially dangerous weak-link designs.

Download the full paper here

Safety Instrumented System Functional Safety Assessment Experiences - by Jon Keswick, CFSE

About the Conference

Europe's largest annual process safety conference last took place on 22 to 24 May, 2019 at the International Convention Centre in Birmingham, UK. 

The conference covers every major aspect of process safety and brings together hundreds of practitioners from around the globe. It's the perfect place to learn from others' experiences, keep up-to-date with good process safety practice, and network with the international process safety community.

Functional safety online training

About 

Jon Keswick, CFSE

Jon Keswick is a Certified Functional Safety Expert (CFSE) and founder of eFunctionalSafety. Feel free to make contact via Linked-In or comment on any of the eFunctionalSafety blog pages.

  • STEPHANE BOILY says:

    Hi Jon, thank you for posting this excellent paper. The observations that you make in the paper regarding the delivery of the FSA and the time required to execute match what I have experienced as well. In my experience the execution of an FSA is far from trivial and can be time consuming due to the number of documents to review. Also, the standard clearly states that the FSA is to be executed “in such a way that a judgement can be made as to the functional safety and safety integrity achieved by every SIF…” (5.2.6.1.1). Of course, as you correctly point out in the article, if the duty holder calls for an FSA late in the project, all the effort required for stages 1 to 3 will then need to be done in one go. I have had a recent experience of this exact situation where I was called in to perform an FSA for a refining process with greater than 120 SIFs spread across multiple SIS logic solvers from different manufacturers. Many of the systems were already in Customer Acceptance Testing when the FSA was called! The project safety plan was indeed calling for FSAs at stages 1, 2 and 3 but the plan indicated that stages 1 and 2 FSAs were “Optional” and therefore I was only called in at stage 3.
    I have also been using the approach of aligning the requirements of IEC 61511 to arguments and evidence which seems like a natural approach. The methodology I use is the same one that you describe in the article. I am curious to know however if you recommend the assessor(s) perform a detailed review of every document (e.g. every HAZOP/LOPA report, every SRS for every SIF, every SIL verification report, every test plan, every validation record, every proof test procedure, etc.) or rather a sampling of every document type to get a sense of the overall picture and if issues are identified then dig deeper in that area?

    • Jon Keswick, CFSE says:

      Stephane,
      I appreciate your taking the time to read and respond to this paper, and I’m glad to hear I’m not the only one with challenging experiences.
      In response to your question about the “detailed review of every document”. My approach has been to gather every document available and then work backwards and forwards from all the SIFs that have been identified in the SRS, with an initial focus on those with the highest integrity requirement, whether that be a qualitative SIL target or a SIL with a PFD/RRF or PFH.
      It should be possible to see clear traceability from the SRS to the SIL determination (whether qualitative or LOPA) and backwards to the PHA/HAZOP. If there are no issues with the SIL determination of the higher integrity requirements, I look at the next level down. Usually, some patterns emerge if the approach is consistent, whether the outcome is positive or negative. If there is apparent inconsistency, that tends to be a red flag to dig deeper.
      Traceability from SRS to the SIL verification and the validation and proof test plans should also be clear. I focus primarily on the quality of the validation planning compared to the SRS, as this is ultimately the activity determining if SIF are engineered per the requirements. It’s often the case that the validation records will not be complete at the time of initial engagement of the FSA 3, so it’s important to register that and review the final completed test records before concluding a completed FSA 3.
      Of course, all the above assumes that there is a good quality SRS in the first place, which is often not the case! Things are generally improving, but there is still a long way to go.
      Thanks for your feedback.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    You may be interested in

    >
    Success message!
    Warning message!
    Error message!