Safety Instrumented System Interview Questions

Safety Instrumented System Interview Questions & Answers Instrumentati...
1 of 9
http://instrumentationtools.com/safety-instrumented-system-questions-ans...
INSTRUMENTATION TOOLS
Safety Instrumented System Interview

Questions & Answers
1. What is a SIS?
A SIS is a Safety Instrumented System. It is designed to prevent or mitigate
hazardous events by taking the process to a safe state when predetermined
conditions are violated. A SIS is composed of a combination of logic solver(s),
sensor(s), and final element(s). Other common terms for SISs are safety interlock
systems, emergency shutdown systems (ESD), and safety shutdown systems (SSD).
A SIS can be one or more Safety Instrumented Functions (SIF).
2. What is a SIF?
SIF
stands
for
Safety
Instrumented Function. A SIF
is designed to prevent or
mitigate a hazardous event by
taking a process to a tolerable
risk level. A SIF is composed of
a
combination
of
logic
solver(s), sensor(s), and final element(s). A SIF has an assigned SIL level depending
on the amount of risk that needs to be reduced. One or more SIFs comprise a SIS.
3. What is SIL?
SIL stands for Safety Integrity Level. A SIL is a measure of safety system
performance, or probability of failure on demand (PFD) for a SIF or SIS. There are
four discrete integrity levels associated with SIL. The higher the SIL level, the lower
the probability of failure on demand for the safety system and the better the system
6/4/2016 5:25 PM
2 of 9
performance. It is important to also note that as the SIL level increases, typically the
cost and complexity of the system also increase.
A SIL level applies to an entire system. Individual products or components do not
have SIL ratings. SIL levels are used when implementing a SIF that must reduce an
existing intolerable process risk level to a tolerable risk range.
4. What does functional safety mean?
Functional safety is a term used to describe the safety system that is dependent on
the correct functioning of the logic solver, sensors, and final elements to achieve the
desired risk reduction level. Functional safety is achieved when every SIF is
successfully carried out and the process risk is reduced to the desired level.
5. Why were the ANSI/ISA 84, IEC 61508, and IEC 61511 standards developed?
The standards were a natural evolution for the need to reduce process risk and
improve safety through a more formalized and quantifiable methodology.
Additionally, and specifically for IEC 61508, as the application and usage of software
has evolved and proliferated, there was an increased need to develop a standard to
guide system / product designers and developers in what they needed to do to
ensure and claim that their systems / products were acceptably safe for their
intended uses.
6. When do I need a SIF or a SIS?
The philosophy of the standards suggests that a SIS or SIF should be implemented
only if there is no other non-instrumented way of adequately eliminating or mitigating
process risk. Specifically, the ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) recommends
a multi-disciplined team approach that follows the Safety Lifecycle, conducts a
process hazard analysis, designs a variety of layers of protection (i.e., LOPA), and
finally implements a SIS when a hazardous event cannot be prevented or mitigated
with something other than instrumentation.
7. What is a proof-test interval?
Proof testing is a requirement of safety instrumented systems to ensure that
everything is working and performing as expected. Testing must include the
verification of the entire system, logic solver, sensors, and final elements. The
interval is the period of time that the testing occurs. The testing frequency varies for
each SIS and is dependent on the technology, system architecture, and target SIL
level. The proof-test interval is an important component of the probability of failure on
demand calculation for the system.
8. What is a Process Hazard Analysis (PHA) and who conducts this?
6/4/2016 5:25 PM
3 of 9
A PHA is an OSHA directive that identifies safety problems and risks within a
process, develops corrective actions to respond to safety issues, and preplans
alternative emergency actions if safety systems fail. The PHA must be conducted by
a diverse team that has specific expertise in the process being analyzed. There are
many consulting and engineering firms that also provide PHA services. PHA
methodologies can include a What-If Analysis, Hazard and Operability Study
