Functional safety - Safety instrumented systems for the process industry sector - Part 3: Guidance for the determination of the required safety integrity levels (IEC 61511-3:2016)

This part of IEC 61511 provides information on:
– the underlying concepts of risk and the relationship of risk to safety integrity (see Clause
A.4);
– the determination of tolerable risk (see Annex K);
– a number of different methods that enable the safety integrity level (SIL) for the safety
instrumented functions (SIF) to be determined (see Annexes B through K);
– the impact of multiple safety systems on calculations determining the ability to achieve the
desired risk reduction (see Annex J).
In particular, this part of IEC 61511:
a) applies when functional safety is achieved using one or more SIF for the protection of
either personnel, the general public, or the environment;
b) may be applied in non-safety applications such as asset protection;
c) illustrates typical hazard and risk assessment methods that may be carried out to define
the safety functional requirements and SIL of each SIF;
d) illustrates techniques/measures available for determining the required SIL;
e) provides a framework for establishing SIL but does not specify the SIL required for specific
applications;
f) does not give examples of determining the requirements for other methods of risk
reduction.
NOTE Examples given in the Annexes of this Standard are intended only as case specific examples of
implementing IEC 61511 requirements in a specific instance, and the user should satisfy themselves that the
chosen methods and techniques are appropriate to their situation.
Annexes B through K illustrate quantitative and qualitative approaches and have been
simplified in order to illustrate the underlying principles. These annexes have been included to
illustrate the general principles of a number of methods but do not provide a definitive
account.
NOTE 1 Those intending to apply the methods indicated in these annexes can consult the source material
referenced in each annex.
NOTE 2 The methods of SIL determination included in Part 3 may not be suitable for all applications. In particular,
specific techniques or additional factors that are not illustrated may be required for high demand or continuous
mode of operation.
NOTE 3 The methods as illustrated herein may result in non-conservative results when they are used beyond
their underlying limits and when factors such as common cause, fault tolerance, holistic considerations of the
application, lack of experience with the method being used, independence of the protection layers, etc., are not
properly considered. See Annex J.
Figure 2 gives an overview of typical protection layers and risk reduction means.

Funktionale Sicherheit - PLT-Sicherheitseinrichtungen für die Prozessindustrie - Teil 3: Anleitung für die Bestimmung der erforderlichen Sicherheits-Integritätslevel (IEC 61511-3:2016)

Sécurité fonctionnelle - Systèmes instrumentés de sécurité pour le secteur des industries de transformation - Partie 3: Conseils pour la détermination des niveaux exigés d'intégrité de sécurité (IEC 61511-3:2016)

L'IEC 61511-3:2016 s'applique lorsque la sécurité fonctionnelle est obtenue en utilisant une ou plusieurs SIF pour la protection du personnel, du grand public ou de l'environnement; peut s'appliquer dans des applications non liées à la sécurité (notamment la protection des biens); présente les méthodes d'analyse de danger et de risque qui peuvent être réalisées pour définir les exigences fonctionnelles de sécurité et le SIL de chaque SIF; identifie des techniques et mesures disponibles pour déterminer le SIL exigé; fournit un cadre pour la détermination du SIL, mais ne spécifie pas le SIL exigé pour des applications spécifiques; ne donne aucun exemple de détermination des exigences relatives à d'autres méthodes de réduction de risque. Cette deuxième édition annule et remplace la première édition parue en 2003. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente: Réalisation d'exemples additionnels H&RA et d'annexes sur la considération d'analyse quantitative.

Funkcijska varnost - Sistemi z varnostnimi instrumenti za sektor procesne industrije - 3. del: Smernice za ugotavljanje zahtevanih nivojev celovite varnosti (IEC 61511-3:2016)

