Institute of Measurement and Control Functional Safety Conference 2016
Challenges in Achieving Safety Instrumented Function Response Time for a Fast-Acting Process
Page 3
instrumented function is not performed (IEC 61511-2, 2016). The SIF Response Time (SIFRT) is the time
from detection of the initiating event to actuation of the final end element. This must be less than the PST,
although there are differing guidelines for the best design margin between the two variables.
Other papers have highlighted the importance of PST in meeting functional safety requirements in various
stages of design. Barnard and Creel (2015), “Impacts of Process Safety Time on Layer of Protection
Analysis” highlighted the importance of evaluating Process Safety Time (PST), in the early stages of the
design and in defining Independent Protection Layers (IPLs). Shephard and Hansen (2010) discussed the
challenges in meeting functional safety requirements, including Process Safety Time, during the
execution of projects in the paper “IEC 61511 Implementation – The Execution Challenge”.
This paper explores the challenges in achieving SIF Response Time (SIFRT) throughout the lifecycle of a
SIF; from early conceptual design stages, through project execution, to operations and maintenance. A
design example of a fast-acting SIF is discussed to address determination of the PST, identification of
IPLs, setting of design margins, selection of devices and other considerations such as diagnostics, testing
and documentation. IEC and ISA standards for functional safety are the main industrial guidelines
referenced throughout the paper. Finally, recommendations are provided as guidance for meeting process
safety time requirements and simplifying the design process.
The paper highlights potential challenges in the design of fast-acting SIFs and attempts to increase
awareness of the importance of PST and corresponding SIFRT throughout the lifecycle of a SIF.
Case Study
Throughout this paper, a low temperature protection scenario is used as the case study. The hazardous
event to be prevented is the flow of cryogenic liquid to a portion of piping not rated for those
temperatures, which may eventually lead to cold temperature metal embrittlement. Risk assessment
studies identified several cases that may result in a low temperature event, with some cases developing
more rapidly than others. The initial process safety time on the basis of the most rapidly developing case,
was estimated to be less than 30 seconds. The cold temperature risk is to be mitigated by the
implementation of a safety instrumented solution. The SIF includes the closure of emergency shutdown
valves to stop the flow of low temperature fluid. The sensor selection to activate closure of the valves
would be discussed in a later section of this paper.
Determining Process Safety Time
The PST determination for a system is typically done post identification of hazards and the identified
mitigations. It is important to establish the PST for the system early in the project and determine the
required Independent Layers of Protection (IPLs) before commencement of the Hazard and Operability
Study (HAZOP) and Layer of Protection Analysis (LOPA) assessments to ensure that the IPLs considered
are sufficient (Barnard and Creel, 2015). It is necessary that all safety instrumented functions (SIFs)
which are required are capable of responding within the time for the hazardous event to occur.
The IEC-61511 requires that determination of the PST is mandatory for all SIFs with SIL rating of 1 or
above. Determination of the PST is a scenario specific function that cannot be generalized. Multiple