Functional Safety Assessment Stage 4: considerations for the process industries

In the process industries, application of the functional safety standards BS EN 61508 and BS EN 61511 covering the design, installation, commissioning, testing and inspection of new safety instrumented systems (SIS) on high hazard sites is, in general, well understood and accepted. This is in contrast to guidance for legacy systems (i.e. SIS aligned to earlier standards such as DIN 19250, ISA 84 or HSE’s PES 1 and 2 guidance documents) where clear direction on verification of system performance in particular has been confusing at best, leaving many wondering what to do and what is expected of them by regulators.

But recent guidance published by the Chemical and Downstream Oil Industries Forum – CDOIF Guideline Functional Safety Management of Installed Safety Instrumented Systems – goes some way to addressing this issue. It forms the basis, in part, for the HSE’s approach to legacy systems when performing specialist inspections on the topic of functional safety and contributes to a demonstration that “all measures necessary” have been taken to reduce risks.

Based on feedback from sites, in relation to legacy systems it has been found that there is generally a lack of:

• Overall functional safety management
• SIS design verification
• SIS performance monitoring

For legacy installed SIS, a suitable approach might be to perform a functional safety assessment stage 4 (FSA 4), to provide a root and branch review of all stages of the safety lifecycle for the SISs in place to deliver the safety instrumented functions (SIF).

A functional safety assessment is defined in BS EN 61511 (2017) as an “investigation, based on evidence, to judge the functional safety achieved by one or more SIS and/or other protection layers”

An FSA 4 will investigate all stages of the functional safety lifecycle and should consider the following (non-exhaustive):

• Is there an underlying hazard identification and risk assessment (HIRA) process which is linked to all SIF’s?
• Does the management of HIRA require that HIRA’s have been subject to late lifecycle review activities such as HAZOP stage 6 and has this been performed? 
• Have all existing SIFs been assessed for their required safety integrity level (SIL)?
• Do existing SIFs have a BS EN 61511 compliant safety requirement specification (SRS)?
• Do the site’s current KPIs, audit schedules and review processes cater for the specific requirements of BS EN 61511?
• Have the probability of failure upon demand (PFD), hardware fault tolerance (HFT) and systematic capability (SC) requirements been met
• Is there a system for the collection of demand rate and failure rate data for the SIF?
• Is there a process for analysing such data, and relating it to the underlying assumptions present within SIL determination and SIL assessment studies?
• Does the current management of change procedure include the specific functional safety requirements for an impact assessment and FSA 5?

If the answer is no, or you are unsure then please contact us to find out how we can help.