Ta del standarda IEC 61511 določa informacije:
– o temeljnih zasnovah glede tveganj in povezavi med tveganjem ter varnostno celovitostjo (glej točko A.4);
– o določitvi sprejemljivega tveganja (glej dodatek K);
– o številnih različnih metodah, ki omogočajo določitev stopnje varnostne celovitosti (SIL) za funkcije z varnostnimi instrumenti (SIF) (glej dodatke od B do K);
– o vplivu več varnostnih sistemov na izračune, ki določajo zmožnost doseganja želenega zmanjšanja tveganja (glej dodatek J).
Ta del standarda IEC 61511:
a) se uporablja, če se funkcionalna varnost doseže z uporabo ene ali več funkcij z varnostnimi instrumenti za zaščito osebja/splošne javnosti ali varstvo okolja;
b) se lahko uporabi za aplikacije, ki niso povezane z varnostjo, npr. za zaščito sredstev;
c) opisuje tipične metode ocenjevanja nevarnosti in tveganja, ki se lahko izvedejo za opredelitev varnostnih funkcionalnih zahtev in stopnjo varnostne celovitosti vsake funkcije z varnostnimi instrumenti;
d) opisuje tehnike/ukrepe, ki so na voljo za določanje zahtevane stopnje varnostne celovitosti;
e) podaja okvir za določanje stopnje varnostne celovitosti, a ne določa stopnje varnostne celovitosti, ki je potrebna za določeno aplikacijo;
f) ne podaja primerov za določanje zahtev za druge metode za zmanjšanje tveganja.
OPOMBA: Primeri, navedeni v dodatkih tega standarda, se navezujejo na posamezne primere uporabe zahtev iz standarda IEC 61511 v določenem primeru, uporabnik pa se mora prepričati, da so izbrane metode in tehnike primerne v njegovem primeru.
Dodatki B–K opisujejo kvantitativne in kvalitativne pristope in so poenostavljeni zaradi prikaza osnovnih načel. Ti dodatki so vključeni za prikaz splošnih načel več metod, vendar ne zagotavljajo dokončnega pristopa.
OPOMBA 1: Tisti, ki nameravajo uporabiti metode, navedene v teh dodatkih, lahko upoštevajo izvorni material, ki je naveden v vsakem dodatku.
OPOMBA 2: Metode za določanje stopnje varnostne celovitosti, zajete v 3. delu, morda niso primerne za vse načine uporabe. Še zlasti določene tehnike ali dodatni dejavniki, ki niso opisani, so mogoče potrebni za način z visokimi zahtevami ali neprekinjen način delovanja.
OPOMBA 3: Metode, kot so opisane tukaj, lahko privedejo do nekonzervativnih rezultatov, če so uporabljene prek osnovnih omejitev in ko dejavniki, kot so običajni vzroki, toleriranje napak, holistični vidiki uporabe, pomanjkanje izkušenj z uporabljeno metodo, neodvisnost zaščitnih plasti itd. niso zadostno obravnavani. Glej dodatek J.
Slika 2 podaja pregled tipičnih varnostnih plasti in sredstev za zmanjšanje tveganj.

General Information

Status
Published
Publication Date
07-Aug-2017
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
08-May-2017
Due Date
13-Jul-2017
Completion Date
08-Aug-2017

Relations

Buy Standard

Standard
EN 61511-3:2017 - BARVE
English language
103 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 61511-3:2017
01-september-2017
1DGRPHãþD
SIST EN 61511-3:2007
Funkcijska varnost - Sistemi z varnostnimi instrumenti za sektor procesne
industrije - 3. del: Smernice za ugotavljanje zahtevanih nivojev celovite varnosti
(IEC 61511-3:2016)
)XQFWLRQDOVDIHW\6DIHW\LQVWUXPHQWHGV\VWHPVIRUWKHSURFHVVLQGXVWU\VHFWRU3DUW
*XLGDQFHIRUWKHGHWHUPLQDWLRQRIWKHUHTXLUHGVDIHW\LQWHJULW\OHYHOV
,(&
Funktionale Sicherheit - PLT-Sicherheitseinrichtungen für die Prozessindustrie - Teil 3:
Anleitung für die Bestimmung der erforderlichen Sicherheits-Integritätslevel (IEC 61511-
3:2016)
Sécurité fonctionnelle - Systèmes instrumentés de sécurité pour le secteur des industries
de transformation - Partie 3: Conseils pour la détermination des niveaux exigés
d'intégrité de sécurité (IEC 61511-3:2016)
Ta slovenski standard je istoveten z: EN 61511-3:2017
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
SIST EN 61511-3:2017 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 61511-3:2017

