Institute of Measurement and Control Functional Safety Conference 2016

Challenges in Achieving Safety Instrumented Function Response Time for a Fast-Acting Process

Page 3

instrumented function is not performed (IEC 61511-2, 2016). The SIF Response Time (SIFRT) is the time

from detection of the initiating event to actuation of the final end element. This must be less than the PST,

although there are differing guidelines for the best design margin between the two variables.

Other papers have highlighted the importance of PST in meeting functional safety requirements in various

stages of design. Barnard and Creel (2015), “Impacts of Process Safety Time on Layer of Protection

Analysis” highlighted the importance of evaluating Process Safety Time (PST), in the early stages of the

design and in defining Independent Protection Layers (IPLs). Shephard and Hansen (2010) discussed the

challenges in meeting functional safety requirements, including Process Safety Time, during the

execution of projects in the paper “IEC 61511 Implementation – The Execution Challenge”.

This paper explores the challenges in achieving SIF Response Time (SIFRT) throughout the lifecycle of a

SIF; from early conceptual design stages, through project execution, to operations and maintenance. A

design example of a fast-acting SIF is discussed to address determination of the PST, identification of

IPLs, setting of design margins, selection of devices and other considerations such as diagnostics, testing

and documentation. IEC and ISA standards for functional safety are the main industrial guidelines

referenced throughout the paper. Finally, recommendations are provided as guidance for meeting process

safety time requirements and simplifying the design process.

The paper highlights potential challenges in the design of fast-acting SIFs and attempts to increase

awareness of the importance of PST and corresponding SIFRT throughout the lifecycle of a SIF.

Case Study

Throughout this paper, a low temperature protection scenario is used as the case study. The hazardous

event to be prevented is the flow of cryogenic liquid to a portion of piping not rated for those

temperatures, which may eventually lead to cold temperature metal embrittlement. Risk assessment

studies identified several cases that may result in a low temperature event, with some cases developing

more rapidly than others. The initial process safety time on the basis of the most rapidly developing case,

was estimated to be less than 30 seconds. The cold temperature risk is to be mitigated by the

implementation of a safety instrumented solution. The SIF includes the closure of emergency shutdown

valves to stop the flow of low temperature fluid. The sensor selection to activate closure of the valves

would be discussed in a later section of this paper.

Determining Process Safety Time

The PST determination for a system is typically done post identification of hazards and the identified

mitigations. It is important to establish the PST for the system early in the project and determine the

required Independent Layers of Protection (IPLs) before commencement of the Hazard and Operability

Study (HAZOP) and Layer of Protection Analysis (LOPA) assessments to ensure that the IPLs considered

are sufficient (Barnard and Creel, 2015). It is necessary that all safety instrumented functions (SIFs)

which are required are capable of responding within the time for the hazardous event to occur.

The IEC-61511 requires that determination of the PST is mandatory for all SIFs with SIL rating of 1 or

above. Determination of the PST is a scenario specific function that cannot be generalized. Multiple