Abstract
Functional Safety international Standard IEC 61508 gives functional safety for electro technologies (Electrical, Electronics and programmable electronics) and safety related technologies. IEC 61511-1 give the requirements for the specifications, design, Installation operation and maintenance of SIS (Safety Instrumented System) for process industries. And it has wide spread use in many industries and countries. IEC 61511-1 have been come for process sector implementation of IEC 61508. So it aims to attain and provide safe state in process industries.
This standard discussed the SIL assessment for SIF for safety to get the desired goal and to develop the process sectors.
So there for the objective of this report is to discuss its requirements for the specifications, design, Installation operation and maintenance of SIS (Safety Instrumented System) for process industries and relationship with IEC 61508.
Since 2005 for improvement in process industry Germany has to follow these international standards according to national regulation of DIN EN 61508 and 61511.
Introduction
The IEC is a global organization for standardization of publishing international standards for electro technology (electrical, electronics) related technologies. IEC is a short form of International Electro technical commission. The main aims of IEC are to develop all international co-operation and standardization of answer to all questions related to electro technologies. According to agreement between two international organizations IEC is also co-operating with international organization for standardization (ISO).It’s purpose to enhance the safety in the field of electrical, electronic technologies. The IEC release a report for every specific issue which is accepted with a complete authorization of all IEC National committees. The documents are made as recommendations for international use, and must be acknowledged by all members of National board in that sense. IEC develop the worldwide coupling, And connections between National and IEC international standards must be clearly mark in the latter.
IEC 61511 editions 1 has been processed by subcommittee 65A for the process industries measurements and control in 2003. The safety instrumented systems have been used from several decades for the purpose of safety instrumented function in process industries sectors. To get acceptable results the safety instrumented systems must be meet the lowest standard performance levels. The parts 1 of this standard tell us about the use of SIS for the process industries sectors. This standard also needed risk and hazard analysis to obtain the required level of safety instrumented systems. These systems contain many subsystems, logic solver, sensors and other components.
This standards (IEC 61511 part 1) has two basics principles to its applications; safety integrity levels and safety life cycle. For the safety this standard specifies safety instrumented systems which are based on electro technologies (Electrical, electronics and programmable Electronics).But irrespective of technology used the fundamental principles of this standard can be applied. The IEC 61511-1 is actually works on the basis of IEC 61508.
To catch up the lower level of safety life cycle this standard have a good setup by using of high logical technical policies. To get an acceptable safety we need best process design and protective systems to direct every single residual risk. These protective systems can be depends on various types of technologies. There for IEC 61511-1 needs a hazard and risk evaluation and measurement of safety requirements to identify overall safety of safety instrumented systems.
IEC 61511-1 clarify every point regarding to safety instrumented systems for process industry
• For every single stage of safety life cycle from starting to end of the process (design, Implementation, operation, maintenance through decommissioning).
• Earlier or latest country special process industry standards to be integrated with this standard.
This worldwide standard have aims to promote and to achieve an extraordinary regularity in process industry, which have both economic and safety benefits.
Scope of IEC 61511-1
IEC 61511 parts 1 gives us detailed information’s for designing, implementation, operation and maintenance of SIS. That why this standard is follow as a process sector implementation of IEC 61508.
This standard has defined required conditions to attain functional safety. But did not define who is answerable for the enforcement of the requirements (e.g. designer, supplier, contractor or company).This standard shows the similarities or connections between IEC 61511 and IEC 61508.And this standard can be enforce to that overall system of process sector application, when the specification of equipment is resemble to IEC 61508 or of 11.5 of IEC 61511-1.
The first edition of IEC 61511 is implemented to those systems having limited variability or fixed programmed application software. But does not use for user of embedded software or having full variability software. Its shows the connection between safety instrumented function and other function. The use of this standard is very high in process industry sector. This standard also outlines the identifications of function and safety integrity of safety instrumented systems to minimize the hazard and risk. For more development this standard defines the hardware and architecture of systems as well as the application software. This standard explains the application software requirements for users. In addition the following specifications is also define
• To minimize the fault and failure of application software and also have explained the software life cycle model for designing and development of application software.