---------------------- Page: 2 ----------------------

SIST EN 61511-3:2017


EUROPEAN STANDARD EN 61511-3

NORME EUROPÉENNE

EUROPÄISCHE NORM
April 2017
ICS 13.110; 25.040.01 Supersedes EN 61511-3:2004
English Version
Functional safety - Safety instrumented systems for the process
industry sector - Part 3: Guidance for the determination of the
required safety integrity levels
(IEC 61511-3:2016)
Sécurité fonctionnelle - Systèmes instrumentés de sécurité Funktionale Sicherheit - PLT-Sicherheitseinrichtungen für
pour le secteur des industries de transformation - Partie 3: die Prozessindustrie - Teil 3: Anleitung für die Bestimmung
Conseils pour la détermination des niveaux exigés der erforderlichen Sicherheits-Integritätslevel
d'intégrité de sécurité (IEC 61511-3:2016)
(IEC 61511-3:2016)
This European Standard was approved by CENELEC on 2016-08-25. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN 61511-3:2017 E

---------------------- Page: 3 ----------------------

SIST EN 61511-3:2017
EN 61511-3:2017
European foreword
The text of document 65A/779/FDIS, future edition 2 of IEC 61511-3, prepared by SC 65A “System
aspects” of IEC/TC 65 “Industrial process measurement, control and automation" was submitted to the
IEC-CENELEC parallel vote and approved by CENELEC as EN 61511-3:2017.

The following dates are fixed:
(dop) 2017-10-21
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-04-21
standards conflicting with the
document have to be withdrawn

This document supersedes EN 61511-3:2004.

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.

Endorsement notice
The text of the International Standard IEC 61511-3:2016 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61025:2006 NOTE Harmonized as EN 61025:2007.
IEC 61165:2006 NOTE Harmonized as EN 61165:2006.
IEC 61508-5:2010 NOTE Harmonized as EN 61508-5:2010.
IEC 61508-6:2010 NOTE Harmonized as EN 61508-6:2010.
IEC 62551:2012 NOTE Harmonized as EN 62551:2012.
ISO/TR 12489:2013 NOTE Harmonized as CEN ISO/TR 12489:2016.

2

---------------------- Page: 4 ----------------------

SIST EN 61511-3:2017
EN 61511-3:2017

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 61511-1 2016 Functional safety - Safety instrumented EN 61511-1 2016
systems for the process industry sector -
Normative (uon) -- Part 1: Framework,
definitions, system, hardware and software
requirements

3

---------------------- Page: 5 ----------------------

SIST EN 61511-3:2017

---------------------- Page: 6 ----------------------

SIST EN 61511-3:2017




IEC 61511-3

®


Edition 2.0 2016-07




INTERNATIONAL



STANDARD




NORME



INTERNATIONALE
colour

inside










Functional safety – Safety instrumented systems for the process industry

sector –

Part 3: Guidance for the determination of the required safety integrity levels




Sécurité fonctionnelle – Systèmes instrumentés de sécurité pour le secteur des

industries de transformation –


Partie 3: Conseils pour la détermination des niveaux exigés d'intégrité de

sécurité












INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE


INTERNATIONALE




ICS 13.110; 25.040.01 ISBN 978-2-8322-3212-5



Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------

SIST EN 61511-3:2017
– 2 – IEC 61511-3:2016  IEC 2016
CONTENTS
FOREWORD. 7
INTRODUCTION . 9
1 Scope . 12
2 Normative references . 13
3 Terms, definitions and abbreviations . 13
Annex A (informative) Risk and safety integrity – general guidance . 14
A.1 General . 14
A.2 Necessary risk reduction . 14
A.3 Role of safety instrumented systems . 14
A.4 Risk and safety integrity . 16
A.5 Allocation of safety requirements . 17
A.6 Hazardous event, hazardous situation and harmful event . 17
A.7 Safety integrity levels . 18
A.8 Selection of the method for determining the required safety integrity level . 18
Annex B (informative) Semi-quantitative method – event tree analysis . 20
B.1 Overview . 20
B.2 Compliance with IEC 61511-1:2016 . 20
B.3 Example . 20
B.3.1 General . 20
B.3.2 Process safety target . 21
B.3.3 Hazard analysis . 21
B.3.4 Semi-quantitative risk analysis technique. 22
B.3.5 Risk analysis of existing process . 23
B.3.6 Events that do not meet the process safety target . 25
B.3.7 Risk reduction using other protection layers . 26
B.3.8 Risk reduction using a safety instrumented function . 26
Annex C (informative) The safety layer matrix method . 28
C.1 Overview . 28
C.2 Process safety target . 29
C.3 Hazard analysis . 29
C.4 Risk analysis technique . 30
C.5 Safety layer matrix . 31
C.6 General procedure . 32
Annex D (informative) A semi-qualitative method: calibrated risk graph . 34
D.1 Overview . 34
D.2 Risk graph synthesis . 34
D.3 Calibration . 35
D.4 Membership and organization of the team undertaking the SIL assessment . 36
D.5 Documentation of results of SIL determination . 37
D.6 Example calibration based on typical criteria . 37
D.7 Using risk graphs where the consequences are environmental damage . 40
D.8 Using risk graphs where the consequences are asset loss . 41
D.9 Determining the integrity level of instrument protection function where the
consequences of failure involve more than one type of loss . 41
Annex E (informative) A qualitative method: risk graph . 42

