Iec 61511 Latest Revision

[Imke]

Themain driver for 61511 Ed. 2 revision was to reinforce the necessity of Functional Safety Management based on a Safety Life Cycle approach. Parallel, a number of potential misinterpretations from Ed. 1 were clarified. IEC TR 61511-4 provides a detailed explanation of the differences between Ed. 1 and Ed. 2 and the reasons behind the changes.

There are misunderstandings regarding the difference between verification and validation. In practice, verification is often only carried during FAT or PSSR (Pre-Startup Safety Review), whereas it should be implemented throughout the SLC.

A plant-specific test and review plan (Safety Plan) should be generated that covers each activity of the SLC (including development of application program). The Safety Plan must define how to perform each test / review activity, as well as required acceptance criteria.

IEC TR 61511-4 is easy-to-read and well structured. It gives a logical explanation of the changes between 61511 Ed. 1 and Ed. 2, as well as practical examples on how to implement a FSMS to meet the requirements.

PSC covers the whole Safety Life Cycle, from the initial hazard and risk assessment through detailed design, implementation, commissioning and operation up to decommissioning. PSC can manage initial FSM system set-up or provide support on specific compliance issues, including Verification & Validation activities. PSC safety experts are IChemE and CFSE certified.

IEC standard 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as Safety Instrumented Systems. The title of the standard is "Functional safety - Safety instrumented systems for the process industry sector".

The process industry sector includes many types of manufacturing processes, such as refineries, petrochemical, chemical, pharmaceutical, pulp and paper, and power. The process sector standard does not cover nuclear power facilities or nuclear reactors. IEC 61511 covers the application of electrical, electronic and programmable electronic equipment. While IEC 61511 does apply to equipment using pneumatic or hydraulic systems to manipulate final elements, the standard does not cover the design and implementation of pneumatic or hydraulic logic solvers.

This standard defines the functional safety requirements established by IEC 61508 in process industry sector terminology. IEC 61511 focuses attention on one type of instrumented safety system used within the process sector, the Safety Instrumented System (SIS).

For existing safety instrumented systems (SIS) designed and constructed in accordance with codes, standards, or practices prior to the issuance of this standard (e.g. ANSI/ISA 84.01-1996), the owner/operator shall determine and document that the equipment is designed, maintained, inspected, tested, and operated in a safe manner.

The European standards body, CENELEC, has adopted the standard as EN 61511. This means that in each of the member states of the European Union, the standard is published as a national standard. For example, in Great Britain, it is published by the national standards body, BSI, as BS EN 61511. The content of these national publications is identical to that of IEC 61511. Note, however, that 61511 is not harmonized under any directive of the European Commission.

IEC 61511 covers the design and management requirements for SISs throughout the entire safety life cycle. Its scope includes: initial concept, design, implementation, operation, and maintenance through to decommissioning. It starts in the earliest phase of a project and continues through startup. It contains sections that cover modifications that come along later, along with maintenance activities and the eventual decommissioning activities.

ISA 84.01/IEC 61511 requires a management system for identified SIS. An SIS is composed of a separate and independent combination of sensors, logic solvers, final elements, and support systems that are designed and managed to achieve a specified safety integrity level (SIL). An SIS may implement one or more safety instrumented functions (SIFs), which are designed and implemented to address a specific process hazard or hazardous event. The SIS management system should define how an owner/operator intends to assess, design, engineer, verify, install, commission, validate, operate, maintain, and continuously improve their SIS. The essential roles of the various personnel assigned responsibility for the SIS should be defined and procedures developed, as necessary, to support the consistent execution of their responsibilities.

ISA 84.01/IEC 61511 uses an order of magnitude metric, the SIL, to establish the necessary performance. A hazard and risk analysis is used to identify the required safety functions and risk reduction for specified hazardous events. Safety functions allocated to the SIS are safety instrumented functions; the allocated risk reduction is related to the SIL. The design and operating basis is developed to ensure that the SIS meets the required SIL. Field data are collected through operational and mechanical integrity program activities to assess actual SIS performance. When the required performance is not met, action should be taken to close the gap, ensuring safe and reliable operation.

