Selecting sensors and instruments for safety instrument system is based on the IEC standards:
-
IEC 61511-1 Requirements
-
IEC 61511-2 Informative guidance on meeting the requirements
-
IEC 61511-3 Informative examples of different methodologies to assist in the determination of the Safety Integrated Levels.
The aim of this standard was to create a single set of requirements that would address the entire process sector-specific SIS lifecycle (identification, design, assembly, operation & maintenance and decommissioning) while meeting the global process industry demands.
IEC 61511 clearly states that manufacturers of equipment used on SIS must comply with the requirements of Sections 2 and 3 of IEC 61508 unless the end-user has complied with the requirements of Section 11.5 ’ Prior use. ’
Requirements for Sensors used in Safety Instrumented Systems
The hardware is divided into two groups. One group consists of the Programmable Electronic logic solver (PE logic solver). The other group is made up of non-PE devices, sensors and final control elements.
According to IEC 61511 requirements for sensors:
-
Components and subsystems selected as part of a SIS for SIL1 to SIL 3 applications shall either comply with section 2 and section 3 of IEC61508 or
-
Comply with IEC61511 section 11.4 and sections 11.5.3 to 11.5.6, component selection and subsystem selection requirements based on prior use
-
The manufacturer demonstrates the safety level, capabilities and limitations of the device up to and including the wetted parts when using a sensor designed according to IEC 61508. The end user has the responsibility to prove that there are no undetectable failures in the interface between transmitter and process.
Sensor designed per IEC 61508:
Sensors “designed according to IEC 61508” define a field tool design that meets the lead in IEC 61508 Sections 2 and 3. The detail standard for hardware, system and software requirements uses the Safety Integrated Level (SIL) table and applies it to the manufacturers use of the instrument system approach to design as a “safety level” device measure.
-
Develop safety requirements and safety requirements specification
-
Design instrument architecture and hardware per the “rules”
-
Design, verify, validate and control software and systems per the “rules” of Section 3 to the desired SIL level (level of device safety).
-
Complete insertion test to check the diagnosis
-
Implement design control processes for management of change
-
Complete a Failure Mode Effect Diagnostic Analysis (FMEDA) to determine the rate of failure, the safe fraction of failure (SFF) and the likelihood of demand failure (PFD)
-
Detail the device “proof-test” requirement for the specified PFD
-
The manufacturer provides a “Safety Manual” for the proper use of the product in SIS by the end-user.
Sensors Selected Based Upon “Prior-Use”:
The Prior-Use clause enables users to accept sensors and control elements not designed for SIS applications in accordance with IEC 61508 Section 2 and 3.
-
Consideration of the quality, management and management systems of the manufacturer.
-
The quality consideration clause involves validation that the device supplier has a quality system in place for product consistency and change management that records changes in hardware and software.
-
Demonstration of component or subsystem efficiency in comparable working profiles and physical environments.
-
This clause needs evidence that the skilled device operated similarly to the expected SIS setting in environmental and physical stresses. This clause is intended to validate that the calculations of the PFD will be the same as in the installation intended.
-
Operating volume, this clause needs evidence of ongoing performance assessment of proven products.