• The guidance for software safety validation and methods regarding to software needs for user in the period of operating and maintenance of safety instrumented systems.
• Policies and conditions for matching of pattern for remodeling of safety software.
IEC 61511 parts 1 is to use when the safety is attained by using one or more than one SIF’s (Safety instrumented function),This safety may be for personal, public or environmental protection. And also explained the specification for safety instrumented systems to attain functional safety. With help of safety life cycle this is also explaining entire steps which are essential to regulate the functional and safety integrity level specification for every safety instrumented systems. And this also needed the risk and hazard reduction methods for every steps functional safety and safety integrity level of functional safety instrumented function. IEC 61511-1 give detailed information about mean value and frequency of failure in every hour for safety SIL (safety integrity levels).
For more development it’s also explain how we can obtain the required Safety integrity levels. To reduce the threats explained the lower level of hardware fault tolerance. In this standard described that how we can attain the higher level of SIL (SIL4), and as well as it’s define the lower SIL (SIL1) for safety instrumented systems. This standard has defined the scheme for regulating the safety integrity levels but does not explain the SIL for a particular application. This standard show the specifications for every sections (from sensors to final items) of safety instrumented systems.
Addition to this it does interpret the information throughout the safety life cycle.
Normative References
The following evidences verify this record, which is essential for its implementation.
IEC 60654-1,-3 in 1993 and 1998 for process measurements and control tools, Part 1 is for climate and part 3 is for mechanical control.
IEC 61508 and part-2 and part-3 are concern to the functional safety systems that are based on electro technologies and to its (Figure 1-Relationship between system Hardware and software of IEC 61511-1)
o Software’s Specifications respectively.
IEC 61326-1 for EMC specification.
IEC 61511 Part-2 for Guidelines for the use of IEC 61511-1.
Abbreviations and definitions
4.1 Abbreviations
The following table 1 shows the abbreviations that are used in IEC 61511.
Table 1-Abbrivations which are used in IEC 61511
Abbreviation
Full expression
Abbreviation
Full expression
AC/DC Alternative current/Direct current ISO International Organization for standards
BPCS Basic process control system ISA Instrumentation, Systems and automation society
E/EE/PE Electrical/Electronics/
Programmable Electronics SRS Safety required specifications
SIS Safety instrumented systems HMI Human machine interface
SIF Safety instrumented function FPL Fixed program language
S/W Software H/W Hardware
PLC Programmable logic control SIL Safety integrity levels
We have some others abbreviations that are not mention in this table. That is you can find out in the complete edition of IEC 61511-1.
4.2 Definitions
In this part of standard for the help of understanding some basics terms are defined here. And for more details you can be found in some others text book of the standard.
4.2.1 Architecture
The Structure designing of hardware’s or software’s of a system. For example structure design of SIS subsystem.
4.2.2 Failure
A state in which the part or an item of system is does not able to perform the desired duty or function. And failure is occurs at a specific point.
4.2.3 Systematic failure
The failure which is occurs during designing, documentation, operations and manufacturing.
4.2.4 Channel
The item or the group of items that completing their required function independently.
4.2.5 Fault
It is a state in which an item is not able to carry out a required function. And the fault is occurs due to the interruption of failure.
4.2.6 Fault tolerance
The potential of a module or unit of system that to carry out its predefined function in the presence of fault.
4.2.7 Safety integrity
Its shows the probability of safety instrumented system that it will execute carefully the given function in a given condition during the whole period.
4.2.8 Safety integrity level (SIL)
SIL specify the level of safety integrity specification of safety instrumented function to be assigned to SIS. The highest SIL is 4 and the least one is SIL 1.
In this standard many definition are discuss regarding to clear the concept of every things that we have define some of them. And these definitions are applied to different mode of operation according to this standard.
