{"id":245605,"date":"2024-10-19T16:09:18","date_gmt":"2024-10-19T16:09:18","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-61511-32017-tc\/"},"modified":"2024-10-25T11:09:47","modified_gmt":"2024-10-25T11:09:47","slug":"bs-en-61511-32017-tc","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-61511-32017-tc\/","title":{"rendered":"BS EN 61511-3:2017 – TC"},"content":{"rendered":"
IEC 61511-3:2016 is available as \/2 which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition. IEC 61511-3:2016 applies when functional safety is achieved using one or more SIF for the protection of either personnel, the general public, or the environment; may be applied in non-safety applications such as asset protection; illustrates typical hazard and risk assessment methods that may be carried out to define the safety functional requirements and SIL of each SIF; illustrates techniques\/measures available for determining the required SIL; provides a framework for establishing SIL but does not specify the SIL required for specific applications; does not give examples of determining the requirements for other methods of risk reduction. This second edition cancels and replaces the first edition published in 2003. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: Additional H&RA example(s) and quantitative analysis consideration annexes are provided.<\/p>\n
PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
---|---|---|---|---|---|---|---|
126<\/td>\n | National foreword <\/td>\n<\/tr>\n | ||||||
131<\/td>\n | English CONTENTS <\/td>\n<\/tr>\n | ||||||
136<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
138<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
140<\/td>\n | Figures Figure 1 \u2013 Overall framework of the IEC\u20ac61511 series <\/td>\n<\/tr>\n | ||||||
141<\/td>\n | 1 Scope <\/td>\n<\/tr>\n | ||||||
142<\/td>\n | 2 Normative references 3 Terms, definitions and abbreviations Figure 2 \u2013 Typical protection layers and risk reduction means <\/td>\n<\/tr>\n | ||||||
143<\/td>\n | Annexes Annex A (informative) Risk and safety integrity \u2013 general guidance A.1 General A.2 Necessary risk reduction A.3 Role of safety instrumented systems <\/td>\n<\/tr>\n | ||||||
145<\/td>\n | A.4 Risk and safety integrity Figure A.1 \u2013 Risk reduction: general concepts <\/td>\n<\/tr>\n | ||||||
146<\/td>\n | A.5 Allocation of safety requirements A.6 Hazardous event, hazardous situation and harmful event Figure A.2 \u2013 Risk and safety integrity concepts <\/td>\n<\/tr>\n | ||||||
147<\/td>\n | A.7 Safety integrity levels A.8 Selection of the method for determining the required safety integrity level Figure A.3 \u2013 Harmful event progression <\/td>\n<\/tr>\n | ||||||
148<\/td>\n | Figure A.4 \u2013 Allocation of safety requirements to the non-SIS protection layers and other protection layers <\/td>\n<\/tr>\n | ||||||
149<\/td>\n | Annex B (informative) Semi-quantitative method \u2013 event tree analysis B.1 Overview B.2 Compliance with IEC 61511-1:2016 B.3 Example B.3.1 General <\/td>\n<\/tr>\n | ||||||
150<\/td>\n | B.3.2 Process safety target B.3.3 Hazard analysis Figure B.1 \u2013 Pressurized vessel with existing safety systems <\/td>\n<\/tr>\n | ||||||
151<\/td>\n | B.3.4 Semi-quantitative risk analysis technique Tables Table B.1 \u2013 HAZOP study results <\/td>\n<\/tr>\n | ||||||
152<\/td>\n | B.3.5 Risk analysis of existing process <\/td>\n<\/tr>\n | ||||||
