BS EN 61511-3:2017 – TC:2020 Edition
$280.87
Tracked Changes. Functional safety. Safety instrumented systems for the process industry sector – Guidance for the determination of the required safety integrity levels
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 232 |
IEC 61511-3:2016 is available as /2 which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition. IEC 61511-3:2016 applies when functional safety is achieved using one or more SIF for the protection of either personnel, the general public, or the environment; may be applied in non-safety applications such as asset protection; illustrates typical hazard and risk assessment methods that may be carried out to define the safety functional requirements and SIL of each SIF; illustrates techniques/measures available for determining the required SIL; provides a framework for establishing SIL but does not specify the SIL required for specific applications; does not give examples of determining the requirements for other methods of risk reduction. This second edition cancels and replaces the first edition published in 2003. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: Additional H&RA example(s) and quantitative analysis consideration annexes are provided.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 126 | National foreword |
| 131 | English CONTENTS |
| 136 | FOREWORD |
| 138 | INTRODUCTION |
| 140 | Figures Figure 1 โ Overall framework of the IECโฌ61511 series |
| 141 | 1 Scope |
| 142 | 2 Normative references 3 Terms, definitions and abbreviations Figure 2 โ Typical protection layers and risk reduction means |
| 143 | Annexes Annex A (informative) Risk and safety integrity โ general guidance A.1 General A.2 Necessary risk reduction A.3 Role of safety instrumented systems |
| 145 | A.4 Risk and safety integrity Figure A.1 โ Risk reduction: general concepts |
| 146 | A.5 Allocation of safety requirements A.6 Hazardous event, hazardous situation and harmful event Figure A.2 โ Risk and safety integrity concepts |
| 147 | A.7 Safety integrity levels A.8 Selection of the method for determining the required safety integrity level Figure A.3 โ Harmful event progression |
| 148 | Figure A.4 โ Allocation of safety requirements to the non-SIS protection layers and other protection layers |
| 149 | Annex B (informative) Semi-quantitative method โ event tree analysis B.1 Overview B.2 Compliance with IEC 61511-1:2016 B.3 Example B.3.1 General |
| 150 | B.3.2 Process safety target B.3.3 Hazard analysis Figure B.1 โ Pressurized vessel with existing safety systems |
| 151 | B.3.4 Semi-quantitative risk analysis technique Tables Table B.1 โ HAZOP study results |
| 152 | B.3.5 Risk analysis of existing process |
| 153 | Figure B.2 โ Fault tree for overpressure of the vessel |
| 154 | B.3.6 Events that do not meet the process safety target Figure B.3 โ Hazardous events with existing safety systems |
| 155 | B.3.7 Risk reduction using other protection layers B.3.8 Risk reduction using a safety instrumented function |
| 156 | Figure B.4 โ Hazardous events with SIL 2 safety instrumented function |
| 157 | Annex C (informative) The safety layer matrix method C.1 Overview Figure C.1 โ Protection layers |
| 158 | C.2 Process safety target C.3 Hazard analysis |
| 159 | C.4 Risk analysis technique |
| 160 | C.5 Safety layer matrix Table C.1 โ Frequency of hazardous event likelihood (without considering PLs) Table C.2 โ Criteria for rating the severity of impact of hazardous events |
| 161 | C.6 General procedure Figure C.2 โ Example of safety layer matrix |
| 163 | Annex D (informative) A semi-qualitative method: calibrated risk graph D.1 Overview D.2 Risk graph synthesis |
| 164 | D.3 Calibration Table D.1 โ Descriptions of process industry risk graph parameters |
| 165 | D.4 Membership and organization of the team undertaking the SIL assessment |
| 166 | D.5 Documentation of results of SIL determination D.6 Example calibration based on typical criteria |
| 167 | Figure D.1 โ Risk graph: general scheme |
| 168 | Table D.2 โ Example calibration of the general purpose risk graph |
| 169 | D.7 Using risk graphs where the consequences are environmental damage Table D.3 โ General environmental consequences |
| 170 | D.8 Using risk graphs where the consequences are asset loss D.9 Determining the integrity level of instrument protection function where the consequences of failure involve more than one type of loss Figure D.2 โ Risk graph: environmental loss |
| 171 | Annex E (informative) A qualitative method: risk graph E.1 General E.2 Typical implementation of instrumented functions |
| 172 | E.3 Risk graph synthesis E.4 Risk graph implementation: personnel protection |
| 173 | Figure E.1 โ VDI/VDE 2180 Risk graph โ personnel protection and relationship to SILs |
| 174 | E.5 Relevant issues to be considered during application of risk graphs Table E.1 โ Data relating to risk graph (see Figure E.1) |
| 176 | Annex F (informative) Layer of protection analysis (LOPA) F.1 Overview |
| 177 | F.2 Impact event F.3 Severity level Table F.1 โ HAZOP developed data for LOPA |
| 178 | F.4 Initiating cause Figure F.1 โ Layer of protection analysis (LOPA) report Table F.2 โ Impact event severity levels |
