SIS Validation

e ida.
com
excellence in dependable automation
Safety Instrumented System

Validation
On-line Lesson
Welcome to the exida.com on-line lesson on Safety Instrumented System

Validation. In this lesson we will cover the terminology, activities,
responsibilities, and checklists associated with all pre-startup activities
required to verify and demonstrate that the Safety Instrumented System will
operate according to the Safety Requirements Specification (SRS). Activities
associated with Pre-Startup Acceptance Testing and Pre-Startup Safety
Reviews also will be covered.
In this lesson the term validation covers all testing carried out prior to the
startup of the facilities.
e ida.com
excellence in dependable-automation
Prerequisite and Companion Lessons
Introduction to Safety Instrumented

Systems
Safety Requirements Specifications
The Introduction to Safety Instrumented Systems and the Safety

Requirements Specifications lessons should be taken before this lesson.
The Introduction to Safety Instrumented Systems covers the main issues
and the basics of SIS design, and provides an introduction to the SIS
vocabulary.
The Safety Requirements Specifications explains what information has to be
be included in the specification and how the information is presented. This
information is critical because the validation activities have to conform with
the specification requirements.
e ida.com
Lesson Objectives
Highlight primary requirements for SIS

Factory acceptance tests
Commissioning
Pre-startup activities
Clarify related terminology

Review the responsibilities, activity details,
and checklists needed to satisfy requirements
Copyright 2000-2002, exida.com
The main objective of this lesson is to ensure a good understanding of all the
steps in the relevant Safety Life Cycles pertaining to testing. The primary
topics supporting this objective are:
1. Factory acceptance tests, commissioning, and pre-startup activity
requirements
2. Clarification of the related terminology
3. Review of responsibilities and details of all pre-startup testing activities
e ida.com
Key Requirements
For any SIS, the following questions

should be answered YES:
Has the logic solver and its associated
software been adequately tested at the
factory prior to shipment?
Has the SIS been installed as per design
specifications and drawings?
Prior to startup: Has the SIS been thoroughly
tested to satisfy the SRS completely? Are the
results of all tests completely documented?
4
Prior to the startup of any plant or equipment, the operating personnel must
be confident that the safety system will function as per the SRS. If the
answer to any of the above questions is NO, then the system may not
function as specified. Verification of each of these items is an important part
of the safety life cycle as described in the ISA and IEC standards.
e ida.com
Additional Requirements
We must also understand the origin and

meaning of the applicable pre-startup
activity terms.
Validation
Verification
FAT
Commissioning
SAT
PSAT
PSSR
In both ISA84.01 and IEC61511 standards there are many terms used to
address activities that pertain to validation and testing. Both standards have
similar requirements, but the terminology used in the standards is not always
consistent. Different terms sometimes mean the same thing. For example, in
ISA84.01 pre-startup acceptance test (PSAT) is used to describe the
activities prior to startup. This term is not used in IEC61511, and these
activities constitute part of the validation step.
It is therefore important to understand where the terms are used and their
meanings. But first, it is also important to review the Safety Life Cycle with
respect to testing.
e ida.com
Safety Life Cycle

ANSI/ISA84.01
No
OPERATION
Conceptual
Process Design
Develop Safety
Specification
Hazard Analysis/
Risk Assessment
SIS Conceptual
Design
Pre-startup
Safety Review
(Assessment)
Develop nonSIS Layers
SIS Detailed
Design
SIS startup,
operation,
maintenance,
Periodic
Functional Tests
SIS
Required?
Yes
Establish
Operating and
Maintenance
Procedures
SIS Installation,
Commissioning
and Pre-startup
Acceptance Test
ANALYSIS
Modify,
Decommission?
Define Target
SIL
REALIZATION
Modify
Not Covered
by S84.01
Covered by
S84.01
SIS
Decommissioning
Decommission
In the ANSI/ISA84.01 standard, two distinct steps relate to testing prior to

the startup and operation of of the plant.
The steps are:
SIS commissioning and pre-startup acceptance tests which are
completed after the SIS is installed.
Pre-startup safety review which is completed immediately before SIS
startup.
e ida.com
Management
of Functional
Safety and
Functional
Safety
Assessment
Safety
Lifecycle
Structure
and
Planning
Safety Life Cycle IEC61511

