Safety Instrumented Systems

Instrumented Protective Functions and Emergency Shutdown (ESD) and Process Shutdown (PSD) Systems

Tricon - The Tricon is a State-of -the-Art Fault Tolerant Controller based on a Triple-Modular Redundant (TMR) Architecture - It was the first completely triple-redundant, industrially ruggedized and cost-effective system in the industry and our most trusted safety controller.TMR employs three isolated, parallel control systems and extensive diagnostics integrated into one system. The system uses two-out-of-three voting to provide high integrity, error-free, uninterrupted process operation with no single point of failure. For details on key benefits and capabilities click here.
Trident - Based on proven Triconex Triple Modular Redundant (TMR) technology, Trident is designed to fit small applications where, until now, price concerns had kept processes tied to the operating restrictions of dual and simplex architectures. Trident breaks through the budget barrier and provides customers with a powerful, cost-effective solution and an alternative control strategy to maximize both high reliability and high availability applications. For details on applications, key benefits and capabilities click here.

The Hidden Costs of Successful Safety - Luis Duran - This article describes many of the hidden costs and side effects associated with safety instrumented systems (SISs), especially those embedded with distributed control systems (DCSs). It covers some of the safety-related questions users need to ask their DCS vendors, even though many suppliers don’t want to answer them. Thanks to www.controlglobal.com
Ten Truths of Safety Instrumented Systems - Selection and design of safety systems is not trivial, and it never has been. Operating companies in the process industries must face compliance with new safety standards such as IEC61508 and IEC61511, while implementing safeguards that provide asset protection without disrupting asset utilization or compromising production targets. What are the fundamental selection criteria for safety and critical control equipment? What key principles must be clarified in order to ensure successful selection and implementation of the system?
When a SIL Rating is not Enough - Robin McCrea-Steele, TÜV FSExp Invensys-Premier Consulting Services - SIL rating is a measure of the risk reduction capability and probability of failure-on-demand. It measures only the "Fail Safe" nature of the device and should not be the primary or sole measurement considered when selecting a safety system.
Quality of a SIS has a Direct Impact on Plant Performance - Quality isn't always implemented the same way by every company. Quality Assurance procedures differ between vendors, regardless of product compliance with safety standards and certifications. Nevertheless, a vendor must make sure that their SIS performs to the intended specification.
Many Companies will sell you a Safety System, but few are able to Address Your Specific Needs - Operating companies in the process industries that are pursuing regulatory compliance represent tremendous potential for any manufacturer that offers some form of process control technology or automation. Many such manufacturers are scrambling to ensure their products offer some level of compliance for use in safety applications. Unfortunately, while most of these "new" products offer solutions for the fail safe side, only a few of them can address the need for safety and process uptime simultaneously.
IEC61511 states that SIS Users must show Competence in Functional Safety - When it comes to Safety Instrumented Systems (SIS) logic solvers, the process industry reached a consensus in specifying that the equipment be third party certified to meet IEC 61508 parts 2 and 3. Most Process plant require that SIS certification be issued by TÜV, recognizing this lab as the safety systems "Mark," even when safety standards don't mandate certification of SIS equipment by any specific testing lab.What should be the process industry consensus around the personnel responsible for the design and implementation?
Your SIS should Protect Your Plant for its Lifecycle - Production assets are built to last, and even when the investment is planned for a 20-year lifetime, additional investments frequently extend their life beyond the original design specification. Few safety systems can extend their lifecycle and enhance their capabilities over the complete lifetime of the production asset. A Safety Instrumented system should quietly provide year after year of safe and extremely reliable performance in mission critical applications. Its performance should be consistent and the user should not have to think about them very often.
Integrating Control and Safety - Where to Draw the Line - Robin McCrea-Steele, TÜV FSExpert - New digital technology now makes it feasible to integrate process control and safety instrumented functions within a common automation infrastructure. While this can provide productivity and asset management benefits, if not done correctly, it can also compromise the safety and security of an industrial operation. This makes it critically important for process industry users to understand where to draw the line. Cyber-security and sabotage vulnerability further accentuate the need for securing the Safety Instrumented System (SIS).
Dual SIS Technologies do not cost less than TMR; They almost always Cost More -Many companies advertise their Dual SIS technology (1oo2D (Dual), 1oo2DR (Dual Redundant), 2oo4D) as a lower-cost alternative to Triple Modular Redundant (TMR) systems. This is an unfortunate misrepresentation of the capabilities of Dual SIS architectures. Dual PLCs in a 1oo2 (1 out of 2) configuration were the initial solution of choice for "fail safe" applications, but they cannot overcome an inherent problem with false trips.
Is a TÜV Certificate Enough? - Robin McCrea-Steele, TÜV FSExp - SIS vendors advertise their TÜV certification, but rarely tell you about their implementation and operational restrictions - Most safety system vendors focus on how the system performs when it is healthy, but don't talk much about what happens when an internal failure is diagnosed; worst case, the entire system shuts down. Each SIS vendor must provide clear information on factors that might impair system performance, such as the system's implementation, specific programming or configuration requirements, module or architecture choices, and operational restrictions.
Given a Choice, the Implementation and Installation of your SIS should not be Entrusted to Strangers - Choosing an SIS implementer can be as important as choosing the product itself. No matter how well the system is designed or manufactured, failures are likely to occur if the implementation team is not following proper procedures, is not experienced, or lacks adequate technical qualification for the tasks they must perform.
What is the Importance of Third Party Certification and SIL rating of SIS devices? - Luis Duran - Based on the growing number of safety certified devices or systems in the automation marketplace, these are the times of Functional Safety Certification, especially in the process industries. However as basic as it might sound, is there a “one-size-fits-all” certification process? Or how useful is that “certified equipment” for your application? From the reasons that gave birth to third party certification agencies through the remaining fundamental need for their work today, the questions to answer are: what is the end user getting with the certification?; how can the end user benefit by utilizing certified equipment?; why this might be better than using “proven in use” equipment as defined by IEC61511? This paper presents a practical perspective to understanding certification and selecting and applying certified devices or systems while deploying a safety instrumented system, and highlights what else remains to be done by the implementation team and end users to fulfil the requirements of current safety standards as IEC61511 and best engineering practices.
Why is Conforming to Safety Standards Important? - Compliance to National and International safety standards is enforceable if the standards are listed or referenced in the country's legislation. These references are sometimes called "good engineering practices." The Occupational Safety and Health Administration (OSHA) USA law and the Australian Occupational Health and Safety (OHS) are examples of this legislation. Other countries e.g. Germany and the UK are required to adopt IEC-61508 /61511 when applying safety instrumented systems to process hazards.
Why should Process Safety Engineers be Certified? - The typical answer to this question is initially very defensive. Certified to what? By whom? Who mandates certification of plant personnel? Why? What does this buy me?
Duke Power Upgrades Oconee Nuclear Station Turbine with a Digital Control System from Invensys Operation Management - Safe operation is the top concern of nuclear plants and reliability is a cornerstone of safety. Over thirty years ago, when most of the nation’s nuclear plants were commissioned, analog control systems were state of the art and ensured plant reliability. Analog control systems presented certain constraints, if a component failed under normal wear and tear, the entire system would be shut down. This would add risk and cost hundreds of thousands of dollars a day in downtime. Marlon Dempsey, Instruments and Controls Engineer, said, "We found that our analog turbine control system was one of the top three causes of trips and transients, primarily because its components presented a single point of failure. We knew that introducing more redundancy at key points would enhance reliability considerably and found that digital technology could provide that redundancy while at the same time reducing the cost of downtime."After evaluating alternative turbomachinery control solutions, Duke Energy began implementing a fault-tolerant control system from Invensys Operations Management, contributing to safe and reliable plant operations.
Tofino for the Triconex Safety System - Walt Boyes of Control magazine talks with Eric Byres of Byres Security and Joe Scalia from Invensys Operations Management about the introduction of a custom Tofino for the Triconex Safety System.
High Security Integration Using OPC - OPC Classic, the popular industrial integration standard based on DCOM, has made the interfacing of different industrial control products significantly easy. Unfortunately, it also brought with it a number of serious security concerns for the designers of control, SCADA and safety systems. This White Paper looks at these issues and reviews the solutions proposed over the past decade from researchers and academics. It looks at new technologies in advanced firewall port management and embedded OPC servers that offer true defense-in-depth and read-only security for better reliability and security of all control systems, but especially for safety integrated systems. You will need to register to obtain this white paper.

