BS EN 61511-2:2017 – TC:2020 Edition
$280.87
Tracked Changes. Functional safety. Safety instrumented systems for the process industry sector – Guidelines for the application of IEC 61511-1
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 447 |
IEC 61511-2:2016 is available as /2 which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition. IEC 61511-2:2016 provides guidance on the specification, design, installation, operation and maintenance of SIFs and related SIS as defined in IEC 61511-1:2016. This second edition cancels and replaces the first edition published in 2003. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: – guidance examples based on all phases of the safety life cycle provided based on usage experience with IEC 61511 1st edition; – annexes replaced to address transition from software to application programming.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 239 | National foreword |
| 244 | English CONTENTS |
| 251 | FOREWORD |
| 253 | INTRODUCTION |
| 254 | Figures Figure 1 – Overall framework of IEC 61511 series |
| 255 | 1 Scope 2 Normative references 3 Terms, definitions, and abbreviations |
| 256 | Annexes Annex A (informative) Guidance for IEC 61511-1 A.1 Scope A.2 Normative references A.3 Terms, definitions and abbreviations A.4 Conformance to the IEC 61511-1:– A.5 Management of functional safety A.5.1 Objective A.5.2 Guidance to "Requirements" |
| 265 | A.6 Safety life-cycle requirements A.6.1 Objectives A.6.2 Guidance to "Requirements" |
| 266 | A.6.3 Guidance to "Application program SIS safety life-cycle requirements" |
| 267 | A.7 Verification A.7.1 Objective A.7.2 Guidance to "Requirements" Figure A.1 – Application program V-Model |
| 269 | A.8 Process hazard and risk assessment (H&RA) A.8.1 Objectives A.8.2 Guidance to “Requirements" |
| 272 | A.9 Allocation of safety functions to protection layers A.9.1 Objective A.9.2 Guidance to "Requirements of the allocation process" |
| 274 | A.9.3 Guidance to "Requirements on the basic process control system as a protection layer" |
| 276 | Figure A.2 – Independence of a BPCS protection layer and an initiating source in the BPCS |
| 277 | A.9.4 Guidance to "Requirements for preventing common cause, common mode and dependent failures" Figure A.3 – Independence of two protection layers allocated to the BPCS |
| 278 | A.10 SIS safety requirements specification A.10.1 Objective A.10.2 Guidance to "General requirements" A.10.3 Guidance to "SIS safety requirements" |
| 281 | Figure A.4 – Relationship of system, SIS hardware, and SIS application program |
| 282 | A.11 SIS design and engineering A.11.1 Objective A.11.2 Guidance to "General requirements" |
| 289 | A.11.3 Guidance to "Requirements for system behaviour on detection of a fault" A.11.4 Guidance to “Hardware fault tolerance" |
| 292 | A.11.5 Guidance to "Requirements for selection of devices" |
| 295 | A.11.6 Field devices A.11.7 Interfaces |
| 297 | A.11.8 Guidance to "Maintenance or testing design requirements" |
| 298 | A.11.9 Guidance to "Quantification of random failure" |
| 302 | Figure A.5 – Illustration of uncertainties on a reliability parameter |
| 303 | Figure A.6 – Illustration of the 70 % confidence upper bound |
| 304 | A.12 SIS application program development A.12.1 Objective A.12.2 Guidance to "General requirements" Figure A.7 – Typical probabilistic distribution of target results from Monte Carlo simulation |
| 306 | A.12.3 Guidance to "Application program design" |
| 308 | A.12.4 Guidance to "Application program implementation" |
| 309 | A.12.5 Guidance to "Requirements for application program verification (review and testing)" |
| 312 | A.12.6 Guidance to "Requirements for application program methodology and tools" |
| 315 | A.13 Factory acceptance testing (FAT) A.13.1 Objectives A.13.2 Guidance to "Recommendations" A.14 SIS installation and commissioning A.14.1 Objectives A.14.2 Guidance to "Requirements" |
| 316 | A.15 SIS safety validation A.15.1 Objective A.15.2 Guidance to "Requirements" A.16 SIS operation and maintenance A.16.1 Objectives |
| 317 | A.16.2 Guidance to "Requirements" |
| 318 | A.16.3 Proof testing and inspection |
| 320 | A.17 SIS modification A.17.1 Objective |
| 321 | A.17.2 Guidance to "Requirements" A.18 SIS decommissioning A.18.1 Objectives A.18.2 Guidance to "Requirements" |
