SIS BPCS Plant and Emergency Response Emergency response layer Containment, Dike/Vessel Passive protection layer Mitigate Fire and Gas System Active protection layer Incident Emergency Shutdown System Safety layer Emergency shutdown Trip level alarm Prevent Process control layer Operator Intervention Operator intervention Process alarm Process control layer Process Value Normal behavior
Likelihood Increasing Risk Inherent Risk of Process Non-SIS Mitigating Safeguards Baseline Risk SIS Risk Reduction Overall Risk SIL1 Non-SIS Preventative Safeguards SIL2 ALARP Risk Region Unacceptable Risk Region SIL3 Overall Risk Overall Risk Negligible Risk Region Consequence
As low as reasonably practicable (ALARP) Intolerable Risk 10-3 / man-year (worker) 10-4 /year (public) ALARP or Tolerable Risk Region 10-5 / man-year (worker) 10-6 /year (public) Negligible Risk
Government mandates for tolerable risk levels 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 Australia (NSW) - Hong Kong - Netherlands - United Kingdom - The United States does not set tolerable risk levels, or offer guidelines.
Chemical industry benchmarks for tolerable risk 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 Company I - Company II - Company III - Small companies - Large, multinational chemical companies tend to set levels consistent with international mandates Smaller companies tend to operate in wider ranges and implicitly, at higher levels of risk
Perform wiring continuity test Use smart features to test electronics and wiring continuity Remove sensor and test on bench Test sensors in-situ by other means Safely test the SIF using actual process variables Sensor testing options
Example – Rosemount 3051S Proof Test Proof Test 1: Analog output Loop Test Satisfies proof test requirement Coverage > 50% of DU failures Proof Test 2: 2 point sensor calibration check Coverage > 95% of DU failures Note – user to determine impulse piping proof test