The Invensys Premier Functional Safety Engineering course, in cooperation with TÜV Industrie Service GmbH provides the training your organization needs to meet compliance requirements. Dates for courses can be found here.

The following links are compliments of Emerson Process Management
Selecting Transmitters for Safety Instrumented Systems
SIS/IEC 61508 Frequently Asked Questions
If you go to the following SIS link you can register and download the following very useful documents which cover;
Basic safety concepts
What is risk? / Reducing risk/ Safety standards
Building your SIS
Physical design/Functional design/ Verification & validation/ Installation & commissioning
Using your SIS
Operations & maintenance/ Modifications/ Decommissioning
The intelligent advantage
Smart SIS

The following Links are compliments of Pilz
Guide to Programmable Safety Systems - A comprehensive guide from Pilz
How functional safety helps to save lives -In this article Ron Bell explains functional safety and looks ahead to the revision of the IEC 61508standard that is due for publication in 2010.This article by Jeanne Erdmann was first published in the January 2008 edition of the IEC's E-TECH. http://www.iec.ch
The Golden Rules of Risk Assessment - Frank Schrever - At its worst, the risk assessment is a bureaucratic time-waster that does nothing to make workplaces safer. On the other hand, following five golden rules mean risk assessments can be both functional and lifesaving. From Pilz and Manufacturers Monthly.

The following Links are compliments of Moore Industries-Pacific, Inc.
The Ups and Downs of Alarms -read about alarms in a Safety Instrumented Systems environment -Garry Prentice-Moore Industries International -Intech Magazine
Safety Instrumented Systems: The "Logic" of Single Loop Logic Solvers - What can the "new generation" of safety-certified Single Loop Logic Solvers do for you?
Networked Safety- Mainstream or Marketing? Discussing the advantages and potential caveats of networked safety systems, and specifically the Fieldbus Foundation’s FF-SIF safety protocol, this article offers expert testimony and answers key questions about the technologies. Moore Industries’ Director of Technology, Charles Larson, contributes to the debate noting the considerable benefits of networked safety - from Automation World
Emphasis on Safety - Rob Stockham, Moore Industries-Europe General Manager and safety expert, looks at the latest method being employed by the UK nuclear industry to access control systems in safety-related and safety-critical applications in power stations
7.10 Using HART To Improve Safe Failure Fraction in Protective Measures - Peter Russell - Evaluation International (EI) is a technology club for large scale users of instruments for measurement and control, their Members wished to show, by the use of simulation testing (and other reliability data not part of this testing), that the combination of a Moore Industries HIM converter, a Moore Industries STA trip-amplifier and a Yokogawa EJX110A pressure transmitter would be suitable for use up to Safety Integrity Level 2 (SIL2). The key to this is the use of diagnostics via HART.

6.10 The following Links are compliments of Abhisam Software
Safety Instrumented Systems design Tips for Instrumentation and Control Engineers - Modern chemical and hydrocarbon processing plants, oil & gas production facilities, power plants and other similar process plants all have some instrumentation and automation that ensures safety. These are known as Safety Instrumented Systems (SIS for short). These systems also are known by various other names such as Emergency Shutdown Systems (ESD for short), Safety Shutdown Systems, High Integrity Pressure Protection Systems (HIPPS) and so on. But all of them belong to the class of systems that are referred to as SIS. With respect of Designing a Safety Instrumented System no, here we are not talking about designing the next breakthrough in a great logic solver (also commonly referred to as a "Safety PLC"). We are addressing the situation in which many Instrumentation and Control engineers find themselves in, when assigned a job to design the SIS for a process plant. Here, the entire process involves finding out what kind of systems and devices to use in the application that the client or user wants. These design tips should make the task somewhat easier.

Integrated SIS DCS versus separate SIS and DCS-Which one is Better? - In the past Safety Instrumented Systems were strictly separate from the normal plant control systems (referred to as a BPCS (Basic Process Control System-which most people refer to as the "plant DCS"). This was done for a variety of reasons, but mainly to segregate the safety and control functions and to have higher availability and reliability.Lately, there have been many launches of new "integrated" control systems, that have both DCS and SIS systems in the same package. For those of you are not familiar with these terms, an SIS is short for "Safety Instrumented System", which is a special kind of control system that is used for the safety critical parts of process plants, turbomachinery, boilers and so on. Emergency Shutdown Systems (ESD for short), can be considered a subset of the SIS category of control systems. Also other kinds of high reliability specialized systems like HIPPS (High Integrity Pressure Protection Systems), BMS (Burner Management Systems) and so on can be considered as belonging to the same class, i.e. a SIS rather than a BPCS.

