TABLE OF CONTENTS

ACKNOWLEDGEMENTS PREFACE TABLE OF CONTENTS LIST OF FIGURES LIST OF TABLES INTRODUCTION 1.1 Purpose 1.2 Target Audience 1.3 Book Road Map 1.4 Management Commitment PLANNING 2.1 Protective Management System Lifecycle 2.2 Why It Makes Good Business Sense 2.3 Documentation 2.4 Good Engineering Practices 2.4.1 Conformance 2.4.2 Application-Specific Practices 2.4.3 SIS Good Engineering Practices 2.4.4 ISA 84.01/IEC 61511 Overview 2.5 Key Management System Elements 2.5.1 Staffing 2.5.2 Responsibility and Competence 2.5.3 Independent Review 2.6 Special Topics 2.6.1 Non-safety Risks 2.6.2 Lifecycle Costs 2.6.3 Managing Organization Changes vii ix xi xix xxiii 1 3 5 8 9 11 14 19 20 24 25 26 27 28 34 34 35 36 43 43 44 44

xi

xii

Table of Contents

2.6.4 IPS Classification 2.6.5 Existing SIS RISK ASSESSMENT 3.1 Intended Audience 3.2 Input Information 3.3 Basic Work Process 3.4 Output Documentation 3.5 Key Management System Elements 3.5.1 Risk Criteria 3.5.2 Screen Hazardous Events 3.5.3 Evaluate Consequence Severity 3.5.4 Evaluate Initiating Event Frequency 3.5.5 Identify Protective Functions 3.5.6 Conceptual Allocation 3.6 Special Topics 3.6.1 Develop Risk Reduction Strategy 3.6.2 Mitigated Versus Unmitigated Risk 3.6.3 Identify Non-Protective Actions DESIGN 4.1 Intended Audience 4.2 Input Information 4.3 Basic Work Process 4.4 Output Documentation 4.5 Process Requirements 4.5.1 Operability Requirements 4.5.2 Functionality Requirements 4.5.3 Reliability Requirements 4.5.4 Maintainability Requirements 4.5.5 Classify Remaining Functions 4.5.6 Verify Process Requirements

45 46 49 52 52 56 63 65 65 69 72 74 75 76 80 80 82 83 85 88 89 90 93 95 97 99 105 106 107 107

Guidelines for Safe and Reliable IPS 4.6 I&E Requirements 4.6.1 Identify Good Engineering Practices 4.6.2 Physically Allocate IPF 4.6.3 Architecture 4.6.4 Fault Detection Strategy 4.6.5 Operator Interface 4.6.6 Independence and Common Cause 4.6.7 Cost-Benefit Analysis 4.6.8 Risk Reduction and STR Verification 4.6.9 Verify the I&E Requirements 4.7 Functional Assessment 4.8 Key Management System Elements 4.8.1 Technical Practices 4.8.2 Approved Equipment List 4.9 Special Topics 4.9.1 Independence Evaluation 4.9.2 Continuous and Demand Mode Operation ENGINEERING, INSTALLATION, COMMISSIONING AND VALIDATION 5.1 Intended Audience 5.2 Input Information 5.3 Basic Work Process 5.4 Output Documentation 5.5 Hardware 5.5.1 Application Requirements 5.5.2 Field Device Specification 5.5.3 Logic Solver Specification 5.5.4 Operator Interface Specification 5.5.5 Response Time 5.6 Software

xiii 107 110 110 116 130 137 143 144 145 146 147 148 148 149 151 151 152

155 157 158 159 163 164 164 165 166 169 171 173

xiv

Table of Contents

5.6.1 Software Specification 5.6.2 Utility Software Selection 5.6.3 Software Language Selection 5.6.4 Application Program Development 5.6.5 Managing Changes 5.7 Factory Acceptance Test 5.7.1 FAT Procedure 5.7.2 Deficiency Tracking 5.7.3 Test Documentation 5.8 Installation Plans 5.9 Commissioning Plans 5.9.1 Commissioning Sequence 5.9.2 Commissioning Activity Follow-up 5.10 Verify Operator And External Interfaces 5.11 Validation 5.11.1 Loop checks 5.11.2 Site Acceptance Test 5.11.3 Start-up Procedures 5.11.4 Hot Cutover 5.11.5 Pre-Startup Safety Review 5.12 Management Of Change OPERATIONAL AND MECHANICAL INTEGRITY 6.1 Intended Audience 6.2 Input Information 6.3 Basic Work Process 6.3.1 Developing IPS Procedures 6.3.2 Auditing IPS Procedures 6.3.3 Revising IPS Procedures 6.4 Output Documentation 6.5 Operating Procedures