5 Safety Life Cycle and Safety life cycle overview
5.1 Safety lifecycle
5.1.1 Objective
The Safety Lifecycle is a pre-designed engineering process that contains all essential steps to attain the required functional safety. The lifecycle shows all the compulsory actions that are mandatory for the implementations of safety related systems, and to confirm the developed steps for Safety Instrumented Systems to meet the safety requirements. And it will be apply to all safety related system may of electro technologies, other technology system that are used as a safety instrument.
5.1.2 Requirements
1: At the time of Planning the safety life cycle should be defined the requirements of IEC61511.
2: Every step of safety lifecycle should be clear with respect to its inputs, outputs and verification activities.
This figure provides an overview of every single step of IEC61511/ISA 84 safety lifecycle and also provides key considerations according to practical experience.
5.2 Safety Life Cycle Overview
5.2.1 Management of Functional Safety and Functional Safety Assessment and Auditing
This one stage point out the various management activities that is essential to confirm the functional safety objectives.
The safety management system (SMS) addresses the sustainable functional safety management and safety evaluation and auditing. In addition to this safety management system is addressing the structure and planning operations for safety life cycle.
5.2.2 Safety Lifecycle Structure and Planning
The Safety Management System should set up the requirements and different stages for safety life cycle to confirm that the safety instrumented systems (SIS) fulfill the safety specifications. Safety Management System is a combine titled name for overall phases of Safety Lifecycle, Management of Functional Safety and Functional Safety Assessment & Auditing.
5.2.3Verification
Every stage of the Safety Lifecycle must be containing verification step. Verification phase testify by review, testing and by analysis to check how much the output are fulfill the requirements.
5.2.4 Hazard and Risk Assessment
This assessment is identifying good technical ways to eliminate Hazards and to reduce the risk. And to identify the architecture and SIS system design specifications.
5.2.5 Allocation of Safety Functions to protection Layers
Safety Integrity Level is an important requirement for SIS. So Allocation of Safety Function to protection Layers allocating SIL to every specific part of safeguards that are used in process to attain demanded level of safety in the process.
5.2.6 Safety Requirements Specifications for the SIS
Safety Requirement Specification (SRS) is the legal report that to confirm the safety requirements sufficiently specified before to approve a complete design.
5.2.7 Design and Engineering of SIS
The basic aim of this stage is to design the Safety Instrumented System (SIS) to present the compulsory safety instrumented functions with the designated safety integrity levels.
5.2.8Design and Development of Other Means of Risk
The objective of this part of safety is to define the other ways or new hazards identify to reduce the risk to attain the required safety.
5.2.9 Installation, Commissioning, and Validation
After the Installation and Pre-commissioning of safety related system a final stage of validation is needed before the starting of systems to verify the integrated system requirements that are mentioned in Safety Requirements Specification.
5.2.10 Operation and Maintenance
In Operation and Maintenance of SIS contains pre-designed engineering ways response to system alarms and to ensure the required performance of every individual SIF item after a specific cycle to confirm a designed system operation.
5.2.11 Modification
Before to make some changes or to Modify the SIS its must be well planned, reviewed and authorized. And this Modification of SIS will not affect the assigned safety integrity level of every SIF.
5.2.12 Decommissioning
In general terms to deactivate something or item safely from active service there for the Decommissioning of any SIS from active service first the proper planning and review should be conducted.
Figure 2-IEC 61511 / ISA84 Safety Lifecycle
6 Safety Management System
The aim of this clause to confirm the essential safety measurement or management policy that is very important to regulate functional safety by using safety instrumentation systems. This strategy must be well defined regarded to safety instrumented systems by manufacturer, according to IEC 61511 standard safety life cycle hazard analysis for systems validation and decommissioning.
The scope of Safety Management System (SMS) is different from others general health and safety that are important to attain the safety in the workplace.
The Safety Management System (SMS) explain the proceeding Management of Functional Safety and Functional Assessment and Auditing. The SMS also define well planned structure and complete steps for Safety Lifecycle of SIS.
