IEC 61508/61511 SIL Requirements in Norwegian Petroleum Industry
Telechargé par
Hamilton Maranhão
070 – NORWEGIAN OIL AND GAS
APPLICATION OF
IEC 61508 AND IEC 61511
IN THE NORWEGIAN PETROLEUM
INDUSTRY
(Recommended SIL requirements)
Norwegian Oil and Gas Association
Application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry
(Recommended SIL requirements)
No.: 070 Established: February 2001 Revision no.: 04 Date revised: April 2020
2 of 250
Table of content
FOREWORD ................................................................................................................................................................. 4
1 INTRODUCTION ................................................................................................................................................. 5
1.1 SCOPE AND PURPOSE OF GUIDELINE .............................................................................................................. 5
1.2 CONTENT OF GUIDELINE ............................................................................................................................... 5
1.3 CHANGES FROM PREVIOUS VERSION OF THIS GUIDELINE .............................................................................. 6
2 THE IEC 61508 AND IEC 61511 STANDARDS ................................................................................................ 7
3 REFERENCES .................................................................................................................................................... 10
4 DEFINITIONS AND ABBREVIATIONS ......................................................................................................... 12
4.1 DEFINITIONS ............................................................................................................................................... 12
4.2 ABBREVIATIONS ......................................................................................................................................... 13
5 MANAGEMENT OF FUNCTIONAL SAFETY .............................................................................................. 17
5.1 OBJECTIVE .................................................................................................................................................. 17
5.2 RISK REDUCTION, BARRIER MANAGEMENT AND MANAGEMENT OF FUNCTIONAL SAFETY ........................... 17
5.3 COMPETENCE REQUIREMENTS .................................................................................................................... 18
5.3.1 SIS design............................................................................................................................................... 18
5.3.2 SIS follow-up during operation .............................................................................................................. 18
5.4 SAFETY PLANNING ...................................................................................................................................... 19
5.5 FUNCTION SAFETY AUDITS AND REVISIONS................................................................................................. 19
5.6 VERIFICATION ............................................................................................................................................ 19
5.7 VALIDATION ............................................................................................................................................... 20
6 FUNCTIONAL SAFETY ASSESSMENT ........................................................................................................ 21
6.1 OBJECTIVE .................................................................................................................................................. 21
6.2 FSA EXECUTION ......................................................................................................................................... 21
7 DETERMINING SIL REQUIREMENTS ......................................................................................................... 23
7.1 OBJECTIVE .................................................................................................................................................. 23
7.2 APPROACH .................................................................................................................................................. 23
7.3 HAZARD AND RISK ANALYSIS ..................................................................................................................... 25
7.3.1 Scope of hazard and risk analysis .......................................................................................................... 25
7.3.2 Process Hazard Analysis (PHA) ............................................................................................................ 25
7.4 DEFINITION OF SAFETY INSTRUMENTED FUNCTIONS AND SIL ALLOCATION ............................................... 26
7.5 MINIMUM SIL REQUIREMENTS ................................................................................................................... 27
7.6 HANDLING OF DEVIATIONS FROM THE MINIMUM SIL REQUIREMENTS ........................................................ 36
7.6.1 Identification of deviations from the minimum SIL table ....................................................................... 36
7.6.2 Determination of SIL for safety functions where section 7.5 is not applicable ...................................... 36
7.7 SAFETY REQUIREMENTS SPECIFICATION .................................................................................................... 37
8 SIS DESIGN AND ENGINEERING .................................................................................................................. 38
8.1 OBJECTIVES ................................................................................................................................................ 38
8.2 INPUT .......................................................................................................................................................... 38
8.3 SIL REQUIREMENTS ................................................................................................................................... 38
8.3.1 Quantitative requirements ..................................................................................................................... 38
8.3.2 Architectural constraints ....................................................................................................................... 39
8.3.3 Avoidance and control of systematic faults ............................................................................................ 40
8.4 PROVEN IN USE AND PRIOR USE .................................................................................................................. 41
