Design

SIS-TECH personnel average over 20 years of broad spectrum experience in the chemical processing, refining and nuclear energy industry sectors. We have worked for companies such as ChevronPhillips, Dow, DuPont, Savannah River, Valero and others, representing roles in design/process/automation engineering, maintenance, reliability and operations.

In addition to our industry experience, we are active participants on the international standards development committees representing the voice and needs of our customers, e.g. SIS-TECH is one of only five United States delegates to the IEC61508/61511 standard committee.

This experience enables SIS-TECH to design and deliver the most efective solution to fulfill your safety requirements while ensuring the efficiency of maintenance, operations, compliance tracking, and reliability improvement. These solutions will comply with the requirements of ISA84.00.01 (Safety Instrumented Systems) and ISA91.01(Instrumented Safety Systems) as well as align with the CCPS “Guidelines for Safe and Reliable Instrumented Protective Systems” which specifies all IPS need to meet seven specific attributes: independent, functional, integrity, reliability, auditable, access security and MOC across the lifecycle. Any instrumented safety system (e.g., operator response to alarm, BPCS action, SIS) which is credited as an Independent Protection Layer in the LOPA must meet these seven attributes. SIS-TECH expertise ensures these attributes are met beginning with sound design technique and verification checks at various intervals across the design phase.

The following is a listing of the design and engineering solutions which SIS-TECH provides:



Call SIS-TECH for assistance with any of the following:

Factory Acceptance Test (FAT)

Effective FAT procedures demonstrate the functionality of the SIS hardware and logic. SIS-TECH generates step-by-step procedures incorporating sign-off spaces for critical steps. These procedures have sufficient detail to address testing of the critical hardware and logic functionality. SIS-TECH procedures contain the following information:

  • SIS logic description
  • Trip values
  • Instrument ranges
  • Testing tolerances
  • Communications to occur between the SIS and the BPCS
  • Bypass initiation, if required
  • Alarms
  • Indications

SIS-TECH provides FAT support and conducts the FAT in accordance with the procedure.

Application Software Development

The application software implemented in the SIS logic solver must meet the intent of the safety requirements specification. It should be developed in a modular format, capable of diagnostic testing of inputs and outputs, written in a structured order, capable of safe modification, and provide traceability. Adequate notation should be provided so that the program can be understood by those responsible for making changes in the future.

SIS-TECH uses “proven-in-use” function blocks that have been field-proven to provide safe operation. Guidelines are used to establish a consistent programming style from project to project. SIS-TECH follows the intent of the ANSI/ISA 84.01-2004 Part 1, Clause 12 in the development of your application software. A formal design review is performed at integral stages of the programming lifecycle, demonstrating that specific requirements are being met.

Software Requirements Specification - Logic Flow Charts

ANSI/ISA 84.00.01-2004 requires the development of a software requirements specification that defines the following:

  1. The SIF functional logic to be performed by the logic solver.
  2. The non-SIF functional logic to be performed by the logic solver.
  3. Any diagnostics that are to be performed by the logic, how the logic should be modified when faults are identified, and when and where alarms should be displayed.
  4. Any communication between the SIS and other devices, such as the operator HMI.
  5. The sequence of data processing with respect to the input/outputs (I/O).

SIS-TECH uses logic flow charts to document the software requirements specification. These charts help to facilitate the validation of the applications software at the Factory Acceptance Test (FAT) or Site Acceptance Test (SAT). Their use has been proven to reduce time spent writing the program, as well as for testing the logic during the FAT. Logic flow charts also serve as excellent tools for management of change when used in conjunction with the provided program parameter status and flag listing. They will help you to quickly determine how program changes can impact the functioning of various safety instrumented functions. An examination of the status and flag listing reveals how your changes to internal variables affect the application software operation. Typically, the logic flow charts include the following:

  • Automatic SIS functions
  • Process permissives
  • Manual functions
  • Operation actions
  • Operator interface display/indications/alarming

SRS Component--Safety Function Design Documents

SIS Overview

SIS Overview drawings are developed to depict the SIS field instrumentation and auxiliary components. These drawings are depicted in P&ID format, but should not be confused with Unit P&IDs. The SIS Overview drawings do not contain all field instrumentation. The drawings are restricted to the instrumentation specifically related to each safety function. Process equipment and piping are shown as necessary to provide the general location of the safety instrumentation.

Cause and Effect Matrix

The cause and effect matrix shows the process conditions (cause) that are monitored and the mitigating actions (effect) that are taken as the result of the process conditions. The cause and effect matrix also provides the voting, trip points, and any required explanatory comments.