The following excellent papers have been generously provided to ICEWeb with the permission of World Renowned SIS expert Dr Angela E. Summers, Ph.D. President, SIS-TECH Solutions, LLC, 12621 Featherwood Dr., Suite 120, Houston, TX 77034 USA Phone: 281-922-8324 , Fax: 281-922-4362. For more papers and excellent links etc go to http://www.SIS-TECH.com
6.10 Glossary of Terms for Safety Insrumented. Systems - This is a useful Glossary of terms - from SISTech and flowcontrolnetwork.com.
3.10 SIF Proof Testing Yields Process Sector Reliability Data - William H. Hearn, Patrick Skweres, A. D. Arnold, and Angela E. Summers, Ph.D. - ANSI/ISA 84 requires periodic proof testing of SIFs to demonstrate the correct operation of the loop elements along with sufficient historical documentation to support analysis of discrepancies and validation of the SIF integrity and reliability. The analysis of proof test records is an important element of the quality assurance process necessary to support continued use of installed equipment. The CCPS Process Equipment Reliability Database (PERD) project has developed failure data taxonomies which provide a structure to capture data to support chemical process data collection and analysis. SIS-TECH® has been distributing a device failure rate database for more than 10 years. This paper describes how SIS-TECH® will collect device performance data under a quality plan during periodic SIF proof testing. This data will be contributed to PERD for review and analysis so that SIL Solver® failure rates can be validated against operating environment data.
3.10 Overfill Protective Systems - Complex Problem, Simple Solution - Angela E. Summers, Ph.D - Overfills have resulted in significant process safety incidents. Longford (Australia, 1998), Texas City (United States, 2005), and Buncefield (United Kingdom, 2005) can be traced to loss of level control leading to high level and ultimately to loss of containment. A tower at Longford and a fractionating column at Texas City were overfilled, allowing liquid to pass to downstream equipment that was not designed to receive it. The Buncefield incident occurred when a terminal tank was overfilled releasing hydrocarbons through its conservation vents. The causes of overfill are easy to identify; however, the risk analysis is complicated by the combination of manual and automated actions often necessary to control level and to respond to abnormal level events. This paper provides a summary of the Longford, Texas City, and Buncefield incidents from an overfill perspective and highlights 5 common factors that contributed to making these incidents possible. Fortunately, while overfill can be a complex problem, the risk reduction strategy is surprisingly simple.
3.10 Lessons Learned While Auditing Automation Systems for PSM Compliance - Angela E. Summers, Ph.D - While reliance on instrumentation has increased at an incredible pace, resources allocated to design and manage the equipment have declined in many companies, leading to more burden and expectations being placed on fewer and fewer people. Quality instrumented system performance relies on a rigorous management system that minimizes human error and equipment failure potential. This paper focuses on safety instrumented systems and applicable process safety management requirements. Observations from assessments and audits are provided, illustrating poor performing instrumented systems, inadequate operating and maintenance procedures, recordkeeping and retention practices, and out-of-date documentation.
3.10 Consistent Consequence Severity Estimation -Angela Summers, PhD, PE William Vogtmann and Steven Smolen - Most risk analysis methods rely on a qualitative judgment of consequence severity, overstatement creates excessive risk reduction requirements, understatement results in inadequate risk reduction. This paper provides justification for developing semi-quantitative look-up tables to support a LOPA team's assessment of consequence severity.
3.10 Safety Management is a Virtue - Angela E. Summers, Ph.D - This paper discusses various challenges to sustaining safe operation of process equipment. Each challenge is introduced using a Chinese fortune cookie to remind the reader that the barriers against progress are not new but have existed from many years. In most cases, the solutions are also well known and generally require deployment of robust equipment, proven techniques, and competent resources.
IEC 61508 Product Approvals - Veering Off Course - Upon close examination it appears that the product approval process of IEC 61508(1) has veered seriously off course, possibly rendering many safety instrumented system (SIS) applications less reliable than expected or required.
A Process Engineering View of Safe Automation -This step-by-step procedure applies instrumented safety systems (ISS) to continuously reduce process risk.
Quality Assurance in Safe Automation - A perfect process would have no hazards, but perfection is impossible in the real world. Nearly all process units have inherent risk associated with their design and operation. Safe operation is maintained with a risk reduction strategy relying on a wide variety of safety systems. This article focuses on the most common safety systems for managing process deviations during planned operating modes – instrumented safety systems (ISSs), such as safety alarms, safety controls, and safety instrumented systems (SIS). Rigorous quality assurance is necessary to achieve real-world risk reduction, so this article follows the Plan, Do, Check, and Act process to discuss quality assurance and its application to ISS.
Guidelines for Safe and Reliable Instrumented Protective Systems (IPS) - Written with guidance from members of the CCPS’s Guidelines for Safe and Reliable Instrumented Protective Systems subcommittee, author and safety standards expert Dr. Angela Summers explores the decision making processes necessary for the management of the protection systems commonly applied throughout the process industry. Based on the framework defined in the harmonized ANSI/ISA 84.01/IEC 61511 standards, this book provides readers with much-requested guidance in an easy to understand discussion that addresses IPS planning, risk assessment, design, engineering, installation, commissioning, validation, operation, and maintenance activities.
Achieve Continuous Safety Improvement - This technical paper gives an insight of how to achieve continuous safety improvement.
Continuous Improvement in SIS - Discusses safety culture, Protective Management Systems and how to achieve continuous improvement.
The Evolution of Plant Automation - Most owner/operators continue the practice of implementing separate, and often diverse, platforms for the BPCS and SIS, this paper discusses the reasons behind this.
IEC 61511 and the Capital Project Process - A Protective Management Systems Approach
Random, Systematic, and Common Cause Failure: How do you manage them? - This paper provides an overview of random, systematic, and common cause failures and clarifies the differences in their management within IEC 61511.
Partial Stroke Testing of Block Valves - Chapter, “Partial Stroke Testing of Block Valves”, Instrument Engineers Handbook, Volume 4, Chapter 6.9 - For many operating companies, one of the most difficult parts of complying with the standards is the testing interval often required for final elements, such as emergency isolation valves or emergency block valves, this excellent chapter covers this in detail.
Safety Instrumented Systems - Published in Perry’s Handbook of Chemical Engineering 2007 - Covers Hazard and Risk Analysis, Design Basis, Requirements Specifications, Engineering, Installation, Commissioning and Validation along with Operating Basis.
The Evolution of the Cookbook - This paper provides examples of simple “cookbook” approaches and illustrates how architectures must evolve when addressing higher integrity levels and/or process reliability.
User Approval of SIS Device -This paper explains the concept of user approval as documented in ANSI/ISA 84.00.01-2004, ANSI/ISA TR84.00.04, and the Center for ChemicalProcess Safety book, Guidelines for Safe and Reliable Instrumented Protective Systems.
Software Implemented Safety Logic - This paper discusses some of the requirements for implementing safety logic via software based systems.

Bridging the Safe Automation Gap Part 1 - Part 1 discusses safe automation on a broad perspective examining safety culture, organization and hazards analysis issues.
Bridging the Safe Automation Gap Part 2 -Part 2 focuses on instrumented systems and discusses specification, implementation, operation, maintenance, and management of change.