8.4.1 Proven in use ......................................................................................................................................... 41
8.4.2 Prior use ................................................................................................................................................ 41
8.5 REQUIREMENTS TO FAILURE DATA ............................................................................................................ 42
8.5.1 Objective ................................................................................................................................................ 42
8.5.2 SIS data sources ..................................................................................................................................... 42
Norwegian Oil and Gas Association
Application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry
(Recommended SIL requirements)
No.: 070 Established: February 2001 Revision no.: 04 Date revised: April 2020
3 of 250
8.5.3 Achieving the specified risk reduction - requirements to the applied SIS data ...................................... 44
8.6 OTHER ISSUES ............................................................................................................................................. 45
8.6.1 Comparison between sensors ................................................................................................................ 45
8.6.2 HMI – Human Machine Interface .......................................................................................................... 46
8.7 INDEPENDENCE BETWEEN SAFETY SYSTEMS ............................................................................................... 46
8.8 DOCUMENTATION FROM THE DESIGN PHASE ............................................................................................... 47
9 SIS INSTALLATION, COMMISIONING AND VALIDATION .................................................................... 50
9.1 OBJECTIVES ................................................................................................................................................ 50
9.2 REQUIREMENTS .......................................................................................................................................... 50
10 SIS FOLLOW-UP DURING OPERATION.................................................................................................. 51
10.1 OBJECTIVE .................................................................................................................................................. 51
10.2 SIS DOCUMENTATION AND PREMISES FOR OPERATION................................................................................ 51
10.3 SUMMARY OF SIS FOLLOW-UP ACTIVITIES ................................................................................................. 51
10.4 SIS OPERATION ........................................................................................................................................... 54
10.4.1 Normal operation ................................................................................................................................... 54
10.4.2 Degraded operation .................................................................................................................................... 55
10.5 SIS TESTING AND MAINTENANCE ................................................................................................................ 55
10.6 SIS MONITORING AND VERIFICATION .......................................................................................................... 56
10.6.1 Failure registration and analysis ........................................................................................................... 56
10.6.2 Verification of SIL requirements during operation ................................................................................ 56
10.6.3 Periodic review of SIF overrides ........................................................................................................... 56
10.6.4 Demand rate review ............................................................................................................................... 57
10.7 SPECIAL ISSUES RELATED TO WORKOVER ................................................................................................... 57
11 SIS MODIFICATION ..................................................................................................................................... 59
11.1 OBJECTIVE OF MANAGEMENT OF CHANGE (MOC) ............................................................................................ 59
11.2 MOC PROCEDURE ............................................................................................................................................... 59
11.3 MOC DOCUMENTATION ...................................................................................................................................... 60
12 SIS DECOMMISSIONING ............................................................................................................................ 61
12.1 OBJECTIVES ................................................................................................................................................ 61
12.2 REQUIREMENTS .......................................................................................................................................... 61
APPENDIX A: BACKGROUND FOR MINIMUM SIL REQUIREMENTS ........................................................ 62
APPENDIX B: SAFETY INSTRUMENTED OVERPRESSURE PROTECTION OF VESSEL ...................... 143
APPENDIX C:CHANGES FROM PREVIOUS VERSION OF GUIDELINE .................................................... 153
APPENDIX D: QUANTIFICATION OF PROBABILITY OF FAILURE ON DEMAND (PFD) ..................... 160
APPENDIX E: LIFECYCLE PHASES, ACTIVITIES AND DOCUMENTATION .......................................... 172
APPENDIX F: SIS FOLLOW UP IN THE OPERATIONAL PHASE ................................................................ 225
APPENDIX G: INDEPENDENCE BETWEEN SAFETY FUNCTIONS ............................................................ 238
Norwegian Oil and Gas Association
Application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry
(Recommended SIL requirements)
No.: 070 Established: February 2001 Revision no.: 04 Date revised: April 2020
4 of 250
Foreword
This guideline is developed as a joint industry project between operators, vendors, engineering companies,
contractors and consultants, with the financial support of the Norwegian Oil and Gas Association. The original work
was performed during the autumn of 2000 and the first revision of the guideline was issued February 2001. An update
of the guideline was issued October 2004.
