Safety Instrumented Systems

Master of Engineering
(Industrial Automation)

Unit code
ME508

Unit name
Safety Instrumented Systems

Assessment #
3

Paper #
C

Version #
1

Created by
Chandra Seethepalli
Date
31 Oct 2020

Reviewed by
Morteza Alizadeh
Date
2 Nov 2020

Master of Engineering (Industrial Automation) 2
ME508_Assessment3_PaperC_v1
Assessment Instructions:
1. Please familiarise yourself with the EIT Academic Honesty and Misconduct Policy, in order to
understand your requirements and responsibilities as a student of EIT.
2. Please refer to our Assessment, Moderation and Student Progress Procedure for
information relating to extensions. Extension requests should be submitted to your LSO at
least 3 days prior to the due date.
3. Assessments submitted via email will not be accepted.
4. Assessments must be submitted through Turn-it-in (unless otherwise stated).
Your submission must:
a. Be a single document (Word or PDF only)
b. Include at least 20 words of machine-readable text, and
c. Not exceed 10MB.
5. You must use the provided assessment cover page available on your Moodle student
homepage. Submissions without a cover page will not be accepted.
6. You must correctly title your document/s. For example:
UNIT#_ASSESSMENT#_YOURNAME_DATE
E.g. ME501_Assessment2_SteveMackay_01Aug2019
7. You must reference all content used from other sources including course materials, slides,
diagrams, etc. Do not directly copy and paste from course materials or any other resources.
Refer to the referencing section of the EIT eLibrary on Moodle for referencing guides.
8. It is your responsibility to check that you have submitted the correct file, as revised
submissions are not permitted after the due date and time.
Important note: Failure to adhere to the above may result in academic penalties. Please refer to
the unit outline or EIT Policies and Procedures for further information.
Master of Engineering (Industrial Automation) 3

Unit code and name:
ME508: Safety Instrumented Systems

Assessment #:
3C

Assessment type:
Case Study

Weighting:
20%

Total marks:
50 marks

Please complete your answers on the assessment cover page document available on Moodle.
Clearly label your question numbers (there is no need to copy the full question over). Include all working
out.

Question 1:
Case Study: Safety Requirement Specification
(20 marks)

Objective of the case study:
In a typical functional safety lifecycle, once hazards are identified and risk is assessed, the next step
is to allocate risk reduction to safety layers. A SIL assessment is the allocation of risk reduction to an
Instrumented Safety Function (IPF) which will be called SIF with a SIL rating. The next step after
completion of SIL assessment is to prepare a specification for the identified Safety Instrumented
Functions (SIFs) and for the overall Safety Instrumented System (SIS). This specification is called a
Safety Requirement Specification (SRS). In this case study, you will prepare an SRS in a simplified
tabular format.
Question:
In this case study, you are required to prepare an SRS. The SRS must contain two parts: Part 1 is to
cover the safety requirements of the overall SIS, and Part 2 shall cover all individual SIFs. For the
case study, you are required to prepare an SRS for Part-1 and for a single SIF in Part-2.
Where the input information does not specifically cover certain requirement of SRS, you are
allowed to make an assumption. You are required to utilise the supplied template for the SRS. Do
not leave any entry blank.
(Note: Each of the two tables carries ten marks. Every blank or irrelevant/incorrect entry in the two
tables will attract -1 mark).
The following documentation is provided as supporting information:
• P&ID
Master of Engineering (Industrial Automation) 4
ME508_Assessment3_PaperC_v1
• SIL Assessment Study for one SIF Loop.
• Functional Design Specification (FDS)
• SRS Template (editable)
Description of the plant:
The plant to be studied is an oil/water/gas three-phase separator. Oil enters the separator along
with an equal amount of water (by volume), along with associated gas. After flashing at 48psig, the
separated gas goes to off gas compression and oil flows out under level control. The water level is
maintained by an oil/water interface level controller and flows out through a throttling valve. The
separator vessel is likely to get pressurised to a dangerous level beyond its design pressure, if
downstream is closed by an operator error or equipment malfunction like the throttling valve
jamming. This is due to the fact that most of the feed is coming from upstream through pumps
located outside the plant at a distance.
The plant has a DCS control system with several operator work stations and one engineering
workstation, an Emergency Shutdown System (ESD), with its own dedicated engineering
workstation. The ESD (Logic Solver or SIS) is interfaced with the DCS system through a firewall to
ensure cybersecurity. The ESD system is programmed with ladder logic and partly with structured
text with a “self-monitoring” feature.
The plant employs partial valve stroke tests for all shutdown valves in order to ensure their
integrity. The process safety time (PST) is calculated to be 60 seconds, i.e. if the sensor confirms
that the measured process parameter has reached the pre-set limit, the shutdown valve must close
within this time. The operator is provided with a manual back up push button for each SIF as a
backup in case the operator screen freezes. Each of the SIF loops can be taken out for maintenance
through a maintenance override switch. The high high pressure sensing is achieved by utilising two
pressure transmitters in One-out-of-Two (1oo2).
The company’s SIL standard requires a proof test frequency of 12 months for sensors and final
elements and 60 months for logic solvers. The plant maintenance generally maintains a repair time
of under 24 hours to attend to any failures. One of the design objectives of the plant is that each
start-up should be under 4 hours.

