IEC 61511

Last updated

IEC standard 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as Safety Instrumented Systems. The title of the standard is "Functional safety - Safety instrumented systems for the process industry sector".

Contents

Scope

The process industry sector includes many types of manufacturing processes, such as refineries, petrochemical, chemical, pharmaceutical, pulp and paper, and power. The process sector standard does not cover nuclear power facilities or nuclear reactors. IEC 61511 covers the application of electrical, electronic and programmable electronic equipment. While IEC 61511 does apply to equipment using pneumatic or hydraulic systems to manipulate final elements, the standard does not cover the design and implementation of pneumatic or hydraulic logic solvers.

This standard defines the functional safety requirements established by IEC 61508 in process industry sector terminology. IEC 61511 focuses attention on one type of instrumented safety system used within the process sector, the Safety Instrumented System (SIS).

History

In 1998 the IEC, which stands for International Electrotechnical Commission published a document, IEC 61508, entitled: “Functional safety of electrical/electronic/programmable electronic safety-related systems”. This document sets the standards for safety-related system design of hardware and software. IEC 61508 is generic functional safety standard, providing the framework and core requirements for sector specific standard. Three sector specific standards have been released using the IEC 61508 framework, IEC 61511 (process), IEC 61513 (nuclear) and IEC 62061 (manufacturing/machineries). IEC 61511 provides good engineering practices for the application of safety instrumented systems in the process sector.

In the United States ANSI/ISA 84.00.01-2004 was issued in September 2004. It primarily mirrors IEC 61511 in content with the exception that it contains a grandfathering clause:

For existing safety instrumented systems (SIS) designed and constructed in accordance with codes, standards, or practices prior to the issuance of this standard (e.g. ANSI/ISA 84.01-1996), the owner/operator shall determine and document that the equipment is designed, maintained, inspected, tested, and operated in a safe manner.

The European standards body, CENELEC, has adopted the standard as EN 61511. This means that in each of the member states of the European Union, the standard is published as a national standard. For example, in Great Britain, it is published by the national standards body, BSI, as BS EN 61511. The content of these national publications is identical to that of IEC 61511. Note, however, that 61511 is not harmonized under any directive of the European Commission.

The Standard

IEC 61511 covers the design and management requirements for SISs throughout the entire safety life cycle. Its scope includes: initial concept, design, implementation, operation, and maintenance through to decommissioning. It starts in the earliest phase of a project and continues through startup. It contains sections that cover modifications that come along later, along with maintenance activities and the eventual decommissioning activities.

The standard consists of three parts:

  1. Framework, definitions, system, hardware and software requirements
  2. Guidelines in the application of IEC 61511-1
  3. Guidance for the determination of the required safety integrity levels

ISA 84.01/IEC 61511 requires a management system for identified SIS. An SIS is composed of a separate and independent combination of sensors, logic solvers, final elements, and support systems that are designed and managed to achieve a specified safety integrity level (SIL). An SIS may implement one or more safety instrumented functions (SIFs), which are designed and implemented to address a specific process hazard or hazardous event. The SIS management system should define how an owner/operator intends to assess, design, engineer, verify, install, commission, validate, operate, maintain, and continuously improve their SIS. The essential roles of the various personnel assigned responsibility for the SIS should be defined and procedures developed, as necessary, to support the consistent execution of their responsibilities.

ISA 84.01/IEC 61511 uses an order of magnitude metric, the SIL, to establish the necessary performance. A hazard and risk analysis is used to identify the required safety functions and risk reduction for specified hazardous events. Safety functions allocated to the SIS are safety instrumented functions; the allocated risk reduction is related to the SIL. The design and operating basis is developed to ensure that the SIS meets the required SIL. Field data are collected through operational and mechanical integrity program activities to assess actual SIS performance. When the required performance is not met, action should be taken to close the gap, ensuring safe and reliable operation.

IEC 61511 references IEC 61508 (the master standard) for many items such as manufacturers of hardware and instruments and so IEC 61511 cannot be fully implemented without reference to IEC 61508. IEC 61511 is the process industry implementation of IEC 61508. [1]

IEC61511 is updated with Edition 2.0

Related Research Articles

<span class="mw-page-title-main">Safety-critical system</span> System whose failure would be serious

A safety-critical system or life-critical system is a system whose failure or malfunction may result in one of the following outcomes:

Fieldbus Foundation was an organization dedicated to a single international, interoperable fieldbus standard. It was established in September 1994 by a merger of WorldFIP North America and the Interoperable Systems Project (ISP). Fieldbus Foundation was a not-for-profit trade consortium that consisted of more than 350 of the world's suppliers and end users of process control and manufacturing automation products. Working together those companies made contributions to the IEC/ISA/FDI and other fieldbus standards development.

