Management of instrumented systems providing safety functions of low / undefined safety integrity
Summary
This document provides specialist inspectors in HID with guidance on the expected standard for the management of instrumented systems providing low integrity safety functions and safety functions of undefined integrity. Low integrity safety functions are those providing risk reduction of a factor of ten or less and commonly termed 'sub-SIL' of 'non-SIL'.
Introduction
Dutyholders have a duty to make a suitable and sufficient assessment of risk and to introduce preventive and protective measures to control the risks identified by the risk assessment. Where risk control measures involve work equipment such as instrumented systems, operators have further duties to maintain those systems in an efficient state, in efficient working order and in good repair and to provide information and instruction.
Relevant good practice in the management of safety instrumented systems in the process sector is provided by the three parts of BS EN 61511. It defines the concept of safety integrity level (SIL) and defines a minimum level of performance (SIL 1) below which the standard does not apply. It also defines the determination of SIL, therefore, in practice, it does not apply below a minimum level of performance (SIL 1) apart from those parts of the standard used to determine the required level of performance.
Inspectors encounter instrumented systems where the integrities of the safety functions they implement are below SIL 1, have not been determined or are in the process of being determined. Until a suitable and sufficient assessment of risk has been completed and the required risk reduction has been specified, the applicability of BS EN 61511 cannot be established.
Irrespective of required risk reduction or the status of risk assessment, the objective for inspectors is to ensure that dutyholders adequately manage all instrumented safety functions.
Action
Instrumented systems that implement low integrity safety functions will be easily identifiable because they have, by definition, been identified through assessment of risk.
In the absence of an assessment of risk, or where the assessment of risk is in the process of being carried out, an instrumented system shall be considered to be implementing a safety function if its action can, in the opinion of the inspector, be related to the prevention of a hazardous event that could reasonably be expected to result in serious or significant injury, health effects or environmental damage.
An instrumented system implementing a low integrity safety function or a safety function of undefined integrity shall be subject to the following provisions:
- the persons who have responsibilities for the instrumented system shall be suitably competent;
- clear, precise and unambiguous specification of the safety function;
- independence between control and safety functions wherever reasonably practicable;
- accurate, accessible, controlled and easily understood engineering documentation showing the component parts of the instrumented system and how they are configured. Examples of engineering documentation include loop or circuit diagrams, equipment data sheets and records of parameter settings;
- periodic inspection of the instrumented system, for example visual or more detailed inspection to reveal evidence of deterioration or unexpected modifications;
- periodic maintenance of the instrumented system in line with manufacturers' recommendations and general good practice;
- periodic testing of the instrumented system, at intervals defined by suitably competent persons, for the purpose of revealing dangerous undetected faults;
- management of change, including control of access to software functions and backing up of software-based systems.
Inspectors should advise dutyholders that these engineering and operational practices would contribute to a demonstration that risk has been reduced so far as is reasonably practicable.
Background
For the purpose of the Enforcement Management Model, this guidance is an interpretative standard
Relevant good practice in the management of instrumented safety instrumented systems in the process sector is provided by BS EN 61511.
Guidance on instrumentation in process control systems is provided by BS 6739.
Further information on the management of control functions and their impact on safety functions can be found in HSG238.
Further information on the management of health and safety can be found in HSG65.
Organisation
Targeting
Major hazard installations.
Timing
Ongoing.
Resources
To be used by HID EC&I Specialist Inspectors during established intervention processes.
Recording & Reporting
No special requirements.
Health & Safety
No special requirements.
Diversity
No special requirements.
Further References
Relevant Acts and Regulations
- Health and Safety at Work etc Act 1974 (as amended)
- Control of Major Accident Hazards Regulations 1999 (as amended)
- Management of Health and Safety at Work Regulations 1999 (as amended)
- Provision and Use of Work Equipment Regulations 1998 (as amended)
- Offshore Installations (Safety Case) Regulations 2005
- Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations 1995
Relevant Good Practice
- BS EN 61511 Parts 1-3 Functional safety – Safety Instrumented Systems for the Process Industry Sector
- BS 6739:2009 Code of practice for instrumentation in process control systems: installation design and practice
Contacts
HID Chemicals, Explosives and Microbiological Hazards Division 2E Electrical, Control and Instrumentation Team