This course explains SIS from the ground up and explains how these have replaced the definitions of emergency shutdowns (ESDs) and how they different from basic process control systems, such as a DCS. This course differs from others in that you will also learn the state of the art in SIL Verification (and Design) calculations, including how to account for systemic errors caused by human error; these can dominate the failure rate for SIL 2 and SIL 3 systems.
This “How To” course is taught by one of the principal authors of the AIChE/CCPS two books, Layer of Protection Analysis (2001) and Initiating Events and Independent Protection Layers (IPLs) (2011). The instructor is also working with the ISA TR 84.00.04 committee for developing and recommending methods for SIL Verification. The course covers all aspects of how to apply this very useful technique. Workshops are used as the primary mode of teaching for SIF design and SIL Verification. You will perform several complete SIL Verifications before leaving class.
Recommended prerequisites: Attendees should have strong technical skills and prior training in PHA/HAZOP and LOPA for determining SIL requirements; prior completion of Course 11: Layer of Protection Analysis (LOPA) or equivalent is highly recommended. Students should also have good understand of process engineering and instrumented controls.
Attendees should consider taking completing Course 8: Process Hazards Analysis Leadership and also Course 11: Layer of Protection Analysis (LOPA) to learn more about SIF determination and SIL Determination.
What You Will Learn:
- History of SIS
- What is a safety instrumented function (SIF) and safety integrity level (SIL)
- How to determine if a SIF is needed or not, and especially learn if the the other independent protection layers are sufficient for controlling risk to as low as reasonably practical (ALARP). NOTE: other courses will teach you methods that OVER SPECIFY the need for SIS; this course teaches you the unbiased way to determine the proper number of SIF and proper SIL for each.
- Minimal requirements from international SIS standards such as ANSI/ISA 84 and IEC 61511 (and the basics of 61508). But, also learn the industry best practices behind and beyond these standards.
- How to specify and design SIS to meet the required functions and SIL.
- How to verify the SIL for a design
- Requirements for installation and validation of the SIS
- Requirements for ongoing inspection, testing, and maintenance of SIS, including ongoing proving of the SIL.
- Comprehensive course notebook containing industry examples and solutions to all SIL Verification and Design workshops
- Certificate of Completion
- 1.4 CEUs & 1.4 COCs
Typical Course Candidates
This course is designed for those needing to learn what SIS are, and especially those wanting to learn how to verify SIL design and install and validate SIS/SIL. The course workshops focus mostly on SIL verification and design. The coverage of SIL determination is minimal since Course 8 and Course 11 cover this topic in topic in detail. Consider taking this course in conjunction with Course 11, LOPA. Those who may benefit from this course include:
- Managers – Operations, Safety
- Project, Engineering, and Technical Managers
- Engineers – Instrumentation, Electrical, Process, Safety, and Mechanical
- Technicians/Specialist – instrumentation
- PSM Coordinators and Managers
Day 1 (8:00 a.m. to 5:00 p.m.)
Introduction to SIS
- Learning objectives and goals of using SIS
- History of SIS and basic definitions
- Where does SIS fit with other ways to control process risk?
- Relationship of SIS to ESD and basic process control systems (BPCS), such as field PLCs, relays, and DCS
- What are safety integrity levels (SILs) and what are the basic requirements for SIL 1, 2, and 3
- Lifecycle of SIS
- Overview of related international standards, ANSI/ISA 84 and IEC 61511 (and 61508)
- Overview of human factors and the impact of human error on SIS. Note: No other SIS course covers this all important topic in this complete way.
Determining if a Safety Instrumented Function (SIF) is Needed and if so, what SIL is needed.
- Evaluating all IPLs using qualitative (brainstorming) hazard evaluations methods (such as HAZOP), semi-quantitative methods (such as LOPA and Risk Graphs), and quantitative methods (such as fault tree analysis)
- Determining the risk reduction to allocate to the SIF (if any), which in turn specifies the SIL
- Workshop 1: Determining the need for SIF and the related SIL from a HAZOP report
Specifying the SIF and Designing the Related SIS.
- Determining the process requirements, such as how the process will be brought to safe state, in what order of steps, and with what delays, and also how the process will be restarted after a trip.
- Using the process requirements to develop the Safety Requirements Specification (SRS)
Designing the SIS to meet the required SIL
- Basic reliability terms (such as failure rates, MTTF, MTTR, and MART) and limitations of reliability data
- Basic reliability equations and converting between failure rates and probability of failures on demand (PFD)
- Options for improving SIL rating of a base design, including use of redundancy, changing test intervals, changing reliability of base components, and reducing chances for systemic errors (especially human errors)
- Workshop 2: Basic SIL calculations
Day 2 (8:00 a.m. to 3:30 p.m.)
Designing the SIS to meet the required SIL (continued)
- Workshop 3: Using redundancy to improve SIL rating
- Workshop 4: Using shorter test intervals to improve SIL rating
Estimating the PFD of a SIF to Verify the SIL.
- Definitions, rules, and exceptions for determination of SIL
- Using a look-up tables of reliability data and PFDs
- Calculations using simple equations
- Workshop 5: Extending calculations on Workshops 3 and 4 to include systemic failure probability
- Calculations using other methods, such as Fault Tree and Markov analyses
SIS fabrication, installation, and startup
- Issues for fabrication and vendor qualifications
- Installation issues, especially related to maintainability and survivability and and limit common cause failures
- Startup and initial validation test, leading to site acceptance test (SAT)
SIS maintenance and proof testing (validation) for the life of the SIS
- Maintenance planning and procedures
- Proof testing and record-keeping requirements for ongoing SIL Validation
- Industry example of SIS and issues with each
- Specialized SIS designs: HIPPS, Burner Management Systems (BMS)
- Workshop 6: Pulling it all together from beginning to end
Planning your path forward with SIS
Bill Bridges will be the instructor for this course. He has taught this course many times to instrumentation specialists and engineers and to risk analysts and process engineers. He was one of the originators and first implementers and trainers of LOPA which is a primary tool in determine SIL. He was a principal author of the two AIChE/CCPS textbooks on this topic. He is assisting the ISA TR84.00.04 committee in developing correct methods for accounting for systemic errors and failures in SIS design and in SIL Verification calculations. He has performed thousands of LOPA in real plant settings and is considered one of the few experts on this topic. He has also helped a large number of plants specify SIS, has performed a great many SIL Verification, and have helped several companies develop the SIS implementation standards. To find out more about this course or to check into having this course taught at your site, contact Mr. Bridges at 1.865.675.3458 or by e-mail at firstname.lastname@example.org.