![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0035.jpg)
months and shutdown valves (SDV) every year. These frequent test intervals can in themselves lead
to increased risk since testing often involves the placing of people in the hazard zone, or shutting
down sections of the plant which then requires a start-up which is a hazard phase of operation.
Such concerns over standards such as API were a major element that drove the introduction of risk-
based lifecycle approaches such as IEC61508/61511.
For a typical offshore production facility with separation, gas compression, injection etc., there
might typically be 200 to 300 SIS “trips”, based on the API approach. When an IEC61511 SIL analysis
is carried out there may be as few as 50 safety instrumented functions (SIF) rated at SIL1 or above
for personnel safety. (This is often due to the low personnel exposure factors). Similarly, there will
be a very few SIFs that require more equipment than would be provided by the API design due to
the level of risk they present. As one can see the designs and therefore the equipment to be
supplied for these two approaches can be quite different.
WHY HYBRIDS AND HOW MUCH OF IEC61511 ?
Where IEC61511 is not a regulatory requirement for the SIS certification, rather than simply staying
with the older proscriptive design it is increasingly common to see contracts placed with both the
proscriptive standard and IEC61508/IEC61511 specified in the contract. This could be for a number
of reasons including:
1)
The person writing the specification for the operator has no idea what they are doing, nor
its implications. They have simply been standard-picking without knowledge. (BAD)
2)
The operator has made a conscious decision to implement IEC61508/61511 as part of their
safety management policy regardless of any regulatory requirements, either across their
organisation or for a specific project, because of the benefits it delivers. (GOOD)
Either way, one ends up with a hybrid specification. What then needs to be established is how much
of the IEC61511 lifecycle is to be applied. Since IEC61511 is not a regulatory requirement this scope
is defined by the operator and must be made fully clear to the designer, usually an EPC contractor,
and to avoid later disputes it should either be fully clear in the main specification or clarified by the
EPC contractor prior to tendering and contract award. Since the lifecycle could include requirements
for competency this could affect the EPC team personnel and the main relevant subcontractors such
as the ICSS supplier and major package suppliers. It is essential to establish as a minimum:
•
The regulatory design basis. This is the base and minimum requirement
•
The scope of the 61511 lifecycle to be implemented
•
If it is for personnel safety only or if it includes asset/environmental, reputation
I have been involved with a number of hybrid projects and some examples will follow.
•
Full lifecycle implementation but with retention of all API protection
•
API design but with SIL assessment and validation
•
API design but with pre-defined integrity level requirements plus validation