SIS lifecycle management planning and the importance of it
Updated: Jun 12, 2023
In this article:
Most facilities in the process industry adapt to IEC 61511:2016, outlining requirements for lifecycle management of Safety Instrumented Systems (SIS). Experience shows that the lack of sufficient SIS lifecycle management planning gives pitfalls such as increased documentation and costs and suboptimal timing of SIS lifecycle activities.
Why SIS lifecycle management planning is vital
Most facilities in the process industry adapt to IEC 61511:2016, outlining requirements for lifecycle management of Safety Instrumented Systems (SIS). The standard addresses how to define, specify and follow up performance requirements for Safety Instrumented Functions (SIFs) acting as barriers for incidents with an impact on safety, environment, or asset. Successful implementation of the IEC 61511 standard requires early planning for all phases of the project. Experience shows that the lack of sufficient SIS lifecycle management planning gives pitfalls such as:
Increased documentation and costs. Activities and documents part of the SIS lifecycle is linked. For instance, the hazard assessment, e.g., Hazard and Operability Study (HAZOP), gives the foundation for the SIL allocation. For SIL allocation using methods such as Layers of Protection Analysis (LOPA), it is critical that the HAZOP methodology takes into consideration that the results will be used for SIL allocation, e.g., by ensuring that all safeguards are thoroughly listed, and consequences described in detail. With insufficient HAZOP documentation, follow-up studies such as the LOPA becomes more time-consuming.
Suboptimal timing of SIS lifecycle activities. If you perform SIS lifecycle activities too late it may cause a significant cost impact if you need to re-design after procurement of SIS subcomponents. Further, activities performed too early may lead to a need for significant updates of project documentation upon design changes.
Operations not covered in SIS lifecycle management. The operational phase typically receives limited attention compared to the design phase. However, thorough follow-up of SIS in operation, e.g., through demand rate monitoring and SIF component failure monitoring is required to ensure that the SIS meets its intended risk reduction, and can be used to e.g., optimize test intervals, potentially reducing OPEX and/or increasing safety.
Planning of SIS activities
Good planning requires the SIS owner to, as early as possible, outline the holistic approach to how you shall implement functional safety in the project, through the following main aspects as specified by IEC 61511-1:2016 Section 5:
Firstly, describe the project organization responsible for functional safety and demonstrate the competency.
Secondly, describe how to follow up quality management, both for the SIS owner and suppliers.
Lastly, prepare an SIS lifecycle plan describing the activities that you should perform at various stages; input/out required, accountable party, and verification activity needed.
Normally, you document the planning of the SIS lifecycle management in a Functional Safety Management Plan (FSMP). You are to keep it updated through all phases of the SIS lifecycle. The intention of the FSMP is to detail how to handle the SIS lifecycle management through all phases of the project, from design to decommissioning.
It is advisable that you make the FSMP as specific and to the point as possible so that it gives sufficient guidance for the entire SIS lifecycle, as you shall use the FSMP actively as the project functional safety road map. ORS recommends keeping the FSMP short by focusing on the actual implementation of functional safety in the given project and avoiding repetition of requirements from the IEC 61511 standard, and other applicable standards, governing documents, and guidelines. You can beneficially use specific references to other company documents where information is not unique for the specific project.
Creating the FSMP
The list below gives a recommendation of an FSMP structure, including guidance on some of the main sections of the FSMP.
Definitions
Abbreviations
1 – Introduction
1.1 – Objective
1.2 – Project background
1.3 – Standards and references
Define standards that set the requirements for functional safety and safety instrumented systems in the project, (e.g., IEC 61508:2010 and 61511:2016), guidelines (E.g., NoG GL 070), and company standards, but limited to those related to functional safety.
1.4 – Update of FSMP
Define who is responsible for keeping the FSMP up to date during all project phases. This should be a defined role/person. Clearly define milestones where the FSMP requires an update.
2 – Competence and organization
2.1 – Organization
(IEC 61511-1:2016, 5.2.2.1). Define the organization responsible for implementing functional safety in the project. It is advisable to include this as a functional safety organization chart, including the specification of accountabilities. The organization should also reflect the various phases of the SIS lifecycle, as responsibility is often shifted from an EPC contractor to the operator at a certain stage in the Lifecycle. It is recommended that the organization chart should reflect a single overall entity responsible for the implementation of functional safety across the project, in order to manage potential issues with several interfaces and subcontractors and ensure that the application of functional safety in the project is kept consistent.
