Functional Safety from Scratch
A Practical Guide to Process Industry Applications
- 1st Edition - March 12, 2023
- Imprint: Elsevier
- Author: Peter Clarke
- Language: English
- Paperback ISBN:9 7 8 - 0 - 4 4 3 - 1 5 2 3 0 - 6
- eBook ISBN:9 7 8 - 0 - 4 4 3 - 1 5 2 3 1 - 3
Functional safety is the task of developing and implementing automatic safety systems used to manage risks in many industries where hazardous processes and machinery are used. Fu… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteFunctional safety is the task of developing and implementing automatic safety systems used to manage risks in many industries where hazardous processes and machinery are used. Functional Safety from Scratch: A Practical Guide to Process Industry Applications provides a practical guide to functional safety, as applied in the chemical process industry, including the oil and gas, petrochemical, pharmaceutical and energy sectors. Written by a seasoned professional with many years of functional safety experience, this book explains the purpose of the relevant international standard IEC 61511 and how to achieve compliance efficiently. It provides in-depth coverage of the entire lifecycle of a functional safety system, assuming no prior knowledge of functional safety and only a basic understanding of process safety concepts. SIL assessment, the functional safety management plan, the safety requirements specification, verification, validation and functional safety assessment are covered in particular detail.
Functional Safety from Scratch: A Practical Guide to Process Industry Applications is a highly practical source for process and instrumentation engineers, engineering managers and consultants, whether new to the field or already experienced.
- Focuses on the ‘how to’ aspects of functional safety
- Provides detailed explanation and guidance on how to develop the safety requirements specification
- Includes extensive coverage of safety lifecycle verification, SIS validation, and functional safety assessment
- Provides numerous practical exercises to confirm understanding and promote further thought
- Includes tips for those preparing for functional safety examinations
- Oriented towards an international audience, especially those for whom English is not their first language
Process safety specialists and process engineers in the process industries. Process industry – chemicals, pharmaceuticals, oil and gas, petrochemicals, fine chemicals. Graduate engineers, early career process engineers, early and mid-career instrumentation engineers, process safety consultants, process safety specialists
