UNE-EN 61511-1:2017

This International Standard gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system (SIS), so that it can be confidently entrusted to achieve or maintain a safe state of the process. This standard has been developed as a process sector implementation of IEC 61508. In particular, this standard

a) specifies the requirements for achieving functional safety but does not specify who is responsible for implementing the requirements (e.g., designers, suppliers, owner/operating company, contractor). This responsibility will be assigned to different parties according to safety planning, project planning and management, and national regulations;

b) applies when equipment that meets the requirements of IEC 61508, or IEC 61511-1 clause 11.5, is integrated into an overall system that is to be used for a process sector application but does not apply to manufacturers wishing to claim that devices are suitable for use in SISs for the process sector (see IEC 61508-2 and IEC 61508-3);

c) defines the relationship between IEC 61511 and IEC 61508 (Figures 2 and 3);

d) applies when application programs are developed for systems having limited variability language or when using fixed programming language devices, but does not apply to manufacturers, SIS designers, integrators and users that develop embedded software (system software) or use full variability languages (see IEC 61508-3);

e) applies to a wide variety of industries within the process sector for example, chemicals, oil refining, oil and gas production, pulp and paper, pharmaceuticals, food & beverage, and non-nuclear power generation;

NOTE Within the process sector some applications may have additional requirements that have to be satisfied.

f) outlines the relationship between SIFs and other instrumented functions (Figure 4);

g) results in the identification of the functional requirements and safety integrity requirements for the SIF taking into account the risk reduction achieved by other methods;

h) specifies all life-cycle requirements for system architecture and hardware configuration, application programming, and system integration;

i) specifies requirements for application programming for users and integrators of SISs. In particular, requirements for the following are specified:

SIS safety life-cycle phases and activities that are to be applied during the design and development of the application program. These requirements include the application of measures and techniques, which are intended to avoid errors in the application program and to control failures which may occur;

information relating to the application program validation to be passed to the organization carrying out the SIS integration;

preparation of information and procedures concerning the application program needed by the user for the operation and maintenance of the SIS;

procedures and specifications to be met by the organization carrying out modifications of the application program.

j) applies when functional safety is achieved using one or more SIFs for the protection of personnel, protection of the general public or protection of the environment;

may be applied in non-safety applications for example asset protection and other applications;

k) defines requirements for implementing SIFs as a part of the overall arrangements for achieving functional safety;

l) uses a SIS safety life-cycle (Figure 7) and defines a list of activities which are necessary to determine the functional requirements and the safety integrity requirements for the SIS;

m) requires that a hazard and risk assessment is to be carried out to define the safety functional requirements and safety integrity levels (SIL) of each SIF;

NOTE See figure 9 for an overview of risk reduction means.

n) establishes numerical targets for average probability of failure on demand and average frequency of dangerous failures for each SIL;

o) specifies minimum requirements for hardware fault tolerance (HFT);

p) specifies measures and techniques required for achieving the specified SIL;

q) defines a maximum level of performance (SIL 4) which can be achieved for a SIF implemented according to this standard;

r) defines a minimum level of performance (SIL 1) below which this standard does not apply;

s) provides a framework for establishing the SIL but does not specify the SIL required for specific applications (which should beestablished based on knowledge of the particular application and on the overall targeted risk reduction);

t) specifies requirements for all parts of the SIS from sensor to final element(s);

u) defines the information that is needed during the SIS safety life-cycle;

v) requires that the design of the SIS takes into account human factors;

w) does not place any direct requirements on the individual operator or maintenance person.