Safety Management System (SMS) define the following phases:
6.1 Functional Safety Management
Organization for Safety.
Leadership Team for Safety.
Management team for SIS.
Audit and revision of Safety.
Sufficient and tolerable policy.
6.2 Safety lifecycle
This part is discussed in previous section of this report in detailed.
6.3 Supporting processes
Contractor selection and approval.
Selection and approval of supplier equipment.
Safety tools selection and approval.
Modification process of Safety.
7 Verification
7.1 Objective
The aim of this clause is to testify by re-examination, evaluation and/or testing that the system are fulfilling the required output that are defined in the Safety Requirement Specifications for the right phases of Safety lifecycle.
7.2 Description
The Safety Verification Planning should be explaining every single schemes requirement for the right one stage of Safety Lifecycle.
Technical basis for the change.
Influence of changes on safety and health.
Methods must be defined for handling the non-conformances.
Confirmation of items to be verified.
Any alteration to operating procedures.
Time for modifications.
Approval requirements.
The verification process should be according to verification planning. And the result of this whole procedure shall be available.
8 Hazard and Risk Assessments
8.1 Objective
The objective of these assessments is to point out the Hazards and Hazardous occasions of the process and related items, process risks and specification for risk reduction that are essential to get the tolerable level of risk.
8.2 Description
This clause is carried out on the process and related equipments.
8.3 Outputs
A complete explanation of the hazards and basic safety functions and related risk contains:
Determinations of hazardous events and its factors.
Effects and probability of the event.
Feature of operational conditions (maintenance, startup, normal, emergency shutdown).
Specifications for risk reduction to get the required safety.
Allocation of safety functions to layers of protection.
Recognized safety functions as SIFs.
9 Allocation of Safety Functions to the Protection Layers
9.1 Objective
The objective of this clause is to assign safety function to protection layers and to calculate the required SIFs (Safety Instrumented Functions), and also to determine the associated SIL (Safety Integrity Level) for every SIF.
9.2 Description
To prevent and control Hazards from its associated equipment’s and process it needed to allocate the safety function to specific protection layer.
9.3 Output
To explain the allocation of safety requirements we need to:
Decide the allotment of safety functions to protection layers.
Explain and define the safety instrumented functions (SIFs).
Decide the SIL for every particular SIF.
The allocation of safety functions contain to allot the safety integrity to every particular safeguards that are used in the process to get the desired level of safety.
Every step of lifecycle should be verified by review, analysis and testing of system output to check the required output.
9.4 Safety Integrity Assignment (SIL Assignment)
After the finishing of hazard and risk assessment, we should know the risk related to the process in terms of time period and probability. The SIL will be decided by company according to risk management and risk tolerance rules. Because there are no rules to allot a SIL to specific process or hazards.
So the desired SIL of a safety instrumented function should be getting up from calculated required risk reduction that is provided by that function.
DEMAND MODE OF OPERATION
Safety Integrity Level (SIL) Target average probability of failure on demand
Target risk reduction
4 ≥10−5 to <10−4 >10,000 to ≤100,000
3 ≥10−4 to <10−3 >1000 to ≤10,000
2 ≥10−3 to <10−2 >100 to ≤1000
1 ≥10−2 to <10−1 >10 to ≤100
Note: For more information see IEC 61511-3
For every particular safety instrumented function operating in demand mode, the mandatory SIL should be assigned according to Table 2 or Table 3.If the table is used so the proof- test and demand rate should not be used to measure the safety integrity level.
When the safety instrument function is working in continuous mode the desired SIL should be assign according to table 4.
Table 2-Safety integrity levels: probability of failure on demand
Table 3-Safety integrity levels: frequency of dangerous failures of the SIF
CONTINUOUS MODE OF OPERATION
Safety integrity level (SIL) Target frequency of dangerous failures to perform the safety instrumented function(per hour)
4 ≥10−9 to <10−8
3 ≥10−8 to <10−7
2 ≥10−7 to <10−6
1 ≥10−6 to <10−5
It is possible to use many low SIL systems to get high SIL for use according to needs.
