Institute of Measurement and Control Functional Safety Conference 2016
Challenges in Achieving Safety Instrumented Function Response Time for a Fast-Acting Process
Page 10
temperature. Because failure of the devices could cause inaccuracies in readings, a design margin was set
between the PST and SIFRT to account for such inaccuracies. In addition to this, pre-alarms on the
equivalent control devices and diagnostic alarms were assigned the appropriate priority levels to ensure
that adequate operator action was taken to bring the system to a safe state in the event of a failure.
Testing
A safety instrumented function must demonstrate its ability to meet functional safety targets, not only
during design phases, but throughout its lifetime. During SIL verification, the proof test interval for the
SIF is determined to ensure that the SIF continues to meet SIL targets throughout the lifetime of the SIF.
When process safety time is critical to achieving functional safety, the response time of the SIF must also
be tested periodically.
For initiators, this is not easy to measure as any reference measuring device will have a similar inherent
time delay. However, it is not expected that the time response will change significantly during the lifetime
of the initiator as for an end element such as a valve which will be subject to wear and tear. It is important
to calibrate the initiator periodically to ensure that there is no drift or errors in accuracy of the instrument
because this can increase the achieved SIF response time. As mentioned earlier, discrepancy alarms
(comparison between a safety instrument with an equivalent control instrument) are useful in providing
early detection of potential accuracy errors. These are used both for achieving SIL targets and ensuring
SIF response time.
The time between detection of change in input in the logic solver to activation of the end device, can be
measured. In the example, position feedback switches were installed on the valve to provide indication of
the valve in fully open position and fully closed position. Therefore, to obtain the time for the SIF
response, the time for the initiator to be detected and the time for the fully closed position to be obtained
can be logged on a recording device. The response time of the valve, which will be subject to the most
deterioration, can be determined by logging the time between deactivation of the open switch to activation
of the closed switch. To achieve accurate measurements for fast-acting loops, a high accuracy recorder
such as a sequence of events recorder should be used.
The result is that periodic testing of the SIF response time can be done in tandem with the overall periodic
testing of the SIF. This facilitates early detection of any deterioration in SIF response time and ensures
that preventative measures can be taken to maintain SIF response time targets.
Documentation
The previous sections of this paper have highlighted the importance of PST and SIFRT considerations
throughout the safety lifecycle. Also of significant importance, is the requirement to document SIFRT
targets and performance results throughout the safety lifecycle. The following are key design documents
which are most impacted by PST and corresponding SIFRT and a summary of the documentation
requirements as per the IEC standard.
HAZOP/LOPA
The importance of evaluating the PST for each hazardous event very early in the design stage and prior to
the HAZOP/LOPA study was mentioned in an earlier section of this paper. Knowing the PST is