Adopting the IEC 61511 Safety Lifecycle Standard

I saw a great article from exida‘s Dr. Peter Clarke, Setting the Standard, on how process plants can benefit through proper and careful adoption of the IEC 61511 global safety standard. It’s perhaps the best primer I’ve seen in a while on the safety lifecycle and the role of safety instrumented systems. He describes the functional safety concept, stages of the safety lifecycle, design errors, multi-layer strategy for systematic failures, and the bottom line benefits to the IEC 61511 approach.

I ran the article by members of our process safety system community for their thoughts. Emerson’s Tadeu Batista, a Certified Functional Safety Professional (CFSP) based in Brazil, provided me some of his perspectives on the article and how the IEC 61511 standard is being applied there.

In functional safety section, Dr. Clarke notes:

For the process industry, our guiding hand through the complex and challenging world of SIS is the international standard IEC 61511. It explains that our SIS needs our attention from cradle to grave – and even before the SIS arrives in the cradle, when we are still wondering whether we need to install a SIS at all.

Tadeu shares his perceptions on where IEC 61511 stands in Brazil:

It’s really true that in mature markets, the regulations are powerful drivers of standard and good practices adoption. This is not totally true in emerging markets, usually, only big players, with foreign investments has a more specific Safety Approach, mainly when talking about Process Safety. The good news is the IEC 61511 is being translated to Portuguese, and soon it will become more widespread. The effects are visible; End Users, EPC and even Process Manufacturers are eager for knowledge about Functional Safety and the standards.

This article highlights that not only the fear of regulatory penalties should be consider in order to put a SIS in place, but plant availability, equipment damage, personal injury and today, brand image damage. Many studies show that having a solid Safety Management System, based on standards, is far less expensive than answering to a catastrophic situation.

The article examines the safety lifecycle:

In the first lifecycle period, we analyse the risks involved in running the plant. First, we must decide how much safety risk we can tolerate; optionally, we can also consider other types of harm such as environmental damage, downtime, equipment damage and loss of reputation. Zero risk is not a meaningful target, because it is unachievable…

Tadeu adds:

Although being a time consuming process, determining a tolerable risk that is both safe and cost-effective is key in developing a Functional Safety study, resulting in feasible Safety Management Systems, with all the required elements (Safeguards, SIS, Procedures, etc). Zero Risk is an unreachable target, but also tolerating excessive risks based on economic considerations is not a good choice. Historical data, organizations such as OREDA and Exida, and even some governments can supply information to set the baseline of a tolerable risk definition.

The article stresses the importance of project management in the safety lifecycle:

In parallel with all the phases of the safety lifecycle, IEC 61511 demands proper management of every activity undertaken, from first concept to final disposal of the safety equipment. There are many aspects to this – competency requirements, planning, and documentation control, to name a few – but, for our purposes, we will focus on two particular aspects here: confirmation that the lifecycle is doing its job in delivering safety, and management of change.

Tadeu shares:

Here’s where the IEC61511 shows its most important directive, even having an exhaustive Conceptual Design and Project Design process is no guarantee of having achieved the RRF [risk reduction factor] required, and it’s only true until the second the validation process is executed.

The only way to ensure that your safety instrumented system is installed and works properly is having a Safety Management System in place. With continuous monitoring and verification process following the PDCA [plan-do-check-act] concept, and with a consistent modification procedure, covering all the interferences of a possible SIF [safety instrumented function] modification, changing a set point or re-engineering a SIF without verifying all the impact, can cause many reengineering hours during the Conceptual Design phase.

This post cannot do justice to all of the points made in the article. Give it a read if you’d like to learn more about considerations in the IEC 61511 safety lifecycle.

Leave a Reply