The trip point tolerance (i.e. potential trip point error) may be established fromapublished safety

specification identifying the appropriate tolerance, or itmay be calculated fromequipment

performance specifications. This is not necessarily a straightforwardmatter however, a rigorous

calculationmust combine accuracy and drift specifications of the systemcomponents togetherwith

the calibration interval, and include installation effects and pertinent influence quantities such as

equipment operating temperature and process operating conditions; this is beyond the scope of the

present article. Note that some safety specification tolerancesmight well be an ordermagnitude

greater than those simply identified by the more usual performance (accuracy) specifications. The

performance and calibration of instrumentation systems is often identified using a95% confidence

level correspondingwith two standard deviations of anormal distribution. This implies a1 in 40

chance of a dangerous out of tolerance value fromthis consideration alone. This is not consistent

with SIL performance requirements. It is here suggested that a tolerance established frompublished

specifications (and incorporating drift, installation effects and influencequantities) should therefore

typically be expanded by at least a factor two. (Giving a tolerance at approximately 99.994%

confidence)

The ultimate requirement is that the SIF response time should not exceed the PSTminus the

potential delay due to trip point error.

= −

A more refined rule-of-thumb as a design target would be to say that that the SIF response time

should be nomore than 50% of the maximumallowable.

Without this refinement it is conceivable that adesign could appear to be satisfactorywith an SRT of

less than 50% of the PST, but potentially unsafe in that the trip point tolerance couldmean an

additional potential delay of more than the remaining PST. The 50% design rule makes allowance for

increased SIF response times in the installed system. There is nothing substantiating the 50% figure

however, it represents a judgement of what is a prudent allowance . If the design is found to breach

the above rule-of-thumb (or is otherwise considered to be possibly insufficiently robust in terms of

the timings), the options are:



Engineer a reduced SIF response time



Engineer a reduced trip point tolerance



Considerwhether the values for the process limit and/or approach speedmay be revised



Change the trip setting to increase the margin fromthe process limit



Use more rigour in the analysis to demonstrate that the

guaranteed

trip execution time (i.e.

that for which the declared failurerate used in the probability of failure on demand

calculation is valid) is less than the PST.

Conclusion

The widely employed rule-of-thumb that SIF response time should be less than 50%of process safety

time is potentially deficient in that it does not take account of a number of subtleties in the

characteristics of trips relating to continuous process variables; in particular the uncertainty in trip