The Ultimate Guide to the Process Safety Life-cycle


Introduction

The safety life-cycle for the process industry sector comes from the IEC 61511 standard. It is essentially a flowchart depicting the stages of different activities needed to assess hazards and then develop protection layers to prevent or mitigate risk. The life-cycle from IEC 61511 focuses on Safety Instrumented Systems (SIS) as one of the critical specialist protection layers that need careful specification, design, testing and maintenance.


A key element throughout the safety life-cycle is functional safety management (FSM). Companies that use SIS as part of their risk reduction measures will need to set up a solid FSM system. A well-designed FSM system will have measures to ensure that all personnel are competent in the part of the lifecycle they are responsible for. It will provide effective policies, planning and procedures to control all life-cycle activities that go into the the initial SIS design, and its upkeep or modification.


As activities occur in the life-cycle, another key theme of functional safety standards is the need for verification. This is nothing particularly new. Put in simple terms, if a person completes an activity then someone else should be responsible for checking or verifying it. This is something that is commonplace in engineering, but should take on a new level of rigour and importance when systems are being designed for safety.

A key element throughout the safety life-cycle is functional safety management (FSM)

Why is  a safety life-cycle needed?

The safety life-cycle was first defined in basic safety standard IEC 61508, which is the non sector-specific standard that IEC 61511 is based upon. It was designed to account for the unpredictability of dangerous failure and specifically in recognition that failure can creep into systems from multiple sources and stages of life.


The life-cycle origins were influenced by many different organisations, including UK regulator HSE - the Health and Safety Executive. The book "Out of Control" concluded that accidents involving control system failure were dominated by inadequate specification.


Although this was just one study, it did involve researching multiple accidents. It should be noted that the hazard owner is effectively responsible for setting requirements, as well as operating, maintaining and modifying an SIS after it has been placed in service. So, even if an end user contracts-out the design and installation of an SIS, this particular study suggests that around 80% of the primary causes of system failure are introduced before or after the design and installation stage.

A pie-chart depicting the primary causes of control system failure from the health and safety executive study "out of control".



Pie Chart adapted from HSE book - Out of Control

What is NOT specified in the safety life-cycle?

It is perhaps just as important to know what is NOT specified as what is required in the many clauses referenced by the safety life-cycle. Many projects involving functional safety and SIS get off on the wrong footing by making the false assumption that simply copying the life-cycle from the standard will be sufficient.


  • NO guidance on WHO is responsible for each SIS safety life-cycle activity. Management and planning is therefore critical.
  • NO specific techniques are mandated e.g. HAZOP, LOPA etc. The duty holder must decide which techniques to use and provide procedures.
  • NO requirements for safety functions that are not instrumented (e.g. relief valves), or for other non-instrumented safety-related activities which may reduce risk. Other standards will apply to those.
  • IEC 61511 is NOT a means for manufacturers to make claims about SIL capability of their devices. Only conformance to IEC 61508 can provide that.
  • IEC 61511 is NOT a means for manufacturers or others to make SIL claims about embedded software or applications with full variability software languages.
  • NO specific SIL is specified for any particular application.

© 2018 FIABLE Limited T/A eFunctionalSafety

>