1、 IEC 61511-2 Edition 2.0 2016-07REDLINE VERSIONFunctional safety Safety instrumented systems for the process industry sector Part 2: Guidelines for the application of IEC 61511-1:2016 IEC 61511-2:2016-07 RLV(en) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2016 IEC, Geneva, Switze
2、rland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country
3、 of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. IEC Central Office Tel.: +41 22 919 02 11 3, rue de Varemb
4、Fax: +41 22 919 03 00 CH-1211 Geneva 20 infoiec.ch Switzerland www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. About IEC public
5、ations The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. IEC Catalogue - webstore.iec.ch/catalogue The stand-alone application for consulting the entire biblio
6、graphical information on IEC International Standards, Technical Specifications, Technical Reports and other documents. Available for PC, Mac OS, Android Tablets and iPad. IEC publications search - www.iec.ch/searchpub The advanced search enables to find IEC publications by a variety of criteria (ref
7、erence number, text, technical committee,). It also gives information on projects, replaced and withdrawn publications. IEC Just Published - webstore.iec.ch/justpublished Stay up to date on all new IEC publications. Just Published details all new publications released. Available online and also once
8、 a month by email. Electropedia - www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing 20 000 terms and definitions in English and French, with equivalent terms in 15 additional languages. Also known as the International Electrotechnical Vocabulary
9、(IEV) online. IEC Glossary - std.iec.ch/glossary 65 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002. Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR. IEC Cus
10、tomer Service Centre - webstore.iec.ch/csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csciec.ch. IEC 61511-2 Edition 2.0 2016-07REDLINE VERSIONFunctional safety Safety instrumented systems for the process industry
11、sector Part 2: Guidelines for the application of IEC 61511-1:2016 INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 13.110; 25.040.01 ISBN 978-2-8322-3549-2 Registered trademark of the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized dist
12、ributor. colour inside 2 IEC 61511-2:2016 RLV IEC 2016 CONTENTS FOREWORD . 9 INTRODUCTION . 11 1 Scope 13 2 Normative references 13 3 Terms, definitions, and abbreviations 13 Annex A (informative) Guidance for IEC 61511-1 14 A.1 Scope . 14 A.2 Normative references 14 A.3 Terms, definitions and abbre
13、viations . 14 A.4 Conformance to this International Standard the IEC 61511-1: . 14 A.5 Management of functional safety . 14 A.5.1 Objective . 14 A.5.2 Guidance to “Requirements“ 15 A.6 Safety life-cycle requirements . 23 A.6.1 Objectives . 23 A.6.2 Guidance to “Requirements“ 23 A.6.3 Guidance to “Ap
14、plication program SIS safety life-cycle requirements“ . 24 A.7 Verification . 25 A.7.1 Objective . 25 A.7.2 Guidance to “Requirements“ 25 A.8 Process hazard and risk assessment (H&RA) . 27 A.8.1 Objectives . 27 A.8.2 Guidance to “Requirements“ 27 A.9 Allocation of safety functions to protection laye
15、rs 30 A.9.1 Objective . 30 A.9.2 Guidance to “Requirementsof the allocation process“ 31 A.9.3 Guidance to “Requirements on the basic process control system as a protection layer“ 33 A.9.4 Guidance to “Requirements for preventing common cause, common mode and dependent failures“ . 36 A.10 SIS safety
16、requirements specification . 37 A.10.1 Objective . 37 A.10.2 Guidance to “General requirements“ 3 7 A.10.3 Guidance to “SIS safety requirements“ 37 A.11 SIS design and engineering 42 A.11.1 Objective . 42 A.11.2 Guidance to “General requirements“ 4 2 A.11.3 Guidance to “Requirements for system behav
17、iour on detection of a fault“ 50 A.11.4 Requirements Guidance to “Hardware fault tolerance“ . 50 A.11.5 Guidance to “Requirements for selection of components and subsystems devices“ . 53 A.11.6 Field devices . 57 A.11.7 Interfaces 57 A.11.8 Guidance to “Maintenance or testing design requirements“ 59
18、 A.11.9 SIF probability of failure Guidance to “Quantification of random failure“ . 60 IEC 61511-2:2016 RLV IEC 2016 3 12 Requirements for application software, including selection criteria for utility . software . 12.1 Application software safety lifecycle requirements . 12.2 Application software s
19、afety requirements specification 12.3 Application software safety validation planning . 12.4 Application software design and development . 12.5 Integration of the application software with the SIS subsystem 12.6 FPL and LVL software modification procedures . 12.7 Application software verification .