(HAZOP), Failure Mode and Effects Analysis (FEMA), and a Fault Tree Analysis.
9. What voting configurations are required for each SIL level?
Obtaining a desired SIL level is dependent on a multitude of factors. The type of
technology employed, the number of system components, the probability of failure
on demand (PFD) numbers for each component, the system architecture (e.g.,
redundancy, voting), and the proof testing intervals all play a significant role in the
determination of a SIL level. There is not a standard answer for what voting
configurations are required for each SIL level. The voting architecture must be
analyzed in the context of all the factors noted above.
10. Will a SIL rated system require increased maintenance?
SIL solutions are certainly not always the most cost-effective solutions for decreasing
process risk. Many times, implementing a SIL solution will require increased
equipment, which inevitably will require increased maintenance. Additionally, it is
likely that the higher the SIL level, the more frequent the proof testing interval will be,
which may ultimately increase the amount of system maintenance that is required.
This is why the standards recommend a SIL based solution only when process risk
cannot be reduced by other methods, as determined by LOPA.
11. Can a F&G system be a SIF or SIS?
A Fire and Gas (F&G) system that automatically initiates process actions to prevent
or mitigate a hazardous event and subsequently takes the process to a safe state
can be considered a Safety Instrumented Function / Safety Instrumented System.
However, it is absolutely critical in a F&G system to ensure optimal sensor
placement. If there is incorrect placement of the gas / flame detectors and hazardous
gases and flames are not adequately detected, then the SIF / SIS will not be
effective.
Correct sensor placement is more important than deciding whether a F&G SIF / SIS
should be SIL 2 or SIL 3.
12. What is SIL 4?
SIL 4 is the highest level of risk reduction that can be obtained through a Safety
6/4/2016 5:25 PM
4 of 9
Instrumented System. However, in the process industry this is not a realistic level
and currently there are few, if any, products / systems that support this safety
integrity level.
SIL 4 systems are typically so complex and costly that they are not economically
beneficial to implement. Additionally, if a process includes so much risk that a SIL 4
system is required to bring it to a safe state, then fundamentally there is a problem in
the process design which needs to be addressed by a process change or other
non-instrumented method.
13. Can an individual product be SIL rated?
No. Individual products are only suitable for use in a SIL environment. A SIL level
applies to a Safety Instrumented Function / Safety Instrumented System.
14. What type of communication buses or protocols are applicable for SIL 2 or
SIL 3 systems?
The type of communication protocol that is suitable for a SIL 2 or SIL 3 system is
really dependent on the type of platform that is being used. Options include, but are
not limited to: 4-20 mA output signal, ControlNet (Allen Bradley), DeviceNet Safety
(Allen Bradley), SafetyNet (MTL), and PROFIsafe. Currently, the ISA SP84
committee is working on developing guidelines for a safety bus, to make sure that
the foundations comply with IEC 61508, and IEC 61511 standards. The first devices
with a safety bus should be available by 2008. The Fieldbus Foundation is actively
involved in the committee and working on establishing Foundation Fieldbus Safety
Instrumented Systems (FFSIS) project to work with vendors and end users to
develop safety bus specifications.
15. For General Monitors, how can I access the PFD and MTBF data for the
products?
The General Monitors SIL certificates have the PFD, SFF, and SIL numbers that
correspond to each product. MTBF data can be provided by request.
16. Can a manufacturer state their products are SIL X certified rather than
suitable for use in a SIL X system?
Individual products are only suitable for use in a SIL environment. A SIL level applies
to a Safety Instrumented Function / Safety Instrumented System.
Product certificates are issued either by the manufacturer (self-certification), or other
independent agency to show that the appropriate process is followed, calculations
have been performed, and analysis has been completed on the individual products
to indicate that they are compatible for use within a system of a given SIL level.
6/4/2016 5:25 PM
5 of 9
Full IEC 61508 certification can apply to a manufacturers processes. Full