153<\/td>\n | Figure B.2 \u2013 Fault tree for overpressure of the vessel <\/td>\n<\/tr>\n | ||||||
154<\/td>\n | B.3.6 Events that do not meet the process safety target Figure B.3 \u2013 Hazardous events with existing safety systems <\/td>\n<\/tr>\n | ||||||
155<\/td>\n | B.3.7 Risk reduction using other protection layers B.3.8 Risk reduction using a safety instrumented function <\/td>\n<\/tr>\n | ||||||
156<\/td>\n | Figure B.4 \u2013 Hazardous events with SIL 2 safety instrumented function <\/td>\n<\/tr>\n | ||||||
157<\/td>\n | Annex C (informative) The safety layer matrix method C.1 Overview Figure C.1 \u2013 Protection layers <\/td>\n<\/tr>\n | ||||||
158<\/td>\n | C.2 Process safety target C.3 Hazard analysis <\/td>\n<\/tr>\n | ||||||
159<\/td>\n | C.4 Risk analysis technique <\/td>\n<\/tr>\n | ||||||
160<\/td>\n | C.5 Safety layer matrix Table C.1 \u2013 Frequency of hazardous event likelihood (without considering PLs) Table C.2 \u2013 Criteria for rating the severity of impact of hazardous events <\/td>\n<\/tr>\n | ||||||
161<\/td>\n | C.6 General procedure Figure C.2 \u2013 Example of safety layer matrix <\/td>\n<\/tr>\n | ||||||
163<\/td>\n | Annex D (informative) A semi-qualitative method: calibrated risk graph D.1 Overview D.2 Risk graph synthesis <\/td>\n<\/tr>\n | ||||||
164<\/td>\n | D.3 Calibration Table D.1 \u2013 Descriptions of process industry risk graph parameters <\/td>\n<\/tr>\n | ||||||
165<\/td>\n | D.4 Membership and organization of the team undertaking the SIL assessment <\/td>\n<\/tr>\n | ||||||
166<\/td>\n | D.5 Documentation of results of SIL determination D.6 Example calibration based on typical criteria <\/td>\n<\/tr>\n | ||||||
167<\/td>\n | Figure D.1 \u2013 Risk graph: general scheme <\/td>\n<\/tr>\n | ||||||
168<\/td>\n | Table D.2 \u2013 Example calibration of the general purpose risk graph <\/td>\n<\/tr>\n | ||||||
169<\/td>\n | D.7 Using risk graphs where the consequences are environmental damage Table D.3 \u2013 General environmental consequences <\/td>\n<\/tr>\n | ||||||
170<\/td>\n | D.8 Using risk graphs where the consequences are asset loss D.9 Determining the integrity level of instrument protection function where the consequences of failure involve more than one type of loss Figure D.2 \u2013 Risk graph: environmental loss <\/td>\n<\/tr>\n | ||||||
171<\/td>\n | Annex E (informative) A qualitative method: risk graph E.1 General E.2 Typical implementation of instrumented functions <\/td>\n<\/tr>\n | ||||||
172<\/td>\n | E.3 Risk graph synthesis E.4 Risk graph implementation: personnel protection <\/td>\n<\/tr>\n | ||||||
173<\/td>\n | Figure E.1 \u2013 VDI\/VDE 2180 Risk graph \u2013 personnel protection and relationship to SILs <\/td>\n<\/tr>\n | ||||||
174<\/td>\n | E.5 Relevant issues to be considered during application of risk graphs Table E.1 \u2013 Data relating to risk graph (see Figure E.1) <\/td>\n<\/tr>\n | ||||||
176<\/td>\n | Annex F (informative) Layer of protection analysis (LOPA) F.1 Overview <\/td>\n<\/tr>\n | ||||||
177<\/td>\n | F.2 Impact event F.3 Severity level Table F.1 \u2013 HAZOP developed data for LOPA <\/td>\n<\/tr>\n | ||||||
178<\/td>\n | F.4 Initiating cause Figure F.1 \u2013 Layer of protection analysis (LOPA) report Table F.2 \u2013 Impact event severity levels <\/td>\n<\/tr>\n | ||||||
179<\/td>\n | F.5 Initiation likelihood F.6 Protection layers Table F.3 \u2013 Initiation likelihood <\/td>\n<\/tr>\n | ||||||
