Functional Safety Management of Installed Systems
BS EN 61511 is the recognised industry standard in the UK for the management of safety instrumented systems (SIS) in the process industries. The document details a methodology for management of instrumented systems of a defined safety integrity level, typically referred to as SIL rated systems.
The revised standard (Edition 2) now requires duty holders to collect data to support claims made about the reliability of SIS and places greater emphasis on the need for compliance with later stages of the safety lifecycle. So, what should we do with legacy systems which are already installed? Do we need to achieve full retrospective compliance?
The Chemical and Downstream Oil Industries Forum (CDOIF) has issued a new Guideline: Functional Safety Management of Installed Systems, to help clarify this position. The Guideline defines installed systems as those which are already present on site and fit the following criteria:
Compliance is only required so far as is reasonably practicable (SFAIRP), which means that retrospective compliance and/or the installation of new ‘SIL rated’ equipment may not be necessary. The duty holder must only show that the equipment is fit for purpose and that people are competent. The CDOIF guidance provides a structured approach for achieving compliance and can be used to make decisions on whether additional work would be considered reasonably practicable.
Although re-engineering of equipment is not always necessary, proving that equipment is, and continues to be, fit for purpose is a requisite. A significant change to the mandatory requirements of BS EN 61511 is the expectation that Functional Safety Assessment stages 4 and 5 (FSA4 and FSA5) will be conducted. Such assessments are needed to establish, through the review of evidence, that functional safety has been achieved. Assessments must also be signed by an independent and competent person.
Often within industry, SIS have been designated as “SIL systems” on a quite arbitrary basis, without reference to an appropriate risk assessment. But a lack of rigour in SIL determination can lead to inappropriate allocation of resources, diverting attention away from areas where the risks might be higher. Before commencing extensive functional safety work then, for each SIL system, why not ask yourself:
Although not guaranteed, it is possible that a review of hazard identification and risk assessment studies might identify that even though a safety instrumented function (SIF) is required, it need not have a SIL rating. In such circumstances, management of these systems is far less onerous and costly.
Whether you are looking for guidance on how to manage instrumented systems to BS EN 61511, how to apply the latest CDOIF guidance on management of installed systems or would like a review of your underlying hazard identification and risk assessment processes, HFL Consulting can help.