The following Links are from Exida
Statistical Signature Analysis: Modeling Complex λD(t) from Proof Test Data and the Effects on Computing PFDavg - Julia V. Bukowski - To compute PFDavg, we must first have a model for λD(t), the failure rate of the equipment in the dangerous failure mode. A dangerous failure occurs when equipment designed for prevention or mitigation of an unsafe condition cannot properly respond to the unsafe condition, i.e., the equipment fails on demand. For example, consider a PRV, which, in normal operation, is closed. Should it fail in the "stuck-shut" mode, it would be in a state of dangerous failure as it would be unable to respond to an overpressure event if one occurred.
Final Elements and the IEC 61508 and IEC 61511 Functional Safety Standards Book - This book reviews and explains the application of the IEC 61508 and IEC 61511 functional safety standards as they apply to final control elements. The overall safety lifecycle and reliability requirements are reviewed with special focus on the challenges encountered when dealing with complex electro-mechanical subsystems. Throughout the book requirements for designing and implementing reliable and effective safety instrumented functions are covered in a clear step by step manner.
61508 and 61511; What Is an Operations Company Supposed to Do? - Eric Scharpf - The typical first reaction from the process operations side of the table when confronted with a new standard is, "How much will this cost and how much extra paperwork will it involve?".... IEC 61508 and 61511, the standards covering the design and use of a safety instrumented system to reduce process plant accidents, are no exception to this initial reaction.
Accurate Failure Metrics for Mechanical Instruments -Dr. William M. Goble -Probabilistic calculations done to verify the integrity of a Safety Instrumented System design require failure rate data and failure mode data of all equipment including the mechanical devices.
Assessment Levels for Safety Equipment - Dr. William M. Goble - The end user must carefully choose all instrumentation equipment used in Safety Instrumented System (SIS) applications. All such equipment must be carefully justified... IEC 61511, Functional Safety for the Process Industries, requires that equipment used in safety instrumented systems be chosen based on either IEC 61507 certification to the appropriate SIL level or justification based on "prior use" criteria.
Common Cause Simulation - Dr. William M. Goble - Fault tolerant systems have been designed for safety critical applications including the protection of potentially dangerous industrial processes.
Development of a Mechanical Component Failure Database -Dr. William Goble & Julia Bukowski - In this paper, they present a methodology to derive component failure rate data for mechanical components used in automation systems based on warranty and field failure rate data as well as expert opinion.
Estimating The Beta Factor - Dr. William M. Goble - A Safety Instrumented System (SIS) is often designed to help protect an industrial process against potentially dangerous hazards. These systems often use redundant equipment to achieve the needed levels of protection. If the design was done to meet requirements of IEC 61511 or IEC 61508, probabilistic evaluation is done to verify that the design achieves risk reduction goals.
Evolution of European Standards - Rainer Faller - Slide show presentation of his Rockwell Automation 2002 speech
FMEDA - Accurate Product Failure Metrics - John C. Grebe and Dr. William Goble - The letters FMEDA form an acronym for "Failure Modes Effects and Diagnostic Analysis." The name was given by one of the authors in 1994 to describe a systematic analysis technique that had been in development since 1998 to obtain subsystem / product level failure rates, failure modes and diagnostic capability.
Functional Safety Terms and Acronyms Glossary - exida - This list of functional safety terms and acronyms has been compiled from a number of sources listed at the end including the IEC 61508, IEC 61511 (ISA84.01) standards. It is meant to provide a general reference for engineers practicing safety lifecycle engineering in the process industry. As such it provides both safety and related non-safety term definitions in a clear useable form. It specifically highlights the most important terms and acronyms from the safety lifecycle standards with working level definitions. The reader is encouraged to pursue IEC 61508 or IEC 61511 for additional definitions and for additional information on applying the safety lifecycle to the process industry.
Getting Failure Rate Data - Dr. William M. Goble - Safety verification calculations for each safety instrumented function are a key concept in functional safety standards like ISA 84.01 and IEC 61511.
IEC 61508 Overview - exida - IEC 61508 is an international standard for the “functional safety” of electrical, electronic, and programmable electronic equipment. This standard started in the mid 1980s when the International Electrotechnical Committee Advisory Committee of Safety (IEC ACOS) set up a task force to consider standardization issues raised by the use of programmable electronic systems (PES). At that time, many regulatory bodies forbade the use of any software-based equipment in safety critical applications. Work began within IEC SC65A/Working Group 10 on a standard for PES used in safety-related systems. This group merged with Working Group 9 where a standard on software safety was in progress. The combined group treated safety as a system issue.
IEC61511 Standard For Functional Safety - exida - IEC 61511 has been developed as a Process Sector implementation of the international standard IEC 61508: "Functional safety of electrical / electronic / programmable electronic safety-related systems."
Implementing IEC61508 In The Process Industries - Dr. Eric W. Scharpf & Dr. William M. Goble - IEC 61508 and its process-specific companion IEC 61511 are providing new codification to safety instrumented systems and their application to the process industry.
Mechanical Database Verification Report -Julia Bukowski - The purpose of this document is to report on exida's successful efforts to validate statistically certain random equipment failure rate data used in a mechanical parts failure rate and failure mode database and, by extension, to validate the techniques used to derive the data. To accomplish this, a Failure Modes, Effects, and Diagnostic Analysis (FMEDA) is initially used to predict the useful- life failure rate for the fail-to-open condition of a particular pressure relief valve (PRV) using the failure rates from the mechanical parts database. Next, this prediction is statistically tested against three independent data sets consisting of proof test data for PRV provided by Fortune 500 operating companies. The data sets all meet the intent of the quality assurance of proof test data as documented by the Center for Chemical Process Safety (CCPS) Process Equipment Reliability Database (PERD) initiative.
Mechanical Failure Rate Data for Low Demand Applications - exida - The use of IEC 61508 [1] and IEC 61511 [2] has increased rapidly in the past several years. Along with the adoption of the standards has come an increase in the need for accurate reliability data for devices used in Safety Instrumented Systems (SIS), both electronic and mechanical. While the methodology of determining failure rates for electronic equipment is fairly well accepted and applied, the same can not be said for mechanical equipment. Several methods are currently being utilized for generating failure rates for mechanical components. These methods vary in their approach and often lead to dramatically different failure rates which can lead to significant differences when calculating the reliability of a safety instrumented function (SIF). Some methods can result in dangerously optimistic failure rate numbers.
Mechanical FMEDA Presentation - Slide show presentation by Dr. William M. Goble
Modeling & Analyzing The Effects Of Periodic Inspection On The Performance Of Safety-Critical Systems - Julia V. Bukowski - This paper presents a method for incorporating into Markov models of safety-critical systems, periodic inspections and repairs which occur deterministically in time.
Open IEC 61508 Certification of Products -Rainer Faller & Dr. William Goble -IEC 61508 has been in use for several years since the final parts were released in 2000. Although written from the perspective of a bespoke system, it is more commonly used to certify products for a given SIL level. Valid product certification schemes must involve the assessment of specific product design details as well as an assessment of the safety management system of the product manufacturer and the personnel competency of those professionals involved in the product creation.
Partial Valve Stroke Testing - Iwan van Beurden - The objective of a Safety Instrumented System (SIS) is to reduce the risk associated with a particular process to a level lower than or equal to the tolerable risk level.
PFDavg Calculations For Redundant Systems With Incomplete Testing - Harry Cheddie - A common definition of a Safety Instrumented Function (SIF) as defined in Functional Safety Standards is "Function to be implemented by a Safety Instrumented System (SIS) to mitigate or prevent a specific hazardous event."
PLC vs Safety PLC - Dr. William M. Goble - Safety Programmable Logic Controllers (PLCs) are special purpose machines that are used to provide critical control and safety applications for automation users. These controllers are normally an integral part of a safety instrumented system (SIS) which are used to detect potentially dangerous process situations.
Project Experience with IEC 61508 and its Consequence - Rainer Faller - This paper reports on the experiences with implementation of IEC 61508 in recent projects with European, North American and Japanese system vendors. The paper describes problems identified in implementing the standard and proposes a knowledge tool and a combination of software verification methods to mitigate these issues.
Real Time Operating Systems for IEC 61508 - Mike Medoff - In today’s world many potentially dangerous pieces of equipment are controlled by embedded software. This equipment includes cars, trains, airplanes, oil refineries, chemical processing plants, nuclear power plants and medical devices. As embedded software becomes more pervasive so too do the risks associated with it. As a result, the issue of software safety has become a very hot topic in recent years. The leading international standard in this area is IEC 61508: Functional safety of electrical/electronic/ programmable electronic safety-related systems. This standard is generic and not specific to any industry, but has already spun off a number of industry specific derived standards, and can be applied to any industry that does not have its own standard in place. Several industry specific standards such as EN50128 (Railway), DO-178B (Aerospace), IEC 60880 (Nuclear) and IEC 601-1-4 (Medical Equipment), are already in place. Debra Herrmann (Herrmann, 1999) has found a total of 19 standards related to software safety and reliability cut across industrial sectors and technologies. These standards’ popularity is on the rise, and more and more embedded products are being developed that conform to these standards. Since an increasing number of embedded products also use an embedded real time operating system (RTOS), it has become inevitable that products with an RTOS are being designed to conform to such standards. This creates an important question for designers: how is my RTOS going to effect my certification? This article will attempt to explore the challenges and advantages of using an RTOS in products that will undergo certification.
SIL Verification - Dr. William M. Goble - The safety lifecycle (SLC) is one of the fundamental concepts presented in the ANSI/ISA 84.01 and IEC 61508 functional safety standards.
Software - Stress Vs. Strength - Dr. William M. Goble - Considering the components used in the current control systems, hardware failure cause have been widely studied.
Software Safety Technique - Dr. William M. Goble - There is a strong trend toward the use of programmable electronics in safety instrumented systems. yet some users still avoid software-based systems.
State-Of-The-Art Safety Verification - Dr. Eric W. Scharpf & Dr. William M. Goble -The past few years have brought significant changes to the control safety field in both technology (i.e., fieldbus) and regulation (i.e., IEC 61508).
What Does Proven In Use Imply? - Rachel Amkreutz & Iwan van Beurden - The functional safety standards, IEC 61508, IEC 61511, and ANSI/ISA 84.01 each specify the Safety Integrity Level performance parameter of Safety Instrumented Functions.
What is PFDavg.? - Dr. William M. Goble - IEC 61508 requires probabilistic evaluation of each set of equipment used to reduce risk in a safety related system.
The Grandfather Clause and existing equipment - Dr. William Goble - International safety standards permit users to utilise a ‘Proven in Prior Use’ methodology to justify SIS equipment ie., A Grandfather Clause ; but can users take on the responsibility? - Following a recent internally initiated audit of your facility’s SIS, you realized your systems do not meet the “grandfather clause” requirements described in ANSI/ISA 84.01.00. Now you face the task of bringing those systems into conformance with international safety standards. One of the questions your SIS team raised is, “Do our installed transmitters meet the ‘prior use’ requirements described in Section 11.5.3 of IEC 61511-1 – Requirements for the selection of components and subsystems based on prior use?” From the ISA and InTech.

The following Links are from HIMA Australia

3.10 Integration today - Integration solutions - For years people have been discussing the subject of “integration” in automation technology. There are a variety of solutions available for the integration of safety and control systems. Provided the right decision is made you can take advantage of all the opportunities and potential synergies of integration, long-term.

3.10 Summary of Offshore Health and Safety Performance Report 2007-08 - The Offshore Health and Safety Performance Report 2007-08 was produced by the National Offshore Petroleum Safety Authority (NOPSA), with the aim to "move beyond the view of safety as compliance with codes and standards and towards an overall improved safety culture within an organisation. The report contains statistics, trends and observations of health and safety within the Australian offshore petroleum industry for the financial year 2007-08. Areas of concern highlighted include equipment design, risk awareness and management, procedures, ageing equipment, supervision and a shortage of skilled personnel.
Next Generation Safety Controller Maximizes Availability for Demanding Process Applications - The nemesis of all continuous processes is unplanned stoppage resulting from controls malfunction, equipment failure, or operator error. System availability can be improved significantly through the use of redundant control architectures – especially those that allow hot-swapping or on-the-fly program changes. Modern process safety solutions provide comprehensive diagnostics that help users to recognize safety-critical situations and act quickly and accordingly to avoid unnecessary system shutdowns. This paper from ARC highlights why companies should invest in process safety.
NOPSA competence findings in line with AS61511 - The Australian National Offshore Petroleum Safety Authority recently recommended that oil and gas facility operators implement formal staff competency management systems to ensure that basic skills requirements for safe plant operation are met.
Functional Safety: A Practical Approach for End-Users and System Integrators- Tino Vande Capelle,Dr. M.J.M. Houtermans - The object of this paper is to demonstrate through a practical example how an end-user should deal with functional safety while designing a safety instrumented function and implementing it in a safety instrumented system.
Modern 2oo4-Processing Architecture for Safety Systems-Prof. Dr.-Ing. habil. Josef Börcsök -This paper provides an overview of two out of four system architecture and associated considerations.
Safety Bus Systems -Prof. Dr.-Ing. habil. Josef Börcsök - Modern distributed control systems are connected via bus systems, which need effective and uninterrupted communication between all subscribers. Therefore it is necessary for these communications to be fault tolerant and safe. For safety related systems, additional safety layers are required to fulfil these requirements.
Introduction in Safety Bus Systems-Prof. Dr.-Ing. habil. Josef Börcsök - This paper discusses how modern distributed control systems are connected via bus systems, and need effective and uninterrupted communication between all bus stations. Therefore it is necessary that these communications are fault tolerant and safe.
Safety Critical Software-Prof. Dr.-Ing. habil. Josef Börcsök -This paper discusses the methodical analysis of hardware architectures used in safety-related applications. It provides an excursus on a safe computer system’s software technology and specifies the overview in greater detail.
Safety Systems -Prof. Dr.-Ing. habil. Josef Börcsök - This technical paper gives an excellent overview of Safety Systems covering development history, the fundamental considerations required, fault avoidance basis and measurement, fault control basis, along with external influences such as environmental demands, electromagnetic, mechanical and climatic considerations.
Comparison of PFD calculation -Prof. Dr.-Ing. habil. Josef Börcsök - This paper discusses the compares calculation methods.
Sharing Control & Safety Instruments-Are your Layers Overlapping?-Dirk Schreier - Since its release as an Australian standard in July of 2004, AS61511 is rapidly being accepted and applied on Safety Instrumented Systems throughout the process industry. Principles such as independence between control and protective instruments have existed for many years; however they continue to often be overlooked even with the introduction of this standard.
Risk Prevention and Mitigation-Where does gas detection fit in?-Dirk Schreier - It is quite common in today's process industry to see the terms fire and gas (F&G). These terms have been used hand in hand for many years and are also combined when referring to applications involving safety-instrumented systems. This article challenges the thinking behind this concept and demonstrates that although fire systems and gas detection systems both reduce risk; their methods are actually quite different.
Legal Implications in Australia for Companies and Individuals under “Industrial Manslaughter”-Dean McNair - There has been a lot of discussion in Australia recently over proposed new occupational health and safety (OH&S) legislation which will include the provision to prosecute corporations and individuals under industrial manslaughter laws. State and territory governments are enacting these new laws in response to workplace deaths in the hope that it will force company directors and senior executives to improve the safety cultures within their organisations.
Safety standard IEC 61508 - Consequences for automation technology and implementation at HIMA -This white paper provides an overview of IEC 61508 and how HIMA have addressed it's requirements.
SIL Assessments -Identification of Safety Instrumented Functions-Dirk Schreier - Since its release as an Australian standard in July of 2004, AS61511 is rapidly being accepted and applied on Safety Instrumented Systems throughout the process industry. AS61511 is a performance based standard with a risk-based approach to safety. Performance based standards are by nature very open to interpretation, and therefore allow for more than just one analysis technique. Some of the techniques currently applied in industry have some shortfalls in achieving the objective of the standard. This article looks at some common problems encountered during the analysis phase of the AS61511 safety lifecycle.
Communication with SafeEthernet -Franz Handermann- The application of SafeEthernet paves the way for the open automation- and network systems of the future.
Safety Considerations
Dr. Josef Börcsök,-Statistical evaluation of HIMA systems in the context of IEC 61508. This article contains the first comprehensive description of IEC 61508-compliant calculation of errors in safety-related systems in general and describes how relevant values for the H41q/H51q systems currently available from HIMA can be calculated.
Critical Aspects of Safety, Availability and Communication in the control of a subsea gas pipeline- Requirements and Solutions - This is a large zipped file of 2.5 Meg so will take a while to download, however it is worth it as shows safety related satellite communication.
Transporting gas - with safety first!-Automation of an ethylene pipeline.
Complete Burner Automation with Safety Controllers-A new solution for simple single and multi burner arrangements through to complex BMS applications, e.g. for power plants, waste incineration plants or processing plants. - Looking for more on Burner Management Systems? ICEweb's comprehensive BMS page has it!
Integrated safety controllers with safeethernet - By combining the world's fastest safety controllers "HIMatrix" with the world's fastest safety bus "safeethernet", HIMA is creating a hitherto unknown level of flexibility for safety-related automation. This flexibility is the basis for the development of new potential. The current system limits of safety-related automation concepts are disappearing, paving the way for truly application-based safety solutions. This creates new potential for increasing productivity and reducing the total costs for safety technology.
Comprehensive safety solutions for the South Pars gasfield exploration-ESD, F&G and HIPPS systems from HIMA ensure maximum safety and plant availability.