20、A.12 SIS application program development 81 A.12.1 Objective . 81 A.12.2 Guidance to “General requirements“ . 81 A.12.4 Guidance to “Application program implementation“ . 84 A.12.3 Guidance to “Application program design“ 82 A.12.5 Guidance to “Requirements for application program verification (revi
21、ew and testing)“ 85 A.12.6 Guidance to “Requirements for application program methodology and tools“ . 89 A.13 Factory acceptance testing (FAT) 91 A.13.1 Objectives 91 A.13.2 Guidance to “Recommendations“ 91 A.14 SIS installation and commissioning 91 A.14.1 Objectives 91 A.14.2 Guidance to “Requireme
22、nts“ . 92 A.15 SIS safety validation . 92 A.15.1 Objective . 92 A.15.2 Guidance to “Requirements“ . 92 A.16 SIS operation and maintenance . 93 A.16.1 Objectives 93 A.16.2 Guidance to “Requirements“ . 93 A.16.3 Proof testing and inspection . 94 A.17 SIS modification 97 A.17.1 Objective . 97 A.17.2 Gu
23、idance to “Requirements“ . 97 A.18 SIS decommissioning 98 A.18.1 Objectives 98 A.18.2 Guidance to “Requirements“ . 98 A.19 Information and documentation requirements . 98 A.19.1 Objectives 98 A.19.2 Guidance to “Requirements“ . 98 Annex A (informative) Example of techniques for calculating the proba
24、bility of failure on demand for a safety instrumented function . Annex B (informative) Typical SIS architecture development Annex B (informative) Example of SIS logic solver application program development using function block diagram . 106 B.1 General . 106 B.2 Application program development and v
25、alidation philosophy 106 B.3 Application description 107 B.3.1 General . 107 4 IEC 61511-2:2016 RLV IEC 2016 B.3.2 Process description 107 B.3.3 Safety instrumented functions 108 B.3.4 Risk reduction and domino effects 109 B.4 Application program safety life-cycle execution 109 B.4.1 General . 109 B
26、.4.2 Inputs to application program SRS development . 109 B.4.3 Application program design and development . 112 B.4.4 Application program production 126 B.4.5 Application program verification and testing 126 B.4.6 Validation 126 Annex C (informative) Application features of a safety PLC Annex C (inf
27、ormative) Considerations when converting from NP technologies to PE technologies . 129 Annex D (informative) Example of SIS logic solver application software development methodology Annex D (informative) Example of how to get from a piping and instrumentation diagram (P&ID) to application program 13
28、5 Annex E (informative) Example of development of externally configured diagnostics for a safety-configured PE logic solver . Annex E (informative) Methods and tools for application programming 141 E.1 Typical toolset for application programming . 141 E.2 Rules and constraints for application progra
29、m design . 142 E.3 Rules and constraints for application programming 142 Annex F (informative) Example SIS project illustrating each phase of the safety life cycle with application program development using relay ladder language . 144 F.1 Overview 144 F.2 Project definition . 144 F.2.1 General . 144
30、 F.2.2 Conceptual planning 145 F.2.3 Process hazards analysis . 145 F.3 Simplified process description . 145 F.4 Preliminary design 147 F.5 IEC 61511 application . 147 F.5.1 General . 147 F.5.2 Step F.1: Hazard & risk assessment . 151 F.5.3 Hazard identification 151 F.5.4 Preliminary hazard evaluati
31、on 151 F.5.5 Accident history . 151 F.6 Preliminary process design safety considerations 154 F.7 Recognized process hazards . 154 F.8 Process design definitions strategy 155 F.9 Preliminary hazard assessment . 158 F.9.1 General . 158 F.9.2 Step F.2: Allocation of safety functions . 162 F.10 SIF safe
32、ty integrity level determination 163 F.11 Layer of protection analysis (LOPA) applied to example . 163 F.12 Tolerable risk criteria . 164 F.13 Step F.3: SIS safety requirements specifications 167 F.13.1 Overview . 167 IEC 61511-2:2016 RLV IEC 2016 5 F.13.2 Input requirements . 167 F.13.3 Safety func
33、tional requirements . 168 F.13.4 Safety integrity requirements 169 F.14 Functional description and conceptual design 170 F.14.1 Narrative for example reactor system logic . 170 F.15 SIL verification calculations . 171 F.16 Application program requirements . 178 F.17 Step F.4: SIS safety life-cycle .
