CENELEC - EN 61511-1
Functional safety - Safety instrumented systems for the process industry sector - Part 1: Framework, definitions, system, hardware and application programming Requirements
|Publication Date:||1 April 2017|
|ICS Code (Industrial automation systems in general):||25.040.01|
|ICS Code (Safety of machinery):||13.110|
This part of IEC 61511 gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system (SIS), so that it can be confidently entrusted to achieve or maintain a safe state of the process. IEC 61511-1 has been developed as a process sector implementation of IEC 61508:2010.
In particular, IEC 61511-1:
a) specifies the requirements for achieving functional safety but does not specify who is responsible for implementing the requirements (e.g., designers, suppliers, owner/operating company, contractor). This responsibility will be assigned to different parties according to safety planning, project planning and management, and national regulations;
b) applies when devices that meets the requirements of the IEC 61508 series published in 2010, or IEC 61511-1:2016 [11.5], is integrated into an overall system that is to be used for a process sector application. It does not apply to manufacturers wishing to claim that devices are suitable for use in SISs for the process sector (see IEC 61508-2:2010 and IEC 61508-3:2010);
c) defines the relationship between IEC 61511 and IEC 61508 (see Figures 2 and 3);
d) applies when application programs are developed for systems having limited variability language or when using fixed programming language devices, but does not apply to manufacturers, SIS designers, integrators and users that develop embedded software (system software) or use full variability languages (see IEC 61508-3:2010);
e) applies to a wide variety of industries within the process sector for example, chemicals, oil and gas, pulp and paper, pharmaceuticals, food and beverage, and non-nuclear power generation;
NOTE 1 Within the process sector some applications may have additional requirements that have to be satisfied.
f) outlines the relationship between SIFs and other instrumented functions (see Figure 4);
g) results in the identification of the functional requirements and safety integrity requirements for the SIF taking into account the risk reduction achieved by other methods;
h) specifies life-cycle requirements for system architecture and hardware configuration, application programming, and system integration;
i) specifies requirements for application programming for users and integrators of SISs.
j) applies when functional safety is achieved using one or more SIFs for the protection of personnel, protection of the general public or protection of the environment;
k) may be applied in non-safety applications for example asset protection;
l) defines requirements for implementing SIFs as a part of the overall arrangements for achieving functional safety;
m) uses a SIS safety life-cycle (see Figure 7) and defines a list of activities which are necessary to determine the functional requirements and the safety integrity requirements for the SIS;
n) specifies that a H&RA is to be carried out to define the safety functional requirements and safety integrity levels (SIL) of each SIF;
NOTE 2 Figure 9 presents an overview of risk reduction means.
o) establishes numerical targets for average probability of failure on demand (in demand mode) and average frequency of dangerous failures (in demand mode or continuous mode) for each SIL;
p) specifies minimum requirements for hardware fault tolerance (HFT);
q) specifies measures and techniques required for achieving the specified SIL;
r) defines a maximum level of functional safety performance (SIL 4) which can be achieved for a SIF implemented according to IEC 61511-1;
s) defines a minimum level of functional safety performance (SIL 1) below which IEC 61511-1 does not apply;
t) provides a framework for establishing the SIL but does not specify the SIL required for specific applications (which should be established based on knowledge of the particular application and on the overall targeted risk reduction);
u) specifies requirements for all parts of the SIS from sensor to final element(s);
v) defines the information that is needed during the SIS safety life-cycle;
w) specifies that the design of the SIS takes into account human factors;
x) does not place any direct requirements on the individual operator or maintenance person: