Acknowledgement
Triconex acknowledges the generous assistance of TÜV Rheinland/Berlin-Brandenburg in the development of this guide. In addition, their efforts have contributed to the overall quality and integrity of the Tricon system. TÜV Rheinland/Berlin-Brandenburg aims to “shape technology so that it does not put people and the environment at risk but is of the greatest benefit to them.” To achieve this aim, TÜV offers support during the complete life cycle of a product, from concept through development and testing to certification.
Safety Overview
Modern industrial processes tend to be technically complex, involve substantial energies, and have the potential to inflict serious harm to persons or property during a mishap. The IEC 61508 standard defines safety as “freedom from unacceptable risk.” In other words, absolute safety can never be achieved; risk can only be reduced to an acceptable level.
Safety methods to mitigate harm and reduce risk include:
- Changing the process or mechanical design, including plant or equipment layout
- Increasing the mechanical integrity of equipment
- Improving the basic process control system (BPCS)
- Developing additional or more detailed training procedures for operations and maintenance
- Increasing the testing frequency of critical components
- Using a safety-instrumented system (SIS)
- Installing mitigating equipment to reduce harmful consequences; for example, explosion walls, foams, impoundments, and pressure relief systems
Methods that provide layers of protection should be:
- Independent
- Verifiable
- Dependable
- Designed for the specific safety risk
Protection Layers
The figure at left shows how layers of protection can be used to reduce unacceptable risk to an acceptable level. The amount of risk reduction for each layer is dependent on the specific nature of the safety risk and the impact of the layer on the risk. Economic analysis should be used to determine the appropriate combination of layers for mitigating safety risks.
When an SIS is required, one of the following should be determined:
- Level of risk reduction assigned to the SIS
- Safety integrity level (SIL) of the SIS
Typically, a determination is made according to the requirements of the ANSI/ISA S84.01 or IEC 61508 standards during a process hazard analysis (PHA). A process demand is defined as the occurrence of a process deviation that causes an SIS to transition a process to a safe state.
SIS Factors
According to the ANSI/ISA S84.01 and IEC 61508 standards, the scope of an SIS is restricted to the instrumentation or controls that are responsible for bringing a process to a safe state in the event of a failure. The availability of an SIS is dependent upon:
- Failure rates and modes of components
- Installed instrumentation
- Redundancy
- Voting
- Diagnostic coverage
- Testing frequency
SIL Factors
A SIL can be considered a statistical representation of the availability of an SIS at the time of a process demand. A SIL is the litmus test of acceptable SIS design and includes the following factors:
- Device integrity
- Diagnostics
- Systematic and common cause failures
- Testing
- Operation
- Maintenance
In modern applications, a programmable electronic system (PES) is used as the core of a SIS. The Triconex controller is a state-of-the-art PES optimized for safety-critical applications.
