Safety Instrumented System (SIS) Design and Engineering

Design and Engineering of the Safety Instrumented System (SIS) involves both hardware and application software design, using only compliant components with the correct hardware fault tolerance.

Clause 14 of IEC 61511 – describing the approach to SIS Design and Engineering – makes up 11 of the 77 pages of Part 1 of the standard. There is much detail to absorb, but in summary the Clause describes:

• Specific requirements for the design, such as:
• The need to meet the requirements of the SRSSafety Requirements Specification through the design.
• What should be included in the design (e.g., a manual means of activating the SIS final elements).
• How power supplies should be managed when the SIFSafety Instrumented Function does not enter the safe state on loss of power.
• What types of serial communication can be used in SIF implementation.
• Requirements on response to detection of a fault.
• Which devices are considered suitable for use in a SIF compliant with IEC 61511.
• Determining Hardware Fault Tolerance (redundancy by another name).
• Maintenance and engineering interfaces (HMI – Human Machine Interfaces).
• How to determine the overall reliability of the SIF.

SIS Design – Application Program

IEC 61511 provides relatively little guidance on how the SIS Application Program should be developed – but this limited guidance is appropriate for programming with “Limited Variability Languages” (LVL). Examples of such languages would be ladder logic, function block diagram and structured text. These languages are very constrained (or “limited” - hence LVL). The logic solver will be programmed by way of the product suppliers programming tool / engineering workbench. This programming environment will usually be further constrained by preventing any “unsafe” programming actions within the programming tool.

More complex, powerful programming languages (such as “C”) are known as “Fully Variable Languages” (FVL). These  could be used to develop the logic solver’s application program – but these powerful languages need a different level of control in order for them to be employed in safety applications. Since they are so flexible, it would be entirely possible to implement an “unsafe” approach. It follows that the rule set for programming in an environment such as this would need to be very robust and comprehensive. Such rules for programming are found in IEC 61508 Part 3 (“Software Requirements”). This document provides more than 100 pages of guidance and is supported by other informative parts of IEC 61508. Use of FVL languages is normally restricted to product suppliers developing the operating systems for logic solvers. It would be unusual for the Application Program to be developed in this way. It is allowed by IEC 61511 to develop Application Program using an FVL language – but this must be done to the ruleset in IEC 61508 Part 3 (>100 pages) rather than to the ruleset within IEC 61511 Clause 12 (5 pages).

What =Method can do for you

• Deliver “SIS Design FEED Studies”.
• Provide independent verification of SIS Design and SIS Application Programming.
• Train and mentor SIS Design Engineers. (Note that =Method does not provide (detailed) SIS Design and SIS Application Programming services – but we are happy to work with clients to identify suitable systems integration partners who can provide these services).
• Carry out Stage 2 Functional Safety Assessments.
• Alarm Management.