certification implies that a manufacturers product development process meets the
standards set forth in the appropriate parts of sections 2 3 of IEC 61508 (including
hardware / system and software). Receiving full certification from an accredited
notifying body gives the end user confidence that the manufacturers engineering
process has been reviewed and its products electrical content, firmware and logic
have been assessed and conform to the guidelines set forth in the standard.
There are very few nationally accredited bodies that can issue nationally accredited
certifications. Other consulting firms issue certificates that indicate that the product
and / or process has been reviewed by an independent third party.
17. Can a manufacturer state their products meet all parts of the requirements
of IEC 61508 parts 1 to 7?
IEC 61508 consists of the following parts, under the general title Functional Safety of
electrical/electronic/programmable electronic safety-related systems:
Part 1: General requirements
Part 2: Requirements for electrical/electronic/programmable electronic safety-related
systems
Part 3: Software requirements
Part 4: Definitions and abbreviations
Part 5: Examples of methods for the determination of safety integrity levels
Part 6: Guidelines on the application of parts 2 and 3
Part 7: Overview of techniques and measures
To be in compliance with the standard, it is necessary to conform to Parts 1 3.
Parts 4 8 are informative only and can be useful in understanding and applying the
standard, but do not have requirements for conformance.
Manufacturers of products generally meet Section 2 requirements to determine
through a FMEDA analysis that their products are suitable for use within a given SIL
level.
Companies choosing to certify their engineering processes and receive full IEC
61508 certification will also comply with Section 3 as it relates to software
development.
18. What does SIL X suitable mean, is this a valid statement as per the standard
IEC 61508 or can any other wording be used?
SIL stands for Safety Integrity Level. A SIL is a measure of safety system
performance, or probability of failure on demand (PFD) for a SIF or SIS. There are
6/4/2016 5:25 PM
6 of 9
four discrete integrity levels associated with SIL. The higher the SIL level, the lower
the probability of failure on demand for the safety system and the better the system
performance. It is important to also note that as the SIL level increases, typically the
cost and complexity of the system also increase.
A SIL level applies to an entire system if it reduces the risk in the amount
corresponding to an appropriate SIL level. Individual products or components do not
have SIL ratings. SIL levels are used when implementing a SIF that must reduce an
existing intolerable process risk level to a tolerable risk range.
Only the end user can ensure that the safety system is implemented to be compliant
with the standards. It is up to the user to ensure that procedures have been followed
properly, the proof testing is conducted correctly, and suitable documentation of the
design, process, and procedures exists. The equipment or system must be used in
the manner in which it was intended in order to successfully obtain the desired risk
reduction level. Just buying SIL 2 or SIL 3 suitable components does not ensure a
SIL 2 or SIL 3 system.
19. Using a SIL 3 logic solver means that I have a SIL 3 system.
No. When using a SIL 3 logic solver, it is critical that the entire system is designed to
conform to SIL 3 requirements. The PFD for the entire system is important. If a user
installs a SIL 3 logic solver but does not employ appropriate redundancy or does not
incorporate components into the system with correct PFD calculations, then the
entire system may not comply with a SIL 3 level. A chain is only as strong as its
weakest link.
20. SIL 3 suitable products are better than SIL 1 or SIL 2 suitable products.
This is not necessarily true. While a higher SIL level corresponds to a lower
probability of failure on demand, a SIL 2 suitable product may be perfectly
acceptable for use in a SIL 3 environment if, for example, the proof testing interval is
increased or if redundancy is used. It is very important for an end-user to understand
the operating requirements of the products within a given SIL environment to ensure
that once installed, the products maintain their SIL suitability levels. Incorrect
installation, proof testing, or configuration of the products could make the SIL
suitability level inaccurate.
21. There are many agencies that are capable of issuing SIL certifications.
There are very few nationally accredited bodies that can issue nationally accredited
certifications, including FM, TUV, and Sira. Many unaccredited consulting firms issue
certificates that indicate they have reviewed the product and / or process for
conformance to certain parts of the IEC 61508 standard. The standard does not
6/4/2016 5:25 PM
7 of 9
mandate that certain companies or agencies are able to certify products and
systems. Rather, it is suggested that analysis is either conducted or validated by an
independent third party.
22. A vendor can determine whether a system meets the requirements of IEC
61511.
No. Only the end user can ensure that the safety system is implemented to be
compliant with the standards. It is up to the user to ensure that procedures have
been followed properly, the proof testing is conducted correctly, and suitable
documentation of the design, process, and procedures exists. The equipment or
system must be used in the manner in which it was intended in order to successfully
obtain the desired risk reduction level. Just buying SIL 2 or SIL 3 suitable
components does not ensure a SIL 2 or SIL 3 system.
23. A customer must purchase a complete SIL based solution, even if some
functions do not require a SIL level.
For most applications there will only be a few SIF functions being handled by the
system, and the vast majority of the circuits may not need to be SIL rated at all. If the
customer specifies SIL 2 or SIL 3 for the entire system he may add considerable cost
with little or no benefit or improvement in safety.
24. Safety and Reliability are the same thing.
No. Safety and reliability are often linked but are not the same thing. Safety is
defined in the IEC 61508 standards as freedom from unacceptable risk. A safe
system should protect from hazards whether it is performing reliably or not. Safety
engineering assures that a safety system performs as needed, even when pieces
fail. In fact, safety engineers assume that systems will fail, and design accordingly.
Reliability is a measure of how well the system does exactly what it is intended to do
when operated in a specific manner. A reliable system may not always be a safe
system. The challenge in functional safety is to ensure that a system is both reliable
and safe.
25. Explain SIL and SIS and how they relate?
Safety Instrumented System (SIS): Instrumented system used to implement one or
more safety instrumented functions. An SIS is composed of any combination of
sensors, logic solvers, and final elements. This can include safety instrumented
control functions, safety instrumented protection functions, or both. In many
industrial processes, especially those in the chemical or oil & gas industries, involve
inherent risk due to the presence of dangerous chemicals or gases. Safety
6/4/2016 5:25 PM
8 of 9
Instrumented Systems are specifically designed to protect personnel, equipment,