180<\/td>\n | F.7 Additional mitigation F.8 Independent protection layers (IPL) Table F.4 \u2013 Typical protection layers (prevention and mitigation) PFDavg <\/td>\n<\/tr>\n | ||||||
181<\/td>\n | F.9 Intermediate event likelihood F.10 SIF integrity level F.11 Mitigated event likelihood F.12 Total risk <\/td>\n<\/tr>\n | ||||||
182<\/td>\n | F.13 Example F.13.1 General F.13.2 Impact event and severity level F.13.3 Initiating cause F.13.4 Initiating likelihood F.13.5 General process design F.13.6 BPCS F.13.7 Alarms <\/td>\n<\/tr>\n | ||||||
183<\/td>\n | F.13.8 Additional mitigation F.13.9 Independent protection layer(s) (IPL) F.13.10 Intermediate event likelihood F.13.11 SIS F.13.12 Next SIF <\/td>\n<\/tr>\n | ||||||
185<\/td>\n | Annex G (informative) Layer of protection analysis using a risk matrix G.1 Overview Figure G.1 \u2013 Layer of protection graphic highlighting proactive and reactive IPL <\/td>\n<\/tr>\n | ||||||
187<\/td>\n | G.2 Procedure G.2.1 General G.2.2 Step 1: General Information and node definition Figure G.2 \u2013 Work process used for Annex G <\/td>\n<\/tr>\n | ||||||
188<\/td>\n | G.2.3 Step 2: Describe hazardous event Figure G.3 \u2013 Example process node boundary for selected scenario Table G.1 \u2013 Selected scenario from HAZOP worksheet <\/td>\n<\/tr>\n | ||||||
190<\/td>\n | Table G.2 \u2013 Selected scenario from LOPA worksheet <\/td>\n<\/tr>\n | ||||||
191<\/td>\n | G.2.4 Step 3: Evaluate initiating event frequency <\/td>\n<\/tr>\n | ||||||
192<\/td>\n | G.2.5 Step 4: Determine hazardous event consequence severity and risk reduction factor Table G.3 \u2013 Example initiating causes and associated frequency <\/td>\n<\/tr>\n | ||||||
193<\/td>\n | G.2.6 Step 5: Identify independent protection layers and risk reduction factor Table G.4 \u2013 Consequence severity decision table Table G.5 \u2013 Risk reduction factor matrix <\/td>\n<\/tr>\n | ||||||
194<\/td>\n | G.2.7 Step 6: Identify consequence mitigation systems and risk reduction factor <\/td>\n<\/tr>\n | ||||||
195<\/td>\n | G.2.8 Step 7: Determine CMS risk gap Table G.6 \u2013 Examples of independent protection layers (IPL) with associated risk reduction factors (RRF) and probability of failure on demand (PFD) Table G.7 \u2013 Examples of consequence mitigation system (CMS) with associated risk reduction factors (RRF) and probability of failure on demand (PFD) <\/td>\n<\/tr>\n | ||||||
196<\/td>\n | Figure G.4 \u2013 Acceptable secondary consequence risk Figure G.5 \u2013 Unacceptable secondary consequence risk <\/td>\n<\/tr>\n | ||||||
197<\/td>\n | Table G.8 \u2013 Step 7 LOPA worksheet (1 of 2) <\/td>\n<\/tr>\n | ||||||
198<\/td>\n | G.2.9 Step 8: Determine scenario risk gap G.2.10 Step 9: Make recommendations when needed Figure G.6 \u2013 Managed secondary consequence risk <\/td>\n<\/tr>\n | ||||||
199<\/td>\n | Table G.9 \u2013 Step 8 LOPA worksheet (1 of 2) <\/td>\n<\/tr>\n | ||||||
200<\/td>\n | Annex H (informative) A qualitative approach for risk estimation & safety integrity level (SIL) assignment H.1 Overview <\/td>\n<\/tr>\n | ||||||
201<\/td>\n | Figure H.1 \u2013 Workflow of SIL assignment process <\/td>\n<\/tr>\n | ||||||
202<\/td>\n | H.2 Risk estimation and SIL assignment H.2.1 General H.2.2 Hazard identification\/indication H.2.3 Risk estimation Table H.1 \u2013 List of SIFs and hazardous events to be assessed <\/td>\n<\/tr>\n | ||||||
