What is a Safety Instrumented Function (SIF)?
A Safety Instrumented Function (SIF) is a system designed to reduce risks associated with specific hazards by taking an automatic action when required maintaining or restoring a safe process state. A number of SIFs may be implemented together in a Safety Instrumented System (SIS), which is the sum of all equipment required to implement the constituent SIFs.
The SIF should take its action under clearly defined circumstances for example, on high level in a knock-out drum. The overall
purpose of the SIF is to reduce the risk of a specific harmful event, or in other words, to achieve risk reduction.
The primary objectives of SIF include:
- Automatically transitioning an industrial process to a safe state when specified unsafe conditions are detected.
- Permitting the process to proceed safely under defined permissive conditions.
- Mitigating the consequences of hazardous events.
According to industry standards, the amount of risk reduction required of each SIF is expressed as a Safety Integrity Level (SIL), essential for achieving functional safety. A SIF is implemented using one or more sensors, a logic solver, and one or more final elements (devices acting directly on the process, such as a shutdown valve).
To demonstrate that the SIF achieves its SIL target, a calculation known as SIL verification is executed. This requires an understanding of the failure modes of the hardware used to implement the SIF, the way failure rates are expressed in terms of Lambda values, and the concept of hardware fault tolerance.
Key Components of a SIF
A SIF is normally implemented using three groups of hardware components known as subsystems. The subsystems are:
- Sensors: Detect hazardous conditions or deviations from normal process parameters.
- Logic Solver: a device that analyses the information provided by the sensors and decides whether the SIF needs to act.
- Final Elements: Elements, such as valves and motor controllers, that act when the logic solver commands them to do so.
The collective ability of these components to detect, decide, and act is evaluated through the Safety Integrity Level (SIL), which quantifies the effectiveness of a SIF in reducing risk.
The SIF includes a definition of everything needed to achieve its objective of risk reduction. This includes aspects such as:
- identification of the hardware needed
- the software programmed into the hardware to give the required function
- a definition of what the function must do (e.g. close a shutdown valve), and when (e.g. when a specified pressure transmitter sees a high pressure)
- how reliable the function must be; and
- a great deal of other information, such as testing requirements
Reliability of SIF
SIF’s reliability is defined numerically using two values:
- the SIF’s probability of failure (PFDavg or PFH)
- the SIF’s mean time to fail spurious (MTTFS) measure of the likelihood that it will take action at the wrong time, i.e. when there was no need to act.
The full range of possible PFDavg and PFH values is divided into bands, each of which is associated with a safety integrity level (SIL). SILs are numbered from 1 to 4, with 1 the lowest level of integrity (i.e. highest probability of failure). A SIL is assigned individually to each SIF in the system. A typical SIS could contain SIFs at SIL 1, SIL 2 and SIL 3 (SIL 4 is rarely applied in the process industry, as it is hard to achieve in practice).
Designing a Safety Instrumented Function (SIF)
Each SIF is tailored to address a specific hazard scenario. The process involves:
- Identifying the Hazard: Determine potential risks and scenarios requiring intervention.
- SIL Determination: Use methodologies like Risk Graphs, Layer of Protection Analysis (LOPA), or Risk Matrices to assign a suitable SIL level for the SIF.
- Safety Requirements Specification (SRS): Develop an SRS to guide the design team in meeting the SIF’s safety integrity requirements during implementation.
- Validation: Ensure that the implemented SIF meets the specifications and performs as intended.
Measuring the Effectiveness of a SIF
The performance of a SIF is commonly measured using Safety Integrity Levels (SILs). Each SIL represents the probability of a failure on demand, with SIL 1 being the lowest level of risk reduction and SIL 4 being the highest. The SIL determination process ensures the SIF is designed to meet the required safety performance standards.
Examples of Safety Instrumented Functions (SIF)
SIFs are widely used in industrial settings to prevent accidents, protect equipment, and safeguard the environment. Below are some examples:
- Pressure Protection: Close an outlet valve in a separation unit to prevent high pressure from causing vessel rupture or explosion.
- Burner Safety: Cut off fuel flow in an industrial burner when fuel pressure is too low, preventing flameout and potential explosions.
- Over temperature Mitigation: Open a coolant flow valve to prevent equipment damage from excessive temperatures.
- Reverse Flow Isolation: Close a valve to isolate reactants and avoid overpressure caused by reverse flow.
- Spillage Prevention: Close a valve to stop material flow into a tank when high levels are detected, avoiding environmental contamination.
- Fire Control: Open sprinkler valves upon flame detection to minimize fire damage.
- Steam Shutdown: On detecting high temperature, shut off steam flow to a reboiler to prevent column rupture.
- Overpressure Relief: Open a relief valve to prevent tank rupture from excessive pressure.
- Environmental Protection: Open a drain valve to redirect excess liquid to a waste sump when high levels are detected.
- Motor Overspeed Shutdown: Stop a motor by disconnecting power or activating a brake when severe overspeed is detected.
Top References
- Functional Safety in the Process Industry by Rockwell Automation
- https://www.exida.com
- Safety Instrumented Systems Verification: Practical Probabilistic Calculations William M. Goble Harry Cheddie
- Functional Safety from Scratch by Peter Clarke, xSeriCon
