Ian Curtis, safety consultant for Siemens Industry Automation, advocates a ‘back to basics’ approach to ensure effective functional safety and says modern safety system tools can help reduce complexity, deliver value and drive risk reduction when implementing a safety instrumented system (SIS).

When implementing a safety instrumented system (SIS), it is important to take a holistic approach to ensure functional safety technology contributes effectively to risk reduction. Part of the answer to achieving this lies in the effective use of existing and new standards, and a structured approach to safety system implementation through effective functional safety management. However, also key to the process is new technologies and tools which help simplify aspects of the safety lifecycle.

Following standards is the accepted route to achieve best practice. Historically, many of the application oriented standards take a prescriptive approach whilst the newer standards, such as IEC 61508 and IEC 61511, promote a more performance-based approach. In an effort to get the best of both worlds, there are recent guidance documents and standards advocating a combination of both approaches.

An effective combination

Technical reports from the ISA such as ‘Guidance on the Identification of Safety Instrumented Functions (SIFs) in Burner Management Systems (BMS)’ (ISA-TR84.00.05-2009) help demonstrate a combined approach. In addition, recent guidance on fire and gas systems such as ‘Guidance on the Evaluation of Fire, Combustible Gas and Toxic Gas System Effectiveness’ (ISA-TR84.00.07-2010) follows a safety lifecycle similar to that of IEC 61511.

There are areas of performance-based standards which may be unclear as they are open to interpretation. However, there are guides available that can help clear up any confusion, such as the EEMUA Pub 222 Guide to the application of IEC 61511 to Safety Instrumented Systems.

By capturing the experience of a range of practitioners and presenting it as a useable piece of advice, guides such as these can be a valuable tool in interpreting the standards. Similarly, the IEC 61508 association provides role-based guidance in its toolbox talks from its website (www.61508.org)

The standards seek to address random hardware failures and systematic errors by having competent people develop, implement, operate and maintain a sound technical solution using good processes throughout.

Current standards

The latest version of the standard, IEC 61508 Ed.2 (2010), increases the emphasis on functional safety management and makes competence a normative requirement. Companies must ensure that those involved in the safety lifecycle are competent to perform the activities, and that they perform those duties following work processes that are in accordance with the requirements of the standard and provide documented evidence to demonstrate this.

As the name implies, a safety instrumented system comprises everything from sensor, through logic solver to actuator. IEC 61511-1 requires that equipment should be assessed for conformance with IEC 61508 or should meet the ‘prior use’ requirements. The standards don’t make third party certification or conformity assessment of systems compulsory, however, the associated guidance documents point out the benefits of such an approach.

The alternative ‘prior use’ route has proved quite challenging to date. Due to a lack of good reliability data, relatively few organisations can underpin a ‘prior use’ justification. In general this requires greater effort to meet the requirements for evidence of suitability.

In practise the path most trodden is to use systems and sub-systems from reputable vendors with a proven track record which have been conformity assessed in accordance with IEC 61508 by equally reputable independent organisations.

Sometimes technological advancements, such as more effective distribution of control and safety, can bring benefits in terms of making systems simpler to implement. As an example of this, the ability to combine both failsafe and standard I/O in the same I/O sub-systems in a Zone 1 hazardous area, with failsafe communication back to the process and safety controllers, can bring many benefits, but importantly helps to reduce complexity by incorporating the I.S. barriers into the equipment, enhancing diagnostics and significantly simplifying the SIL verification activity.

Tools of the trade

The standards place significant emphasis on a safety lifecycle approach and this has prompted a move towards more use of safety lifecycle tools. The traditional cause and effect matrix (CEM) approach for documenting and defining safety logic is well established, but a move toward encompassing other aspects of the lifecycle has taken it beyond simply being a specification tool during the analysis phase.

The newer breed of safety lifecycle tools are not just planning tools to allow an engineer to document the CEM logic required for a SIS in a form that will be familiar to them, but they can now subsequently automate the creation of the logic for the SIS and allow testing and commissioning using the same CEM format for engineering, testing and visualisation.

Software development typically follows a ‘V’ model approach – and this is also advocated by IEC 61508 for SIS software. At various levels within the ‘V’ there are requirements for test plans, verification activities and ultimately, validation. The closer the code is to the original design document, the easier all of these activities become, so the use of a CEM can bring significant benefits in terms of streamlining the software development activity.

By automating the creation of the operator graphics for the SIS logic, these tools also make a significant contribution to the latter stages of the safety lifecycle and help to close the loop by supporting change management of the SIS code.

Siemens Industry Automation


T: 0161 446 5324