6.10 The following are from www.fabig.com
Fire & Explosion Hazard Management - The aim of the fire and explosion hazard management strategy is to reduce the risks from fires and explosions to as low as reasonably practicable (ALARP). The Oil and Gas UK guidance [1] and COMAH regulations [2] identify the following aims:
• Identify, analyse and understand all fire and explosion hazards and associated effects.
• The risk corresponding to fire and explosion hazards identified above should be as low as reasonably practicable.
• A suitable order of priority, and a suitable combination, of prevention, detection, control and mitigation systems for fire and explosion hazards should be implemented and supported throughout the life cycle of the offshore platform. In other words risks should be reduced to ALARP using inherently safe design principles.
• The above prevention, detection, control and mitigation systems should have performance measures proportionate to the required risk reduction.
• The design, operation and maintenance of the above prevention, detection, control and mitigation systems should be carried out by competent staff.
• Any changes that may occur throughout the lifecycle of the installation, and that may affect the likelihood and / or consequence of any fire or explosion hazard event (and therefore may make the risk on the installation deviate from an ALARP state) should be identified and assessed. The prevention, detection, control and mitigation systems should be modified and updated as necessary to take into account any such changes.
Fire & Explosion Hazard Management - Technical How-To-Do Guidance - This useful list details references to many useful documents.
Fire & Explosion Hazard Management - Standards & Approved Codes of Practice - A comprehensive list of standards

11.09 The following links are from the 61508 Association
Toolbox Talks - This excellent link gives you the essential toolbox tips in just a few sheets that will help your team to all be “singing from the same hymn sheet” which covers:
• Directors
• Senior Management
• Purchaser
• Project Manager
• Project Engineer
• Inspection and QA
• Operations
• Maintenance
• Service Engineer
• What is Functional Safety Management
• Proven in use / Prior use claims
• Functional Safety Management cross-reference
between IEC61508 and IEC61511
What is a Functional Safety System? A short description.
What is Conformity assessment? - Conformity Assessment is defined as "activity that provides demonstration that specified requirements relating to a product, process, system, person or body are fulfilled."
What is CASS? - Accredited Certification for Safety Systems - to IEC 61508 and Related Standards - CASS is a scheme for assessing the compliance of safety related systems with the requirements of IEC 61508 and associated standards. It provides a systematic approach to be used by certification bodies and others when assessing compliance at all stages from the specification of safety requirements through the design, development and manufacture of system components to integration, commissioning, operation and maintenance. At each stage CASS takes the conformity assessor through the logical steps of defining the scope of the assessment, the target of evaluation, the requirements to be met and the process of demonstrating and recording conformity.
Legacy Systems - Basic Principles for Safety - Engineered systems are relied upon for safety in a wide range of work environments. There is however, a general lack of awareness of the exact role played by such systems, and whether adequate safety is, in fact, being achieved. This is particularly true of systems that have been in place for many years. This document describes how to assess the capability of so called Legacy Systems, focussing on how electrical, electronic, or programmable devices achieve adequate safety in conjunction with other technologies such as mechanical systems and operational expectations.
SIL-Loops to the Rescue - Poor Process Design shouldn’t have to Hide behind Safety Loops - Clive de Salis -You’ve probably never thought of it this way but it really is true: To have an SIL-rated loop is a failure. An SIL-3 safety loop means that the layers of safety that we as chemical engineers have put in place in the process design are inadequate to such an extent that the risk of the fatality is 1000 timesthe wrong side of tolerable. The failure, herefore, is a failure of the chemical engineer to design a process that has sufficient layers of safety to not require an SIL-rated loop.
SIL Certs can Seriously Impair Plant Safety - Clive de Salis - Process operators are investing in certificates and experts - that the IEC standards do not require - at the expense of actual functional safety management. IEC61508 and particularly the process industry application of it in IEC61511 is gaining ground strongly for high integrity safety instrumented systems. However, the majority of industry is still naively asking for certification that the standard does not require, and has never needed, whilst ignoring its basic essentials. How long can this really go on for?
The 61508 Association provides additional articles to promote the benefits of IEC 61508 and accredited certification.

