Management of instrumented systems providing safety functions of low / undefined safety integrity

Summary

This document provides specialist inspectors in HID with guidance on the expected standard for the management of instrumented systems providing low integrity safety functions and safety functions of undefined integrity. Low integrity safety functions are those providing risk reduction of a factor of ten or less and commonly termed 'sub-SIL' of 'non-SIL'.

Introduction

Dutyholders have a duty to make a suitable and sufficient assessment of risk and to introduce preventive and protective measures to control the risks identified by the risk assessment. Where risk control measures involve work equipment such as instrumented systems, operators have further duties to maintain those systems in an efficient state, in efficient working order and in good repair and to provide information and instruction.

Relevant good practice in the management of safety instrumented systems in the process sector is provided by the three parts of BS EN 61511. It defines the concept of safety integrity level (SIL) and defines a minimum level of performance (SIL 1) below which the standard does not apply. It also defines the determination of SIL, therefore, in practice, it does not apply below a minimum level of performance (SIL 1) apart from those parts of the standard used to determine the required level of performance.

Inspectors encounter instrumented systems where the integrities of the safety functions they implement are below SIL 1,  have not been determined or are in the process of being determined. Until a suitable and sufficient assessment of risk has been completed and the required risk reduction has been specified, the applicability of BS EN 61511 cannot be established.

Irrespective of required risk reduction or the status of risk assessment, the objective for inspectors is to ensure that dutyholders adequately manage all instrumented safety functions.

Action

Instrumented systems that implement low integrity safety functions will be easily identifiable because they have, by definition, been identified through assessment of risk.

In the absence of an assessment of risk, or where the assessment of risk is in the process of being carried out, an instrumented system shall be considered to be implementing a safety function if its action can, in the opinion of the inspector, be related to the prevention of a hazardous event that could reasonably be expected to result in serious or significant injury, health effects or environmental damage.

An instrumented system implementing a low integrity safety function or a safety function of undefined integrity shall be subject to the following provisions:

Inspectors should advise dutyholders that these engineering and operational practices would contribute to a demonstration that risk has been reduced so far as is reasonably practicable.

Background

For the purpose of the Enforcement Management Model, this guidance is an interpretative standard

Relevant good practice in the management of instrumented safety instrumented systems in the process sector is provided by BS EN 61511.

Guidance on instrumentation in process control systems is provided by BS 6739.

Further information on the management of control functions and their impact on safety functions can be found in HSG238.

Further information on the management of health and safety can be found in HSG65.

Organisation

Targeting

Major hazard installations.

Timing

Ongoing.

Resources

To be used by HID EC&I Specialist Inspectors during established intervention processes.

Recording & Reporting

No special requirements.

Health & Safety

No special requirements.

Diversity

No special requirements.

Further References

Relevant Acts and Regulations

Relevant Good Practice

Contacts

HID Chemicals, Explosives and Microbiological Hazards Division 2E Electrical, Control and Instrumentation Team

Updated 2020-12-15