---------------------- Page: 8 ----------------------

SIST EN 61511-3:2017
IEC 61511-3:2016  IEC 2016 – 3 –
E.1 General . 42
E.2 Typical implementation of instrumented functions . 42
E.3 Risk graph synthesis . 43
E.4 Risk graph implementation: personnel protection . 43
E.5 Relevant issues to be considered during application of risk graphs . 45
Annex F (informative) Layer of protection analysis (LOPA) . 47
F.1 Overview . 47
F.2 Impact event . 48
F.3 Severity level . 48
F.4 Initiating cause . 49
F.5 Initiation likelihood . 50
F.6 Protection layers . 50
F.7 Additional mitigation . 51
F.8 Independent protection layers (IPL) . 51
F.9 Intermediate event likelihood . 52
F.10 SIF integrity level . 52
F.11 Mitigated event likelihood . 52
F.12 Total risk . 52
F.13 Example . 53
F.13.1 General . 53
F.13.2 Impact event and severity level . 53
F.13.3 Initiating cause . 53
F.13.4 Initiating likelihood . 53
F.13.5 General process design. 53
F.13.6 BPCS . 53
F.13.7 Alarms . 53
F.13.8 Additional mitigation . 54
F.13.9 Independent protection layer(s) (IPL) . 54
F.13.10 Intermediate event likelihood . 54
F.13.11 SIS . 54
F.13.12 Next SIF . 54
Annex G (informative) Layer of protection analysis using a risk matrix . 56
G.1 Overview . 56
G.2 Procedure . 58
G.2.1 General . 58
G.2.2 Step 1: General Information and node definition . 58
G.2.3 Step 2: Describe hazardous event . 59
G.2.4 Step 3: Evaluate initiating event frequency . 62
G.2.5 Step 4: Determine hazardous event consequence severity and risk
reduction factor . 63
G.2.6 Step 5: Identify independent protection layers and risk reduction factor . 64
G.2.7 Step 6: Identify consequence mitigation systems and risk reduction
factor . 65
G.2.8 Step 7: Determine CMS risk gap . 66
G.2.9 Step 8: Determine scenario risk gap . 69
G.2.10 Step 9: Make recommendations when needed . 69
Annex H (informative) A qualitative approach for risk estimation & safety integrity level
(SIL) assignment . 71
H.1 Overview . 71

---------------------- Page: 9 ----------------------

SIST EN 61511-3:2017
– 4 – IEC 61511-3:2016  IEC 2016
H.2 Risk estimation and SIL assignment . 73
H.2.1 General . 73
H.2.2 Hazard identification/indication . 73
H.2.3 Risk estimation . 73
H.2.4 Consequence parameter selection (C) (Table H.2) . 74
H.2.5 Probability of occurrence of that harm . 75
H.2.6 Estimating probability of harm . 77
H.2.7 SIL assignment . 77
Annex I (informative) Designing & calibrating a risk graph . 80
I.1 Overview . 80
I.2 Steps involved in risk graph design and calibration . 80
I.3 Risk graph development . 80
I.4 The risk graph parameters . 81
I.4.1 Choosing parameters . 81
I.4.2 Number of parameters. 81
I.4.3 Parameter value. 81
I.4.4 Parameter definition . 81
I.4.5 Risk graph . 82
I.4.6 Tolerable event frequencies (Tef) for each consequence . 82
I.4.7 Calibration . 83
I.4.8 Completion of the risk graph . 84
Annex J (informative) Multiple safety systems . 85
J.1 Overview . 85
J.2 Notion of systemic dependencies . 85
J.3 Semi-quantitative approaches . 88
J.4 Boolean approaches . 89
J.5 State-transition approach . 92
Annex K (informative) As low as reasonably practicable (ALARP) and tolerable risk
concepts . 96
K.1 General . 96
K.2 ALARP model . 96
K.2.1 Overview . 96
K.2.2 Tolerable risk target . 97
Bibliography . 99