| 322 | A.19 Information and documentation requirements A.19.1 Objectives A.19.2 Guidance to "Requirements" |
| 323 | Annex B (informative) Example of SIS logic solver application program development using function block diagram B.1 General B.2 Application program development and validation philosophy |
| 324 | B.3 Application description B.3.1 General B.3.2 Process description |
| 325 | B.3.3 Safety instrumented functions Figure B.1 – Process flow diagram for SIF 02.01 |
| 326 | B.3.4 Risk reduction and domino effects B.4 Application program safety life-cycle execution B.4.1 General B.4.2 Inputs to application program SRS development Figure B.2 – Process flow diagram for SIF 06.02 |
| 327 | Figure B.3 – Functional specification of SIF02.01 and SIF 06.02 Figure B.4 – SIF 02.01 hardware functional architecture |
| 328 | Figure B.5 – SIF 06.02 hardware functional architecture Figure B.6 – Hardware specification for SOV extracted from piping and instrumentation diagram |
| 329 | B.4.3 Application program design and development Figure B.7 – SIF 02.01 hardware physical architecture Figure B.8 – SIF 06.02 hardware physical architecture |
| 330 | Tables Table B.1 – Modes of operation specification |
| 333 | Figure B.9 – Hierarchical structure of model integration |
| 335 | Figure B.10 – Hierarchical structure of model integration including models of safety properties and of BPCS logic Table B.2 – State transition table |
| 336 | Figure B.11 – State transition diagram |
| 337 | Figure B.12 – SOV typical block diagram |
| 338 | Figure B.13 – SOV typical model block diagram |
| 340 | Figure B.14 – Typical model block diagram implementation – BPCS part |
| 341 | Figure B.15 – SOV application program typical model implementation – SIS part |
| 343 | B.4.4 Application program production B.4.5 Application program verification and testing B.4.6 Validation Figure B.16 – Complete model for final implementation model checking |
| 344 | Annex C (informative) Considerations when converting from NP technologies to PE technologies |
| 346 | Annex D (informative) Example of how to get from a piping and instrumentation diagram (P&ID) to application program Figure D.1 – Example of P&ID for an oil and gas separator |
| 347 | Figure D.2 – Example of (part of) an ESD cause & effect diagram (C&E) |
| 348 | Figure D.3 – Example of (part of) an application program in a safety PLC function block programming |
| 349 | Annex E (informative) Methods and tools for application programming E.1 Typical toolset for application programming |
| 350 | E.2 Rules and constraints for application program design E.3 Rules and constraints for application programming |
| 352 | Annex F (informative) Example SIS project illustrating each phase of the safety life cycle with application program development using relay ladder language F.1 Overview F.2 Project definition F.2.1 General |
| 353 | F.2.2 Conceptual planning F.2.3 Process hazards analysis F.3 Simplified process description |
| 354 | Figure F.1 – Simplified flow diagram: the PVC process |
| 355 | F.4 Preliminary design F.5 IEC 61511 application F.5.1 General |
| 356 | Figure F.2 – SIS safety life-cycle phases and FSA stages |
| 357 | Table F.1 – SIS safety life-cycle overview |
| 359 | F.5.2 Step F.1: Hazard & risk assessment F.5.3 Hazard identification F.5.4 Preliminary hazard evaluation F.5.5 Accident history Table F.2 – SIS safety life-cycle – Box 1 |
| 361 | Table F.3 – Some physical properties of vinyl chloride |
| 362 | F.6 Preliminary process design safety considerations F.7 Recognized process hazards |
| 363 | F.8 Process design definitions strategy |
| 365 | Figure F.3 – Example of the preliminary P&ID for PVC reactor unit |
| 366 | F.9 Preliminary hazard assessment F.9.1 General |
| 367 | Table F.4 – What-If/Checklist |
| 368 | Table F.5 – HAZOP |
| 369 | Table F.6 – Partial summary of hazard assessment for SIF strategy development |
| 370 | F.9.2 Step F.2: Allocation of safety functions |
| 371 | F.10 SIF safety integrity level determination F.11 Layer of protection analysis (LOPA) applied to example Table F.7 – SIS safety life-cycle – Box 2 |
| 372 | F.12 Tolerable risk criteria |
| 373 | Table F.8 – Tolerable risk ranking |
