Select your location

Functional Safety for Process Control

Roger Highton, Product Line Manager at Eaton for MTL Process Connectivity Products, provides some insights into designing for functional safety in process control applications. 

Safety is a key consideration in the design and specification of equipment for use in any industrial application. In processing environments, where potentially flammable gasses and dust are constantly present, it is particularly important to understand how to design out risk as far as possible. 

The way we consider safety and respond to risk have changed over time, influenced in no small part by incidents like Buncefield. While there are clear regulations which require compliance, there is also recognition that functional safety - a ‘best practice’ approach which considers how safety is managed as a whole - can be most effective in reducing risk. Demonstrating compliance with both the engineering and management aspects of functional safety standards provides auditable evidence that due measures are in place.

Defining terms

Functional Safety relates to the part of overall safety that depends upon the correct operation of an electrical, electronic, or programmable electronic safety instrumented system (SIS). The requirements for such a SIS are defined in the IEC 61508 group of standards. These include an umbrella standard as well as separate standards for different industries, including processing.

Essentially, functional safety applies wherever electrical & electronic products are used in safety and protection systems, where overall safety depends on equipment or a system operating correctly in response to its inputs. For example, using a thermal sensor in the windings of an electric motor to de-energise the motor before they can overheat is an instance of functional safety.

Functional safety cannot be determined without considering systems as a whole and the environment with which they interact. As such, functional safety standards have much in common with quality standards, in that they require compliant companies to specify and adopt a systematic and auditable approach that regulates the full lifecycle of the SIS.

Risk management

IEC 61508:2010 defines safety as “freedom from unacceptable risk”. For process plant owners, compliance requires a systematic appraisal of risk within their process operations and to define criteria for the acceptability of these risks. Risk levels can be mitigated by either reducing the frequency of a hazardous event occurring, or by minimising the consequences.

Measures of controlling risk, including Good Engineering Practice (GEP) and Layer of Protection Analysis (LOPA), are recognised reduction measures. Once existing protection layers have been taken into account, further reductions in risk may be achieved through the implementation of safety instrumented systems. The emphasis here is on “the correct functioning of a safety instrumented system”.

Safety instrumented systems are distinct from process control systems. They are designed to provide a final protection layer to prevent harm if a hazardous event occurs. Whereas a process control system is designed to operate continually, a SIS is required to operate infrequently, with a high and predictable probability of success. Accurate specification at the outset and regular testing throughout its lifetime are key to ensuring that a SIS will fulfil its function. Key questions to ask include: what is the SIS protecting against? What would the consequences be should the SIS fail?

Roles and responsibilities

In functional safety terms, it is the end user’s responsibility to ensure that any SIS are fit for purpose, have the correct performance characteristics and are maintained and managed correctly. Equipment suppliers also have responsibilities to ensure their equipment is assessed according to the functional safety standards and provide the Functional Safety Manual providing all the data required by the user to determine if it is suitable for the application.  

Also, many functional safety applications are used in processes where there is a risk of hazardous gases or dust being present, requiring suitable certification of the installed equipment. One way of doing so is to use products that are intrinsically safe (IS): designed and certified to be incapable of releasing sufficient electrical or thermal energy - under normal or abnormal conditions - to cause ignition. Whilst IS equipment is widely used in process applications, the requirement for both IS and functional safety approvals is limited to the signals used for safety and fire & gas systems. 

To give SIS specifiers and end users full peace of mind, Eaton MTL is certified as a Functional Safety Management (FSM) company.  Therefore, when Eaton design and manufacture MTL products for use in functional safety-related systems, both the design processes and products comply with IEC 61508:2010.

The range of MTL products already assessed as suitable for use in a functional safety context includes wiring components, signal conditioning and interface components, signal surge protection products, asset management instrumentation and alarm annunciator equipment.  

Conclusion

Functional safety standards are here to stay and provide an important framework to developing a holistic approach to risk assessment and management in process applications. Incorporating products made by a certified FSM company is a contributing factor in ensuring that safety instrumented systems are fully compliant.

For more information about Functional Safety and Eaton MTL, including a free poster to download, visit: https://www.mtl-inst.com/mtl_group/about_mtl_group/fsm

- Roger Highton,

Product Line Manager at Eaton for MTL Process Connectivity Products