Table of Contents Table of Contents
Previous Page  831 / 1143 Next Page
Information
Show Menu
Previous Page 831 / 1143 Next Page
Page Background

Institute of Measurement and Control Functional Safety Conference 2016

Challenges in Achieving Safety Instrumented Function Response Time for a Fast-Acting Process

Page 5

and log the behaviour of the system between the time it reached the measured maximum safe operating

limit (specified as the trip setpoint) to the time it reached the design limit.

It is necessary for early identification of the most conservative hazardous scenario which would result in

the hazardous event and the safeguards which may be required for mitigation of this event. The PST for

the identified cause should be established after which it is necessary to determine the target response time

of the SIF to qualify it as an effective IPL.

Relationship between PST and SIFRT

As mentioned earlier, the PST is defined as the time period between a failure occurring in the process or

the basic process control system (with the potential to give rise to a hazardous event) and the occurrence

of the hazardous event if the SIF is not performed. (IEC 61511-1, 2016)

SIFRT is not formally defined in either the IEC or ISA functional safety standards. However, the SIFRT

can be described as the time taken for the SIF to detect the abnormal condition and respond to bring the

process to a safe state and prevent the hazard from occurring. It is the summation of the individual

response times of all elements which comprise the SIF, which includes the sensors, logic solver and final

elements.

The relationship between PST and SIFRT is not a precisely defined area. What is clearly understood is

that the SIFRT should be less than the PST to ensure that the SIF responds in time to prevent the

hazardous event occurring. However, the target SIFRT should also be selected such that there is a safe

margin to account for inaccuracies in any part of the SIF, from sensing the fault to actuating the end

device, and should also account for degradation in SIF performance throughout the lifetime of the SIF. A

SIF may be proven to satisfy the requirements of PFD, SC and HFT; however, if the safety function

cannot respond within the target SIF response time, then it is considered ineffective and inadequate in

mitigating the hazardous event.

In the IEC functional safety standards, the margin between PST and SIFRT is not defined. Under the

definition of Process Safety Time in IEC 61511-1 (2016), a note is included regarding the SIF Response

Time -

“The SIF has to detect the failure and complete its action soon enough to prevent the hazardous

event taking into account any process lag.”

The new revisions of the IEC 61511-1 and 61511-2 standards

released in 2016 provide no additional discussion or clarity on this subject.

The ISA functional safety standards also provide general guidance regarding the relationship between

SIFRT and PST. ISA-TR84.00.04 (2015) Section 4.3.4 states that the

“SIS should be capable of

completing its action within the allocated process safety time.”

Furthermore, within Annex Q under the

discussion of alarm set-points, it is implied that each SIF should respond to achieve or maintain the safe

state of the process within one-half of the process safety time with respect to a specific hazardous event.

Some operating companies may provide their own definition of the relationship between PST and SIFRT.

As one example, one operator provides specific guidelines for the design margin between PST and SIFRT

based on the relationship:

ܦ

݁

ݏ

݅݃݊ ݉ܽ

ݎ

݃݅݊ % =

ܲܵܶ − ܵ

ܨܫ

ܴܶ

ܵ

ܨܫ

ܴܶ

1 826 827 828 829 830 831 832 833 834 835 836 837 1143  FlippingBook