Operator Response within Instrumented Safety Functions in the Chemical, Oil & Gas, and Specialist Industries
This document provides guidance on the expected standard for instrumented safety functions that require an operator response to an alarm at hazardous installations.
Duty holders often identify instrumented alarm functions as providing prevention or mitigation risk reduction against initiation / progression of major accident scenarios. Such alarms require more administration and documentation than other, general alarms, and are described as, “highly managed alarms,” (HMA) within relevant good practice, e.g. BS EN 62682.
BS EN 62682 requires that all alarms are classified. Alarm classification is used to set common requirements for managing groups of alarms, e.g. alarm classes which are HMA’s should have additional requirements above other general alarms (e.g. documentation, training, maintenance, testing and management).
Examples of alarm classification groups could be:
Equipment reliability / availability
General alarm (unless GMP is applied, for example, at a pharmaceutical plant)
Low integrity safety instrumented alarm functions, where PFD ≥ 0.1 (RRF ≤10)
Highly managed alarm (LISIAF)
Safety instrumented alarm functions, where PFD < 0.1 (RRF >10)
Highly managed alarm (SIAF)
Note – only items 3 and 4 are included within the scope of this guidance.
An instrumented alarm function identified as providing risk reduction against a major accident hazard (MAH) should:
- Reduce the risk of a major accident hazard by prevention or mitigation
- Include process sensing components and an alarm annunciator
- Include an operator response (not automated)
- Include output elements (operated directly or indirectly by the operator) and all necessary interconnecting equipment (to successfully effect the safety function)
An instrumented alarm function is represented diagrammatically as follows:
Low Integrity Safety Instrumented Alarm Functions (LISIAF)
A low integrity safety instrumented alarm function (LISIAF) provides safety risk reduction (i.e. reduces risk by a factor of up to 10) and is also classified as a low integrity instrumented safety function, where the operator takes the appropriate action in the event of an alarm activating. HSE Operational Guidance – OG46 provides guidance on the management of low integrity instrumented safety functions and would be applicable to LISIAF’s. BS EN 62682 is recognised as relevant good practice for alarm systems in process industries. LISIAF’s could be considered to be one class of highly managed alarm.
Safety Instrumented Alarm Functions (SIAF)
A safety instrumented alarm function (SIAF) provides significant safety risk reduction (i.e. reduces risk by a factor of more than 10), and is also classified as a safety instrumented system (SIS). Relevant good practice BS EN 61511 does allow an operator as part of a SIS, i.e. cases where the operator takes the appropriate action in the event of an alarm activating.
Reference should be made to BS EN 61511 for definitions of other acronyms and terms.
It should be noted that this guidance:
- Does not cover how alarms are classified, reference relevant good practice BS EN 62682.
- Does not cover what reliability should be assigned to an operator’s ability to perform a task. Note the use of human reliability assessment (e.g. ‘Human Error Assessment and Reduction Technique’ (HEART)) requires expert application and is subject to user error and therefore is outside the scope of this guidance.
- Does not cover reliability of operators carrying out a task, which, if they fail, would be the initiating event for a major accident hazard.
- Does not cover reliability of personnel carrying out other tasks such as design, maintenance, testing / proof testing, modification etc.
- Does not take precedence where application specific guidance is available (e.g. Buncefield type storage tanks)
- Use the guidance described in Appendix 1 to verify, or otherwise, that relevant good practice has been applied;
- Refer Duty Holders to the guidance described in Appendix 1 so that it is clear how to apply good practice.
For the purpose of the Enforcement Management Model, this guidance is an interpretative standard.
Relevant good practice is provided by BS EN 61511 and BS EN 62682.
Onshore and offshore major hazard installations.
To be used by CEMHD E, C & I Specialist Inspectors during established intervention processes.
Recording & Reporting
No special requirements.
Health & Safety
No special requirements.
No special requirements.
Relevant Acts and Regulations
- Health and Safety at Work Act 1974 (as amended)
- Offshore Installations (Safety Case) Regulations 2015
- Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations 1995
- Control of Major Accident Hazards (COMAH) Regulations 2015 (as amended)
- Management of Health and Safety at Work Regulations 1999 (as amended)
- Provision and Use of Work Equipment Regulations 1998 (as amended)
Relevant Good Practice
- BS EN 61511:2017 Parts 1-3 Functional safety – Safety Instrumented Systems for the Process Industry Sector
- BS EN 62682:2015 Management of alarms systems for the process industries
(Note – this is not an exhaustive list)
- Engineering Equipment and Materials Users’ Association (EEMUA) Publication ‘191’: Alarm Systems – A Guide to Design, Management and Procurement. (ISBN 0 85931 076 0) (Edition 3)
- Engineering Equipment Materials Users’ Association (EEMUA) Publication ‘222’: A Guide to the Application of IEC 61511 to Safety Instrumented Systems in the UK Process Industries.
- BS EN 62508: Guidance on Human Aspects of Dependability
- BS EN 61508 Parts 1-8 – Functional safety of electrical/electronic/programmable electronic safety related systems
- Process Safety Leadership Group Final (PSLG) report (HSE) – Safety and Environmental Standards for Fuel Storage Sites
- Contract Research Report 373/2001 – Proposed Framework for Addressing Human Factors in IEC 61508
Chemicals, Explosives and Microbiological Hazards Division 2E Electrical, Control, and Instrumentation Team