Redundant devices are typically required to reduce nuisance trips (safe failures) in Safety Instrumented Systems. 1oo2, 2oo2 and 2oo3 are the most common configurations to reduce nuisance trips. 2oo3 provides a adequate compromise that is fault-tolerant and safe.
Device manufacturers specify the test periods recommended for their products to meet published performance levels. Consult device safety manuals or contact the manufacturer to learn more about the required test period intervals.
Management of Change authorizations apply to all elements of a Safety Instrumented System. Any change to the process, system design, operating procedures, safety regulations, safety requirement specifications, software/firmware or testing/maintenance procedures requires an MOC. Even minor modifications to a SIS can have severe consequences.
Each safety integrity level represents a higher level of performance required. Safety Instrumented Functions within a Safety Instrumented System may have different levels of performance required, meaning you may have some functions performing at SIL 1 while others functions are performing at SIL 2. Higher costs are associated with higher levels of SIL due to the need to install redundant devices to match system performance requirements.
ANSI/ISA 84.00.01-2004 states that owner/operators shall demonstrate they have conducted a hazard and risk analysis, performed a quantitative or qualitative examination identifying the required SIL for each SIF, and be able to verify that all target SILs are achieved on all safety systems designed before the standard. OSHA also requires owner/operators of legacy systems follow best engineering and manufacturing practices
Failure rate information for certified devices can commonly be found in safety manuals and in independent third-party reports. This information is presented in the form of failures in time (FITs) as dangerous detected (dd), dangerous undetected (du), safe detected (sd) and safe undetected (sd). If you are considering installing a “proven-in-use” or “SIL suitable” device that has not been certified to IEC 61508, you will be provided failure rate data based on a manufacturer’s field return data or from your own maintenance records. A word of caution, manufacturers field return data is often not very accurate and maintenance reports are not always kept up to date.
Installing redundant field devices with advanced self-diagnostics will reduce PFDavg and improve system performance. Increasing the frequency of manual test intervals will also assist in reaching higher SILs.
Exida and TUV are both respected worldwide for certification to IEC 61508.