In functional safety, safety integrity level (SIL) is defined as the relative level of risk-reduction provided by a safety instrumented function (SIF), i.e. the measurement of the performance required of the SIF.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

Software safety is an engineering discipline that aims to ensure that software, which is used in safety-related systems, does not contribute to any hazards such a system might pose. There are numerous standards that govern the way how safety-related software should be developed and assured in various domains. Most of them classify software according to their criticality and propose techniques and measures that should be employed during the development and assurance:

In functional safety a safety instrumented system (SIS) is an engineered set of hardware and software controls which provides a protection layer that shuts down a chemical, nuclear, electrical, or mechanical system, or part of it, if a hazardous condition is detected.

Standardization in oil industry seeks to promote a better standardization within the oil and energy industry. It promotes this objective by highlighting areas where standardization has worked well, where it has not, and why. This provokes discussions for better standardization. The overall purpose of the document is to issue a guideline on the application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry, and thereby simplify the use of the standards.

A high-integrity pressure protection system (HIPPS) is a type of safety instrumented system (SIS) designed to prevent over-pressurization of a plant, such as a chemical plant or oil refinery. The HIPPS will shut off the source of the high pressure before the design pressure of the system is exceeded, thus preventing loss of containment through rupture (explosion) of a line or vessel. Therefore, a HIPPS is considered as a barrier between a high-pressure and a low-pressure section of an installation.

Spurious trip level (STL) is defined as a discrete level for specifying the spurious trip requirements of safety functions to be allocated to safety systems. An STL of 1 means that this safety function has the highest level of spurious trips. The higher the STL level the lower the number of spurious trips caused by the safety system. There is no limit to the number of spurious trip levels.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely systematic errors, hardware failures and operational/environmental stress.

ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles, defined by the International Organization for Standardization (ISO) in 2011, and revised in 2018.

TargetLink is a software for automatic code generation, based on a subset of Simulink/Stateflow models, produced by dSPACE GmbH. TargetLink requires an existing MATLAB/Simulink model to work on. TargetLink generates both ANSI-C and production code optimized for specific processors. It also supports the generation of AUTOSAR-compliant code for software components for the automotive sector. The management of all relevant information for code generation takes place in a central data container, called the Data Dictionary.

<span class="mw-page-title-main">OpenSafety</span> Industrial safety communications protocol

openSAFETY is a communications protocol used to transmit information that is crucial for the safe operation of machinery in manufacturing lines, process plants, or similar industrial environments. Such information may be e.g. an alert signal triggered when someone or something has breached a light curtain on a factory floor. While traditional safety solutions rely on dedicated communication lines connecting machinery and control systems via special relays, openSAFETY does not need any extra cables reserved for safety-related information. It is a bus-based protocol that allows for passing on safety data over existing Industrial Ethernet connections between end devices and higher-level automation systems – connections principally established and used for regular monitoring and control purposes. Unlike other bus-based safety protocols that are suitable for use only with a single or a few specific Industrial Ethernet implementations and are incompatible with other systems, openSAFETY works with a wide range of different Industrial Ethernet variants.

Partial stroke testing is a technique used in a control system to allow the user to test a percentage of the possible failure modes of a shut down valve without the need to physically close the valve. PST is used to assist in determining that the safety function will operate on demand. PST is most often used on high integrity emergency shutdown valves (ESDVs) in applications where closing the valve will have a high cost burden yet proving the integrity of the valve is essential to maintaining a safe facility. In addition to ESDVs PST is also used on high integrity pressure protection systems or HIPPS. Partial stroke testing is not a replacement for the need to fully stroke valves as proof testing is still a mandatory requirement.

ISO 13849 is a safety standard which applies to parts of machinery control systems that are assigned to providing safety functions. The standard is one of a group of sector-specific functional safety standards that were created to tailor the generic system reliability approaches, e.g., IEC 61508, MIL-HDBK-217, MIL-HDBK-338, to the needs of a particular sector. ISO 13849 is simplified for use in the machinery sector.

IEC/EN 62061, ”Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems”, is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system level design of all types of machinery safety-related electrical control systems and also for the design of non-complex subsystems or devices.

Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.

Hercules is a line of ARM architecture-based microcontrollers from Texas Instruments built around one or more ARM Cortex cores. This "Hercules safety microcontroller platform" includes a series of microcontrollers specifically targeted for Functional Safety applications, through such hardware-base fault correction/detection features as dual cores that can run in lock-step, full path ECC, automated self testing of memory and logic, peripheral redundancy, and monitor/checker cores.

Cantata++, commonly referred to as Cantata in newer versions, is a commercial computer program designed for dynamic testing, with a focus on unit testing and integration testing, as well as run time code coverage analysis for C and C++ programs. It is developed and marketed by QA Systems, a multinational company with headquarters in Waiblingen, Germany.

IEC 84.00.07 is a technical report developed by the ISA 84 standards panel. It defines the lifecycle and technical requirements for ensuring effective design of fire and gas detection systems for use in the process industries. The technical report provides a lifecycle for performance based design of fire and gas detection systems, listing out the steps involved in a performance based design and establishing requirements to be implemented for each step. The technical report also defines performance metrics for application to fire and gas detection systems. The performance metrics established in this report for fire and gas system effectiveness include coverage and safety availability.

References

  1. IEC61511 Part 1 (normative)