Table of Contents Table of Contents
Previous Page  63 / 975 Next Page
Information
Show Menu
Previous Page 63 / 975 Next Page
Page Background

months and shutdown valves (SDV) every year. These frequent test intervals can in themselves lead

to increased risk since testing often involves the placing of people in the hazard zone, or shutting

down sections of the plant which then requires a start-up which is a hazard phase of operation.

Such concerns over standards such as API were a major element that drove the introduction of risk-

based lifecycle approaches such as IEC61508/61511.

For a typical offshore production facility with separation, gas compression, injection etc., there

might typically be 200 to 300 SIS “trips”, based on the API approach. When an IEC61511 SIL analysis

is carried out there may be as few as 50 safety instrumented functions (SIF) rated at SIL1 or above

for personnel safety. (This is often due to the low personnel exposure factors). Similarly, there will

be a very few SIFs that require more equipment than would be provided by the API design due to

the level of risk they present. As one can see the designs and therefore the equipment to be

supplied for these two approaches can be quite different.

WHY HYBRIDS AND HOW MUCH OF IEC61511 ?

Where IEC61511 is not a regulatory requirement for the SIS certification, rather than simply staying

with the older proscriptive design it is increasingly common to see contracts placed with both the

proscriptive standard and IEC61508/IEC61511 specified in the contract. This could be for a number

of reasons including:

1)

The person writing the specification for the operator has no idea what they are doing, nor

its implications. They have simply been standard-picking without knowledge. (BAD)

2)

The operator has made a conscious decision to implement IEC61508/61511 as part of their

safety management policy regardless of any regulatory requirements, either across their

organisation or for a specific project, because of the benefits it delivers. (GOOD)

Either way, one ends up with a hybrid specification. What then needs to be established is how much

of the IEC61511 lifecycle is to be applied. Since IEC61511 is not a regulatory requirement this scope

is defined by the operator and must be made fully clear to the designer, usually an EPC contractor,

and to avoid later disputes it should either be fully clear in the main specification or clarified by the

EPC contractor prior to tendering and contract award. Since the lifecycle could include requirements

for competency this could affect the EPC team personnel and the main relevant subcontractors such

as the ICSS supplier and major package suppliers. It is essential to establish as a minimum:

The regulatory design basis. This is the base and minimum requirement

The scope of the 61511 lifecycle to be implemented

If it is for personnel safety only or if it includes asset/environmental, reputation

I have been involved with a number of hybrid projects and some examples will follow.

Full lifecycle implementation but with retention of all API protection

API design but with SIL assessment and validation

API design but with pre-defined integrity level requirements plus validation

1 54-55 56-57 58-59 60-61 62 63 64 65 66 67 68-69 70-71 974-975  FlippingBook