Power Distribution Drawing

Power distribution is critical to the safe operation of energize-to-trip safety systems. A dependable power distribution improves the reliability of de-energize to trip SIS. A simplified power distribution drawing is provided for the overall SIS.

SIS Instrument Index

The SIS instrument index identifies the input/output points, including field devices, local panel instruments, control room panel instruments, and BPCS commands. The instrument index contains the following information:

  • Tag Number (MMS Functional Location)
  • Service Description
  • Device Type
  • Signal Type
  • Testing Interval
  • SIS Overview Drawing Number
  • Comments
  • Revision Number
  • BPCS Message and Alarm List

All communication between the BPCS and SIS must be performed in a manner that does  not impact the integrity or functional independence of the SIS. Consequently, all  communication must be reviewed carefully to verify that the SIS application program is secure during start-up, normal operation, and shutdown. While it is common to communicate start-up permissives, shutdown resets, diagnostic alarms, and valve position indications between the BPCS and SIS, all communication must be approved. The BPCS Message and Alarm List provides the approved communications between the BPCS and the SIS.

SRS Component--Safety Function Sheets

The safety function sheets include the following information:

  • Sensor Input
    • Tag Name (MMS Functional Location)
    • Type (Sensor Technology)
    • Redundancy
    • Voting Architecture
    • Testing Interval
    • Diagnostic Capabilities
  • Logic Solver Type
    • Tag Name (MMS Functional Location)
  • Final Element
    • Tag Name (MMS Functional Location)
    • Type
    • Redundancy
    • Voting Architecture
    • Test Interval
      • Actuator and Solenoids (For Block Valves as Final Elements)
        • Type
        • Redundancy
        • Voting Architecture
        • Testing Interval
        • Diagnostic Requirements For All Devices (Partial Stroke Testing Used)
  • Alarms
    • SIS diagnostic Alarms (with defined operator response)
    • Process deviation messages
    • SIS action alerts
  • Maintenance Provisions
  • Bypass Requirements
  • Manual ESD Requirements
  • SIL Verification
  • Predicted Spurious Trip Rate

Safety Requirements Specification (SRS)

The Safety Requirements Specification (SRS) is a component of the documentation management program described above. A sound SRS is essential to efficient and effective design, ensuring a successful start-up, and minimizing negative impacts to maintenance and operations across the lifecycle.

At SIS-TECH the safety requirements specification (SRS) is developed in two parts: the safety function sheets and the SIS design documents. A proven-in-use work process is used that integrates the ANSI/ISA 84.01-2004 lifecycle with a project management process. The work process provides new facilities with means to incorporate the standard’s requirements into the project process with minimum disruption of the normal project management/design process. It also provides existing facilities with effective methods for documenting that the safety functions achieve the required risk reduction, thus fulfilling the “Grandfather Clause” requirements.

For new projects -
The safety function sheets provide a clear description of each safety instrumented function (SIF) and are initially developed during project front-end loading. The safety function sheets also provide the preliminary SIL verification for more accurate estimation of the detailed design and installation cost. As detailed design progresses, the safety function sheets and average probability of failure on demand (PFD avg) calculations are verified and updated to incorporate design and logic modifications. Also, during detailed design, safety function design documents are generated, which serve as programming, commissioning, training, and procedural tools. These design documents include overview drawings, cause and effect matrix, instrument index, power distribution overview, and approved communication list.

For existing plant operations -
The SIS standards require that you document how the existing safety systems achieve the allocated risk reduction. Although design documents were created during the original detailed design, there is typically little documentation defining the functional and integrity requirements for each individual safety function. The safety function sheets provide the functional, diagnostic, manual shutdown, testing, and bypassing requirements necessary to achieve the required risk reduction. The safety function sheets fulfill the “Grandfather Clause” of ANSI/ISA84.00.01-2004 to comply with OSHA 1910.119 requirements.

Lifecycle Documentation Management

One of the most important components of lifecycle Mechanical Integrity, and most often ignored or forgotten, is lifecycle documentation management. Ineffective documentation management will have a value detracting domino effect on IPS construction, validation, change management, reliability improvement, compliance tracking/reporting, and overall maintenance and operating efficiency.

SIS-TECH takes a very serious and holistic approach to lifecycle documentation management and has developed a software program to help manage IPS lifecycle documentation across the lifecycle from the initial Process Hazard Analysis through IPS component test and repairs in the field.