and the environment by reducing the likelihood or the impact severity of an identified
emergency event.
Safety Integrity Level (SIL): SIL is a quantifiable measurement of risk used as a way
to establish safety performance targets for SIS systems. IEC standards specify four
possible Safety Integrity Levels (SIL1, SIL2, SIL3, SIL4); however, ISA S84.01 only
recognizes up to SIL3 levels.
Additional terms in the Safety Design area:
Safety Instrumented Function (SIF): Safety function with a specified safety integrity
level, which is necessary to achieve functional safety. A safety instrumented function
can be either a safety instrumented protection function (define SIPF) or a safety
instrumented control function (define SICF).
Safe Failure Fraction (SFF): is a relatively new term resulting from the IEC 61508
and IEC 61511
committees work to quantify fault tolerance and establish the minimum level of
redundancy required in a safety instrumented function. Per IEC, Safe failure fraction
is the ratio of the (total safe failure rate of a subsystem plus the dangerous detected
failure rate of the subsystem) to the total failure rate of the subsystem. (In IEC
terms, subsystem refers to individual devices).
There are four types of random hardware failures:
Safe undetected (SU);
Safe detected (SD);
Dangerous detected (DU);
Dangerous undetected (DD).
Determining the SFF requires dividing the sum of the first three by the sum of all
four. The assumption is that the operator is expected to take action based on the
dangerous detected faults, therefore even if a device has a large fraction of
dangerous failures, if enough can be detected and safe action taken, then the device
is still considered a safe device.
Also Read: Importance of Safety Integrity Level
POSTED BY S BHARADWAJ REDDY

Instrumentation Professional Working in a reputed Oil & Gas Company.
6/4/2016 5:25 PM
9 of 9
6/4/2016 5:25 PM

Safety Instrumented System Interview Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Safety Instrumented System Interview Questions

Uploaded by

Copyright:

Available Formats

Safety Instrumented System Interview Questions & Answers Instrumentati...