Product category:
Safety and Safety Systems
News Release from: ABB Automation Tech (Instrumentation + Automation) | Subject: IEC 61508
Edited by the Processingtalk Editorial
Team on 01 December 2004
Safety first and last, the target of
IEC61508
ABB's Stuart Nunns and Roger Prew explain the ins and outs of achieving compliance with the IEC61508 standard, as it becomes a requirement for an increasing number of companies
When it comes to safety, IEC 61508 has it covered As compliance with the standard becomes a requirement for an increasing number of companies, Stuart Nunns, manager of safety critical consultancy for ABB and Roger Prew, manager of safety systems for ABB, explain the ins and outs of achieving it
This article was originally published on Processingtalk on 24 Mar 2008 at 8.00am (UK)
Related stories
ABB safety management system approved by TUV
ABB has won approval from TUV Rheinland for its functional safety management system for developing safety-related system integration according to IEC 61508/61511
New wallchart simplifies IEC61508
August 2004 was the deadline for IEC 61508, the standard focusing on safety-related systems that incorporate electrical, electronic or programmable instruments: this step by step wallchart will help
In accordance with Cenelec policy, August 2004 marks the deadline for the withdrawal of any national standards that conflict with IEC 61508, the international standard focusing on safety-related systems that incorporate electrical, electronic and/or programmable electronic (E/E/PE) instruments and devices.
So do you know if you're affected and where your responsibilities lie? Known by some as the mother of all safety standards, IEC 61508 is truly international.
Although it is not mandatory it is a widely held measure of good practice, so companies are adopting it for a variety of reasons, including commercial advantage, contractual obligations, or to demonstrate to regulators that they are protecting their employees and the environment.
Further reading
IEC 61511 impact on safety instrumentation
The IEC 61508 compliant SIL approved 2600T pressure transmitter from ABB is helping to save on life cycle costs in a real-life application, according to a recent paper
ABB shares 'Functional Safety' expertise
A new guide explaining all you need to know about 'Functional Safety' is now available from ABB, in printed or pdf format
New TUV certified SIL2 temperature transmitter
ABB has extended its range of HART temperature transmitters with the addition of a dual-compartment version, that offers independent SIL2 certification from TUV
Yet even though the final sections of the standard were published by the International Electrotechnical Commission as far back as 2000, the level of understanding and implementation differs widely between industries and even between regulators in different countries.
First we need to be clear about what's covered.
The standard is generic, so it is designed to cover all industrial sectors.
It is being followed up by a number of sector-specific standards that refer upwards to IEC61508.
For example, IEC 61511 was published last year to cover the process industries, while 61513 (nuclear generation) and 62061 (machinery) are on their way.
Because of its generic nature, the range of E/E/PE safety-related systems to which IEC 61508 can be applied is incredibly diverse.
But in every case, the standard applies to the system as a whole, including human operators where relevant.
The emphasis is on achieving an acceptable overall level of safety, or safety integrity level (SIL), not on installing the right bits of kit.
IEC 61508 is global, which means it covers all aspects of the process, including operation, maintenance and validation.
The standard must also be considered throughout the full life cycle of the process, from inception and initial design, through implementation, operation, maintenance, modification, decommissioning and final disposal.
In other words, from cradle to grave.
Increasing safety is all about minimising risk, so next we must define what we mean by risk.
Risk is a combination of the probability and severity of an adverse effect - how often can it happen and what will be the consequence if it does? The standard is concerned with the likelihood of events that can have an impact on.
* Safety of personnel.
* Integrity of the environment.
* Risk of damage to capital equipment.
* Risk of lost revenue from lost production.
* Risk of litigation from any cause.
* Risk of damage to the company's image and hence its value.
This effectively means that all processes should be assessed against the standard to determine whether it applies.
The tool for spotting and quantifying the risks is a Hazop hazard and operability study, which is usually carried out by a team from the plant.
Although IEC 61508 is concerned primarily with the integrity of safety systems, it's also important to specify the correct systems in the first place.
Why add an extra layer of complexity with an electronic safety system if good engineering design can mitigate the risk in the first place? The Hazop study will help to highlight any areas where risks can be eliminated.
Once you've determined the risks, you can start to design a system to minimise them.
Depending on the severity and frequency of the hazard, the safety system will have to reach one of four safety integrity levels, ranging from SIL1 for relatively low risks to SIL4 for the highest risk applications.
It's important to note here that a SIL is not the property of a component or subsystem, but of the safety function.
So a manufacturer of a limit switch, valve or other component may promote it as being suitable for, say, SIL2 applications, but that will only be true if it's installed and maintained correctly.
All manufacturers can really say is that their products meet certain requirements of IEC 61508.
They may have published and independently audited figures for the probability of failure on demand (PFD), for instance, which can then be used in the assessment of the safety function.
This means that it's not essential to use certified products to achieve SIL compliance, but the task of justification will be much easier if you do.
Once the system is up and running the next critical activity is the functional safety assessment, which checks that functional safety has actually been achieved.
The people carrying out the assessment must be competent and independent, but that doesn't mean that every company will have to call in the consultants.
The level of independence required of the assessor ranges from an independent person in the same organisation for SIL1 to an independent organisation for SIL4.
The required level of independence for levels 2 and 3 is affected by additional factors such as the complexity of the system, the novelty of the design and the previous experience of the developers.
For some smaller companies, even the most basic requirement for independent people from a separate department may have to be met by an external organisation.
On the other hand, companies that have internal organisations skilled in risk assessment and the application of safety-related systems, which are independent of and separate (in terms of management and other resources) from those responsible for the main development, may be able to use their own teams.
The key to compliance lies in providing documentary evidence to support the validity of all the data used in the assessment.
The final link in the safety chain is periodic proof testing, which ensures that the safety loop continues to meet the required SIL.
Once again the standard provides guidance on what constitutes adequate proof testing, as well as how to calculate the interval between proof tests.
There are always conflicts between the ideal proof test interval and the practical availability of the plant to carry out this kind of check.
So it's important to consider proof testing at the design stage to avoid unnecessary downtime later while test cycles are carried out.
Essentially then, IEC 61508 requires that end users have in place the means to manage functional safety.
They need to ensure they have competent people who can operate and maintain E/E/PE safety systems to keep them doing the jobs they were designed for.
There is help available for those companies concerned that they might not have the necessary skills in house.
Equipment manufacturers, consultants and even the regulators can all offer support and advice.
However, the ability to offer a true one-stop-shop to address every aspect of compliance is rare.
ABB Automation Technologies division has a wealth of experience in the field of safety-related systems encompassing the complete safety life cycle for a host of industrial sectors.
By applying this experience, ABB can offer the consultancy and expertise to make sure you1ve got it covered when it comes to meeting the demands of IEC 61508.
• ABB Automation Tech (Instrumentation + Automation): contact details and other news
• Email this article to a colleague
• Register for the free Processingtalk email newsletter
• Processingtalk Home Page
Search the Pro-Talk network of sites
