considers that they deliver a safer design and operational solution when compared to earlier non-

risk based approaches. Further, if properly implemented they can result in significant operational

savings from such things as rationalised testing, less spurious trips from unnecessary equipment etc.

However, operational savings will be of limited interest to an EPC contractor whose role ends at

handover. Early high level awareness sessions for senior management have proven beneficial in

going some way to addressing this.

h) Lack of rigorous enforcement by regulators

Before discussing this topic, one needs to be aware that most applications of IEC61511 are not

necessarily regulatory. In many parts of the world older prescriptive standards are still the

regulatory design basis. But where they are the regulatory design basis, such as UK and Norway, we

see a reasonable level of enforcement in the design stage, often via third party certifying authorities

and of course via the required FSA, but less enforcement in operations. FSA’s are supposed to take

place during operations on a regular basis but my experience is that that there is limited regulatory

enforcement, with this usually being left to the operator to police internally if at all. As a result

there is concern that what might have been a compliant system with the Safety Instrumented

Functions achieving their SIL’s early on degrades over time and fails to meet the required overall risk

reduction.

3) PEOPLES’ MISCONCEPTIONS

a) Certification equates to competence

Achieving and maintaining competence in any field requires a combination of requirements that

include training, experience, intellectual capability and in some cases behavioural skills. This is

particularly true for functional safety management. Certification alone does not guarantee this.

b) It is all about SIL assessment

SIL assessment has always been seen as the prime activity in the application of the standards. It is

common to come across projects where IEC61511 is applicable and people really think this is just SIL

assessment and, later, SIL validation. It is of course an important part of the life cycle but it is just

that, only a part. In some ways the HAZOP is the most critical stage since it is usually that which is

used as the basis to determine what needs to be assessed since SIL assessment must be carried out

against hazards, not for instance tag numbers from a cause and effect diagram.

c) It is all about design detail

Loop design detail is important in that it is a stage in the process of realisation of the functions to

meet the appropriate SIL. Unfortunately, the effort and level of detail put into this activity

sometimes leads to a loss of focus on other very important principles such as avoidance of

systematic faults and preparation for operations.