SIS-TECH Solutions, LP is celebrating the 15 anniversary of SIL Solver with its V7 product. SIL Solver started as a computational tool and evolved into a lifecycle tool with V7. 1000s of users have analyzed their safety-critical systems and identified ways to improve their performance since SIL Solver V1. The built-in database expanded from simple process technologies to cover complex technologies with high diagnostic capabilities. Throughout it all, SIS-TECH’s technical staff mentored and trained SIL Solver users enabling them to quickly analyze system functions and to try different architectures to improve performance or reduce test requirements.

---

 

SIS-TECH Solutions LP, Houston, TX has selected Denisse Corbett to lead a new initiative on process control system and interface optimization. Along with her over 15-year experience in the control systems field, Denisse is a certified functional safety professional and holds a FS Eng (TÜV Rheinland) certificate. Denisse’s new position builds on her expertise in the lifecycle management of safety instrumented systems, including design, engineering, application software programming, and systems integration.  She is fluent in English and Spanish and can execute technical work in either language.

---

 

Automation equipment in control applications is selected primarily based on operational needs, such as functionality, reliability, repeatability, accuracy, communication options, and ease of maintenance. Demonstrated in-service performance earns the equipment and its manufacturer a coveted place on the approved equipment list. Equipment in safety applications must also support the risk reduction requirements in addition to meeting the operational needs. For safety instrumented systems (SIS), the concept of approving the initial selection and continued use of equipment based on in-service performance is referred to as proven in use in IEC 61508 [2010] and prior use in IEC 61511 [2016]. Ultimately, the intent of both standards is to collect data that proves that the installed equipment is capable of providing satisfactory in-service performance.

Manufacturers often make safety integrity level (SIL) claims on their products, but SIL is a loop concept and not a device property. A SIL 1 sensor connected to a SIL 1 logic solver with an output to a SIL 1 final element may not achieve a SIL 1 loop. Like links in a chain, the integrity is limited by the weakest link, but the chain is only as strong as the whole. In many cases, it is necessary to design some, if not all, of the subsystems (the links) to achieve a higher SIL claim so that the loop (the chain) meets the required SIL.

The most troublesome result of the IEC 61508 certification process is how non-conservative the manufacturer claims appear to be. The failure rate data published by various industry data collection programs has revealed that in-service dangerous failure rates are significantly higher than what is claimed in the majority of 3rd party approval reports. For field devices, the reported values are generally 3 to 10 times lower than what is seen in actual installations. For PLCs, the manufacturer’s claims can be non-conservatively lower than in-service performance by a factor of 10 or more. This means that a lot of certified equipment is being sold based on a SIL claim at least one level higher than achievable in the installation.

IEC 61511 only requires the use of IEC 61508 compliant equipment when applying PLCs in SIL 3 applications. For all other technologies, IE  61511 clause 11.5.2.1 states, “Devices selected for use as part of a SIS with a specified SIL shall be in accordance with IEC 61508-2:2010 and IEC 61508-3:2010, and/or 11.5.3 to 11.5.6, as appropriate.” This clause lists two forms of evidence that can be used to select devices for SIS applications:

• Evaluation for compliance with IEC 61508 Part 2 (hardware) and Part 3 (software). This typically involves a 3rd party approval of a specific configuration of a product.
• Prior use or historical data. This data is typically derived from the device’s performance in similar operating environments.

When weighing these two forms of evidence, recognize that the more relevant the information is to the in-service environment, the higher the certainty that the actual failure rate will be in alignment with the assumed reliability parameters. In-service data is essential to understanding the real potential for human (or systematic) errors. In contrast to IEC 61508 compliance information, prior use identifies not only hardware failures and their root causes, but also systematic failures, which is essential for achieving industry benchmarked performance.

IEC 61511 acknowledges the importance of in-service records for justifying the continued use of existing equipment. For example, clause 5.2.5.4 states that “for existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard the user shall determine that the equipment is designed, maintained, inspected, tested, and operating in a safe manner.” The newly required stage 4 functional safety assessment involves a periodic examination of site operating and maintenance records to determine whether the installed SIS is being managed as planned and complies with the safety requirements specification.

IEC 61511’s quality metrics are also appropriate for proving the fitness for purpose of equipment in any safety control, alarm, and interlock application. Fundamentally, this approval process involves making an engineering judgment of the equipment’s design quality, functional capabilities, use factors, in-service history, failure rate in the operating environment, and ability to fulfill the safety requirements specification for the particular application.

---

 

With 12 years designing Safety Instrumented Systems (SIS) at SIS-TECH Solutions, LP, Pete Fuller knows what it takes to keep on track when it involves compliance with today’s standards. With over 35 years of experience in the instrument world (originating at NASA), Pete continues to meet the ever challenging task to come up with a design to meet target SIL’s.  Earning the FS Eng (TÜV Rheinland) certificate in 2013, demonstrates that Pete can talk the talk when it comes to process safety. Besides his specialty of designing single SIS Systems for SIS-TECH, reach out to Pete for any SIS requirement including calculations, training, and commissioning of SIS Systems.

---

 

SIS-TECH announces its new Tank Protection System (TPS) – an independent, cyber-proof system that uses the Diamond-SIS® to monitor and report asset threatening conditions in terminals, tank farms and process vessels. The Diamond-SIS^® is a state-based controller rated for hazardous locations, allowing local installation, minimizing installation and wiring costs. The Diamond-SIS^® is specifically designed for low I/O applications and its installed cost is 10% of conventional safety controllers. The Diamond-SIS^® has over a decade of continuous industrial service with zero reported failures and is certified for use in SIL 3 applications.

