5) EXAMPLE OF A TYPICAL AREA OF SCOPE CONFUSION

Client specifications often contain references to more than one standard for the design of the safety

instrumented system (SIS). In the offshore industry the historical design basis is API RP14C, and in

many parts of the world this is still the usual regulatory design basis. If a specification references

both then questions need to be asked because the design that results from each of them can be

quite different, also affecting equipment costs, design man-hours etc. The figure below gives an

example from a real project. The API design, the complete pie, has 362 trips in the SIS. For an

IEC61511 compliant SIS the safety and environmental SIF’s at SIL1 or above that resulted from the

SIL assessment total 36, or about 10% of the total pie.

The 129 cyan trips represent functions that have some value such as asset protection or safety with

a risk reduction less than 10. They could be in the BPCS or a separate SIS. The 197 green functions

were assessed as having no value since there was either no hazard present or the associated risk is

already below the tolerable level.

For a formal IEC61511 application only the 36 SIF’s should be in the SIS since the others are classified

as “non-safety”. If all the pie is in the same SIS, AND IEC61511 is the regulatory design basis, then it

will present very major problems later in the project in terms of testing, change control etc. A

separate SIS is a better solution. However, if API RP14C is the regulatory design basis then this is not

so much of a problem. Also, in this hybrid situation the client may not want the full IEC61511

lifecycle implemented, which again affects scope and costs.

12

7

17

129

197

SIL1 (in SIS)

SIL2 (in SIS)

SIL3 (in SIS)

Functions in BPCS

(asset or non-SIL

safety)

Other API (not

needed)

Example of API and IEC61511 for an offshore installation