2.2 – Competence
(IEC 61511-1:2016, 5.2.2.2). The FSMP should specify minimum competency requirements for each of the roles specified in Section 2.1 (Organization). Examples of such competency requirements could be the specification of minimum years of experience with functional safety-related work. This could be included in the organization chart included in Section 2.1. Any internal procedures for competency management should also be referred to, as specified in IEC 61511-1:2016 5.2.2.3.
3 – Quality Management System
(IEC 61511-1:2016, 5.2.5.2). Describe the internal Quality Management System (QMS). Rather than repeating the content of the QMS, add a specific reference. Further, it should be described how the quality management system of suppliers is followed up. Often, it is a general vendor approval process that validates the suppliers. If this is the case, and it covers a check of the quality management system, you should describe and refer to this in the FSMP. Further, the focus should be on functional safety-related aspects of quality management rather than just generic quality management.
4 – Safety Planning
(IEC 61511:1-2016, 5.2.4 and Clause 6) The intention of this chapter is to give you a description of all the SIS lifecycle activities that you should perform, including a description of the timeline, accountabilities, input/output required, and deliverables. This is to be specified per phase, in the following sub-sections. This first sub-section should give a timeline with an overview of each of the lifecycle phases and related activities. Further, this section should give a clear overall plan for how to implement functional safety. The safety planning section should clearly indicate an overall plan for how to document and connect the various lifecycle phases including information flow to ensure a consistent functional safety approach.
What is the overall purpose for functional safety in the project?
Which aspects, packages, subcontractors, and systems in the project must adhere to the FSMP and to IEC 61511 / 61508?
How shall you document these activities?
You must keep information related to functional safety up to date. Which systems are in place to ensure that?
Special MOC procedures required for functional safety?
Requirements for updating an SIS lifecycle document/phase and description of events and design changes that should trigger an update of an SIS lifecycle phase.
4.2 – Phase 1 – Hazard and risk assessment
For each phase, you could describe the safety planning in a table format with each row describing a deliverable or activity. Further, you could use the following columns:
Reference to IEC 61511:1-2016 requirement
Description of activity/deliverable
Responsible
Document number and revision number (for you to keep updated)
Input required (Such as P&IDs in revision XX, C&E charts, and design basis)
Output, including its application to subsequent lifecycle phases.
4.3 – Phase 2 – Allocation of safety functions to protection layers
4.4 – Phase 3 – Safety Requirement Specification (SRS) for the SIS
4.5 – Phase 4 – Design and Engineering of Safety Instrumented System
4.6 – Phase 5 – Installation, commissioning, and validation
For operations, typical activities necessary for SIS performance monitoring are periodic proof testing, reporting/handling of failures, and demand rate monitoring. The FSMP should give you an overview of the main activities that you should perform and how and where you will document this (such as operating procedures, test procedures, procedures for failure and demand reporting, etc.).
4.7 – Phase 6 – Operation and Maintenance
For operations, typical activities necessary for SIS performance monitoring are periodic proof testing, reporting/handling of failures, and demand rate monitoring. The FSMP should give you an overview of the main activities that you should perform and how and where you will document this (such as operating procedures, test procedures, procedures for failure and demand reporting, etc.).
4.8 – Phase 7 – Modification
4.9 – Phase 8 – Decommissioning
4.10 – Functional Safety Assessment, Auditing, and verification
(IEC 61511-1:2016, 5.2.5.1). Specify how you will follow up on actions/recommendations arising from an SIS lifecycle activity (e.g., HAZOP actions related to functional safety). It should also be specified how to handle any non-conformances arising from an SIS lifecycle activity.
4.11 – Action tracking system
(IEC 61511-1:2016, 5.2.6). Describe the third-party verification and auditing activities that you should perform (and when), for example, functional safety assessment and functional safety audit.
Lastly, do you have any questions or comments regarding this topic? Or perhaps you have some other questions regarding topics such as technical safety, system reliability, HAZOP, etc.? We here at ORS Consulting would love to help you. Please contact us.