Representative End User Clients
Representative Automation Clients
Representative Software Clients
Overview
Maintaining a safe, regulatory-compliant, and profitable industrial process facility typically requires owner-operators to 
carefully scrutinize their investments in safety instrumented systems (SIS).
Because of the potentially hazardous nature of plant equipment, processes, and applications, the IEC 61511 safety standard requires users of SIS equipment to test those systems on a regular basis for regulatory compliance and performance. Previous standards did not require adherence to strict time schedules for compliance. As a result, the current landscape is littered with different, overlapping generations of safety equipment, often with gaps when it comes to meeting codes. This ARC Insight discusses the benefits of adopting the latest generation of equipment and applications with embedded diagnostics, rather than retaining existing, “proven in use” safety equipment for which the owner (rather than the supplier), bears responsibility for certification.
Background
The IEC 61511 Functional Safety Standard for the Process Industries, developed for end users, system designers, and system integrators, is nearly identical to the ISA-84 standard. Both specifically address process industry safety equipment from a functional perspective. Compliance of SIS devices (pressure and temperature transmitters, level meters, flow meters, valves, switches, etc.) to IEC 61511 may be accomplished by either end user certification under "prior use" provisions (essentially “grandfathering”) or installing new safety integrity level (SIL)-rated SIS devices certified to IEC 61508. IEC 61508, Functional Safety of Electric/Electronic/Programmable Electronic Safety-Related System, a companion standard, specifies the criteria that suppliers must follow to claim a SIL certification for their devices. On the surface, the cost savings for users to certify installed equipment under "prior use" may appear attractive. However, when the administrative cost, time, and dedicated personnel resources are considered, opting for SIS devices certified to IEC 61508 could represent a significantly lower-cost approach. This, despite the incremental purchase and implementation costs for new SIS devices.
Issues with Grandfathering Under Prior Use Provision
IEC 61511 provides general guidelines requiring interpretation by end users when certifying SIS for compliance, particularly when "prior use" is deployed. The prior use provision was included to provide users with a more economical option for certifying the many thousands of existing SIS devices already in service. In the prior use method, the end user, not the supplier, bears responsibility for certifying and validating the reliability of the SIS hardware and software of the product under actual operating conditions.
This would represent a significant burden for many end user organizations, especially when you consider that current plant staffs may have only limited experience with the installed devices and the associated documentation can be spotty at best. The lack of end user knowledge and experience in product certification puts them at a significant disadvantage. Additionally, end users typically do not realize or fully understand the need for a comprehensive documentation system.
Since many organizations would need to upgrade their existing systems, the documentation requirements alone would represent a major strain on already limited, and time-strained plant resources.
Online Diagnostics Can Help
Despite the often lower upfront costs, the "prior use" method for certification has long-term drawbacks that could ultimately increase total cost of ownership and reduce SIS reliability. End users should exercise caution, because "prior use" will tend to block consideration and adoption of newer technologies. This could lead to a competitive disadvantage 
compared to peers, and potentially reduce plant safety.
Certifying compliance under "prior use" perpetuates a less than state-of-art plant with older SIS devices that lack the diagnostics and intelligence of newer products. These newer capabilities can help operators identify product and process problems associated with SIS devices and avoid unnecessary plant shutdowns. In addition, history has proven that even though they may have performed well in the past, over time, mature devices will slowly degrade in performance (accuracy, drift, linearity etc.). Newer, certified SIS devices provide improved performance and embedded diagnostics that continuously monitor their health. For older devices without embedded diagnostics, problems and safety issues can only be discovered by proof testing. This is typically performed once a year, which may not be adequate to assure the needed level of reliability.
New, purpose-built SIL-rated products have online device diagnostics that identify installation and application problems that can lead to SIS failure. Embedded device diagnostics are automated and continuous. This lowers compliance cost and has a significantly higher probability of detecting product and application problems, such as plugged impulse sensing lines in pressure transmitters. ARC expects automated diagnostic testing to complement the existing testing requirement and, in the future, replace or reduce the periodic proof test required by the code.
Evolving SIS Device Landscape
Not too long-ago, end users were complaining about the lack of certified SIL-rated devices. Today, the number of field device and control valve suppliers entering the SIS market continues to grow along with the variety of SIL-rated devices, although you shouldn’t ever expect to find low-demand, niche equipment (such as oxygen analyzers) on a SIL-certified list. ARC believes that most new certified devices will feature embedded diagnostics and other intelligent features.
In a related activity, control valve manufacturers have developed a “partial stroke” testing method that enables critical emergency shutdown (ESD) valves to be tested for functionality while the plant is operating.
Originally envisioned to increase the reliability of sensor measurements, innovative self-validating methods (”SEVA”) developed several years back for sensors could be extended to replace the current need to routinely validate the health of SIS devices, the manner in which they are installed, and their application. NAMUR NE107, “Self-monitoring and Diagnosis of Field Devices” supports development of this initiative. ARC believes that emerging predictive analytics solutions could use this validation information to help further improve safety system performance and maintenance.
Recommendations
- End users should consult outside experts to review current and planned implementations to help ensure fact-based decisions free from excessive bias.
- SIS device suppliers, consultants, and system integrators should provide unbiased services to help users determine the best course of action to meet unique end user goals and objectives.
- End users should audit legacy SISs before adopting a permanent SIS compliance strategy and determine the suitability of their documentation systems.
- End users should consider the long-term benefits of adopting supplier-certified SIS devices with embedded diagnostics and other intelligent features over the short-term cost benefits of "prior use;" employing "prior use" only when certified SIS devices are unavailable.
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Safety Systems, SIS, SIL, Diagnostics, IEC 61511, IEC 61508, ISA-84, ARC Advisory Group.