Cover Story: Understanding ISA-84 - ISATRAINING & STANDARDS & CONFERENCES MEMBERSHIP CERTIFICATIONS PUBLICATIONS & EVENTS NEWS & PRESS RELEASES RESOURCES TECHNICAL PROFESSIONAL TOPICS DEVELOPMENT STORE Home › ISA Publications › InTech Magazine › 2012 / May-June › Cover Story: Understanding ISA-84 May/June 2012 Cover Story Understanding ISA-84 Important functional safety standard for automation in the computer age Fast Forward Functional safety for process has always been a priority, and, as automation has moved into the computer age, new safety issues have arisen. The need for improved understanding and harmonization of risk reduction approaches became evident from such major catastrophes as Seveso (Italy), Bhopal (India), Flixborough (U.K.), and Chernobyl (Ukraine). The International Society of Automation (ISA) recognized the need for an improved approach in handling process sector functional safety issues and developed ISA-84 as an important functional safety standard for automation in the computer age. By William Johnson, Richard R. Dunn, and Victor J. Maggioli Introduction This overview outlines key elements of the ISA84 committee on process sector functional safety, including scope, purpose, history, and technical issues. It also provides a preview of the forthcoming 2nd edition of ANSI/ISA-84.00.01 (IEC 61511 Mod). Background Functional safety within the process sector has always been a priority. As the process sector moved into the computer age, new issues arose as manufacturing plants converted to computer control to replace electrical, pneumatic, and electronic controls. The process sector developed a variety of tools to address these problems, but safety performance did not always meet expectations. The need for improved understanding and harmonization of risk reduction approaches became evident with the occurrence of such major catastrophes as Seveso (Italy), Bhopal (India), Flixborough (U.K.), and Chernobyl (Ukraine). In response, OSHA developed and published OSHA 29 CFR, 1910.119-1992 (Final Rule: 24 February 1992), Process Safety Management of Highly Hazardous Chemicals, Explosives, and Blasting Agents; and the U.S. Environmental Protection Agency published EPA 40 CFR Part 68, Accidental Release Prevention Requirements: Risk Management Programs under the Clean Air Act (U.S. only). These regulations helped define areas that must be addressed in order to achieve a mandated level of functional safety performance in industry. The International Society of Automation (ISA, formerly Instrument Society of America) recognized the need for an improved approach in handling process sector functional safety issues. As a result, ISA established Standards Project 84 (SP84, now called ISA84) to address this issue. During the late 1980s, more than sixty experts from diverse backgrounds (including end users in the chemical petroleum industries, integrators, equipment manufacturers, consultants, and safety regulators) joined ISA84 to bring together their expertise in addressing process sector functional safety. ISA84 membership included members from many national and international technical organizations, such as the American Petroleum Industry (API), National Fire Protection Association (NFPA), American Society of Mechanical Engineers (ASME), Institute of Electrical Engineers (IEEE), The Health and Safety Executive (HSE) of U.K., and American Institute of Chemical Engineers (AIChE). Contributions from each of these organizations and others played significant roles in this effort. In addition, to ensure greater global awareness, ISA84 established and continues to maintain an active dialog with international technical user organizations such as The International Users Association-WIB, and NAMUR (Normenarbeitsgemeinschaft für Mess-Und Regeltechnik in der Chemischen Industrie). This team developed and obtained approval from ISA's Standards & Practices Board for the ISA84 scope and purpose: ISA84 scope 1. To define terminology that is particular to Electrical/Electronic/Programmable Electronic Systems (E/E/PES) and high reliability. 2. Establish criteria for, and means of assessing, reliability and availability in practical applications. 3. Provide general specification guidelines that facilitate understanding. 4. Provide guidelines for process safety applications requiring high reliability. 5. Develop guidelines for specific hardware/software configurations that can meet varying levels of reliability/availability. 6. This work does not apply to nuclear power safety-related systems. ISA84 purpose To develop standards and technical reports for use in applying Electrical/Electronic/Programmable Electronic Systems (E/E/PES) for use in process safety applications. Safety life cycle The ISA84 committee set out to define the boundaries of its work by developing a safety instrumented system (SIS) safety life cycle (see Figure 1), which illustrated the activities https://www.isa.org/standards-and-publications/isa-publications/intech-magazine/2012/june/cover-story-understanding-isa-84/[20/03/2016 05:45:43 p.m.] the HSE of the U.01-1996.S.S." served as a key reference for new issues (e.S. ISA84 reviewed the IEC 61508 scope and purpose and recognized that it focused on equipment manufacturers' requirements for developing products that could be utilized in safety applications. having it validated by a third party such