The industry has conceived these “best practices” as a series of steps that must be performed before putting

one of these systems into operation (design, installation and commissioning). This paper will describe the two

areas:

·

Product Design and Implementation of the Commercial Off-the-Shelf (COTS) Product

·

Application Design

3.1. Reducing Common Cause Failures by Design

Traditionally or historically, Systems designed for SIS functions have relied on physical separation and

redundancy [4] to reduce common cause failures. The authors identified technology changes across multiple

generations of SIS over a period of 30 years. However over the same time frame the industry applied lessons

learned from incidents to develop best practices in design and implementation of systems, the international

industry standards used more often are IEC61508 and IEC61511 [5] (Figure 2).

3.2. Hardware Fault Tolerance (1

st

Generation SIS)

1

st

Generation systems rely on Hardware Fault Tolerance or redundancy to achieve reliability and availability as

required for these applications, this practice is rooted in the late 1970s and early 1980s technology. As the

majority of these systems were designed prior to the release of the Functional Safety standards, they do not

follow the best practices found with regards to design, documentation and testing found in those standards.

3.3. 2

nd

Generation Systems

As the standards became available (mid 1990s), vendors started to apply the design best practices and to

pursue certification to those standards. This generation of systems was produced having third party assessment

and certification but continued to rely on Hardware Fault Tolerance to satisfy the performance requirements.

The authors found that a large portion of the systems applied as SIS in the market today, although designed to

satisfy Functional safety standards haven’t change dramatically in their use of hardware fault tolerance and

basic software and hardware diagnostics.

3.4. Diverse Architecture and Implementation of a 3

rd

Generation Systems

A more recent and different type of system, uses diverse redundancy, diverse implementation and active

diagnostics [6] and can deliver not only reliability and availability required for the application while minimizing

common cause failures found by the use of the same technology but also introduce additional protection to

systematic failures normally related to human factors.

3.4.1 Hardware Design – Diverse Hardware

This newer generation of systems use diverse processing hardware (multiple technologies) such as diverse

operating systems and diverse hardware and diverse redundancy, both enhanced with diverse implementation

(different implementation teams).