Electricity and Control April 2021

MEASUREMENT + INSTRUMENTATION

Safety instrumented systems for rotating machinery Increasingly, end users of critical rotating machinery are demanding SIL certified safety instrumented systems, which is why OEMs are incorporating SIL in their system designs. However, there is an important distinction to be made in the SIL certification: systems may be certified by proven in use on one hand or certified by design on the other. Istec International here sets out the differences.

E nd users that operate (critical) rotating machinery have a legal obligation to implement a suitable and verifiable safety instrumented system (SIS). Safety Integrity Level (SIL, IEC 61508), one of the more prominent risk reduction methods, allows those responsible to prove that everything has been done to reduce risks to a minimum. SIL is also incorporated by the API 670 5 th edition as the ‘go-to’ method to comply with safety standards regarding machine protection systems. As SIL has proven a valuable method to meet the legal safety requirements, the market of turbine overspeed protection systems has become largely SIL-driven. Certified by proven in use SIL certification by proven in use means that the SIS is not designed according to the SIL requirements as specified in IEC 61508, but is rather based on mean time between fail- ures (MTBF), mean time to failure (MTTF) and failure modes (detected versus undetected). Proven in use is accepted based on statistics rather than on safety integrity defined by the corresponding directives. The requirements for prov- en in use certification are very demanding and require a user to have*: - A formal system for gathering reliability data that dif- ferentiates between safe and dangerous failures - A way of assessing the recorded data to determine

the safety integrity of the SIS and its suitability for the application - Evidence that the application is clearly comparable - Recorded historical evidence of operational hours - Evidence of the manufacturer’s management, quality and configuration manufacturing systems - Device firmware revision records - Proof that reliability data records are updated and re- viewed regularly. [*Source: IEC 61508 & IEC 61511] This is often applied to systems already in use that fail the SIL certification (IEC 61508). Based on their decade- long reliable use, with few failures, these systems are SIL-certified by proven in use. It is important to note that proven in use is only valid to the specific application the system has been operational on and thus cannot simply be transferred to comparable applications. Proven in use is a more valid approach for an end user than for an OEM, as the end user knows all the ins and outs of the instrument, application and environmental con- ditions. Certified by design SIL certification by design means the system is designed in accordance with IEC 61508 requirements for a specified range of applications. The proof-test interval for systems

End users operating rotating machinery are legally required to implement a verifiable safety instrumented system.

20 Electricity + Control APRIL 2021