Question 2:
Case Study: SIS Detailed Design Considerations
(20 marks)

Objective of the case study:
Detailed design considerations of any SIS fall under the categories of general, hardware and
software design requirements for the Original Equipment Manufacturer (OEM) of the equipment
Master of Engineering (Industrial Automation) 5
forming part of the SIS, usually the logic solver, while the sensor and final element are more likely
to be standard designs (in other words, the logic solver is a more customized item than the sensor
or final element). Once an SRS is prepared, the designer (OEM) must prepare a design framework
(top level design document usually called Functional Design Specification or FDS) for the logic
solver. The final step before proceeding for manufacturing is to compare the proposed design with
the requirements of the SRS and to confirm that the designed system will fully meet the
requirements, (both general and project-specific) set forth in the SRS.
Question:
In this case study, you will perform a detailed design review. You should utilise the SRS that you
prepared in Question 1 and compare the requirements with the example FDS supplied as
supporting documentation to this question, and prepare a report summarising your evaluation of
the FDS.
Prepare a brief report (4-6 pages long) upon your review of the proposed design, if the design
complies with the requirements set forth in the SRS. Highlight issues that might require special
attention from your point of view, and justify. The report shall cover the below listed design aspects
and shall be structured accordingly.
General and hardware considerations:
• Energised vs. de-energised systems
• System diagnostics
• Minimise common cause
• Panel size and layout
• Environmental considerations
• Power
• Grounding
• Selection of switches and relays
• Bypasses
• Functional testing
• Security
• Operator interfaces
Software considerations:
• Software lifecycle
• Program and language types
Master of Engineering (Industrial Automation) 6
ME508_Assessment3_PaperC_v1
• Quantifying software performance
• Testing software
Notes:
1. The answers must be in your own words and copy and paste answers will not receive marks.
You must provide references as appropriate.
2. The supplied FDS is not a complete document, with some details deleted for the purpose of
this question.
When compiling your report, we recommend that you implement the suggestions listed below.
1. Analyse the proposed design: (5 marks)
Your analysis and report should display an overall understanding of the detailed design
requirements, including ALL the suggested criteria for evaluation and possibly additional
criteria from your readings.
2. Accuracy of conclusions: (5 marks)
Describe your conclusion and not just state “the design does not meet the SRS”. Justify your
statements.
3. Produce a report that is logically complete: (5 marks)
Include a short introduction at the beginning and a short summary and conclusion at the
end, to present a well-integrated evaluation and logical conclusion.
4. Discuss possible design enhancements: (5 marks)
This is an open discussion. The student may suggest any other relevant design
enhancement or modification, and justify how the suggestion will enhance the design (do
not include un-proven designs).
5. Communication style and clarity of the report: (5 marks)
A clean structure of the report with correct referencing and adapted headings and
subheadings and no spelling mistakes gets full marks.
Each of the following will be sanctioned 0.5 marks: Lack of clean structure, incorrect
referencing, no headings and subheadings, spelling mistakes.

Question 3:
Case Description: Functional Safety Management
(10 marks)

The entire objective of the functional safety approach is to achieve a risk reduction to an acceptable
level or at least to ALARP level, in line with the company’s Risk Tolerance Criteria (RTC). Hence, it is
Master of Engineering (Industrial Automation) 7
the responsibility of the management of an operating company to establish policies and procedures
to ensure that the requirements of IEC61511 are complied with and also to ensure that the
manufacturers of components of SIS comply to the requirements set by IEC 61508.
As per IEC 61511 Clause 5.0, a:
• Functional Safety Management Plan “shall” be in place, and
• “the policy and strategy for achieving functional safety shall be identified together with the
methods for evaluating their achievement
• and shall be communicated within the organization
As part of this case study, you are required to watch the series of videos entitled “Functional Safety
Management Planning”, Parts 1, 2 and 3 available at the link given below.
https://www.youtube.com/user/exidaLLC/search?query=Functional+Safety+management
Questions:
a) Prepare a complete list of documentation that a typical operating company should prepare
in order to comply with the Clause 5 of IEC61511. For each of the documents, provide a
high-level list of topics you would propose to cover in that document.
b) Once you prepare the complete list, arrange the list in terms of four hierarchical stages
entitled “Policy, Procedures, Work Instructions and Forms”, as suggested in the Exida
presentation. For example, the “Functional Safety Policy” document clearly belongs to the
“Policy” level of the hierarchy of documentation. On the other hand, “Safety Requirement
Specification” may belong to the “Procedures” group.
c) After arranging the list of documents in the hierarchical groups, assign responsibilities and
accountabilities for each document, in four categories: “Responsible, Accountable,
Consulted and Informed (RACI)”. In a typical project set up, the stake holders are: Operating
Company, Engineering Consultant (including PMC, EPC, PAC, etc.), and OEMs for each
element of the SIS.
For guidance, an example RACI assignment is given below for the FSM Plan and SRS. You are
required to list all of the identified documents as in part a) of this question in a table and
carry out an RACI assignment to the list in the table.
Note: The answer for part b) is included in the table and hence is not required to be
provided separately.
Your presentation will be evaluated for completeness of the document list (5 marks) and also for
correctness of the responsibility assignment (10 marks).
Master of Engineering (Industrial Automation) 8
ME508_Assessment3_PaperC_v1
END OF ASSESSMENT

Document
Document Category
Operating Company
Engineering
Consultant
OEM for SIS / SIL
element

FSM Plan
Policy
Responsible &
Accountable
Consulted
Informed

SRS
Procedure
Responsible
Accountable
Informed

Proof Test Procedures
Work Instructions
Consulted & Informed
Responsible
Accountable