as HSE provided further confidence that consensus approaches to handling the design phases of the safety life cycle could be achieved. their future efforts should be to: support development of IEC 61508.. A 1993 AIChE Center for Chemical Process Safety (CCPS) book. IEC 61508 recognized the need for sector-specific standards while providing owner/user requirements for those sectors without a sector-specific standard. and provide the technical reports which support transition to this global approach. At about that time. national standard ANSI/ISA-84. EWICS and CCPS were especially helpful to ISA84 since each provided a view of alternate design approaches (a tool that is now also supplemented by the development of ISA technical reports [TRs] for inclusion in today's functional safety standards).00. IEC 61511) once IEC 61508 was issued. While this approach was already in use in parts of the U.org/standards-and-publications/isa-publications/intech-magazine/2012/june/cover-story-understanding-isa-84/[20/03/2016 05:45:43 p. ISA84 began pursuing these goals after publication of U.g.e. from hazard and risk assessment (H&RA) through decommissioning). "Functional Safety Standard for the Process Industry Sector.. ISA84 recognized that the European Workshop for Industrial Computer Safety (EWICS) white paper submittals served as effective global vehicles for introducing new safety design concepts.01-1996. IEC planned to develop a standards committee to address process sector functional safety (i. software based) in safety applications. The clause numbers noted in the figure are based on ANSI/ISA-84. ISA84 quickly recognized the value for such an IEC standard and determined that." https://www. approved version of IEC 61511.K.ISA involved when addressing process sector functional safety. support development of IEC 61511.e.S. issued a white paper on an approach utilizing programmable electronic (PE) equipment (i. For example. Concurrent with the work to develop ISA-84. EWICS and CCPS continue to play an important part in harmonizing new and improved design methods.e. LOPA) related to the process hazards and risk analysis phase of the safety life cycle. Note that IEC functional safety standards have an expanded scope that addresses all life cycle phases (i.m..Cover Story: Understanding ISA-84 .01-1996.01-2004 (IEC 61511 Mod). ISA84 also became aware that the International Electrotechnical Commission (IEC) had initiated the development of a global functional safety standard (IEC 61508) for all industrial sectors.01-1996 with a U. the committee undertook a review of global activities in the process sector functional safety arena.] . ANSI/ISA-84. national standard ISA-84.e..isa. subsequent to publishing ANSI/ISA-84. "Guidelines for Safe Automation of Chemical Processes. process sector.01-1996) as noted in Figure 1. replace U. SIS. The impact of IEC 61508 on the safety life cycle is reflected in Figure 2.. ISA84 then selected those activities to be addressed in its proposed standard (i. The standards development required the integration of both quantitative and qualitative measures to ensure SIS designs had the ability to achieve their projected performance.Cover Story: Understanding ISA-84 .. approved.00.02-2002.S.org/standards-and-publications/isa-publications/intech-magazine/2012/june/cover-story-understanding-isa-84/[20/03/2016 05:45:43 p. Parts 1. in most cases. SIF design.119. Accordingly. the IEC 61511 committee completed and issued the 1st edition of IEC 61511. the costs to comply will consist of engineering cost and. and operation of the SIS. process sector owner/users.e. The target SIL for the SIF will then be determined to obtain the risk reduction required to obtain the tolerable risk for the event.ISA Initial issues ISA84 recognized the need to address the impact of OSHA 1910. standard (i. online testing may be required to avoid frequent process shutdowns. and issued via a fast-track approach while ANSI/ISA-84. at older sites. little additional engineering is required beyond normal instrument and control design. The only modification to IEC 61511 for adoption as a U. compliance with the IEC 61511 safety life cycle typically has minimal impact on total project costs. Identification of Emergency Shutdown Systems and Controls that are Critical to Maintaining Safety in Process Industries. The PFD of the SIF at the current test frequency can be calculated and compared to the required SIL. For existing SIS. Terminology for this effort required a strong commitment by ISA84 to introduce technical terms that would be globally accepted. safety instrumented function (SIF). was developed. ANSI/ISA-91.. The engineering cost will vary in accordance with the quality of the existing Process Hazards Analysis (PHA). & 3 (2003). In many cases. If the existing PHA has not adequately defined the need for risk reduction (e. replacing ANSI/ISA-84.isa. handling of legacy systems (i. The international membership of ISA84 and the terminology being developed for IEC 61508 were essential in identifying and reaching consensus on such terms as safety instrumented systems (SIS). the test interval may have to be decreased or redundant equipment added. ISA84 developed ISA-TR84. and the like.S.01-2004 [IEC 61511-1 Mod]) was reference to the U. the grandfather clause).e. This TR served two essential purposes: It illustrated various quantitative