34、 185 F.18 Technology and device selection . 185 F.18.1 General . 185 F.18.2 Logic solver . 185 F.18.3 Sensors . 186 F.18.4 Final elements . 186 F.18.5 Solenoid valves 186 F.18.6 Emergency vent valves 187 F.18.7 Modulating valves 187 F.18.8 Bypass valves 187 F.18.9 Human-machine interfaces (HMIs) 187
35、 F.18.10 Separation . 188 F.19 Common cause and systematic failures . 189 F.19.1 General . 189 F.19.2 Diversity 189 F.19.3 Specification errors 189 F.19.4 Hardware design errors 189 F.19.5 Software design errors . 190 F.19.6 Environmental overstress . 190 F.19.7 Temperature 190 F.19.8 Humidity 190 F
36、.19.9 Contaminants . 191 F.19.10 Vibration 191 F.19.11 Grounding 191 F.19.12 Power line conditioning 191 F.19.13 Electro-magnetic compatibility (EMC) . 191 F.19.14 Utility sources 192 F.19.15 Sensors . 193 F.19.16 Process corrosion or fouling . 193 F.19.17 Maintenance 193 F.19.18 Susceptibility to m
37、is-operation 193 F.19.19 SIS architecture . 193 F.20 SIS application program design features 194 F.21 Wiring practices 195 F.22 Security 195 F.23 Step F.5: SIS installation, commissioning, validation 196 F.24 Installation 196 F.25 Commissioning . 197 F.26 Documentation 198 F.27 Validation 198 F.28 T
38、esting . 199 F.29 Step F.6: SIS operation and maintenance . 212 6 IEC 61511-2:2016 RLV IEC 2016 F.30 Step F.7: SIS Modification 215 F.31 Step F.8: SIS decommissioning . 215 F.32 Step F.9: SIS verification . 215 F.33 Step F.10: Management of functional safety and SIS FSA 217 F.34 Management of functi
39、onal safety . 217 F.34.1 General . 217 F.34.2 Competence of personnel . 217 F.35 Functional safety assessment 217 Annex G (informative) Guidance on developing application programming practices . 218 G.1 Purpose of this guidance . 218 G.2 Generic safe application programming attributes 218 G.3 Reliab
40、ility 218 G.3.1 General . 218 G.3.2 Predictability of memory utilisation . 219 G.3.3 Predictability of control flow 220 G.3.4 Accounting for precision and accuracy 222 G.3.5 Predictability of timing 224 G.4 Predictability of mathematical or logical result 224 G.5 Robustness . 225 G.5.1 General . 225
41、 G.5.2 Controlling use of diversity . 225 G.5.3 Controlling use of exception handling . 226 G.5.4 Checking input and output 227 G.6 Traceability . 228 G.6.1 General . 228 G.6.2 Controlling use of built-in functions . 228 G.6.3 Controlling use of compiled libraries . 228 G.7 Maintainability . 228 G.7
42、.1 General . 228 G.7.2 Readability . 229 G.7.3 Data abstraction . 232 G.7.4 Functional cohesiveness 233 G.7.5 Malleability 233 G.7.6 Portability 233 Bibliography . 235 Figure 1 Overall framework of IEC 61511 series . 12 Figure 2 BPCS function and initiating cause independence illustration . Figure 3
43、 Software development lifecycle (the V-model) Figure A.1 Application program V-Model . 25 Figure A.2 Independence of a BPCS protection layer and an initiating source in the BPCS . 35 Figure A.3 Independence of two protection layers allocated to the BPCS 36 Figure A.4 Relationship of system, SIS hard
44、ware, and SIS application program . 41 Figure A.5 Illustration of uncertainties on a reliability parameter 64 Figure A.6 Illustration of the 70 % confidence upper bound . 65 Figure A.7 Typical probabilistic distribution of target results from Monte Carlo simulation . 66 IEC 61511-2:2016 RLV IEC 2016
45、 7 Figure B.1 Process flow diagram for SIF 02.01 . 108 Figure B.2 Process flow diagram for SIF 06.02 . 109 Figure B.3 Functional specification of SIF02.01 and SIF 06.02 110 Figure B.4 SIF 02.01 hardware functional architecture 110 Figure B.5 SIF 06.02 hardware functional architecture 111 Figure B.6
46、Hardware specification for SOV extracted from piping and instrumentation diagram 111 Figure B.7 SIF 02.01 hardware physical architecture 112 Figure B.8 SIF 06.02 hardware physical architecture 112 Figure B.9 Hierarchical structure of model integration . 116 Figure B.10 Hierarchical structure of mode
47、l integration including models of safety properties and of BPCS logic 118 Figure B.11 State transition diagram 119 Figure B.12 SOV typical block diagram . 120 Figure B.14 Typical model block diagram implementation BPCS part 123 Figure B.13 SOV typical model block diagram 121 Figure B.15 SOV applicat
48、ion program typical model implementation SIS part 124 Figure B.16 Complete model for final implementation model checking . 126 Figure C.1 Logic solver . Figure D.1 Example of P&ID for an oil and gas separator 135 Figure D.2 Example of (part of) an ESD cause & effect diagram (C&E) 136 Figure D.3 Exam
49、ple of (part of) an application program in a safety PLC function block programming . 137 Figure E.1 EWDT timing diagram Figure F.1 Simplified flow diagram: the PVC process 146 Figure F.2 SIS safety life-cycle phases and FSA stages 148 Figure F.3 Example of the preliminary P&ID for PVC reactor unit 157 Figure F.4 SIF S-1 Bubble diagram showing the PFD avgof each SIS device . 173 Figure F.5 S-1 Fault tree 174 Figure F.6 SIF S-2 Bubble diagram showing the PFD avg
