1 May 2005
Selecting safety system sensors
By Timothy J. Layer
What's the best-practice approach to selecting sensors for safety instrumented system (SIS) applications? Meeting IEC 61511 requirements while minimizing life-cycle costs is one requirement. Lifecycle costs include capital expenditures, operating expenditures, and maintenance expenditures. New safety-certified instrument technologies for SIS applications will ensure adequate safety but add significant capital, operating, or maintenance expenditures. Companies will use sensors specified for basic process control on SIS, which will require costly proven-in-use documentation programs. When selecting a supplier for SIS sensors, the designer should consider common cause design strength. Similar to reliability, common cause design strength requires the supplier to design a sensor that will deliver a high quality and accurate signal for the sensor's entire installed life.
International standards add plant value
IEC 61511 lists the requirements for end-users and integrators. This standard requires manufacturers and suppliers of equipment they use in SIS applications to follow the outlined requirements in IEC 61508 Section 2, Hardware/
System and Section 3, Software. IEC 61511 clearly states manufacturers of SIS equipment must follow the requirements of IEC 61508 Section 2 and 3 unless the end-user has met the requirements of Section 11.5, Prior Use. Manufacturers cannot make a claim to meet prior use per this standard; this is the end user's responsibility. Manufacturers would need to follow the prior-use requirements of IEC 61508.
SIS sensor requirements
IEC 61511 documents specific requirements for SIS sensors. In selecting sensors and final control elements for SIS, end users can either select devices designed per the requirements of IEC 61508 Section 2 and 3 or based upon prior use. IEC 61508 Section 2, Hardware and Section 3, Software, is an excellent standard to apply.
Sensors designed in accordance with IEC 61508 define a field instrument design that meets the hardware, system, and software requirements detailed in IEC 61508, Sections 2 and 3. The standard uses the safety integrated level (SIL) table and applies it to the instrument system design as a measure of the device safety level.
Prior use sensor selection
The international committees that developed IEC 61508 and IEC 61511 recognized users could develop other criteria for certifying SIS loop components. So they included a prior-use clause allowing users a methodology to accept sensors and control elements not designed per IEC 61508 Section 2 and 3 for SIS applications. To meet the requirements, the standard allows users to document operating experience from basic process control applications as well as SIS applications.
Establishing prior use for sensors ensures the selected sensors have a known reliability. This will reduce the potential for spurious trips and the cost for failed sensor replacements. Designers and maintenance technicians already understand the selected sensors. Installation practices for SIS applications can be the same as those for basic process control applications; maintenance personnel need no special no training, and you can leverage spare part inventory.
Prior use requires the user to document the operating experience of the SIS sensors through the entire sensor lifecycle. This can be very expensive and time-consuming. Using sensors designed per IEC 61508 requires none of this work. The largest risk for the end-user when using prior-use sensors is the management of change.
Reduced proof tests
Users must determine and document SIS loop proof tests. As part of these tests, they must also verify the loop components. For sensors, a field calibration once every 12 months usually completes this. Using the same platform for basic process control and SIS allows the users to take advantage of the inventory already on hand. If a new sensor is specified for SIS, the user must carry the inventory costs of the new sensors as well as the basic process control sensor.
Process sector grade pressure and temperature transmitters are the best sensor type for SIS applications because they ensure high reliability in process grade applications and environments, have good installed performance and response times, and have a short mean-time-to-restoration (MTTR).
Behind the byline
Timothy J. Layer is director of global quality, reliability, & safety at Emerson Process Management- Rosemount Division, in Chanhassen, Minn.
More on IEC safety standard
In 2003, a new SIS standard hit the streets-IEC 61511. End users developed this standard to represent an international consortium from over 20 countries, including the U.S. The purpose was to develop a single set of requirements to address the entire SIS lifecycle (identification, design, installation, operating and maintenance, and decommissioning) specific for the process sector while meeting the requirements of the global process industry.
The ISA Standard 84.01-1996 will migrate to the IEC 61511 standard under the name ISA 84.00.01-2004. New technologies are now available that will allow designers to select sensors that meet safety requirements in compliance with these new standards while reducing overall lifecycle costs. This paper will outline a best-practice approach to the selection of sensors for SIS applications that meet the requirements of IEC 61511/ISA 84.00.01-2004 while minimizing lifecycle costs.
Since most global standard committees and/or authorities are expected to adopt this standard for their specific countries, companies can now develop standardized processes for safety instrumented systems that will meet most all global requirements. Second, the standard follows the "life-cycle" approach that assists users in ensuring SIS are designed to meet the operating plant's safety instrumented function (SIF) requirements and complete the intended safety function from conception through decommissioning.