| 179 | F.5 Initiation likelihood F.6 Protection layers Table F.3 โ Initiation likelihood |
| 180 | F.7 Additional mitigation F.8 Independent protection layers (IPL) Table F.4 โ Typical protection layers (prevention and mitigation) PFDavg |
| 181 | F.9 Intermediate event likelihood F.10 SIF integrity level F.11 Mitigated event likelihood F.12 Total risk |
| 182 | F.13 Example F.13.1 General F.13.2 Impact event and severity level F.13.3 Initiating cause F.13.4 Initiating likelihood F.13.5 General process design F.13.6 BPCS F.13.7 Alarms |
| 183 | F.13.8 Additional mitigation F.13.9 Independent protection layer(s) (IPL) F.13.10 Intermediate event likelihood F.13.11 SIS F.13.12 Next SIF |
| 185 | Annex G (informative) Layer of protection analysis using a risk matrix G.1 Overview Figure G.1 โ Layer of protection graphic highlighting proactive and reactive IPL |
| 187 | G.2 Procedure G.2.1 General G.2.2 Step 1: General Information and node definition Figure G.2 โ Work process used for Annex G |
| 188 | G.2.3 Step 2: Describe hazardous event Figure G.3 โ Example process node boundary for selected scenario Table G.1 โ Selected scenario from HAZOP worksheet |
| 190 | Table G.2 โ Selected scenario from LOPA worksheet |
| 191 | G.2.4 Step 3: Evaluate initiating event frequency |
| 192 | G.2.5 Step 4: Determine hazardous event consequence severity and risk reduction factor Table G.3 โ Example initiating causes and associated frequency |
| 193 | G.2.6 Step 5: Identify independent protection layers and risk reduction factor Table G.4 โ Consequence severity decision table Table G.5 โ Risk reduction factor matrix |
| 194 | G.2.7 Step 6: Identify consequence mitigation systems and risk reduction factor |
| 195 | G.2.8 Step 7: Determine CMS risk gap Table G.6 โ Examples of independent protection layers (IPL) with associated risk reduction factors (RRF) and probability of failure on demand (PFD) Table G.7 โ Examples of consequence mitigation system (CMS) with associated risk reduction factors (RRF) and probability of failure on demand (PFD) |
| 196 | Figure G.4 โ Acceptable secondary consequence risk Figure G.5 โ Unacceptable secondary consequence risk |
| 197 | Table G.8 โ Step 7 LOPA worksheet (1 of 2) |
| 198 | G.2.9 Step 8: Determine scenario risk gap G.2.10 Step 9: Make recommendations when needed Figure G.6 โ Managed secondary consequence risk |
| 199 | Table G.9 โ Step 8 LOPA worksheet (1 of 2) |
| 200 | Annex H (informative) A qualitative approach for risk estimation & safety integrity level (SIL) assignment H.1 Overview |
| 201 | Figure H.1 โ Workflow of SIL assignment process |
| 202 | H.2 Risk estimation and SIL assignment H.2.1 General H.2.2 Hazard identification/indication H.2.3 Risk estimation Table H.1 โ List of SIFs and hazardous events to be assessed |
| 203 | H.2.4 Consequence parameter selection (C) (Table H.2) Figure H.2 โ Parameters used in risk estimation Table H.2 โ Consequence parameter/severity level |
| 204 | H.2.5 Probability of occurrence of that harm Table H.3 โ Occupancy parameter/Exposure probability (F) |
| 205 | Table H.4 โ Avoidance parameter/avoidance probability |
| 206 | H.2.6 Estimating probability of harm H.2.7 SIL assignment Table H.5 โ Demand rate parameter (W) |
| 207 | Table H.6 โ Risk graph matrix (SIL assignment form for safety instrumented functions) Table H.7 โ Example of consequence categories |
| 209 | Annex I (informative) Designing & calibrating a risk graph I.1 Overview I.2 Steps involved in risk graph design and calibration I.3 Risk graph development |
| 210 | I.4 The risk graph parameters I.4.1 Choosing parameters I.4.2 Number of parameters I.4.3 Parameter value I.4.4 Parameter definition Figure I.1 โ Risk graph parameters to consider |
| 211 | I.4.5 Risk graph I.4.6 Tolerable event frequencies (Tef) for each consequence Figure I.2 โ Illustration of a risk graph with parameters from Figure I.1 |
| 212 | I.4.7 Calibration |
| 213 | I.4.8 Completion of the risk graph |
| 214 | Annex J (informative) Multiple safety systems J.1 Overview J.2 Notion of systemic dependencies Figure J.1 โ Conventional calculations |
| 215 | Figure J.2 โ Accurate calculations |
| 217 | J.3 Semi-quantitative approaches Figure J.3 โ Redundant SIS |
| 218 | J.4 Boolean approaches Figure J.4 โ Corrective coefficients for hazardous event frequency calculations when the proof tests are performed at the same time Figure J.5 โ Expansion of the simple example |
| 219 | Figure J.6 โ Fault tree modelling of the multi SIS presented in Figure J.5 |
| 220 | Figure J.7 โ Modelling CCF between SIS1 and SIS2 Figure J.8 โ Effect of tests staggering |
| 221 | J.5 State-transition approach Figure J.9 โ Effect of partial stroking |
| 222 | Figure J.10 โ Modelling of repair resource mobilisation |
| 223 | Figure J.11 โ Example of output from Monte Carlo simulation |
| 224 | Figure J.12 โ Impact of repairs due to shared repair resources |
| 225 | Annex K (informative) As low as reasonably practicable (ALARP) and tolerable risk concepts K.1 General K.2 ALARP model K.2.1 Overview |
| 226 | K.2.2 Tolerable risk target Figure K.1 โ Tolerable risk and ALARP |
| 227 | Table K.1 โ Example of risk classification of incidents Table K.2 โ Interpretation of risk classes |
| 228 | Bibliography |
