When a safety control system or device performs functions that significantly lower the risk of a hazard and, when combined with other risk-reduction measures, lowers the overall risk to an acceptable level, it is said to be safety-related. It is also said to be safety-related if its operation is necessary to maintain or achieve a safe state for the equipment under control (EUC).
These capabilities are referred to as the safety functions of the system or device, and they include the ability to prevent the initiation of a hazard or detect its onset, as well as to take the necessary actions to terminate the hazardous event, achieve a secure state, or mitigate the effects of a hazard.
All system components, including utilities, that are necessary to carry out the safety function should be regarded as belonging to the safety-related system.
Control systems that are connected to safety can operate in either a low demand mode, in which they only need to perform their safety function periodically (not more than once per year), a high demand mode, in which they need to perform their safety function more than once per year, or neither continuous mode, in which the failure to execute the safety function will result in a hazardous state or the demand being placed on another protective system.
In the case of high/continuous demand systems, the failure rate per hour is used to describe the failure probability for low demand systems.
HIPS, which stands for high integrity protection systems, are safety-related control systems that may function in either continuous or high demand modes. In these modes, the E/E/PES(Electrical/Electronic/Programmable Electronic System ) is the primary risk reduction measure.
Utilizing such systems, on the other hand, does not eliminate the need for a hierarchical approach to risk reduction measures. These measures include inherent safety, careful consideration of prevention of common mode failures through the use of relief valves, separate utilities, maintenance, testing, physical isolation, and bundles of external risk reduction.
Simple technology solutions should be prioritized above sophisticated ones in policies.For high integrity systems operating continuously or under strong demand, the lowest allowable failure rate is 10-9 potentially hazardous failures per hour.
Notably, controls for equipment under control that are not safety-related in the sense described above may nonetheless contribute to safety and should be properly designed, operated, and maintained. The failure rates and failure modes of the non-safety systems should have been taken into account in the design, and they should be independent and separate from the safety related system in cases where their failure can increase the demand rate on the safety related system and, consequently, increase the overall probability that the safety related system will fail to perform its safety function.
A control system that performs safety-related tasks that is working continuously or under high demand, with a failure rate reported to be less than 10-5 per hour to show a manageable risk.