203<\/td>\n | H.2.4 Consequence parameter selection (C) (Table H.2) Figure H.2 \u2013 Parameters used in risk estimation Table H.2 \u2013 Consequence parameter\/severity level <\/td>\n<\/tr>\n | ||||||
204<\/td>\n | H.2.5 Probability of occurrence of that harm Table H.3 \u2013 Occupancy parameter\/Exposure probability (F) <\/td>\n<\/tr>\n | ||||||
205<\/td>\n | Table H.4 \u2013 Avoidance parameter\/avoidance probability <\/td>\n<\/tr>\n | ||||||
206<\/td>\n | H.2.6 Estimating probability of harm H.2.7 SIL assignment Table H.5 \u2013 Demand rate parameter (W) <\/td>\n<\/tr>\n | ||||||
207<\/td>\n | Table H.6 \u2013 Risk graph matrix (SIL assignment form for safety instrumented functions) Table H.7 \u2013 Example of consequence categories <\/td>\n<\/tr>\n | ||||||
209<\/td>\n | Annex I (informative) Designing & calibrating a risk graph I.1 Overview I.2 Steps involved in risk graph design and calibration I.3 Risk graph development <\/td>\n<\/tr>\n | ||||||
210<\/td>\n | I.4 The risk graph parameters I.4.1 Choosing parameters I.4.2 Number of parameters I.4.3 Parameter value I.4.4 Parameter definition Figure I.1 \u2013 Risk graph parameters to consider <\/td>\n<\/tr>\n | ||||||
211<\/td>\n | I.4.5 Risk graph I.4.6 Tolerable event frequencies (Tef) for each consequence Figure I.2 \u2013 Illustration of a risk graph with parameters from Figure I.1 <\/td>\n<\/tr>\n | ||||||
212<\/td>\n | I.4.7 Calibration <\/td>\n<\/tr>\n | ||||||
213<\/td>\n | I.4.8 Completion of the risk graph <\/td>\n<\/tr>\n | ||||||
214<\/td>\n | Annex J (informative) Multiple safety systems J.1 Overview J.2 Notion of systemic dependencies Figure J.1 \u2013 Conventional calculations <\/td>\n<\/tr>\n | ||||||
215<\/td>\n | Figure J.2 \u2013 Accurate calculations <\/td>\n<\/tr>\n | ||||||
217<\/td>\n | J.3 Semi-quantitative approaches Figure J.3 \u2013 Redundant SIS <\/td>\n<\/tr>\n | ||||||
218<\/td>\n | J.4 Boolean approaches Figure J.4 \u2013 Corrective coefficients for hazardous event frequency calculations when the proof tests are performed at the same time Figure J.5 \u2013 Expansion of the simple example <\/td>\n<\/tr>\n | ||||||
219<\/td>\n | Figure J.6 \u2013 Fault tree modelling of the multi SIS presented in Figure J.5 <\/td>\n<\/tr>\n | ||||||
220<\/td>\n | Figure J.7 \u2013 Modelling CCF between SIS1 and SIS2 Figure J.8 \u2013 Effect of tests staggering <\/td>\n<\/tr>\n | ||||||
221<\/td>\n | J.5 State-transition approach Figure J.9 \u2013 Effect of partial stroking <\/td>\n<\/tr>\n | ||||||
222<\/td>\n | Figure J.10 \u2013 Modelling of repair resource mobilisation <\/td>\n<\/tr>\n | ||||||
223<\/td>\n | Figure J.11 \u2013 Example of output from Monte Carlo simulation <\/td>\n<\/tr>\n | ||||||
224<\/td>\n | Figure J.12 \u2013 Impact of repairs due to shared repair resources <\/td>\n<\/tr>\n | ||||||
225<\/td>\n | Annex K (informative) As low as reasonably practicable (ALARP) and tolerable risk concepts K.1 General K.2 ALARP model K.2.1 Overview <\/td>\n<\/tr>\n | ||||||
226<\/td>\n | K.2.2 Tolerable risk target Figure K.1 \u2013 Tolerable risk and ALARP <\/td>\n<\/tr>\n | ||||||
227<\/td>\n | Table K.1 \u2013 Example of risk classification of incidents Table K.2 \u2013 Interpretation of risk classes <\/td>\n<\/tr>\n | ||||||
228<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Tracked Changes. Functional safety. Safety instrumented systems for the process industry sector – Guidance for the determination of the required safety integrity levels<\/b><\/p>\n |