 

The TPS is flexible and customizable for any application. A popular configuration provides dual alarms for each condition of concern, a local operator interface for safe operation and shutdown, and an automatic overfill prevention system (AOPS). The low power consumption of the Diamond-SIS^® is ideally suited for solar power where utilities don’t exist. Options are available for communicating tank fill status to remote monitoring stations.

---

 

Hui Jin was recently promoted to Senior Risk Analyst with SIS-TECH Solutions in Houston, TX. Hui Jin has a PhD in reliability engineering from NTNU in Norway, where he developed a keen interest in the numerical assessment of safety instrumented systems in process industrial applications. At SIS-TECH, he leads the software design team for SIL Solver NG, a tool for calculating the probability of failure and nuisance trip potential of safety critical systems. Hui Jin is bilingual with fluency in Chinese and English.

---

 

SIS-TECH Solutions strongly supports The Center by sending gift boxes of their delicious gingersnaps to our best clients every holiday season since the early 2000s. The Center is a private not-for-profit United Way agency, which has for more than 60 years served children and adults through educational, residential and work training programs. The holiday gingersnaps are shipped in gold tins that are decorated with gilded handmade paper ornaments. All proceeds from cookie sales (see www.gingersnapsetc.org) are used to enrich the lives of the 600 adults at The Center located in Houston, TX.  For more information on The Center please visit www.thecenterhouston.org.

---

 

Automated systems, whether in manual or automatic mode, are complex systems where many different devices must work successfully to achieve the desired functionality. Sustaining automated system performance requires many different skill sets and planned activities to assure that the systems work as desired when required. In general, inherently safer practices can create safeguards that have less potential for dangerous failure, whether the failure occurs due to safeguard design, to a support system disruption or to human error. Some inherently safer practices bring a higher potential for spurious, or unnecessary, activation of the safety systems. If spurious operation causes intolerable losses, the functional specification should state a target spurious trip rate.

Inherently safer practices can significantly influence the automation equipment selection, fault tolerance, response to detected equipment failure, and response to detected support system failure, such as loss of communications or utilities. It is not possible to create a complete list of the automation features that could be considered inherently safer than alternative choices.  Instead, each inherently safer strategy is defined below as it applies to automation. Then, a short list of examples is provided to illustrate the strategy.

Minimize applied to automation – reducing the use of automation features that tend to increase the failure mechanisms that result in system failure.

• Select devices that do not require additional instrumentation in order to make them function properly in the given process; for example, using a remote sealed level in plugging services instead of using a device that requires process connection purging, or using a mass flow meter instead of using pressure, temperature, and density to compensate a volumetric flow reading
• Minimize blind spots in measurement by using devices that are applicable over the full range of process operating modes
• Where possible, eliminate inherently weak components, such as sight glasses, hoses, rotameters, bellows, and plastic components

Substitute applied to automation– replacing an automation feature with an alternative that reduces or eliminates the frequency of dangerous failure.

• Use materials of construction with lower corrosion or erosion rates
• Use a device that provides a direct measurement of the process parameter being controlled rather than using an indirect measurement
• Select devices that fail to the safe state on loss of any utility, such as power or instrument air, instead of devices which require energy to take action

Moderate applied to automation– using automation features to facilitate operating the facility under less hazardous conditions; using automation features which minimize or limit the impact of dangerous failure of the automation system on the process operation.

• Provide operator with redundant indication of safety variables using simple graphical displays that build trust in the automation system
• Consider minimum flow stops to prevent loss of flow in sensitive services
• Use confirmation of change prior to taking action on operator commands
• Provide first out indication and sufficient additional information to allow the operator to quickly diagnose and respond to the causes of process deviation

Simplify applied to automation– specifying automation features in a manner that eliminates unnecessary complexity and makes operating and maintenance errors less likely, and which is forgiving of errors.

• Configure systems such that loss of communication or loss of signal results in the safe state
• Make the navigation of the operator HMI and safety HMI intuitive and user-friendly
• Use distinctive labeling in plant documentation, the operator HMI, and on the components in the field for safety devices: use logical numbering for device groupings
• Use valve designs that offer a visual indication of actual position

These inherently safer practices should be implemented as part of the design, operation, maintenance, and testing of the process control and safety systems, where practicable. The sustainability and resiliency of these automation systems can be significantly enhanced through the application of the inherently safer strategies during the automation lifecycle. Contact SIS-TECH for more information on how to design and manage inherently safer automation.

---

 

Houston, Texas – SIS-TECH Solutions 2017 Training Course Calendar is now available. Courses cover process hazards analysis, risk assessment, alarm management and the design of instrumentation and controls systems for safety applications.  Whether you simply need to know more about a subject or wish to obtain your certification in functional safety, SIS-TECH has a course for you.

SIS-TECH offers approximately 2 courses per month through-out the year. Course duration varies from 1 day to 4 days depending on course topic. All courses are taught by SIS-TECH employees with extensive knowledge and experience in process safety management and control system design.

---

 

SIS-TECH Solutions LP has hired Monica Hochleitner as a Senior SCAI consultant. Along with her over 25-year experience in the process industry, Monica is a certified functional safety expert since 2008 and holds a FS Eng (TÜV Rheinland) certificate. She specializes in hazards analysis, alarm management, safety instrumented system design, and auditing.  Monica conducts training for instrumentation and controls professionals in English and Portuguese.

---