IEC 61511 references IEC 61508 (the master standard) for many items such as manufacturers of hardware and instruments and so IEC 61511 cannot be fully implemented without reference to IEC 61508. IEC 61511 is the process industry implementation of IEC 61508.[1]

The original standard is from the early 2000s, so IEC 61511 edition 2 was undoubtedly a planned update to keep pace with technology. Another reason for developing IEC 61511 edition 2 is that it's parent standard, IEC 61508, was significantly updated in 2010.

In the management-related requirements, the main update formally requires a competence management system to be in place for the management of safety systems.There is also a new emphasis on conducting functional safety assessment (FSA) during regular operation.

A new requirement for security risk assessment (cybersecurity) appears alongside general hazard and risk assessment. This will be a challenge to many projects as the necessary skillset crosses over from process and control system engineers to the Information Technology (IT) domain.

A fundamental change in validation testing is the requirement to show traceability of all SIS documentation. This change emphasizes the need for a database approach to functional safety requirements and validation documentation.

So, what do these changes mean to users of the standard?

All end-users of SIS equipment must prepare for control and safety system security assessment as part of their hazard and risk assessment process. Operationally, a documented SIS operations and maintenance procedure will also be needed.

There are new requirements for system integrators or end-users who program safety PLC's to review the IEC 61511-1 clause 12 application program specification and design requirements.

Layers of Protection Analysis (LOPA) is presented in the IEC 61511 standard, and many of our users may not have yet discovered the industry-verified LOPA feature in BowTieXP that integrates LOPA in the BowTie model. Learn more about the LOPA feature in BowTieXP.

IEC 61511 covers the design and management requirements for SISs (Safety Instrumented Systems) from cradle to grave. Its scope includes initial concept, design, implementation, operation, and maintenance through to decommissioning. It starts in the earliest phase of a project and continues through startup. It contains sections that cover modifications that come along later, along with maintenance activities and the eventual decommissioning activities.

A SIS is composed of a separate and independent combination of sensors, logic solvers, final elements, and support systems that are designed and managed to achieve a specified safety integrity level (SIL). A SIS may implement one or more safety instrumented functions (SIFs), which are designed and implemented to address a specific process hazard or hazardous event. The SIS management system should define how an owner/operator intends to assess, design, engineer, verify, install, commission, validate, operate, maintain, and continuously improve their SIS. The essential roles of the various personnel assigned responsibility for the SIS should be defined and procedures developed, as necessary, to support the consistent execution of their responsibilities.

IEC 61511 uses an order of magnitude metric, the SIL, to establish the necessary performance. A hazard and risk analysis is used to identify the required safety functions and risk reduction for specified hazardous events. Safety functions allocated to the SIS are safety instrumented functions; the allocated risk reduction is related to the SIL. The design and operating basis is developed to ensure that the SIS meets the required SIL. Field data are collected through operational and mechanical integrity program activities to assess actual SIS performance. When the required performance is not met, action should be taken to close the gap, ensuring safe and reliable operation.

Safety instrumented systems have been delivering risk reduction for at least half a century. In the early years of automation after the Second World War safety instrumented functions were implemented using simple pneumatic, hydraulic or hardwired electrical circuits. These simple functions were easy to understand and had failure modes that were well defined. The behavior under fault conditions could be completely determined and predicted. Electronic and programmable electronic systems came into use in safety functions during the 1970s. Electronic and programmable electronic systems have indeterminate failure modes. They do not inherently fail into a safe state. They are subject to hidden or latent faults that can be difficult to eliminate. Failure modes and behaviors cannot be completely determined and predicted. Programmable systems, in particular, have hidden complexity, and the complexity has been increasing exponentially for several decades. Complex systems are subject to the risk of systematic failures, failures caused by errors and failures in the design and implementation of the systems. (Generowicz, 2016)

3a8082e126