1、 AMERICAN NATIONAL STANDARD ANSI/ISA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) Functional Safety: Safety Instrumented Systems for the Process Industry Sector Part 3: Guidance for the Determination of the Required Safety Integrity Levels Informative Approved 2 September 2004 ANSI/ISA-84.00.01-2004 Part
2、3 (IEC 61511-3 Mod) Functional safety: Safety Instrumented Systems for the Process Industry Sector Part 3: Guidance for the Determination of the Required Safety Integrity Levels - Informative ISBN: 978-1-55617-921-1 Copyright 2004 by IEC and ISA. All rights reserved. Not for resale. Printed in the U
3、nited States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without the prior written permission of the Publisher. ISA 67 Alexander Drive P.O. Box 122
4、77 Research Triangle Park, North Carolina 27709 USAANSI/ISA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) 3 Copyright 2004 ISA. All rights reserved. Preface This preface, as well as all footnotes, is included for information purposes and is not part of ANSI/ISA-84.00.01-2004 Part 3 (IEC 61511-3 Mod). This
5、document has been prepared as part of the service of ISA the Instrumentation, Systems, and Automation Society toward a goal of uniformity in the field of instrumentation. To be of real value, this document should not be static but should be subject to periodic review. Toward this end, the Society we
6、lcomes all comments and criticisms and asks that they be addressed to the Secretary, Standards and Practices Board; ISA; 67 Alexander Drive; P. O. Box 12277; Research Triangle Park, NC 27709; Telephone (919) 549-8411; Fax (919) 549-8288; E-mail: standardsisa.org. The ISA Standards and Practices Depa
7、rtment is aware of the growing need for attention to the metric system of units in general, and the International System of Units (SI) in particular, in the preparation of instrumentation standards. The Department is further aware of the benefits to USA users of ISA standards of incorporating suitab
8、le references to the SI (and the metric system) in their business and professional dealings with other countries. Toward this end, this Department will endeavor to introduce SI-acceptable metric units in all new and revised standards, recommended practices, and technical reports to the greatest exte
9、nt possible. Standard for Use of the International System of Units (SI): The Modern Metric System, published by the American Society for Testing any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental
10、organizations liaising with the IEC also participate in this preparation. The IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of the IEC o
11、n technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested National Committees. 3) The documents produced have the form of recommendations for international use and are publi
12、shed in the form of standards, technical specifications, technical reports or guides and they are accepted by the National Committees in that sense. 4) In order to promote international unification, IEC National Committees undertake to apply IEC International Standards transparently to the maximum e
13、xtent possible in their national and regional standards. Any divergence between the IEC Standard and the corresponding national or regional standard shall be clearly indicated in the latter. 5) The IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
14、equipment declared to be in conformity with one of its standards. 6) Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights. The IEC shall not be held responsible for identifying any or all such patent rights. International
15、Standard IEC 61511-3 has been prepared by subcommittee 65A: System aspects, of IEC technical committee 65: Industrial-process measurement and control. The text of this standard is based on the following documents: FDIS Report on voting 65A/367/FDIS 65A/370/RVD Full information on the voting for the
16、approval of this standard can be found in the report on voting indicated in the above table. 12 ANSI/SA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) Copyright 2004 ISA. All rights reserved. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. IEC 61511 series has been devel
17、oped as a process sector implementation of IEC 61508 series. IEC 61511 ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) consists of the following parts, under the general title Functional safety Safety Instrumented Systems for the process industry sector (see Figure 1): Part 1: Framework, definitions, system,
18、 hardware and software requirements Part 2: Guidelines for the application of IEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod) Part 3: Guidance for the determination of the required safety integrity levels The committee has decided that the contents of this publication will remain unchang
19、ed until 2007. At this date, the publication will be reconfirmed; withdrawn; replaced by a revised edition, or amended. ANSI/ISA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) 13 Copyright 2004 ISA. All rights reserved. INTRODUCTION Safety instrumented systems have been used for many years to perform safety
20、 instrumented functions in the process industries. If instrumentation is to be effectively used for safety instrumented functions, it is essential that this instrumentation achieves certain minimum standards and performance levels. This International Standard addresses the application of safety inst
21、rumented systems for the Process Industries. It also requires a process hazard and risk assessment to be carried out to enable the specification for safety instrumented systems to be derived. Other safety systems are only considered so that their contribution can be taken into account when consideri
22、ng the performance requirements for the safety instrumented systems. The safety instrumented system includes all components and subsystems necessary to carry out the safety instrumented function from sensor(s) to final element (s). This International Standard has two concepts which are fundamental t
23、o its application; safety lifecycle and safety integrity levels. This International Standard addresses safety instrumented systems which are based on the use of Electrical (E)/Electronic (E)/Programmable Electronic (PE) technology. Where other technologies are used for logic solvers, the basic princ
24、iples of this standard should be applied. This standard also addresses the safety instrumented system sensors and final elements regardless of the technology used. This International Standard is process industry specific within the framework of IEC 61508 (see Annex A of IEC 61511-1 ANSI/ISA-84.00.01
25、-2004 Part 1 (IEC 61511-1 Mod). This International Standard sets out an approach for safety lifecycle activities to achieve these minimum standards. This approach has been adopted in order that a rational and consistent technical policy be used. In most situations, safety is best achieved by an inhe
26、rently safe process design. If necessary, this may be combined with a protective system or systems to address any residual identified risk. Protective systems can rely on different technologies (chemical, mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). Any safety