Fire Safe Actuators - A paper detailing an innovative concept from valued sponsor Samson Controls Pty Ltd
Recommendations on the Design and Operation of Fuel Storage Sites -This 52 page report sets out recommendations to improve safety in the design and operation of fuel storage sites.
SIS Links -TUV provides links to more Safety Instrumented Systems Information
Safety Users Group - An independent, professional community dedicated to instrumented safety matters related to the oil, gas, petrochemical and chemical industries. Lots of information here!
8.10 IEC 61511 – An Aid to COMAH and Safety Case Regulations Compliance - CliveTimms - The paper focuses on the relationship between hazards and Safety Instrumented Systems (SIS) that automatically shut down processes operations, when an abnormal situation is encountered, to prevent a hazardous event or mitigate the consequences of a hazardous event if it occurs (see section - Safety Instrumented Systems). Thus a SIS will represent an integral part of an SMS to reduce the risk of major accident hazards or mitigate the consequences - from Asset Integrity Management Ltd.
8.10 Replacement of SIS Logic Solvers Whilst the Process Remains Operational - Clive Timms - With increasing global demand for oil and gas driving prices higher and higher, the focus of oil and gas producers is to maintain and maximise production from every available facility. Older unreliable facilities are being upgraded and this often includes the replacement of Safety Instrumented Systems (SIS) such as emergency shutdown (ESD) systems, process shutdown (PSD) systems, Emergency Depressurisation (EDP) systems and fire and gas (F&G) systems due to obsolescence or reliability issues. Traditionally, the replacement of such safety critical systems is undertaken during a plant shutdown opportunity to ensure that process integrity was maintained and the replacement systems could be fully commissioned and validated without the presence of the process hazards. However, in this era of high oil and gas demand we are now seeing more and more SIS replacement projects being undertaken whilst the process is still fully operational, and thiscan lead to potential compromises during commissioning and validation of functionality - from C&C Technical Support Services and silsupport.com
8.10 Integrating Control and Safety – Where to Draw the Line? - Robin McCrea-Steele - New digital technology now makes it feasible to integrate process control and safety instrumented functions within a common automation infrastructure. While this can provide productivity and asset management benefits, if not done correctly, it can also compromise the safety and security of an industrial operation. Cyber-security and sabotage vulnerability further accentuate the need for securing the Safety Instrumented System (SIS) - From the Safety Users Group.
8.10 Selecting Transmitters for Safety Instrumented Systems - Stephen R. Brown and Mark Menezes - Users design safety systems to mitigate the risk of identified process hazards within tolerable levels, using application-specific risk models, defined user inspection schedules, and safety data for the devices under consideration. Some suppliers provide safety data for their devices. However, supplier data, even when validated by a third party, reflects laboratory results, and can be an order of magnitude too aggressive for field devices. “Proven-in-use” data includes real-world failure causes; however it tends to be conservative, since it must cover the whole range of the category, from 20-year-old pneumatics to the latest smart technology. Moreover, proven-in-use data is often aggregated for a given technology: for example, “pressure transmitter = dangerous failure rate of once in 50 years”. This aggregate data often does not isolate failure causes, so it does not allow users to take credit for improvements in technology or user practices intended to minimize the impact of specific failures. The net result to the user can be over design, over-testing, increased spurious trips and needless capital expenditures - from IDC
3.10 SafetyBase.com is a site that is full of some excellent information about Boiler Management Systems, Machine and Process Safety. You’ll be able to share ideas with colleagues across the country, stay current with compliance requirements, and read the latest case studies, white papers, and articles that can help you keep your people safe and your process moving.
3.10 Center for Chemical Process Safety - The Global Community Committed to Process Safety - CCPS is a not-for-profit, corporate membership organization within AIChE that identifies and addresses process safety needs within the chemical, pharmaceutical, and petroleum industries. CCPS brings together manufacturers, government agencies, consultants, academia and insurers to lead the way in improving industrial process safety.
3.10 An Introduction to Inherently Safer Design - Inherently safer design (ISD) is a philosophy for addressing safety issues in the design and operation of chemical processes and manufacturing plants. When considering ISD, the designer tries to manage process risk by eliminating or significantly reducing hazards. Thanks to Centre for Chemical Process Safety.

Recommended Guidelines for the application of IEC 61508 and IEC 61511 in the petroleum activities on the Norwegian Continental Shelf - This very comprehensive 55 page guideline from the Norwegian Oil Industry association is very useful.

Introduction & background to IEC 61508 - Ron Bell - Over the past 25 years there have been a number of initiatives worldwide to develop guidelines and standards to enable the safe exploitation of programmable electronic systems used for safety applications. In the context of industrial applications (to distinguish from aerospace and military applications) a major initiative has been focussed on IEC 61508 and this standard is emerging as a key international standard in many industrial sectors. This paper looks at the background to the development of IEC 61508, considers some of the key features and indicates some of the issues that are being considered in the current revision of the standard. Thanks to the Safety Users group.

PDS Method Handbook, 2003 Edition - Reliability Prediction Method for Safety Instrumented Systems
8.10 Equipment, Don't Fail Me Now - Calculating failure probabilities works better with systematic approach - Peter Morgan - Specialists in control and instrumentation were once confident to rely on their own experience and good design practice to design protection systems. Now they must adhere to a quantitative approach to designing systems deemed safety systems. Even the ubiquitous burner management system (BMS) is by virtue of its function, a safety instrumented system (SIS), and you should design it according to ISA 84.01 as well as the applicable National Fire Protection Agency standard. One step in this approach is calculating the target probability of failure on demand (PFD) for the system - From ISA and InTech

An Integrated Approach to Safety: Defense in Depth - Ensuring safety requires reducing the risk of incidents, faults and failures that can disrupt normal operations. This effort goes far beyond simply installing fail-safe controllers or a safety instrumented system. In fact, to mitigate the risk of serious incidents that can cause injury to personnel, equipment and the environment, it is important to consider safety from all aspects of a plant’s operation - From Honeywell

Certified Functional Safety Expert Governance Board -The CFSE is now administered by the CFSE Governance Board which is in turn supported by a broad consortium of companies including Honeywell, Pilz, Siemens, TUV, exida and other leading safety related firms.

Partial Closing of Shutdown/Blowdown Valves - Useful news release from ICS Triplex

Safety and related Acronyms From the Laboratory Safety Institute

Functional Safety and Safety Integrity Levels - An application note from Bentley Nevada

Valve system controls for safety - A matrix that substantially increases the level of safety in the process industries while significantly reducing the number of nuisance trips - Improved safety brings more nuisance trips, which means lost production.The single block valve is the weak point of the 2oo2D architecture and Parallel valve technology can provide 95% diagnostic coverage- G. Paul Baker and ISA InTech

PDS Data Handbook, 2003 Edition - PDS is a method used to quantify and balance the safety and production loss of Safety Instrumented Systems (SIS). The method accounts for all types of failure categories; technical, software, human, etc.- The 2006 edition of the PDS Method Handbook gives an updated version of the PDS method, including the mathematical details.

