Modes of Operation of a SIF
The demand mode of a Safety Instrumented Function (SIF) refers to the operational mode in which the SIF is activated only when a specific demand occurs, such as a process deviation or an unsafe condition. The demand mode is classified based on the frequency of such demands.
Mode of Operation of a SIF is the way in which a SIF operates which may be either Low Demand Mode, High Demand Mode or Continuous Mode.
1. Low Demand Mode
It is the mode of operation where the SIF is only performed on demand, in order to transfer the process into a specified safe state, and where the frequency of demands is no greater than one per year.
In low demand mode, a dangerous condition is expected very infrequently. The threshold for classification between high demand and low demand should be determined by the ratio of any planned manual proof test interval to the average interval between demands.
Examples of Low Demand SIF
1.Emergency Shutdown Systems (ESD): Used to shut down processes in response to critical failures or unsafe conditions. Example: Stopping a chemical reactor during a temperature or pressure excursion to prevent a runaway reaction.
2. Fire and Gas Detection Systems: Designed to detect fires, gas leaks, or other hazardous conditions and activate mitigation measures like alarms, fire suppression systems, or area isolation. Example: Gas detection system shutting down process units when a combustible gas concentration is detected.
3. Boiler Emergency Shutdown Systems: Activated during unsafe boiler conditions such as low water levels, high steam pressure, or loss of flame. Example: Shutting down the fuel supply in a boiler during a flameout.
2. High Demand Mode SIF
In high demand mode, the dangerous condition is not always present but does occur frequently. The “high demand” mode occurs when a demand occurs nearly as often as or more often than any practical manual proof test interval but considerably slower than the automatic diagnostic test and response time.
The exact demand rate is not important. It is the ratio of demand rate to manual proof test rate and
automatic diagnostic and response rate that defines the region. The threshold between continuous demand and high demand depends on the ratio of the demand rate to the automatic test rate. The reason to
distinguish these modes is that one may take credit for automatic diagnostics in high demand mode even in a single channel (1oo1) system.
High demand mode is the mode of operation where the SIF, is only performed on demand, in order to transfer the process into a specified safe state, and where the frequency of demands is greater than one per year.
In the event of a dangerous failure of the SIF, a hazardous event can only occur;
- if the failure is undetected and a demand occurs before the next proof test
- if the failure is detected by the diagnostic tests but the related process and its associated equipment has not been moved to a safe state before a demand occurs.
SIF operating in low demand mode or high demand mode is called the demand mode of SIF.
Examples of High Demand Mode SIF
1. Tank Overfill Prevention in Frequent Operations: Tanks that are filled and emptied multiple times a year but not continuously. Example: A system that activates a high-level shutdown valve to stop filling during periodic batch processes.
2. Furnace or Heater Trips Due to Operational Deviations: Heaters in facilities where operational upsets or deviations trigger emergency actions a few times annually. Example: A burner management system that shuts off fuel due to flame loss or pressure anomalies during seasonal production changes.
3. Continuous Mode SIF
In continuous mode, the demand is effectively always present. Dangerous conditions always exist and a dangerous failure of the safety instrumented function will immediately result in an incident. There are no safety benefits that can be claimed for manual proof testing or even automatic on-line diagnostics in a single channel system (1oo1). By the time the diagnostics detect the fault and initiate action, it is too late. Therefore, in continuous demand mode probability evaluation cannot take credit for any diagnostics except in redundant systems.
In continuous mode of operation, the SIF retains the process in a safe state as part of normal operation. Burner or turbine speed control functions may be specified as continuous mode of operation. SIF operating in continuous mode is called, continuous mode SIF
- In the event of a dangerous failure of the SIF a hazardous event will occur without further failure unless action is taken to prevent it within the process safety time.
- Continuous mode covers those SIF which implement continuous control to maintain functional safety.
Examples of Continuous Mode SIF
1. Cooling Water Systems for Reactor Temperature Control: Ensures reactors stay within safe temperature limits by operating continuously to avoid overheating.
2. Burner Management Systems (BMS): Used in boilers, heaters, and furnaces to continuously monitor and control combustion processes. Ensures proper ignition, fuel shut-off, and flame monitoring.
Note:
For a SIS operating in a low demand mode of operation, the target failure measure of interest is the
average probability of failure to perform its designed function on demand.
For a SIS operating in a continuous/high demand mode of operation, the target failure measure of interest is the average frequency of a dangerous failure.