27、strategy should consider each individual safety instrumented system in the context of the other protective systems. To facilitate this approach, this standard requires that a hazard and risk assessment is carried out to identify the overall safety requirements; requires that an allocation of the saf
28、ety requirements to the safety instrumented system (s) is carried out; works within a framework which is applicable to all instrumented methods of achieving functional safety; details the use of certain activities, such as safety management, which may be applicable to all methods of achieving functi
29、onal safety. This International Standard on safety instrumented systems for the process industry: addresses all safety life cycle phases from initial concept, design, implementation, operation and maintenance through to decommissioning; enables existing or new country specific process industry stand
30、ards to be harmonized with this standard. 14 ANSI/SA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) Copyright 2004 ISA. All rights reserved. This standard is intended to lead to a high level of consistency (for example, of underlying principles, terminology, information) within the process industries. This
31、should have both safety and economic benefits. In jurisdictions where the governing authorities (for example national, federal, state, province, county, city) have established process safety design, process safety management, or other requirements, these take precedence over the requirements defined
32、 in this standard. This standard deals with guidance in the area of determining the required SIL in hazards and risk analysis (H the determination of tolerable risk, see Annex A; a number of different methods that enable the safety integrity levels for the safety instru-mented functions to be determ
33、ined, see Annexes B, C, D, E, and F. In particular, this part a) applies when functional safety is achieved using one or more safety instrumented functions for the protection of either personnel, the general public, or the environment; b) may be applied in non-safety applications such as asset prote
34、ction; c) illustrates typical hazard and risk assessment methods that may be carried out to define the safety functional requirements and safety integrity levels of each safety instrumented function; d) illustrates techniques/measures available for determining the required safety integrity levels; e
35、) provides a framework for establishing safety integrity levels but does not specify the safety integrity levels required for specific applications; f) does not give examples of determining the requirements for other methods of risk reduction. 1.2 Annexes B, C, D, E, and F illustrate quantitative an
36、d qualitative approaches and have been simplified in order to illustrate the underlying principles. These annexes have been included to illustrate the general principles of a number of methods but do not provide a definitive account. NOTE Those intending to apply the methods indicated in these annex
37、es should consult the source material referenced in each annex. 1.3 Figure 1 shows the overall framework for IEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod), IEC 61511-2 ANSI/ISA-84.00.01-2004 Part 2 (IEC 61511-2 Mod), and IEC 61511-3 ANSI/ISA-84.00.01-2004 Part 3 (IEC 61511-3 Mod), and
38、indicates the role that this standard plays in the achievement of functional safety for safety instrumented systems. Figure 2 gives an overview of risk reduction methods. For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard (
39、e.g., ANSI/ISA-84.01-1996), the owner/operator shall determine that the equipment is designed, maintained, inspected, tested, and operating in a safe manner. 18 ANSI/SA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) Copyright 2004 ISA. All rights reserved. Figure 2 Typical risk reduction methods found in pr
40、ocess plants (for example, protection layer model) 2 Terms, Definitions and abbreviations For the purposes of this document, the definitions and abbreviations given in Clause 3 of IEC IEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod) apply. 3 Risk and safety integrity general guidance 3.1
41、General This clause provides information on the underlying concepts of risk and the relationship of risk to safety integrity. This information is common to each of the diverse hazard and risk analysis (H discussions and agreements with the different parties involved in the application; industry stan
42、dards and guidelines; industry, expert and scientific advice; legal and regulatory requirements both general and those directly relevant to the specific application. 3.3 Role of safety instrumented systems A safety instrumented system implements the safety instrumented functions required to achieve
43、or to maintain a safe state of the process and, as such, contributes towards the necessary risk reduction to meet the tolerable risk. For example, the safety functions requirements specification may state that when the temperature reaches a value of x, valve y opens to allow water to enter the vesse
44、l. The necessary risk reduction may be achieved by either one or a combination of Safety Instrumented Systems (SIS) or other protection layers. A person could be an integral part of a safety function. For example, a person could receive information, on the state of the process, and perform a safety
45、action based on this information. If a person is part of a safety function, then all human factors should be considered. Safety instrumented functions can operate in a demand mode of operation or a continuous mode of operation. 3.4 Safety integrity Safety integrity is considered to be composed of th
46、e following two elements. a) Hardware safety integrity that part of safety integrity relating to random hardware failures in a dangerous mode of failure. The achievement of the specified level of hardware safety integrity can be estimated to a reasonable level of accuracy, and the requirements can t
47、herefore be apportioned between subsystems using the established rules for the combination _ 1In determining the necessary risk reduction, the tolerable risk needs to be established. Annexes D and E of IEC 61508-5 outline qualitative methods, although in the examples quoted the necessary risk reduct
48、ion is incorporated implicitly rather than stated explicitly. 2For example, that a hazardous event, leading to a specific consequence, would typically be expressed as a maximum frequency of occurrence per year. 20 ANSI/SA-84.00.01-2004 Part 3 (IEC 61511-3 Mod) Copyright 2004 ISA. All rights reserved
49、. of probabilities and considering common cause failures. It may be necessary to use redundant architectures to achieve the required hardware safety integrity. b) Systematic safety integrity that part of safety integrity relating to systematic failures in a dangerous mode of failure. Although the contribution due to some systematic failures may be estimated, the failure data obtained from design faults and common cause failures means that the distribution of failures can be hard to predict. This has the effect of increasing t