Chapter 1: Introduction to functional safety
1.1 Hazard and risk
1.1.1 What is a hazard?
1.1.2 What is harm?
1.1.3 What is risk?
1.1.4 What is tolerable risk?
1.2 Functional safety and risk management
1.3 Functional safety standards: IEC 61508 and IEC 61511
1.3.1 Purpose of the standards
1.3.2 Scope of IEC 61511
1.3.3 Why comply with IEC 61511?
1.4 IEC 61511 key concepts
1.4.1 The functional safety lifecycle
1.4.2 The safety requirements specification (SRS)
1.4.3 Assuring that functional safety is achieved
1.4.4 Random and systematic failures
1.4.5 Competency
1.5 The structure of IEC 61511
1.6 The origins of IEC 61511
Chapter 2: IEC 61511 basics
2.1.1 What is a SIF?
2.1.2 What is a SIS?
2.1.3 What is SIL?
2.1.4 What is an interlock (or trip)?
2.2 Anatomy of a SIF
2.2.1 The sensor subsystem
2.2.2 The logic solver subsystem
2.2.3 The final element subsystem
2.2.4 Permissives and inhibit functions
2.2.5 Other important aspects of a SIF
2.3 Development of a SIF
2.3.1 SIL assessment
2.3.2 SIL verification
2.4 Failure
2.4.1 Failure modes
2.4.2 Failure rates
2.4.3 Hardware fault tolerance
Chapter 3: Measuring risk
3.2 Tolerable risk
3.3 How much precision is needed?
3.4 The ALARP concept
Chapter 4: Introduction to SIL assessment
4.1.1 What are low demand, high demand and continuous modes?
4.1.2 Selecting an operating mode
4.1.3 Formal definition of operating modes
4.1.4 The significance of operating modes
4.1.5 Tips on selecting the operating mode
4.2 The objectives of SIL assessment
4.2.1 Low demand mode SIFs
4.2.2 High demand and continuous mode SIFs
4.2.3 Why not use default SIL targets?
4.2.4 Protection or mitigation?
4.3 Identifying and documenting SIFs
4.3.1 Objective
4.3.2 Using process control narratives, interlock descriptions
4.3.3 Using Cause & Effect Diagrams (C&EDs)
4.3.4 Using HAZOP and old SIL assessment study reports
4.3.5 Using binary logic diagrams
4.3.6 Using interlock logic diagrams
4.3.7 Using P&IDs
4.4 Separating complex interlocks into SIFs
4.5 The double jeopardy rule
4.6 Independent protection layers
4.6.1 Pressure relief devices (PRDs)
4.6.2 Alarms with operator response
4.6.3 Control loops
4.6.4 Autostart of standby equipment
4.6.5 BPCS interlocks
4.6.6 Interlocks in other PLCs
4.6.7 Check valves
4.6.8 Other mechanical protective devices
4.6.9 Operating procedures
4.6.10 Spill protection
4.6.11 Trace heating
4.6.12 Backup utility supplies
4.6.13 Another SIF
4.6.14 Typical IPL credit available
4.6.15 Examples of insufficient independence
4.7 Critical common element analysis
Chapter 5: SIL assessment methodology
5.2 Overview of SIL assessment methods
5.3 Selecting initiating events
5.4 Assessing the likelihood of initiating events
5.5 Assessing the consequence severity
5.6 Documenting the SIL assessment study
5.7 Risk matrix method
5.7.1 Method overview
5.7.2 Likelihood and severity categories
5.7.3 The risk matrix
5.7.4 Calibration of the risk matrix
5.7.5 Handling multiple initiating events
5.7.6 Handling enabling conditions and conditional modifiers
5.7.7 Handling Independent Protection Layers (IPLs)
5.7.8 Estimating the SIF demand rate
5.7.9 Risk matrix and ALARP
5.7.10 High demand and continuous mode SIFs
5.8 Risk graph method
5.8.1 Method overview
5.8.2 Parameters used in Risk Graph
5.8.3 Risk Graph examples
5.8.4 Selecting parameter categories
5.8.5 Calibration of the Risk Graph
5.8.6 Handling multiple initiating events
5.8.7 Handling enabling conditions and conditional modifiers
5.8.8 Handling Independent Protection Layers (IPLs)
5.8.9 Estimating the SIF demand rate
5.8.10 High demand and continuous mode SIFs
5.9 Layer of Protection Analysis (LOPA)
5.9.1 Method overview
5.9.2 Enabling conditions
5.9.3 Conditional modifiers
5.9.4 Handling multiple initiating events
5.9.5 Estimating the SIF demand rate
5.9.6 Example LOPA worksheet
5.9.7 High demand and continuous mode SIFs
5.10 Fault Tree Analysis
5.10.1 Method overview
5.10.2 Documenting Fault Tree Analysis
5.11 Cost/benefit analysis
5.11.1 Introduction
5.11.2 Calculating the cost of the outcome
5.11.3 Calculating the cost of the SIF
5.11.4 Selecting the optimal solution
5.12 The SIL assessment workshop
5.12.1 The SIL assessment team
5.12.2 Overall objectives of the SIL assessment workshop
Chapter 6: SIL assessment: Special topics
6.2 Redundant safety functions
6.3 One SIF – two hazards
6.4 The IPLs vary depending on demand case
6.5 The demand case is activation of another SIF
6.6 One SIF cascades to another
6.7 Initiating event involves multiple simultaneous failures
6.8 Permissives
6.9 Multiple sensors distributed across a wide area
6.10 Operator action as initiating event
6.11 Duty and standby pumps
6.12 Alarms from cascade control loops
6.13 Selecting primary final elements
6.13.1 Introduction
6.13.2 The safe state
6.13.3 Selecting primary final elements
Chapter 7: Key functional safety documents
7.2 The Functional Safety Management Plan
7.2.1 Introduction
7.2.2 The functional safety lifecycle