Based on experiences with using the document, and through the introduction of updated versions of IEC 61508 and
IEC 61511, a need was identified for a further update of the guideline. This work was initiated late autumn 2014 and
a draft version of the revised document was sent for comments in February 2016. The comments have been reviewed
and those considered appropriate have been implemented. This document is the second official update of the original
guideline
The overall purpose of the document is to standardize and simplify the application of IEC 61508 and IEC 61511 in
the Norwegian Petroleum Industry. Particular attention is given to IEC 61511 since most users of this guideline are
expected to adhere mainly to this standard.
Norwegian Oil and Gas Association
Application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry
(Recommended SIL requirements)
No.: 070 Established: February 2001 Revision no.: 04 Date revised: April 2020
5 of 250
1 Introduction
1.1 Scope and purpose of guideline
The main purpose of this guideline is to standardize and simplify the application of IEC 61508 and IEC 61511 for use
in the Norwegian Petroleum industry.
IEC 61508 and IEC 61511 propose a risk-based approach to identify and specify performance requirements for safety-
instrumented function (SIFs). This guideline proposes a set of predefined performance requirements for functions that
are already identified as required in international and national standards adopted by the Norwegian Petroleum sector.
The performance requirements for these predefined functions can be applied as an alternative to the performance
requirements determined from a risk-based approach. This is normally done where standard solutions with relevant
operating experience are used and the risks associated with the activity are well understood.
To obtain the required risk reduction, both SIS and other type of safety barriers are normally implemented. Details
concerning design and operation of safety related systems other than SIS are not covered by the IEC standards, and are
therefore not included in this guideline. Performance requirements for non-instrumented systems shall however be
defined and should be part of an overall barrier strategy.
Requirements to SIFs shall be described in the safety requirements specification (SRS) which provides input to the
barrier strategy document. In this guideline, requirements are proposed for selected SIFs including process shutdown,
emergency shutdown, fire and gas functions, some BOP functions and specific workover functions. The requirements
have been derived by estimating the achievable probability of failure on demand (PFD) for these functions using typical
loop diagrams and reliability data verified by industry experience (see section 8.5 and Appendix A). Based on the
estimated PFDs, the corresponding obtainable safety integrity level (SIL) requirements have been given. These
performance requirements are hereafter referred to as minimum SIL in this guideline. For some functions where only
SIL 1 is achievable, the minimum SIL has been elaborated by a specific PFD requirement (see section 7.5, and Appendix
A).
The main arguments for introducing minimum SIL requirements are:
- Simplify and standardize the process to set performance standards for barriers
- Ensure consistency in the approach to determine performance standards
- Ensure that the performance of new or modified SIFs are benchmarked against similar functions that through
operation and historical records have demonstrated satisfactory reliability.
The minimum SIL requirements in this guideline only apply if all underlying assumptions are met (cf. Appendix A). In
all other situations, applicable methods in IEC 61508 or IEC 61511 should be applied for the risk-based approach (cf.
Section 7.6). It should be emphasized that the application of minimum SIL requirements does not replace the need to
carry out a quantitative risk assessment (QRA) for the facility, as the application of minimum SIL does not ensure that
that the overall risk acceptance criteria for the facility are met. This will also be the case when using risk graph or LOPA
for determining SIL requirements; compliance with overall risk acceptance criteria should be demonstrated through a
facility QRA.
This guideline goes beyond the topic of minimum SIL requirements. Examples include management of functional
safety, detailing of safety lifecycle activities, recommended content of key SIS documentation, requirements to
personnel competence, follow-up of SIS in the operational phase, and what to regard as sufficient level of independence
between safety functions.
1.2 Content of guideline
The guideline includes:
• In the introduction (chapter 1) the purpose and scope of the guideline.
• Chapter 2 provides some background information about the IEC standards and the relationship between
different parts of the IEC 61511 standard and this guideline.
• In chapter 3 a list of references to important standards, reports and other background sources is given,
whereas chapter 4 includes a list of abbreviations as well as definitions of selected terms in the guideline.
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
1
/
250
100%
