Frequently asked questions

Q&A - Frequently asked questions

Frequently asked questions

What is HAZOP?

HAZOP stands for Hazard and Operability. This is a structured and systematic brainstorming technique and is also referred to as hazard identification, failure analysis, safety study or HAZID (Hazard Identification). The method comes from the chemical industry and was introduced to ICI by Bert Lawley in 1974.

Today it is more or less the standard method for identifying and evaluating process deviations. The working method for a HAZOP study is laid down in the standard IEC 61882.

The HAZOP method works with guide words for the different process parameters (for example: more pressure, less temperature). A multidisciplinary team uses the guide words within each node to determine which deviations can lead to dangers or undesirable situations.

What is LOPA?

LOPA stands for Layer of Protection Analysis and is by far the most widely used method for risk analysis within the (chemical) industry. LOPA is a simple and quantitative risk analysis method to analyze and assess risks. Risk management is central to LOPA. Often, a hazard identification (for example a HAZOP study) is the starting point of a LOPA.

An error or failing part in the process installation (the ‘initiating event’) can lead to an incident. Examples include failure of the control, failure of the seal of a pump or human error (eg forgetting to open a valve after maintenance). This failure can lead to a Loss of Containment scenario. Both cause and effect are (or should be) described in the HAZOP report.

The likelihood of occurrence is estimated from the “initiating event”. The seriousness of the consequences of the incident must be determined. Subsequently, the company must have determined which residual risk it considers acceptable. This information can be derived, for example, from the company’s risk matrix.

Risk-reducing provisions are analyzed or determined. These can be so-called “Layers of Protection” (eg a pressure relief valve or a SIL safeguard), but other factors can also reduce risk, such as a limited presence of people in the area of ​​effect of the Loss of Containment. It is then calculated and tested in a simple manner whether the (ultimate) incident frequency is sufficiently low.

What is SIL?

SIL stands for Safety Integrity Level. This indicates which integrity requirements instrumental safeguard must meet. These protections are also called Safety Instrumented Functions (SIFs for short).

The standards, IEC 61511 and IEC 61508, define the criteria for SIFs. A SIF must be fit for purpose to prevent the identified hazard. The integrity level of a SIF, defined as SIL 1, 2, 3 or 4, provides risk reduction. The SIL level follows from the risk assessment, for example the LOPA or the SIL classification.

The technical integrity of a SIF depends on:
– Independence from the SIF;
– Requirements for the architecture of the sensors, the logic solver and the final elements;
– Probabilistic boundary conditions of the SIF (mean probability of failure on demand, PFDavg).

By means of a SIL verification it is checked whether the desired integrity of a safeguard (SIL 1 to SIL 4) is achieved.

How do I calculate the PFD of a SIF?

The PFD can be calculated by various methods. Examples of this are:
– cause consequence analysis;
– reliability block diagrams;
– fault-tree analysis;
– Markov models;
– Petri nets models.

In addition, “simple” formulas are available with which the PFD can be determined for simple configurations.
Equations to calculate PFD.

Consiltant BV has developed the PFD Consiltator, an Excel based PFD calculation tool to calculate PFDavg.

What is a Functional Safety Assessment (FSA)?

IEC 61511 prescribes that various Functional Safety Assessments (FSA) must be held at certain times within a functional safety project.

A Functional Safety Assessment (FSA) can be performed at various moments within the safety life cycle. 5 FSA stages have been defined; FSA 1 to FSA 5. An FSA is a check whether an activity has been performed correctly. Or as defined in IEC 61511:
Investigation, based on evidence, to judge the functional safety achieved by one or more SIS and / or other protection layers.

An “FSA stage 1” is performed after the SRSs are ready. An “FSA stage 2” after the design of the instrumental protections is ready.

What is a SIF?

SIF stands for Safety Instrumented Function and is part of the Safety Instrumented System (SIS). A SIS can consist of several functions / safeguards (SIFs).

A SIF is a specific function with the aim of reducing the risk of a specific hazard. The function ensures that an (industrial) process is brought to a safe state when certain conditions (parameters) are violated.

The integrity of a SIF is defined with the Safety Integrity Level (SIL) as SIL 1, 2, 3 or 4. The SIL level follows from the risk assessment, for example the LOPA or the SIL classification.

What is a SIS?

SIS stands for Safety Instrumented System. This system, consisting of a combination of hardware and software, must ensure that a particular process or installation is kept within safe limits.

A SIS can consist of several instrumental safeguards, the so-called SIFs (Safety Instrumented Functions). Each SIF is a specific function with the aim of reducing the risk of a specific hazard. The function ensures that an (industrial) process is brought to a safe state when certain conditions (parameters) are violated.

The integrity of a SIF is defined with the Safety Integrity Level (SIL) as SIL 1, 2, 3 or 4. The SIL level follows from the risk assessment, for example the LOPA or the SIL classification.

What is a Safety Requirement Specification (SRS)?

A Safety Requirement Specification (SRS) is a document in which the design requirements of instrumental safeguards are laid down. The IEC 61511 standard specifies the general requirements for an SRS.

The SRS must contain the functional and integrity requirements for each Safety Instrumented Function (SIF). The SRS can be seen as the main reference document, after which the design, installation, validation and operation of the system must follow.

This document specifies what the safeguard should do, what scenario the safeguard protects against, what requirements the safeguard must meet, how the safeguard is structured (sensors, final elements, etc.), how it can be tested, etc.

An SRS is a multidisciplinary document that can ultimately be used by the Instrument / Control Engineer to design a Safety Instrumented System.

What is a Functional Safety Management System?

If you apply safety instrumented systems in your installation that have to comply with the SIL standards ( IEC-61508/61511 ) then it is necessary to have a functional safety management system. This system describes, among other things, processes, systems and procedures that are used in the design, realization and maintenance of instrumental protections. But also the competence of the personnel involved is very important.

What is a SIL verification?

SIL verification or sometimes SIL design verification is the assessment of the reliability of instrumental safeguards. For every single SIL 1/2/3 or 4 protection, a SIL verification must be carried out in accordance with IEC 61511 and IEC 61508 standards . A clearly described SRS document is often the starting point. This also includes verifications for HIPPS systems (High-integrity pressure protection system).

What is a HIPPS?

A HIPPS is a High-integrity pressure protection system. This is an independent instrumental protection that prevents overpressure in a system. A HIPPS is often a very simple structure. In case of too high pressure, it closes one or more (pneumatic or hydraulically driven) valves. Often a HIPPS must meet the requirements of SIL 2 or SIL 3.

What is a SIF validation?

A SIF is a Safety Instrumented Function, or an instrumental safeguard. In the case of SIF validation, the goal is to ensure that the desired safety has been realized. It must be demonstrable that safeguards have been realized in accordance with the principles and requirements, whereby reference can be made to the SRS and the SIL design verification. Furthermore, the quality of the test procedures and the competence of personnel is very important.

What is a FMEA or FMECA?

The FMEA (Failure Mode and Effect Analysis) or sometimes FMECA (Failure Mode, Effects and Criticality Analysis) analysis is a brainstorming technique in which a system, machine, device or system is divided into separate elements. For each element it is determined how it can fail, what the causes and effects are and how bad the consequences are. Furthermore the prevention / correction actions are identified.

If your question is not within this list; please contact us.