and qualitative tools to validating application designs. If the PHA has established a tolerable risk for the events under review and determined the target risk reduction for the SIF. national standard. The PHA must be updated to define these requirements for each identified SIF. It demonstrated how TR development was beneficial and key in developing consensus among ISA84 members.00. installation. Today Cost: For new projects. Subsequent to the issue of the 1st edition of IEC 61508.. basic process control system (BPCS). hardware cost. which illustrated approaches using various modeling techniques. ANSI/ISA-84.01-1996.S. Parts 1 through 7 (1998-2000). ISA84 reviewed this standard throughout its development and accepted it as a U. 2.S.01-1996 was being developed. It requires project and operations leaders to follow the safety life cycle phases through the design. safety integrity level (SIL). To address this need." on U. Design impact example: If a site chooses to increase the test frequency to meet the target SIL. considerable engineering effort may be required to conform to the standard. "Process Safety Management of Highly Hazardous Chemicals.g. additional https://www.m. The PFD of the SIF can then be calculated to determine if the tolerable risk for the event is achieved. If the SIF cannot meet the target SIL. SIL requirements).] .01. Safety Fieldbus Design Considerations for Process Industry Sector Applications. wireless instrumentation. alarms. ISA-TR84.e. IEC has issued the three parts for commenting. addressing special hazardous operations (e.m.Part 2. and IEC issues IEC 61511 final draft international standard (FDIS) (i.00. 2013: IEC 61511 meets as necessary to address all NC comments and develop IEC 61511 committee draft for voting (IEC 61511 committee draft voting (CDV). ISA84 has contributed a great deal of time and energy to ensure the IEC 61511 international standard meets the needs of the U.01. such as security.. ISA84 will review the 2nd edition of IEC 61511 and prepare any necessary modifications for adoption as the next edition of ISA-84. addition of new hardware fault tolerance approach. 2. A major contribution was the introduction of LOPA to the global safety community. ISA-TR84. 4th quarter 2012: IEC 61511 committee meets to address NC comments. burner management) with regard to SIS implementation. While ISA84 development of U. national standard ANSI/ISA-84. with the addition of a grandfather clause to accommodate existing SIS installations. Several members of ISA84 are also members of the IEC 61511 committee. Submission to ANSI for their approval will follow. ISA100 on wireless. IEC 61511 FDIS for Parts 1. Transmission for commenting via ISA occurred on 2 April. Tomorrow IEC 61511 2nd edition and future: All three parts of the second edition of IEC 61511 committee draft (CD) have been completed and submitted to IEC. The following schedule is planned: 3rd quarter 2012: national committee (NC) comments submitted to IEC 61511 for review.00. Safety Instrumented Systems (SIS)-Safety Integrity Level (SIL) Evaluation Techniques. This includes: tools to assist in implementing IEC 61511 requirements. and addressing new technology. and many other protection layer issues. human factors.02.e. ISA-TR84. These are all impacted by IEC 61511 and by IEC/ISA/CCPS global requirements in those specific arenas (e. additional requirements and guidance for implementation of SIL 4 SIF.03. 1st quarter 2013: IEC 61511 committee issues final version of IEC 61511 CDV (all three parts) to IEC. IEC 61511 1st edition: As described above.01-2004 is the same as the international standard IEC 61511. ISA-TR84. Major issues addressed by the technical reports include: ISA-TR84.00. and additional methods for determination of the required safety integrity levels. an equally remarkable achievement is the development and publication of ISA84 technical reports. and 3) in 2014.01-2004 (IEC 61511 Mod).Cover Story: Understanding ISA-84 .01-2004 (IEC 61511 Mod). and ISA-TR91.S.org/standards-and-publications/isa-publications/intech-magazine/2012/june/cover-story-understanding-isa-84/[20/03/2016 05:45:43 p.02. increased emphasis on holistic considerations in dealing with safety instrumented system qualitative and quantitative factors. national process sector functional safety standards-and contributions to the development of IEC 61511-have been significant achievements. ISA18 on management of alarms.05.S. The comments will focus on proposed modifications to IEC 61511 such as: change of focus to application programming instead of software. the U. The design impact for existing systems can be considerable depending on the SIL required for the SIF. ISA84 is reviewing and commenting on the IEC 61511 CD (committee draft). In addition. Criticality Classification Guidelines.06..isa. example implementation of the full SIS safety life cycle. Guidance on the Identification of Safety Instrumented Functions (SIF) in Burner Management Systems (BMS).00. along with a supportive cross-reference addendum. Guidelines for the Implementation of ANSI/ISA-84. ISA99 on control systems cyber security. and CCPS-Layer of Protection Analysis [LOPA]).g. ISA-TR84.04 .00. The technical reports provide timely (i.00. fire and gas. expanded guidance throughout Part 2. prior to maintenance of IEC 61511) guidance and examples of owner/user implementation of