Risk Analysis and Protection Layer Design
Sub-clause 8
Allocation of Safety Functions to Safety Instrumented
Systems or Other Means of Risk Reduction
Sub-clause 9
Safety Requirements Specification
for the Safety Instrumented System
Sub-clause 10
Design and Development of
Safety Instrumented System
Sub-clause 11
Operation and Maintenance

Sub-clause 15
Clause 5
ANALYSIS
Design and Development of

Other Means of Risk Reduction
Sub-clause 9
Installation, Commissioning, and Validation

Sub-clause 14
Subclause
6.2
Verification
REALIZATION
OPERATION
Subclause
7, 12.7
Decommissioning
Sub-clause 16
Modification
Sub-clause 15.4
The IEC61511(Draft) safety life cycle differs slightly from that in the
ISA84.01, but it also has a step dedicated to the commissioning and
validation of the SIS, which is described in detail in sub-clause 14 of the
standard.
These details include extensive requirements for validation of SIS and SIF
(section14.3), such as mode of operation; startup; auto, manual, and steady
state operation; reset; shutdown; and maintenance. It also includes software
safety integrity.
e ida.com
Terminology 1
Validation
Validation includes all activities required to
demonstrate that the safety instrumented system
under consideration after installation meets the safety
requirements specification in all respects.
Verification
Activity of demonstrating for each phase of the safety
life cycle by analysis and/or tests that, for the specific
inputs, the deliverables meet the objectives and
requirements set for the specific phase.
8
From these definitions, validation relates to activities that ensure compliance

with the SRS, while verification is associated with each phase of the Safety
Life Cycle. Another difference is that verification is more analysis oriented,
while validation is more operations and function oriented.
Note: IEC61511 uses the term validation (with some exceptions) to include
activities after installation. In this lesson we are using the term to cover all
testing carried out prior to the startup of the facilities.
e ida.com
Terminology 2
Factory Acceptance Test (FAT)

Tests usually carried out at the factory to test the
logic solver and associated software together for
compliance with the SRS.
Commissioning
Refers to correct installation, calibration, and
operation of individual SIS components. Note the
correct functionality of the SIS as a fully integrated
system is often considered separately from the
specific commissioning activity.
9
Many logic solvers today consist of Programmable Electronic Systems which

involve complex hardware and specific programming languages. It is
essential that these systems be tested at the factory prior to being shipped
to a users facility. Although commissioning generally refers to installation,
calibration, and initial operation of a system, there is sometimes ambiguity as
to whether this refers to individual components or the entire integrated
system. If just the components are involved, these further system-level
activities must be addressed in subsequent parts of the process.
e ida.com
Terminology 3
Site Acceptance Tests (SAT)

Tests to validate that the installed and commissioned
safety instrumented system and its associated safety
instrumented functions do achieve the requirements
as stated in the safety requirement specification.
Pre-Startup Acceptance Test (PSAT)

Process of confirming performance of the total
integrated SIS to assure its conformance to the
Safety Requirement Specifications and design.
10
The terms SAT, PSAT, and validation are typically used to describe the
same activities, i.e., the final steps prior to the handover of the system to
operations. We will use the term PSAT in this lesson to identify activities
completed after commissioning relating to the system level functionality.
10
e ida.com
Terminology 4
Pre-Startup Safety Review (PSSR)

This is a final safety review carried out prior to the
startup of the plant, i.e., prior to the identified hazards
being present.
11
The pre-startup safety review is a very important step to ensure that the SIS
can be put into operation with the confidence that it will operate successfully
as required by any applicable SIL designations.
11
e ida.com
ACTIVITY
Validation
Verification
FAT
Commissioning
SAT
PSAT
PSSR
Summary of ISA84.01 and

IEC61511 Use of Terms
ISA 84.01
X
X
IEC 61511
X
X
X
X
X
X
X
12
Note that the terms pre-startup acceptance test and pre-startup safety
review are used in ISA84.01, while the term site acceptance test is used in
IEC61511. The activities associated with PSAT and PSSR are covered
under the validation clauses in IEC61511.
12
e ida.com
Sequence of
Validation Activities
Design > Specify Components > Procure
Factory Acceptance Tests (FAT)

