search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
HEALTH & SAFETY


THE FRAMEWORK FOR CLOSING THE GAP


The new ANSI/ISA-84.91.03 standard closes a long-standing gap by defining lifecycle expectations for instrumented low-integrity protection layers that are outside traditional SIS requirements, says SIS-TECH


F


or decades, the process industries have relied on layers of protection to prevent hazardous events. When risk reduction requirements were high, safety instrumented systems (SIS), governed by


standards such as IEC/ISA 61511, provided a clear framework for design, operation, and lifecycle management. Below that threshold, however, sat a large class of instrumented protection layers that reduced risk, were credited in process hazard analyses, and were depended on in day-to-day operations, but were not designed or managed as safety instrumented systems and were not governed by a dedicated consensus standard. These functions were often treated as part of normal control or operations, with expectations that varied widely from one organisation to another. That inconsistency created practical


problems. Functions that were relied upon for risk reduction were not always subject to formal management of change, bypass control, testing, or documentation requirements. In many organisations, engineers and operations personnel understood what should be done, but had no standard requiring that those practices be applied consistently.


Published in late 2025, ANSI/ISA-84.91.03 establishes a lifecycle framework for managing low integrity protection layers (LI-PLs): instrumented protective functions that provide risk reduction of 10 or less and are not designed as safety instrumented systems. Rather than introducing new concepts, the standard formalises expectations around how these functions should be identified, managed, and maintained over time.


“This isn’t about inventing something new,” said Kevin Klein, P.E., co-chair of the ISA- 84.91.03 committee and Senior Instrumented Protective Systems Engineer at Chevron. “It’s about closing a recognised gap. For high-integrity systems, we’ve had clear standards for years. For lower-integrity instrumented functions, there were guidelines and books, but no consensus standard that said, ‘This is the minimum we all agree needs to be done.’” Why now? While the gap around low-integrity


protection layers had existed for years, the ISA 84 committee intentionally focused first on higher- risk safety instrumented systems. That sequencing was deliberate. As Rahul Bhojani, VP Safety & Operational Risk Assurance – Technical Functions at BP and Co-Chair of ISA-84 committee explains, the industry needed time to mature its SIS practices before expanding lifecycle expectations to other protection layers.


“The committee spent years focusing on getting SIS implementation right,” Bhojani said. “Not just design, but operation, maintenance, testing, and management of change. Once there was real maturity in that space, it became clear there was another category of protection layers that were still critical, still relied upon, but not governed by any consistent framework.” Low integrity protection layers often reside in distributed control systems, local interlocks, or independent instrumented functions that are credited during hazard reviews but fall below the SIS threshold. Many organisations managed these functions responsibly, but practices varied widely across the industry. “The issue wasn’t that companies weren’t doing anything,” Klein added. “It was that


everyone was doing something different. That made it hard to communicate expectations, hard to align contractors and engineering firms, and hard to demonstrate that these layers were actually being managed in a disciplined way.”


From guidelines to standard ANSI/ISA-84.91.03 does not redefine risk analysis methods or replace existing SIS standards. It also does not turn low integrity protection layers into SIS by another name. Instead, it introduces a structured lifecycle


approach, aligned with established process safety management principles, for a class of instrumented functions that had previously existed in a grey area.


“The framework should feel familiar,” Klein noted. “It aligns with general functional safety and PSM practices. What’s new is the clarity around how those practices apply specifically to low integrity protection layers.”


In practical terms, lifecycle discipline means identifying which functions are relied upon for risk reduction, controlling changes to those functions, managing bypasses, testing performance, and maintaining documentation that demonstrates the function will work when demanded. Angela Summers, President of SIS-TECH and a licensed professional engineer with more than 30 years of experience in process safety, served as co-chair of the ISA-84.91.03 committee and emphasises that the intent was never to burden organisations with unnecessary bureaucracy. “We were very deliberate about not turning this into another 61511,” Summers said. “The goal was to capture what risk-aware organisations were already doing and make it


30


PROCESS & CONTROL ENGINEERING | APRIL 2026


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48