Proof Testing of Safety Instrumented Systems in the Onshore Chemical / Specialist Industry

Open Government Status

Fully Open

Publication date

18/12/14

Review date

18/12/16

Guidance owner

HID Chemicals, Explosives and Microbiological Hazards Division 2E Electrical, Control and Instrumentation Team

Target Audience

Onshore HID Electrical, Control & Instrumentation (EC&I) Specialist Inspectors

Summary

This document provides guidance on the expected standard for proof testing safety instrumented systems.

Introduction

• Safety Instrumented Systems (SIS) are designed to provide a level of integrity that reduces the risk of a hazard to a defined tolerable level. 
• During normal operation, components of the safety instrumented system (SIS) are subject to the possibility of random failures.  These failures may be safe failures that could lead to spurious trips or dangerous failures that may prevent the SIS operating correctly when required.  If the dangerous failures are not revealed by diagnostic functions, then they are termed as undetected.
• Over time, the probability that an undetected dangerous failure has occurred increases.  Therefore the probability that the SIS will not operate as required (often called probability of failure on demand - PFD) also increases over time until the failure is revealed and repaired.
• Good practice (eg BS EN 61511) requires that a PFD calculation is performed to show that the integrity, ie the average PFD, of the SIS is sufficiently low to achieve the level of risk reduction required based upon assumptions including: the reliability of the components being used and how often undetected dangerous failures are revealed by proof test.
• The underlying PFD calculations typically include within them assumptions about the coverage of the test, ie that all undetected dangerous failure modes that prevent the SIS from operating in accordance with the safety requirement specification are revealed at the specified proof test interval and repaired within the specified mean time to repair.
• Dutyholders often seek to achieve this by carrying out periodic testing at the specified proof test interval.  However, it is observed that such testing sometimes does not reveal all undetected failure modes, for example because:
  1. Some components cannot be tested because to do so would destroy them, eg explosion suppression powder canisters.
  2. Some components cannot be tested in the usual manner whilst the process is online.
  3. Some components cannot be tested without exposing workers to other hazards, eg hazardous pressure or energy, toxic or flammable materials etc.
  4. Some failure modes cannot be directly tested.
  5. The test method is insufficient to reveal all failure modes, eg associated with redundant channels, diagnostic functions, failure modes.
• It can be seen that the integrity achieved by the SIS is linked to the assumptions made within the PFD and the coverage of the proof test, and that this has a direct effect on the level of risk reduction the SIS provides.
• This document provides practical guidance on how to carry out PFD calculations, define and implement direct tests or other methods to ensure that the SIS provides the risk reduction required of it in an ongoing basis.
• Note that the terms used in this document are defined as in BS EN 61511 unless specifically defined in this document.

Action

Inspectors should:

• use the guidance described in Appendix 1 and 2 to verify, or otherwise, that relevant good practice has been applied;
• refer Duty Holders to the guidance described in Appendix 1 and 2 so that it is clear how to apply good practice.

Background

For the purpose of the Enforcement Management Model, this guidance is an interpretative standard.

Relevant good practice is provided by BS EN 61511 and BS EN 61508.

Organisation

Targeting

Onshore major hazard installations.

Timing

Ongoing.

Resources

To be used by HID EC&I Specialist Inspectors during established intervention processes.

Recording & Reporting

No special requirements.

Health & Safety

No special requirements.

Diversity

No special requirements.

Further references

Relevant Acts and Regulations

• Health and Safety at Work Act 1974 (as amended)
• Control of Major Accident Hazards (COMAH) Regulations 1999 (as amended)
• Management of Health and Safety at Work Regulations 1999 (as amended)
  
• Provision and Use of Work Equipment Regulations 1998 (as amended)

Relevant Good Practice

• BS EN 61511:2004 Parts 1-3 Functional safety – Safety Instrumented Systems for the Process Industry Sector
• BS EN 61508 Parts 1-8 – Functional safety of electrical/electronic/programmable electronic safety related systems

Related Documents

(Note – this is not an exhaustive list)

• Engineering Equipment Materials Users' Association (EEMUA) Publication '222': A Guide to the Application of IEC 61511 to Safety Instrumented Systems in the UK Process Industries.
• IEC 60300-3-2: "Dependability management - Part 3-2: application guide- Collection of dependability data from the field".
• ISO 14224: "Petroleum, Petrochemical and gas industries- Collection and exchange of reliability and maintenance data for equipment".
• BS EN ISO 10418:2003 "Petroleum and natural gas industries. Offshore production Installations. Analysis, design, installation and testing of basic surface process safety systems" (especially Annex G)
• Contract Research Report CRR 428/200 Principles for proof testing of safety instrumented systems in the chemical industry

Contacts

HID Chemicals, Explosives and Microbiological Hazards Division 2E Electrical, Control and Instrumentation Team

Appendices

• Appendix 1: Process for Defining SIS Proof Testing Requirements
• Appendix 2: Process for Implementing SIS Proof Testing
• Appendix 3: Partial Proof Testing Example
• Appendix 4: Common Failings