This page contains a Flash digital edition of a book.
Feature: Functional Safety


Solid foundations As the name implies, a Safety Instrumented System comprises everything from sensor, through logic solver to actuator. All the elements of the chain are important and the chain is only ever as strong as its weakest link.


IEC61511-1 requires that equipment should be assessed for conformance with IEC 61508, or should meet the “prior use” requirements. The standards don’t make ‘third party’ certification or conformity assessment of systems compulsory, however, the associated guidance documents point out the benefits of such an approach in increasing confidence and reducing the activities required assuring suitability for any given application.


The standards don’t make ‘third party’ certification or conformity assessment of systems compulsory, however, the associated guidance documents point out the benefits of such an approach in increasing confidence and reducing the activities required assuring suitability for any given application.


The alternative “prior use” route has proved quite challenging to date, with relatively few organisations having sufficiently good reliability data to underpin a “prior use” justification. In general, this requires greater effort to meet the requirements for evidence of suitability.


The alternative “prior use” route has proved quite challenging to date, with relatively few organisations having sufficiently good reliability data to underpin a “prior use” justification. In general, this requires greater effort to meet the requirements for evidence of suitability.


In practise the path most trodden is to use systems and subsystems from reputable vendors with a proven track record which have been conformity assessed in accordance with IEC61508 by equally reputable independent organisations. Whilst this is arguably the easiest route it is still important to check that the reports which accompany such certification activities to ensure that any assumed conditions when making the assessment will also match the intended application.


Sometimes technological advancements such as more effective distribution of control and safety can bring benefits in terms of making systems simpler to implement. As an example of this the ability to combine both failsafe and standard I/O in the same I/O subsystems in a Zone 1 hazardous area with failsafe communication back to the process and safety controllers can bring many benefits, but importantly helps to reduce complexity by incorporating the I.S. barriers into the equipment, enhancing diagnostics and significantly simplifying the SIL verification activity.


Keeping it simple with Safety lifecycle tools


The standards place significant emphasis on a safety lifecycle approach and this has prompted a move towards more use of safety lifecycle tools. The traditional Cause & Effect Matrix (CEM) approach for documenting and defining safety logic is well established, but a move toward encompassing other aspects of the lifecycle has taken it beyond simply being a specification tool during the analysis phase.


The newer breed of safety lifecycle tools are not just planning tools to allow an engineer to document the CEM logic required for a SIS in a form that will be familiar to them, but they can now subsequently automate the creation of the logic for the SIS and allow testing and commissioning using the same CEM format for engineering, testing and visualisation. This approach can significantly reduce the engineering time as well as the possibility of human error and misinterpretation, thus significantly reducing systematic errors. The enhanced functionality of such tools can also embed the mechanisms for implementing overrides and bypasses in a carefully controlled manner without this needing to be custom engineered within the code. Essentially, these tools tame the extra power and capability of state-of- the-art programmable safety PLCS, and keep the logic in a form that everyone, from the process engineer right through to the regulatory authorities, can understand.


Software development typically follows a “V” model approach - and this is also advocated by IEC61508 for SIS software. At various levels within the “V” there are requirements for test plans, verification activities and, ultimately, validation. The closer the code is to the original design document, the easier all of these activities become so the use of a Cause and Effect matrix can bring significant benefits in terms of streamlining the software development activity.


By automating the creation of the operator graphics for the SIS logic these tools also make a significant contribution to the latter stages of the safety lifecycle and help to close the loop by supporting change management of the SIS code. In another exciting development these CEM tools are also able to generate the Cause & Effect diagrams from the SIF models contained in a typical SIL verification tool.


By getting the basics right and building on a sound foundation of effective functional safety management and competence, modern safety system tools can help reduce complexity, deliver value and ultimately help achieve the target risk reduction for safety instrumented systems both when commissioned and throughout operation.


Siemens For all the most up to date news and products visit www.thepanelbuilder.co.uk May 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21