Project Flow - F. Conceptual Design

The SIS design and engineering phase of the Safety Lifecycle requires a solid "Conceptual design" which develops and verifies that all the items defined in the SRS – Safety Requirements Specification are fulfilled.

• Field instrumentation redundancy requirements and voting scheme
• Field instrumentation process connection requirements, considering possible tap plugging, freezing, etc.
• Logic solver technology per the SRS
• Cabinet integration requirements, material/temperature/humidity limits
• BPCS technology and communication requirements
• Field and communication wiring / routing requirements
• Power source requirements, such as redundancy and/or UPS
• Environmental requirements, lightning, flooding, extreme temperatures
• Requirements for intrinsic safety / explosion proof
• SIS equipment and junction boxes identification / tags / color painted, etc.
• Possible sources of common cause failures of the SIS
• Non-safety instrumented functions in the SIS that may negatively affect a SIF shall be treated as part of the SIS complying with the highest SIL requirements
• Common hardware and software SIS that share SIF of different SIL will be designed to meet the highest SIL
• BPCS-SIS separation, independence and diversity shall be assessed
• Requirements for operability, maintainability and testability shall be assessed. (i.e. bypass facilities for on-line testing, including alarms when in bypass)
• Design of HMI shall account for human capabilities and limitations and accommodate level of operator training
• Manual E-Stop should be implemented per the SRS
• Subsystems that do not fail to the safe state on loss of power require line monitoring and special power loss detection measures
• Action required upon detection of a fault, either by diagnostics or proof testing
• Operator response time to critical alarms shall be accounted for
• Bypasses protection by key locks or passwords shall be implemented
• SIS status, such as active, bypassed or tripped shall be a function of the HMI
• SIS operator interface shall be protected against unauthorized changes
• Any failure of the SIS maintenance/engineering interface should not prevent the SIS from bringing the process to its safe state
• The maintenance /engineering interface should not be used as operator interface
• SIS communication failures should not prevent the SIS from bringing the process to its safe state
• Electromagnetic interference and power surges in the SIS communication should not cause dangerous failures
• Where required by the SRS, the design should allow for on-line proof testing of the SIS, either end to end or in parts
• Operator should be alerted of the bypass of any part of the SIS by an alarm or procedure
• Forcing of I/O in the PES should not be allowed, unless supplemented by procedures and access security

Conceptual Design