ANSI/ISA-84 provides a framework for managing safety systems in the process industry to ensure the systems deliver sufficient risk reduction by reducing risk to acceptable levels.

Summary of Standards

• ANSI/ISA-84 standard has been harmonized with IEC 61511. The standards essentially have the same requirements except for a “grandfather” clause. This clause allows installations to use the 1996 version of S84, provided the safety equipment is designed, maintained, inspected, tested and operated in a safe manner.
• IEC-61508 applies to product development and requires compliance in all aspects of the development, manufacturing and maintenance of the complete system. To meet IEC 61508, the design processes (design lifecycle) used to create the product(s) must also comply with the directive.
• IEC-61511 applies to process controls and machinery. IEC-61511 applies to all elements of the system, including the instruments(s), valves(s) and logic solver(s). Each component contributes partially to the statistical risk analysis of the system.

Overview

The Safety Integrity Level (SIL) level is determined by a risk assessment. This SIL level specifies the amount of risk reduction (mitigation) needed to reduce the risk to acceptable levels. All processes must have some level of risk, as zero risk is impossible to achieve.

The SIL level required depends greatly on the consequences of failure of the installed product, process, or machine. If a catastrophic failure of a processes results in no injuries, no significant damage to the environment and little financial impact to the customer, then a relatively low SIL level (SIL 1 for example) may be acceptable. Risk is mitigated (reduced) through independent layers of protection. In the diagram below, process risk level is shown along with mitigations such as the control system, safety system, relieve valves, etc.

After the required SIL is determined, the processes and safety systems can be designed to meet the required SIL. The amount of risk reduction is determined by statistical models of the components. Ideally, these models are based on actual field data (failure rates). Otherwise, the models are based on standard databases of component failures. To increase the SIL, the probability of failure on demand (PFD) of the safety system must be lowered.