Functional safety: a proportional approach to legacy safety systems

The requirement for identification, specification and maintenance of Safety Instrumented Systems (SIS) is contained throughout legislation, with the industry-wide good practice standard being IEC 61508, Functional safety of electrical/ electronic/ programmable electronic safety related systems. SIS are specific electrical or electronic systems that prevent or mitigate the effect of a hazard.

PRACTICAL PROBLEMS

For sites with legacy SIS in place there is a burden of responsibility on the site operator to demonstrate these systems are being managed actively and are fit for purpose. However, there are a number of practical difficulties:

1. Requirement for quantitative or semi-quantitative assessment – previous assessments may have been qualitative only, therefore the additional data requirements and techniques involved may be unfamiliar.
2. How to assess all the relevant faults for each system? The list of potential faults leading to the hazardous event can be extensive.
3. Some requirements of IEC 61508 may be difficult and expensive to retrofit to existing systems or to demonstrate retrospectively.

A PROPORTIONAL APPROACH

These difficulties may be overcome by adopting the proportional approach described in Box 1. Using this high level, order of magnitude methodology allows a result to be obtained using a relatively simple methodology. The first and second stages are applied to screen out low risk hazards, leaving only the significant risks.  These are assessed using Layers of Protection Analysis (LOPA) to reveal whether the existing SIS is required to provide a Safety Integrity Level (SIL) rated safety function. The assessment can be largely based upon existing documentation and can quickly identify any weaknesses in protection.

The fifth step is a review of whether the overall risk can be regarded As Low As Reasonably Practicable (ALARP), or if there are further, or alternative safeguards that could be put in place.

CONCLUSION

A high level approach is often sufficient to identify any weaknesses in legacy safety instrumented systems. Where weaknesses are identified through LOPA, applying an ALARP review can often highlight simple procedural or non-electrical/electronic engineering controls, thus avoiding unnecessarily onerous SIL requirements altogether.

This article first appeared in RISKworld issue 27