Best Practices in SIS Documentation


Published on

Presented by Ed Marszal, president of global consulting and engineering firm, Kenexis, at 2010 Emerson Exchange in San Antonio, Texas.

Published in: Education, Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ed to provide Kenexis logo.
  • Notes:
    First bullet: added “more complete” name for what we commonly refer to as “ISA S84” or even “S84” for short.
    Second and third bullets: Ed explains what is meant by “safety case” mentality. That following S84 point by point is the root cause of poor SRS documents resulting in a large document that is difficult for the user of the document – those involved in designing and building the SIS.
    Maybe include an example of a “bloated” bad document versus the more user friendly format. Phone book versus People magazine…. Or better analogy.
  • Ed – Is the second bullet on a wish list of the right way to do things, whereas the others are more common place? Maybe reorganize with the typical on top and wish list at the end.
    Ed to incorporate verbal narrative of how DeltaV is well suited to IPF’s, not necessary to have huge monolithic safety logic solver (as they are cumbersome, more difficult to maintain or implement changes over the years), etc.
    Added sub-bullets to Logic description – not that this is implying a choice of one of the three but the best results are had when all three are present. Not all nuances can be captured in the cause and effect table (like reset actions), logic diagrams are bullet proof (if done correctly), but the plain English narrative makes it easy for someone not waist deep in the logic to understand what is supposed to happen (operators and managers…)
  • First bullet: I agree that the functions should be identified first before the discussion on severity and frequency of a failure on demand.
    Second bullet: Can you cite an example of an error in the process hazard analysis (PHA) due to ignorance of the SIF? I’m not clear on this as I thought that the “true” hazard analysis is done on a process in the absence of protective instrumented functions. Or is the point being that someone that knows how to build safety systems be present in the PHA?
    Third bullet: I like it - but kind of reverses the common man’s thinking (me too). Chicken and egg thing here? Does one do a generic PHA as part of the process design to identify the SIF’s, then do a HAZOP (trademark) on the final process including the SIS design?
    Fourth bullet: You seem to be implying that experienced engineers can do the required process design work, with SIS, before the formal HAZOP. This makes sense but I’m sure it will be a comment that will stimulate some discussion – if someone interrupts, agree with their point and say that we’ll discuss this as the first question in the Q&A period – we’ll have a better chance of staying on time.
  • Ed – Add examples
  • Best Practices in SIS Documentation

    1. 1. Best Practices in SIS Documentation Ed Marszal, President, Kenexis
    2. 2. Presenters  Ed Marszal  Gary Hawkins
    3. 3. Introduction  Safety Instrumented System Design per “ISA S84”* is becoming a common practice  Poor documentation is being generated due to “safety case” mentality  Current practices ignore audience of documents and “good practices” for specifications in general  * ANSI /ISA 84.00.01-2004 (IEC 61511-Mod)
    4. 4. FEED Phase SIS Documents  List of Safety Instrumented Functions (SIF)  Grouping of Instrumented Protective Functions (IPF) – Group by equipment or process • Compressors • Reactors • Fired Heaters  P&ID representation of SIF  Logic description – cause and effect tables – Boolean logic diagrams – Narrative (“plain English” description of operation)  Testing procedures (with documentation of results)
    5. 5. Preliminary Design Steps  SIF List should be precursor to SIL selection  HAZOP/LOPA without knowledge of typical SIF leads to errors  HAZOP is a final check on a good design, not a design task  Typical SIF based on experience, standards, codes, and judgment
    6. 6. Instrumented Protective Function Groups  Group instruments together that are functionally related  Typically based around major equipment – Compressors – Fired Heaters – Reactors  Typically contains multiple SIF  Also can contain non-SIF instruments and logic
    7. 7. Typical Plant Groupings
    8. 8. IPF Grouping for Separator V-101 PT 101B PV 101B PT 101D LT 101A LT 101B PI 101C PIC 101B H L A D PT 101C PV 101A PIC 101A PT 101A USC 101 USC 101 LG 101A LG 101B H H L Detail “A” Detail “A”
    9. 9. Advantages of IPF Grouping  Compact information with minimal duplication  Facilitates programming – programmer shielded for single instruments in multiple SIF  Facilitates design and I/O counting  Facilitates test plan development and testing
    10. 10. P&ID representation  Symbology for SIS, specifically tag naming in inconsistent (I, X, UC, USC)  Use of “S” is technically correct, but leads to more confusion (PSV is always a relief valve??)  Use of typicals to minimize clutter
    11. 11. Typical SIS I/O Details Detail “A” - SIS Inputs XI XXX XT XXX HA XXX XAHHLL XXX XAHL XXX HS XXX XDA XXX USC XXX Indicator Bypass Switch Trip Alarm Pre-Alarm Bypass Alarm Deviation Alarm
    12. 12. Safety Requirements Specs  Specifications (emphasis on ‘s’)  Limit information to what is required for audience (SIL not required on C&E or P&ID)  Use “general requirements” statements for common features such as bypassing  Refer to other documents for non-critical information
    13. 13. Typical Bypass Note 1.1 Bypass / Override SIS Logic Solver Each of the functional groups that are described in this Safety Requirements Specification shall require a shutdown bypass function for maintenance and testing. The bypass functionality described in this note shall not be used for normal operations. If a bypass is required for normal operations such as start-up, a dedicated hard-wired bypass facility shall be provided. The SIS shall be configured so that bypasses are implemented using a two-step process that includes activation of a unit-specific “bypass enable” switch and activation of an input-specific BPCS bypass soft switch. Only when both of these items are activated shall the input be bypassed. When an input is placed in “bypass”, the SIS logic solver shall hold the input in the non-trip state, regardless of the status of the bypassed input.
    14. 14. Reference External Documents
    15. 15. Conclusions  Room for improvement in SIS documentation practices  Consider the audience for the documents  Use good engineering practice  Minimize data duplication  Leads to shorter preparation time and fewer errors
    16. 16. Business Results Achieved  Decreased implementation time and cost – Compact documentation is easier to prepare and more accurate – Use of standard modules instead of custom development – Minimal clarification and rework  Decreased ongoing maintenance effort and cost – Updates only occur in one document – Likelihood of inconsistent data in multiple documents decreased  Safer processes – Lower probability of systematic errors in system resulting from poor documentation
    17. 17. Summary  SIS design can be made safer and more cost effective through documentation method improvements  Specification preparation time can be reduced by as much as 50%*  Please fill out comment cards and e-mail any feed back you have to the authors  Questions?!?
    18. 18. Where To Get More Information  ISA Bookstore – Safety Integrity Level Selection  Kenexis Web Site – HTTP://  Emerson SIS Lifecycle Workbook – At Delta V SIS Booth during EGUE – Contact Emerson After EGUE