9.5Additional Requirements for SIL 4
There are no higher levels of safety than SIL 4.For the application to use single SIF to get SIL 4 are very rare that are used in process industry. It’s difficult to maintain and attain a high SIL performance throughout the safety lifecycle. Such systems are specified they needed a high safety level throughout the whole safety lifecycle.
If the results from analysis data assign a high SIL 4 to SIF, but the consideration should be mentioned in such way by changing the design to get complete safe system or add more additional protection layers.
If the SIF is fulfilling the following requirements then SIL 4 shall be allow to that SIF.
It was explicitly demonstrated by a combination of suitable analytical methods and tests of targeting safety integrity failure.
There are extensive operating experience components that used as a part of the safety instrumented function.
There is complete information about hardware failures that come from the components used in the SIF to provide sufficient confidence in the targeted SIL of hardware.
If the factor of risk reduction is greater than 10 for BPCS then it must be designed to specification with IEC 61511 or IEC61508. But it is less than 10 then used as a protection layer.
10 SIS safety requirements specification
10.1 Objective
The SRS provides the mandatory safety instrumented functions for SIS to get the required functional safety.
10.2 Description
This clause is very essential for the success of SIS.44% of SIS failures are due inaccurate specifications of safety requirements except design and implementation requirements.
10.3 Outputs
The SRS (Safety Requirements Specifications) must contain the given data:
Verified usual cause failures.
Verified safe state for every safety instrumented functions.
Demand frequency for SIFs.
Time period for response.
SIL for every particular SIF.
Time period for proof test.
Information for SIS process measurements and trip point.
For successful process SIS process outputs.
Functional connection between logic, inputs, outputs.
Specifications for bypass and manual shutdown.
Pre-conditions for activating and de-activating of SIS.
Allowable spurious trip rate.
Requirements for every individual operational mode of SIF.
Average repair time for SIS.
Verified hazardous combination of SIS output conditions.
Testified high environmental conditions.
Verified normal and abnormal specifications and modes for SIS to remains operational at high condition.
11 Design and Engineering of SIS
11.1 Objective
The aims of this clause is provide the information for the design of the SIS to provide for safety instrumented functions and to fulfill the specified safety integrity levels
11.2 Descriptions
In this stage one or many SIS are designed and establish to provide SIFs and to complete the SILs requirements according to Safety Requirements Specifications (SRS). This design activity requires taking into account:
Conditions for operability, maintainability, and testability should be identified in design to support human factor requirements.
Limitations and capabilities of human are helpful for task.
The SIS design should be placing and process in a safe state up to when the SIS is reset.
Manual means i.e. emergency shutdown should be independent of the logic solver up to the final component.
Considerations for independence among SIS and BPCS and other protection layers.
Dedicated SIF instruments.
Power loss.
In this stage, an authorized application software lifecycle must be used that contains:
Specifications.
Design architecture.
Software and Module developments.
Testing and Code development.
Testing of module.
Integration testing.
Figure 3- SIS Design includes all SIF components.
11.3 Outputs
In this stage a designed report is created that contains:
Formulated guideline for design.
Formulated design for hardware and software.
Test plans for software, hardware and integration.
FAT planning and test plans.
SIS design and engineering consist by all SIF components, sensors, logic solver and final control elements.
12 Requirements for application software, including selection criteria
For utility software
This clause has divided software in three parts:
Application software (software limited to user end).
Embedded software (software provided by manufacturer).
Utility software (it is software tools for development and verification of application software).
And according to language development it has three parts:
Fixed program languages (FPL).
Limited variability languages (LVL).
Full variability languages (FVL).
