HYBRID APPLICATIONS OF IEC61511 WHEN OTHER STANDARDS ARE THE REGULATORY OR
CONTRACT REQUIREMENTS
INTRODUCTION:
In many parts of the world such as the USA, Brazil and Africa the regulatory basis for the design of
process industry instrumented safety systems is not usually IEC61511 but other standards such as
API RP14C or ISO10418. These proscriptive approaches have significant limitations when compared
to IEC61508/61511. Typical shortcomings include a lack of a performance specification, no lifecycle
requirements and a failure to address systematic or software issues.
To try to address some of these concerns operators are increasingly specifying IEC61511 in addition
to any other company or local regulatory requirements. This results in a hybrid design. The extent of
the IEC61511 lifecycle that is applied in these hybrid projects varies from part lifecycle such as SIL
assessment and SIL validation only, to full lifecycle. This can lead to confusion over the design basis
in areas where the standards contradict each other, as well as potential contractual conflict between
operator and design contractor over equipment scope and responsibilities. Further complications
can arise if the requirement includes asset protection as well as safety and environmental.
The author has been involved in several such projects and will present real examples including:
•
Full lifecycle implementation but with retention of all API protection
•
API design but with SIL assessment and validation only
•
API design but with pre-defined integrity level requirements plus validation
The challenges, benefits, shortcomings and results of these various approaches will be discussed, as
will be the general issue of including asset protection in what should be a safety system.
TYPICAL DESIGN BASED ON API RP14C
I will use API RP14C as an example of a proscriptive regulatory design basis since it (and its sister
standard ISO10418) are those with which I am most familiar. It is the one extensively used in the
offshore industry as the design basis for safety instrumented systems (SIS).
Equipment is categorised by type such as pressure vessels, pumps, heat exchangers etc. and for each
category the requirement for instrumented trips is pre-defined. Similarly, requirements for
mechanical protection such as relief valves are also defined. These standard designs are not related
to the level of safety risk that the equipment presents. Providing the design includes these trips
then it is API-compliant. No performance requirements are specified, the mere presence of the trip
regardless of the quality of the equipment is sufficient to comply. Similarly, software and systematic
fault concerns are not considered. By contrast, and maybe to compensate for potential quality
shortcomings, quite onerous test intervals are specified. SIS transmitters must be tested every 3