Converting relay-based logic solver to triple modular redundancy means safer plants at less cost - Keyur Vora and Ranjan Bhattacharya - When a leading Indian petrochemical plant noticed interlock operations and actuation happening six times a year due to shutdowns, they knew it was time for a change. Problems with trips in the oxidation reactor lead to huge costs in production and quality losses. Finally plant officials looked at upgrading the relay-based interlock system with triple modular redundancy (TMR) to enhance reliability and availability and reduce nuisance trips. From ISA and InTech.

Process Safety what are the Odds? - Enhancing a safety system's ability to perform on demand requires improved diagnostic coverage, maintenance, and regular testing. From controleng.com

How to Specify Solenoid Valves for a Particular Safety Integrity Level - S.A. Nagy - Selection must be done with care and understanding of safety and reliability standards to avoid the risks associated with an operational failure of a critical plant system - thanks to chem.info

Smart Instruments in Safety Instrumented Systems - Tom Nobes - The U.K.'s largest nuclear site operator implements IEC61508 and finds the quality of instrument firmware to be variable, but improving. Thanks to ISA.

Vessel overflow protection systems seem so simple, so straightforward—that is until one of them fails to work properly and your plant is the six o’clock news - The underlying concept required of an automated overfill protection system seems so simple: If the level of a vessel reaches a pre-determined maximum, then stop the flow of liquid filling the vessel. Satisfying such a simple requirement occurs in toilets, clothes washers, and dishwashers every day, so what is the big deal? The big deal is the liquid in toilets, washers, and dishwashers is water, not a highly flammable, possibly toxic, fuel or chemical. In addition, remember if the overfill protection system fails and there is even a minor incident, government investigators are going to want to see evidence you applied the principles of IEC 61511. Thanks to InTech.

Equipment, don't fail me now - Calculating failure probabilities works better with systematic approach - Peter Morgan - One step in this approach is calculating the target probability of failure on demand (PFD) for the system. Because calculating PFDs for repairable systems commonly seems complicated, the approach does not curry favor with the average control and instrumentation specialist; some manufacturers defer the design analysis to others or they do not do it at all. But there is benefit in the approach for designing general protective systems in addition to meeting the mandatory requirements for a SIS. From the ISA and InTech.

6.10 Development of a Business Excellence Model of Safety Culture - Michael S Wright, Philip Brabazon, Alison Tipping and Medha Talwalkar - This report gives the results of a study carried out by Entec UK Ltd to provide a comprehensive review of research on how to assess and develop safety culture, and thereafter produce a safety culture improvement matrix (SCIM).
6.10 Root Causes Analysis - Literature review - This report contains the findings of a literature search, outlining the principles, structure and method of application of each identified root causes analysis technique.
6.10 Best Practice for Risk Based Inspection as a part of Plant Integrity Management - J B Wintle, B W Kenzie Mr G J Amphlett and S Smalley -This report discusses the best practice for the application of Risk Based Inspection (RBI) as part of plant integrity management, and its inspection strategy for the inspection of pressure equipment and systems that are subject to the requirements for in-service examination under the Pressure Systems Safety Regulations 2000 (PSSR). It can also apply to equipment and systems containing hazardous materials that are inspected as a means to comply with the Control of Major Accident Hazards Regulations (COMAH).
6.10 A Review of Experience from Two Offshore Design Projects - D Piper - This report describes the outcome of a review of experience from two recent offshore design projects, primarily from a safety perspective, to identify key issues and any lessons that may be learnt for future projects.
6.10 Application of QRA in Operational Safety Issues - Andrew Franks, Richard Whitehead, Phil Crossthwaite and Louise Smail - This study has performed research into the use of risk in Health and Safety Executive's (HSE) operational decisions in the context of the COMAH regulation 4. The research focussed on the use of regulatory guidance, risk matrices and Quantitative Risk Analysis (QRA) to demonstrate compliance with the ALARP principle. Each approach has its strengths and weaknesses, for any particular situation. Cost Benefit Analysis (CBA) when used in conjunction with QRA is able to provide an economic justification as to whether risk reduction measures should be implemented.
6.10 A Methodology for the Assignment of Safety Integrity Levels (SILs) to Safety-Related Control functions Implemented by Safety-Related Electrical, Electronic and Programmable Electronic Control Systems of Machines - Mark Charlwood, Shane Turner and Nicola Worsell - This contract research report describes the development by the authors, with funding from HSE, of a methodology for the assignment of required Safety Integrity Levels (SILs) of safety related electrical control systems of machinery. The rationale behind the methodology and how to use it in practice are also explained in some detail. The methodology has been developed and accepted for inclusion in an informative annex of the International Electrotechnical Committee standard IEC 62061: "Safety of Machinery Functional Safety of Electrical, Electronic and Programmable Electronic Control Systems for Machinery"

6.10 Risk Based Inspection - A Case Study Evaluation of Onshore Process Plant - W Geary - A survey of approximately 50 UK organisations carried out by HSL in 1999 showed that approximately half were using an approach to plant inspection based on risk. It was clear however, that a wide range of systems were in use including commercial software packages and in-house systems specific to individual plants. Given the disparate nature of some of these systems and the likelihood that RBI assessments might produce very different results depending on which methodology was used, HSE took the view that a study should be undertaken using a number of example cases to tease out the differences between the systems. This is the subject of the current investigation.

RR216, 'A methodology for the assignment of safety integrity levels (SILs) to safety-related control functions implemented by safety-related electrical, electronic and programmable electronic control systems of machines'
http://www.hse.gov.uk/research/rrhtm/rr216.htm

RR125, 'Evaluation of the implementation of the use of work equipment directive and the amending directive to the use of work equipment directive in the UK'
http://www.hse.gov.uk/research/rrhtm/rr125.htm

Training
6.10 E-learning course from Abhisam Software on Safety Instrumented Systems - This course covers ALL aspects of Safety Instrumented Systems in seven modules covering the following;
* Introduction to SIS
* Hazards, Risks and their analysis
* Failures and Reliability
* Safety Integrity Level (SIL)
* SIS Standards
* SIS in Practice
* SIS Testing and Maintenance
This course is a blend of Flash based animations/videos, graphics, real-life photos and and text that explain key concepts in a easy to understand method. Take the Self Assessment test at the end to gauge your understanding.

The Safety Users Group offers the following self training - Hardware Safety System Constraints Made Easy - An in-depth training course on IEC 61508 and IEC 61511 key hardware design concepts. This training course features hardware safety concepts as intended by IEC 61508 and IEC 61511 standards in an easy-to-understand format and at the viewer’s own pace. Topics covered are:

HIMA Australia offer a number of training courses in Australia - Details can be found here.

Wish to learn more about Manufacturing and Automation Safety or Burner Management? ICEweb has these topics well covered on our MAS and BM pages.