174 175 176 177 180 180 181 183 183 184 185 187 189 190 191 191 192 194 195 195 196 197 198 199 199 201 204 204 204 206

Guidelines for Safe and Reliable IPS

XV

6.5.1 Operator Response to Hazardous Events 6.5.2 Operator Response to Failure 6.5.3 Compensating Measures and MTTR 6.6 Bypass Management Procedure 6.7 Maintenance Procedures 6.8 Training 6.8.1 Operations 6.8.2 Maintenance 6.8.3 Engineering 6.8.4 Auditing 6.9 Managing Changes 6.9.1 Access Security 6.9.2 Management of Change 6.9.3 Hardware Configuration Management 6.9.4 Embedded Software Management 6.9.5 Application Program Management 6.9.6 Decommissioning 6.10 Monitoring Performance 6.10.1 Process Demands 6.10.2 Detected Faults 6.10.3 Dangerous Failures 6.10.4 Spurious Operation 6.10.5 Personnel conformance to work practices CONTINUOUS IMPROVEMENT 7.1 Intended Audience 7.2 Input Information 7.3 Basic Work Process 7.3.1 Understanding History 7.3.2 Benchmarking Current Status 7.3.3 Defining Gaps

207 208 208 209 210 212 213 214 214 214 215 216 216 217 218 218 219 220 220 221 221 222 223 225 227 228 231 232 233 233

xvi

Table of Contents

7.4 Output Documentation 7.5 Determining Path Forward DEFINITIONS PROTECTION LAYERS B. 1 Inherently Safer Design B.2 Control B.2.1 Control Function B.2.2 Protective Function B.3 Supervisory B.3.1 Operator Activities B.3.2 Operator Alarms with Response B.3.3 Instrumented Systems B.4 Preventive B.4.1 Instrumented Systems B.5 Mitigative B.5.1 Mechanical Equipment B.5.2 Instrumented Systems B.6 Barriers B.7 Limitation B.8 Response CORE ATTRIBUTES C.l Independence C.2 Functionality C.3 Integrity C.4 Reliability C.5 Auditability C.6 Access Security C.7 Management Of Change UNDERSTANDING FAILURE D. 1 Caution-It's A Benchmark

235 236 239 267 269 271 272 275 276 277 279 284 284 285 287 287 289 294 295 299 301 301 303 304 305 306 306 309 311 313

Guidelines for Safe and Reliable IPS D.2 A "Bathtub" Viewpoint D.3 Failure Types D.3.1 Random failures D.3.2 Systematic failures D.3.3 Common Cause Failures D.4 Failure Classification D.4.1 Safe and Dangerous Failures D.4.2 Detected and Undetected Failures D.5 IPF Performance Metrics D.5.1 Failure Rate D.5.2 Instantaneous Probability of Failure D.S.3 Average Probability of Failure on Demand D.5.4 Beta Factor D.6 Spurious Trip Rate D.7 Example Application PROCESS EQUIPMENT RELIABILITY DATABASE USER APPROVED EQUIPMENT AND PRACTICES F. 1 User Approved F.1.1 Operating environment F.1.2 Analysis and Testing F.1.3 Prior Use History F.2 Evolution Of Plant Automation F.2.1 Basic Process Control System F.2.2 Safety Instrumented System F.2.3 Future Technology F.3 Logic Solver Considerations F.3.1 Technologies F.3.2 Electrical Systems F.3.3 Electronic Systems F.3.4 Programmable Electronic System

xvii 314 317 318 319 322 325 326 328 330 331 332 335 338 338 340 343 347 347 350 350 352 355 357 357 359 360 360 361 362 363

xviii

Table of Contents

F.3.5 Logic Solver Separation F.4 Field Device Considerations F.4.1 Separation F.4.2 Inputs F.4.3 Final Elements F.5 Utilities F.5.1 Instrument air F.5.2 Power F.6 Wiring Practices F.7 Communications And Interconnectivity F.8 Prescriptive Designs F.8.1 SIL 1 F.8.2 SIL 2 F.8.3 SIL 3 REFERENCES ACRONYMS AND ABBREVIATIONS INDEX

364 366 367 368 371 373 374 375 379 381 383 384 384 385 387 393 396