This standard is limited up to development of application software by using fixed or limited variability languages. And provides the specifications, development and modification of application software of SIL 3 using FPL, FVL and LVL, and doesn’t discriminate the SIL 1, 2 and 3. And SIL 4 application software modifications and developments will be making according to IEC 61508 by using FVL.
12.1 Application software safety life-cycle requirements
12.1.1 Objective
This standard defines the development activities and the uses of utility software for application software modification and development. To confirm the acceptable planning and safety functions aims are met with application software.
12.1.2 Requirements
For the development of application software safety lifecycle should be fulfilling the specification of safety of SIS safety lifecycle.
And for every step of application software safety lifecycle should be explained the basic process and objective and verification specifications.
The system for application software implementation should be able for required SIL of every SIF.
Policy and procedure should be define
To minimize risk
And remove exit fault and unacceptable results from software.
And to maintain software according to SIS lifetime.
And explain software quality.
Every stage of application software safety lifecycle should be verified.
Hardware and software of the SIS should be arranged by management.
Figure 4 – Application software safety life cycle (in realization phase)
12.2 Application software safety requirements specification
12.2.1Objective
The objective of this clause is to provide the specification for application software and its safety requirement and SIF architecture containing with SIS.
12.2.2 Description
Specification of application software should be developed and safety specification should be contained:
SIF specifications
Specification from Outputs of SIS architecture and planning.
Application software supported functions and response time to it.
Periodic testing and modification specifications.
And SIL for every given functions.
12.3 Application software safety validation planning
12.3.1 Objective
The purpose of this stage is to confirm the required application software validation and planning that has been done.
12.3.2 Description
Validation and planning for application software is to done according to clause 15.
Note: After these steps the application software needed more the following steps to get reliable and safe application software according SIF specifications of SIS
Application software design and development.
Integration of the application software with the SIS subsystem.
FPL and LVL software modification procedures.
Application software verification.
13 Factory acceptance testing (FAT)
13.1 Objective
The aim of this clause is to test the logic solver and its related software to confirm that it does fulfill the defined requirements according to SRS (Safety Requirements Specifications).By testing logic solver and its related software’s before from the installation in the plant error can be find out and to make it correct.
13.2 Description
The FAT (Factory acceptance testing) must be defined in designing stage.
The FAT planning should be explaining the following:
The testing type and its case, description and data.
NOTE: It is very important to make clear who is responsible for developing the test case and who is going to be responsible for carrying out the test and witnessing the test.
Environment, tools, logic solver configurations, judgment policy for test.
For FAT the version of logic solver must be defined.
FAT will be conduct according to defined planning.
Test aim, policy, cases and results for FAT must me documented.
Any modification according to FAT shall takes in account for safety analysis to measure impact on every particular SIF.
NOTE: Commissioning may commence whilst corrective action is undertaken, depending on the results of the FAT.
14 Installation, Commissioning and Validation
14.1 Objective
This clause confirm the installation of SIS is according to the specifications to get ready for last system validation, and the SIS is validated by testing and review to get the demanded state in the safety requirements specifications (SRS).
14.2 Description
Installation and commissioning structure must be provides the following:
Procedures, techniques and measures to be used.
Plan for all activities to develop.
The person and organization accountable for these activities.
And the Validation planning should contain the following:
SIS validation with the Safety Requirements Specifications (SRS).
Validation of every relevant operations and modes.
Methods, measures and procedure to be used.
Plan for all these activities.
The person and organization accountable for these activities.
Reference report against which validation will be carried out.
14.3 Outputs
A suitable report that Safety Instrumented System has been completely installed and commissioned according to designed scheme.
A complete report of all result that the SIS has been validated should be created to gives:
Validation scheme version of SIS.
SIF analysis with a particular reference to SRS.
Equipment and tools used, along with evaluated data.
Output result of every test.
Used test specification version.
Recognize standard for integration tests.
Tested version of SIS hardware and software.
Contradiction between predicted and real results.
Judgment and analysis have taken based on contradiction.