7.2.3 Management of Change and configuration management
7.2.4 Management requirements in the FSMP
7.2.5 Why the FSMP is important
7.3 The Safety Requirements Specification (SRS)
7.3.1 Introduction
7.3.2 What is the purpose of the SRS?
7.3.3 When is the SRS developed?
7.3.4 What should the SRS contain?
7.3.5 Common cause failures
7.3.6 SIF demand rates
7.3.7 Selecting a spurious trip rate target
7.4 The safety manual
7.5 Maximising the effectiveness of documentation
7.6 Complete overview of functional safety documentation
Chapter 8: Safety instrumented system design
8.2 PLC-based logic solvers
8.2.1 What is a SIS PLC?
8.2.2 PLC redundancy
8.2.3 Diagnostics in the PLC
8.2.4 Diagnostics for field devices
8.3 Selection of field devices
8.3.1 Preferred types of SIF initiator
8.3.2 Defining final element architecture
8.3.3 SIF architecture
8.3.4 Testing and maintainability
8.3.5 Partial valve stroke testing
8.3.6 Energize and de-energize to trip
8.3.7 Derating
8.4 Independence
8.4.1 Multiple SIFs in the same SIS
8.4.2 Multiple systems tripping a motor via the same MCC
8.4.3 Communications between SIS logic solver and BPCS
8.4.4 Implementing BPCS and SIS in a single logic solver
8.4.5 Implementing non-safety functions in the safety PLC
8.5 Non-PLC based logic solvers
8.6 What comes next?
Chapter 9: Meeting SIL requirements: SIL verification
9.2 Calculating the random hardware failure measure
9.2.1 Introduction
9.2.2 How the failure measure is calculated: SIL verification
9.2.3 High demand and continuous modes
9.3 Optimising the proof test interval
9.4 Architectural constraints
9.4.1 Introduction
9.4.2 Hardware type A and type B
9.4.3 Safe failure fraction
9.4.4 HFT requirements in IEC 61508:2000
9.4.5 HFT requirements in IEC 61508:2010
9.4.6 HFT requirements in IEC 61511:2016
9.4.7 How to apply SFF requirements
9.5 SIL capability and SIL certification
9.5.1 Introduction
9.5.2 Assessing the element’s performance in the field
9.5.3 What is the difference between ‘Proven in use’ and ‘Prior use’?
9.5.4 Software SIL capability
9.6 Calculating predicted spurious trip rate
9.7 What to do if SIS design targets are not met
Chapter 10: Assurance of functional safety
10.2 Verification
10.2.1 Introduction
10.2.2 How verification works in practice
10.2.3 Verification checklists
10.2.4 Discrepancy handling
10.2.5 Competency and independence requirements
10.3 Validation
10.3.1 Introduction
10.3.2 End-to-end test
10.3.3 Specific tests for sensors
10.3.4 Specific tests for final elements
10.3.5 Hardware inspection
10.3.6 SIS logic solver inspection
10.3.7 Test equipment
10.3.8 Document inspection
10.3.9 Discrepancy handling
10.3.10 Restoring the SIS after validation
10.3.11 Validation report
10.3.12 Revalidation
10.4 Functional safety assessment
10.4.1 Introduction
10.4.2 Which stakeholders need to perform FSA?
10.4.3 What sample size needs to be considered in FSA?
10.4.4 Independence requirements for FSA
10.4.5 How FSA is conducted in practice
10.4.6 Assessment tasks
10.4.7 Common pitfalls to avoid
10.4.8 Example: Assessment of SIL verification
10.5 Functional safety audit
10.5.1 Introduction
10.5.2 Typical audit procedure
Chapter 11: The SIS operational phase
11.2 Training requirements
11.2.1 Operator training
11.2.2 Training for maintenance personnel
11.3 Proof testing
11.3.1 Introduction
11.3.2 Applying more than one test procedure per device
11.3.3 Test before performing maintenance
11.3.4 Document the duration of testing and repair
11.4 Assessment of SIS performance
11.5 SIS modifications and partial decommissioning
11.5.1 The Management of Change procedure
11.6 Closing thoughts
Appendix A: Sample verification checklist
- Edition: 1
- Published: March 12, 2023
- No. of pages (Paperback): 354
- Imprint: Elsevier
- Language: English
- Paperback ISBN: 9780443152306
- eBook ISBN: 9780443152313
PC
Peter Clarke
Dr. Peter Clarke is a graduate of the University of Oxford and Durham University in the UK. Originally from a chemistry background, he worked in biotech R&D for 5 years before spending 3 years in the UK fine chemicals and pharmaceutical industry in process and safety management roles. He subsequently moved into safety consultancy, where he has extensive experience in process risk management in oil & gas, petrochemical, semiconductors and energy. He has facilitated a considerable number of HAZOP, SIL assessment, LOPA and alarm management studies, in addition to Safety Case, Fault Tree, ALARP and HAZID.
Dr. Clarke is the founder and Managing Director of xSeriCon, a consultancy, software and training firm based in Hong Kong and the UK. xSeriCon specialises in Process Hazards Analysis and functional safety.
He holds the CFSE certificate, as well as a professional qualification in Occupational Safety & Health, and is a Chartered Chemist.
Affiliations and expertise
Managing Director, xSeriCon, Pyeongtaek, South KoreaRead Functional Safety from Scratch on ScienceDirect