See Also

Ten Truths of Safety Instrumented Systems

Selection and design of safety systems is not trivial, and it never has been. Operating companies in the process industries must face compliance with new safety standards such as IEC61508 and IEC61511, while implementing safeguards that provide asset protection without disrupting asset utilization or compromising production targets. What are the fundamental selection criteria for safety and critical control equipment? What key principles must be clarified in order to ensure successful selection and implementation of the system?

Triconex is proud to present The Ten Truths of Safety Instrumented Systems. Each month, Triconex will release a whitepaper addressing one of the Truths, beginning with Truth #1 in May.

Sign up now to be notified whenever a Ten Truths whitepaper becomes available for download!

Improve your ability to engineer a safety instrumented system which complies with IEC and ANSI/ISA standards, increases uptime, and ensures optimal asset utilization.

Follows is a summary of each Truth that Triconex will address in the coming months:

  1. SIL is a measure of safety, but has no impact on plant uptime.

    SIL rating is a measure of the risk reduction capability and probability of failure-on-demand. It measures only the "Fail Safe" nature of the device, and should not be the primary or sole measurement considered when selecting a safety system.

    [Released May 2006.]

  2. Quality of a SIS has a direct impact on plant performance.

    Quality isn't always implemented the same way by every company. Quality Assurance procedures differ between vendors, regardless of product compliance with safety standards and certifications. Nevertheless, a vendor must make sure that their SIS performs to the intended specification.

    [Released June 2006.]

  3. Many companies will sell you a safety system, but few are able to address your specific needs.

    Operating companies in the process industries that are pursuing regulatory compliance represent tremendous potential for any manufacturer that offers some form of process control technology or automation. Many such manufacturers are scrambling to ensure their products offer some level of compliance for use in safety applications. Unfortunately, while most of these "new" products offer solutions for the fail safe side, only a few of them can address the need for safety and process uptime simultaneously.

    [Released July 2006.]

  4. IEC61511 states that SIS users must show competence in functional safety.

    Just as the process industries require SIS logic solvers to carry a TÜV certificate of the appropriate SIL, there is also a growing trend to require that the engineers specifying, integrating, programming, installing and maintaining these systems have a TÜV ASI - Rheinland certification of competency.

    [Released August 2006.]

  5. Your SIS should protect your plant for its lifecycle.

    Production assets are built to last, and even when the investment is planned for a 20-year lifetime, additional investments frequently extend their life beyond the original design specification. Few safety systems can extend their lifecycle and enhance their capabilities over the complete lifetime of the production asset.

    [Released September 2006.]

  6. You don't have to choose between SIS separation and BPCS integration; you can have BOTH.

    BPCS integration is, without question, a growing need in the process industry. It should enable the plant operator to monitor process conditions and prevent hazards, as well as monitor the health of the control system itself. Pressure to reduce costs and to single-source control system hardware should not be justification for combining safety system functionality with the basic process regulatory controller.

    [Released October 2006.]

  7. Dual SIS Technologies do not cost less than TMR; they almost always cost more.

    Many companies advertise their Dual SIS technology as a lower-cost alternative to Triple Modular Redundant options that offer equivalent performance. This is an unfortunate misrepresentation of the capabilities of Dual SIS architectures. Dual PLCs in a 1oo2 (1 out of 2) configuration were the initial solution of choice for "fail safe" applications, but they cannot overcome an inherent problem with false trips.

    [Released November 2006.]

  8. SIS vendors advertise their TÜV Certification, but rarely tell you about their implementation and operational restrictions.

    Most safety system vendors focus on how the system performs when it is healthy, but don't talk much about what happens when an internal failure is diagnosed; worst case, the entire system shuts down. Each SIS vendor must provide clear information on factors that might impair system performance, such as the system's implementation, specific programming or configuration requirements, module or architecture choices, and operational restrictions.

    [Released December 2006.]

  9. Given a choice, the implementation and installation of your SIS should not be entrusted to strangers.

    Choosing an SIS implementor can be as important as choosing the product itself. No matter how well the system is designed or manufactured, failures are likely to occur if the implementation team is not following proper procedures, is not experienced, or lacks adequate technical qualification for the tasks they must perform.

    [Released January 2007.]

  10. Maintaining a SIS is more than pulling data; the system also requires context to make informed decisions.

    SIS vendors should provide diagnostic tools with clear guidelines or recommendations for maintaining the system to maximize uptime in the context of plant operations.

    [Released February 2007.]