IEC 61511. In 2014.Part 1. relocation of application programming requirements throughout the text instead of leaving it solely in clause 12.07. Currently. The process sector is faced with many plant floor factors that require additional risk reduction analyses. ISA84 is addressing these issues through the development and maintenance of technical reports and initiation of new ISA84 TR development teams such as: https://www. LOPA has become a very popular tool for determining the required SIL for a SIF.04 .g.ISA design and equipment will be required to allow online testing. the ability to test the SIFs online removes the need for instrument mechanics (on overtime) during the plant shutdowns. The increased cost to allow online testing may be offset with the reduced need for future plant shutdowns..00. including new annexes providing application examples. Guidance on the Evaluation of Fire. Mechanical Integrity of Safety Instrumented Systems (SIS). Combustible Gas. The technical reports have also provided valuable technical input to the next edition of IEC 61511 due to be published in 2014.00.] . alternate methods for implementation of safety life cycle phases. Since its introduction. and Toxic Gas System Effectiveness.00.00.00..00. BPCS. ISA-TR84. since testing can be scheduled independent from shutdowns. increased emphasis on security. chemical industry. Example Implementation of ANSI/ISA-84.S. addressing non-SIS protection layers. expanded requirements and guidance for use of the BPCS for risk reduction. co/7yIyMD0QD3 [archive] The International Society of Automation 67 T.org. member of the European Workshop for Industrial Computer Safety (EWICS).dunn@usa. The efforts outlined in this article are only as effective as the resources utilized to develop these projects. For more information. division. which includes a partnership with ISA100 to address joint issues between wireless and functional safety. Feltronics Corp. and Probability of Failure on Demand calculations. He is a qualified Process Hazards Analysis (PHA) leader. control. he is a U. He is an ISA Fellow and a member of ISA's Standards and Practices Board.Cover Story: Understanding ISA-84 . nor a requirement to be an ISA member.isa. and is a Professional Registered Engineer in New Jersey and Delaware." He holds a BSME from Michigan Technological University. Johnson rejoined DuPont Sustainable Solutions (DSS) following 44 years of continuous service with the DuPont Company in areas including operations technical support. a lifetime member of IEEE.r. contact Charley Robinson of ISA Standards. original committee member of IEC 61131.W. expert on international safety committees IEC 61508 and IEC 61511. Your input and participation are welcomed and needed. co-Director of ISA84. member of the IEC 61508. There is no membership fee to serve on ISA84 or any ISA standards committee. He serves on IEC 61508 and leads ISA84 WG91 on Identification of Emergency Shutdown Systems and Controls that are Critical to Maintaining Safety in Process Industries. He also serves as a U.S. and an MChE from the Stevens Institute of Technology. He is a CCPS book committee member on "Guidelines for Safe and Reliable Instrumented Protective Systems. a qualified LOPA leader. He has been a leader in various aspects of Process Safety Management (PSM) at the local site. ABOUT THE AUTHORS William Johnson is a recognized expert in all phases of the IEC 61511/ANSI safety life cycle including Process Hazard Analysis. and safety interlock system design.dupont. where he conducted graduate studies in control systems and manufacturing systems engineering. Richard R. It is the policy of ISA to encourage and welcome the participation of all concerned individuals and interests in the development of ISA standards. Maggioli is President. working group 9 (WG9) addressing security issues in SIS applications.. and a qualified instructor for several PSM-related subjects.org/standards-and-publications/isa-publications/intech-magazine/2012/june/cover-story-understanding-isa-84/[20/03/2016 05:45:43 p. appointed expert to IEC SC65A on matters having to do with process sector functional safety. and a retired DuPont Engineer. He holds a BChE from the University of Maryland. Layer of Protection Analysis (LOPA).m. a joint effort with ISA99 to address overlapping security and functional safety related issues. Victor J. and ISA99 WG7. process dynamic modeling. Dunn (richard.S. Fault Tree Analysis. and corporate level. and convenor of IEC SC65A Maintenance Team 61511. Alexander Drive PO Box 12277 Research Triangle Park.com) is Senior Control Systems Consultant with DuPont and a member and editing chairman of the IEC 61511 Standard Committee (Functional Safety Instrumented Systems for the Process Industry Sector) maintenance team 2nd edition development.] .org Phone: (919) 549-8411 Fax: (919) 549-8288 https://www. Your ISA Discover ISA Follow Us Membership Professionals Standards & Publications Students Events & Conferences Companies News & Press Releases About ISA Technical Topics Resources Resources Contact About ISA Store Contact ISA Join ISA Now How to Select the Right Industrial Network Ethernet Cable for Reliability and Performance https://t. NC 27709 E-Mail: info@isa. Currently chairman of ISA84. business.ISA working group 8 (WG8) addressing wireless technology for safety applications. crobinson@isa.