How do you ensure a Safety Instrumented System in operation will maintain its original design integrity for a lifetime of 15+ years?
The IEC 61511 (2016) safety life-cycle provides some brief guidance for operation and maintenance of a safety instrumented system (SIS) in clause 16. The stated objectives are to ensure that the validated system’s safety integrity is not compromised in any way, and that the SIL for each safety instrumented function (SIF) is sustained over the whole system lifetime.
Once an SIS reaches the operation stage, it's important that equipment is regularly inspected and maintained. Proof test procedures should have been developed for each safety function. The frequency of carrying out these inspections and tests should already have been determined by probability of failure calculations. Some simple steps can be implemented from the outset.
Document the installed SIS
If your SIS is installed then there should be a clear "as built" document file of all the equipment which is SIS related. Include sufficient detail to retrieve all hardware, firmware and application program (software) information in case of loss.
Companies who are relying on other independent protection layers (IPL) to reduce risk must also develop a register of "safety critical elements". These need to be maintained to keep risk at tolerable levels. If LOPA (layer of protection analysis) has been completed, then this register can be created by a careful review of the worksheets.
SIS O&M procedures must be developed to encompass a number of important aspects. This should include the assignment of a technical authority or leader for the SIS who will be consulted for technical decisions. Procedure(s) must be developed for bypass risk assessment (if applicable), permit to work, inspection and proof testing, failure and demand recording and system modification. See Blog #2 for more detail.
Review the process hazards & SIL determination
Everything changes with time. A process hazard and risk assessment (PHRA) study completed many years ago is unlikely to be valid for more than five years, simply due to operations changes and people moving on. Questions need to be raised on a more frequent basis that will either confirm previous PHRA assumptions, or confirm that they are no longer correct.
A key document for review would be the LoPA (Layer of Protection Analysis) report, or SIL determination report in whatever form that assessment was completed for the safety system.
So, exactly what are you meant to be looking for? Well, a good start would be the main assumptions made in each study report about risk. Key factors for risk estimation, by whatever technique, include the following:
- Is the potential consequence of the hazard the same? Consider hazardous inventory changed.
- Has the occupancy in the hazard zone changed?
- Is there a higher or lower likelihood of initiating event (cause) failure than was originally assumed?
- Has the safety system had higher or lower spurious trips than envisaged?