| 374 | Table F.9 – VCM reactor example: LOPA based integrity level |
| 375 | F.13 Step F.3: SIS safety requirements specifications F.13.1 Overview F.13.2 Input requirements Table F.10 – SIS safety life-cycle – Box 3 Table F.11 – Safety instrumented functions and SILs |
| 376 | F.13.3 Safety functional requirements Table F.12 – Functional relationship of I/O for the SIF(s) Table F.13 – SIS sensors, normal operating range & trip points |
| 377 | F.13.4 Safety integrity requirements |
| 378 | F.14 Functional description and conceptual design F.14.1 Narrative for example reactor system logic |
| 379 | F.15 SIL verification calculations Table F.14 – Cause and effect diagram |
| 380 | Table F.15 – MTTFd figures of SIS F.1 devices |
| 381 | Figure F.4 – SIF S-1 Bubble diagram showing the PFDavg of each SIS device |
| 382 | Figure F.5 – S-1 Fault tree |
| 383 | Figure F.6 – SIF S-2 Bubble diagram showing the PFDavg of each SIS device |
| 384 | Figure F.7 – SIF S-2 fault tree |
| 385 | Figure F.8 – SIF S-3 Bubble diagram showing the PFDavg of each SIS device |
| 386 | F.16 Application program requirements Figure F.9 – SIF S-3 fault tree |
| 387 | Figure F.10 – P&ID for PVC reactor unit SIF |
| 388 | Figure F.11 – Legend (1 of 5) |
| 393 | F.17 Step F.4: SIS safety life-cycle F.18 Technology and device selection F.18.1 General F.18.2 Logic solver Table F.16 – SIS safety life-cycle – Box 4 |
| 394 | F.18.3 Sensors F.18.4 Final elements F.18.5 Solenoid valves |
| 395 | F.18.6 Emergency vent valves F.18.7 Modulating valves F.18.8 Bypass valves F.18.9 Human-machine interfaces (HMIs) |
| 396 | F.18.10 Separation |
| 397 | F.19 Common cause and systematic failures F.19.1 General F.19.2 Diversity F.19.3 Specification errors F.19.4 Hardware design errors |
| 398 | F.19.5 Software design errors F.19.6 Environmental overstress F.19.7 Temperature F.19.8 Humidity |
| 399 | F.19.9 Contaminants F.19.10 Vibration F.19.11 Grounding F.19.12 Power line conditioning F.19.13 Electro-magnetic compatibility (EMC) |
| 400 | F.19.14 Utility sources |
| 401 | F.19.15 Sensors F.19.16 Process corrosion or fouling F.19.17 Maintenance F.19.18 Susceptibility to mis-operation F.19.19 SIS architecture |
| 402 | F.20 SIS application program design features Figure F.12 – SIS for the VCM reactor |
| 403 | F.21 Wiring practices F.22 Security |
| 404 | F.23 Step F.5: SIS installation, commissioning, validation F.24 Installation Table F.17 – SIS safety life-cycle – Box 5 |
| 405 | F.25 Commissioning |
| 406 | F.26 Documentation F.27 Validation |
| 407 | F.28 Testing |
| 408 | Table F.18 – List of instrument types and testing procedures used |
| 420 | F.29 Step F.6: SIS operation and maintenance Table F.19 – Interlock check procedure bypass/simulation check sheet Table F.20 – SIS safety life-cycle – Box 6 |
| 421 | Table F.21 – SIS trip log Table F.22 – SIS device failure log |
| 423 | F.30 Step F.7: SIS Modification F.31 Step F.8: SIS decommissioning F.32 Step F.9: SIS verification Table F.23 – SIS safety life-cycle – Box 7 Table F.24 – SIS safety life-cycle – Box 8 |
| 424 | F.33 Step F.10: Management of functional safety and SIS FSA Table F.25 – SIS safety life-cycle – Box 9 Table F.26 – SIS safety life-cycle – Box 10 |
| 425 | F.34 Management of functional safety F.34.1 General F.34.2 Competence of personnel F.35 Functional safety assessment |
| 426 | Annex G (informative) Guidance on developing application programming practices G.1 Purpose of this guidance G.2 Generic safe application programming attributes G.3 Reliability G.3.1 General |
| 427 | G.3.2 Predictability of memory utilisation |
| 428 | G.3.3 Predictability of control flow |
| 430 | G.3.4 Accounting for precision and accuracy |
| 432 | G.3.5 Predictability of timing G.4 Predictability of mathematical or logical result |
| 433 | G.5 Robustness G.5.1 General G.5.2 Controlling use of diversity |
| 434 | G.5.3 Controlling use of exception handling |
| 435 | G.5.4 Checking input and output |
| 436 | G.6 Traceability G.6.1 General G.6.2 Controlling use of built-in functions G.6.3 Controlling use of compiled libraries G.7 Maintainability G.7.1 General |
| 437 | G.7.2 Readability |
| 440 | G.7.3 Data abstraction |
| 441 | G.7.4 Functional cohesiveness G.7.5 Malleability G.7.6 Portability |
| 443 | Bibliography |