Practical installation and periodic testing of equipment’s related to safety, validation result pre-startup verification of the related system against the specification mentioned in the SRS (Safety Requirements Specification).
15 Operation and Maintenance of SIS
15.1Objective
The basic objective of this clause is to confirm the required SIL and functional safety of every particular SIF is maintained throughout the operation and maintenance.
15.2 Description
In this stage, the maintenance and operational scheme of SIS should provide:
Routine and unusual operation.
Proof testing, breakdown and protective maintenance.
Methods, measures and procedure to be used.
Verification of acceptance to techniques.
Scheme for operation and maintenance activities.
The person and organization accountable for these activities.
15.3 Outputs
A suitable data of operation and maintenance activities should be give:
Usual checkup to carry on functional safety.
Action and checkup to block hazardous events and to minimize the results of hazardous events.
Failure of system and its demand rates.
Techniques for maintenance when the failures take place.
A complete evaluation of test equipment.
Operation and Maintenance involves procedure based response to system alarms and the performance of periodic functional testing of each SIF component to ensure as-designed system operation.
15.4 Proof testing of SIS
SIS has mainly three parts sensors, logic solvers and final control elements. To maintain SIL of SIS it’s needed to test every item of SIF. The numbers of tests in a given time period during operation is explained by SIL analysis.
If the sensors and logic solvers is arranged properly, then it can be test by automatic online testing. These components have the ability to complete the self-assessment analysis and don’t need offline analysis during structure plant shutdown. And the number of test during a given time of the SIF elements proof testing should be decided by PFD average calculation.
To disclosed majority of failures in final control components PST (Partial stroke testing) can be used. Automatic PST has more benefits than manual PST, which has the following:
Defines an actual time view of device overall health.
Finishing the repeated labor cost.
Avoids blocking specification of common safety valve inspection procedures.
Defines automated report for easy approval.
Support to carry on the reliability of inspection.
And increasing the SIS availability.
Gives the complete proof that the valve is again in right mode and operation.
Remove the requirements for training of PST process.
SIL defined the proof inspection frequency, and it is operated in offline mode. And to maintain the required SIL it’s needed to complete the define scheme inspection frequencies.
16 Modification
16.1 Objective
This clause confirms the modifications of SIS are completely planned, revised and authorized before to make any modification. And the specified SIL of every SIF will not be affected by modification of SIS.
16.2 Description
Before from any modifications in SIS, it is essential that a documented process for authorizing and controlling any changes in place.
16.3 Outputs
Proper report of modifications should be prepared containing:
Explanations and cause of changes.
Explanations of hazards and its analysis of modification impact on results.
Complete essential authorization.
Verifications of used test that the changes will not affect the unmodified elements of SIS.
Modification should be performed by high skilled person.
History and inspection trail arrangement.
17 Decommissioning of SIS
17.1 Objective
A complete audit should be conducted with essential authorization before from decommissioning of any SIS from active service. And the required SIF operation should be unaffected during decommissioning process.
17.2 Description
In this clause, during decommissioning Process the policy for approval and controlling changes should remain in place.
17.3 Outputs
A complete explanation of changes should be prepared containing:
Policy for approval and requested work.
Identification of hazard and explanation for recommended decommissioning process and its impact on results of SIF.
Complete approval prior to decommissioning.
18 Documentation
18.1 Objective
The main objective of this clause is to confirm that all the steps of safety lifecycle are properly perform. And to collect the information that all the order stages of verification , validation and functional safety assessments process is completely perform with a proper way.
NOTE 2: The documentation could be available in different forms (for example, on paper, film or any data medium to be presented on screens or displays).
18.2 Description
The documentation of this standard should:
Be correct and explain the installation, system or component and its use.
Be easy to get knowledge and the main usage purpose.
Be accessible, available and maintainable.
Every related report should be authorized, reviewed and amended according to complete control policy.
NOTE: The physical structure of the documentation should vary depending upon a number of factors such as the size of the system, its complexity and the organizational requirements.
11.2.2019