Figure 1 – Overall framework of the IEC 61511 series . 11
Figure 2 – Typical protection layers and risk reduction means . 13
Figure A.1 – Risk reduction: general concepts . 16
Figure A.2 – Risk and safety integrity concepts . 17
Figure A.3 – Harmful event progression . 18
Figure A.4 – Allocation of safety requirements to the non-SIS protection layers and
other protection layers . 19
Figure B.1 – Pressurized vessel with existing safety systems . 21
Figure B.2 – Fault tree for overpressure of the vessel . 24
Figure B.3 – Hazardous events with existing safety systems . 25
Figure B.4 – Hazardous events with SIL 2 safety instrumented function . 27
Figure C.1 – Protection layers . 28

---------------------- Page: 10 ----------------------

SIST EN 61511-3:2017
IEC 61511-3:2016  IEC 2016 – 5 –
Figure C.2 – Example of safety layer matrix. 32
Figure D.1 – Risk graph: general scheme . 38
Figure D.2 – Risk graph: environmental loss . 41
Figure E.1 – VDI/VDE 2180 Risk graph – personnel protection and relationship to SILs . 44
Figure F.1 – Layer of protection analysis (LOPA) report . 49
Figure G.1 – Layer of protection graphic highlighting proactive and reactive IPL . 56
Figure G.2 – Work process used for Annex G . 58
Figure G.3 – Example process node boundary for selected scenario . 59
Figure G.4 – Acceptable secondary consequence risk . 67
Figure G.5 – Unacceptable secondary consequence risk . 67
Figure G.6 – Managed secondary consequence risk . 69
Figure H.1 – Workflow of SIL assignment process . 72
Figure H.2 – Parameters used in risk estimation . 74
Figure I.1 – Risk graph parameters to consider . 81
Figure I.2 – Illustration of a risk graph with parameters from Figure I.1 . 82
Figure J.1 – Conventional calculations . 85
Figure J.2 – Accurate calculations . 86
Figure J.3 – Redundant SIS . 88
Figure J.4 – Corrective coefficients for hazardous event frequency calculations when
the proof tests are performed at the same time . 89
Figure J.5 – Expansion of the simple example . 89
Figure J.6 – Fault tree modelling of the multi SIS presented in Figure J.5 . 90
Figure J.7 – Modelling CCF between SIS and SIS . 91
1 2
Figure J.8 – Effect of tests staggering . 91
Figure J.9 – Effect of partial stroking . 92
Figure J.10 – Modelling of repair resource mobilisation . 93
Figure J.11 – Example of output from Monte Carlo simulation . 94
Figure J.12 – Impact of repairs due to shared repair resources . 95
Figure K.1 – Tolerable risk and ALARP . 97

Table B.1 – HAZOP study results . 22
Table C.1 – Frequency of hazardous event likelihood (without considering PLs) . 31
Table C.2 – Criteria for rating the severity of impact of hazardous events . 31
Table D.1 – Descriptions of process industry risk graph parameters . 35
Table D.2 – Example calibration of the general purpose risk graph . 39
Table D.3 – General environmental consequences . 40
Table E.1 – Data relating to risk graph (see Figure E.1) . 45
Table F.1 – HAZOP developed data for LOPA . 48
Table F.2 – Impact event severity levels . 49
Table F.3 – Initiation likelihood . 50
Table F.4 – Typical protection layers (prevention and mitigation) PFD . 51
avg
Table G.1 – Selected scenario from HAZOP worksheet . 59
Table G.2 – Selected scenario from LOPA worksheet . 61

---------------------- Page: 11 ----------------------

SIST EN 61511-3:2017
– 6 – IEC 61511-3:2016  IEC 2016
Table G.3 – Example initiating causes and associated frequency . 63
Table G.4 – Consequence severity decision table . 64
Table G.5 – Risk reduction factor matrix . 64
Table G.6 – Examples of independent protection layers (IPL) with associated risk
reduction factors (RRF) and probability of failure on demand (PFD) . 66
Table G.7 – Examples of consequence mitigation system (CMS) with associated risk
reduction factors (RRF) and probability of failure on demand (PFD) . 66
Table G.8 – Step 7 LOPA worksheet (1 of 2) . 68
Table G.9 – Step 8 LOPA worksheet (1 of 2) .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.