What is your selection requirements for instrumentation used in safety instrumented functions? There are numerous specifications to consider when choosing your devices. With the current IEC 61508 and IEC 61511 standards, multiple choices exist for qualifying devices for SIS usage – both for the manufacturer and the user.
Emerson’s Natalie Strehlke and Randy Paschke shared guidance in an Emerson Exchange 2017 presentation, SIS: Success in Selection. Randy opened with an introduction to safety instrumented systems (SIS). While control systems keep the plant running, the safety instrumented system’s job is to shut down the plant and take it to a safe state. Its role is to prevent bad accidents. The overall job of the SIS is to reduce risk.
The SIS is the last layer of prevention. After that, the layers are into mitigation such as rupture disks for pressure, dikes to contain liquids, etc.
A hazard and operability analysis (HAZOP) defines the risk levels that need to be reduced. A risk reduction factor defines the safety integrity levels (SILs) for each loop in the process that requires risk reduction. For example, if a risk needs to be reduced by a factor from 10 to hundred, this would be SIL 1. From 100 to 1000 is SIL 2 and 1000 to 10,000 is SIL 3.
An SIS is comprised of all the safety instrumented functions (SIFs) or safety loops which comprise a sensor, logic solver and final control element. It is the combination of all the probabilities of failure on demand (PFD) for the SIF that determine suitability for a specific SIL.
To determine the PFD for a SIF a budget is established where based on failure rates, a percentage is applied. Typically, the sensor’s budget is 20% of the PFD. Final control elements typically have the highest percentage due to their mechanical nature and directly tough the process.
Selection of sensors is based on their prior use track record of failures or sensors can be certified by IEC 61508 for use in safety applications up to a certain SIL level. To achieve this certification, it can be based on a Failure Modes, Effects & Diagnostics Analysis (FMEDA) of all the components in the products or proven in the field with or than 100,000,000 hours of operation in the field with more than 1 year of installation.
Specific to flow application, several Micro Motion Coriolis meters and Rosemount Vortex meters are rated for use in up to SIL 2 and SIL 3 applications. The 8800 also comes in dual and quad configuration which has two or four independent sensor electronics but a single vortex shedder bar. The quad configuration supports 2 out of 3 (2oo3) voting with an extra sensor electronics that can back up the others upon the failure of electronics.
Natalie noted that the Rosemount 8800 just received certification for up to SIL 2 applications or SIL 3 with a dual configuration, 1 out of 2 (1oo2) voting. The 8800 has an all welded, non-clog design which eliminates impulse lines, ports and gaskets to improve reliability. It’s important to note that you cannot have safety without reliability.