Commission
PSAT (SAT)
PSSR
>Startup
13
Prior to startup, the testing activities can be divided in four main phases:
Phase 1 - Factory Acceptance Tests (FAT) for logic solver
Phase 2 - Commission tests after installation
Phase 3 - PSAT after the commissioning is complete
Phase 4 - PSSR
Upon completion of the pre-startup safety reviews, the unit or plant will be
ready for startup.
13
e ida.com
ACTIVITY
FAT
Commissioning
PSAT
PSSR
Responsibility for
Validation Activities
RESPONSIBILITY
Control Systems Engineering personnel have
overall responsibility with support from
Operations and Maintenance
The Installation contractor completes
activities. Procedures and guidelines normally
prepared by engineering
Same as for FAT
Operations personnel have full responsibility
for this activity
14
The responsibilities identified above are typical. They do vary from company
to company, and can also differ based on the size and complexity of the SIS.
14
e ida.com
Factory Acceptance
Testing Objective
The objective of a Factory Acceptance

Test (FAT) is to test the logic solver and
associated software together to ensure they
satisfy the requirements defined in the
Safety Requirements Specification. By
testing the logic solver and associated
software prior to installation in a plant, errors
can be readily identified and corrected.
15
The primary role of the FAT is to test the logic and hardware of the logic
solver to insure that they meet specification. However, this testing is also an
excellent opportunity for training and increasing the understanding of the
operation of the SIS components on their own before they are installed as
part of a larger system.
15
e ida.com
Factory Acceptance
Testing Activities
Test planning
Functional testing of logic solver
Performance test (timing, reliability)
Environment tests (EMC)
Fault mode testing
Interface testing
Documentation
16
FAT should proceed according to a written plan and detailed documented

procedure. The FAT itself along with its outcome should also be well
documented.
If a failure occurs, the reason for failure, corrective action taken, and re-test
results should be documented.
It is often helpful for a user to send the FAT procedure to the supplier prior to
actual checkout. The supplier will usually test and correct most problems
before the users visit based on the procedures.
16
e ida.com
Commissioning
Objectives
Check for correct installation and

functionality of equipment
Note any as-built changes from
previous designs
Ready for pre-startup

acceptance tests (PSAT)
17
Any system changes made during the commissioning have to be well

documented and all related documents have to be updated.
17
e ida.com
Commissioning
Activities
Grounding has been properly connected

Energy sources connected and operational
No physical damage present
All instruments calibrated and ranges set
Interfaces operational, including interfaces to
other systems
All field devices are operational
Logic solver and input/outputs are operational
18
For the activities listed in the slide, procedures and checklists should be
prepared to insure that each task is executed completely and effectively.
18
e ida.com
Validation of Specific SRS

Functional Requirements 1
The SRS should contain these functional

requirements:
Definition of the safe state
Process inputs and their trip points
Process parameter normal operating range
Process outputs and their actions
Relationship between inputs and outputs
19
The SRS requirements listed here and on the following slide are specifically
relevant to the PSAT activities. Thus a large part of the PSAT activities is to
show how the different safety requirements specifications and corresponding
functional requirements have been met by the installed safety system.
19
e ida.com
Validation of Specific SRS

Functional Requirements 2
Selection of energize-to-trip or deenergize-to-trip

Consideration for manual shutdown or bypass
Actions on loss of power to the SIS
Response time requirements for the SIS to bring
the process to a safe state
Response actions for overt fault
Reset functions
Operator interface requirements
20
As with those requirements noted on the last slide, the logic of each activity
is clear. The SRS itself should provide valuable supporting documentation to
ensure that all items are properly addressed without forgetting anything.
20
ee ida
.com
ida.com
excellence in
in dependable-automation
dependable automation
excellence
Pre-Startup Acceptance
Test Objectives
The overall PSAT objective is to verify that all

requirements in the SRS have been successfully
implemented
All equipment installed per manufacturers
instructions
Periodic test plan needs to be developed,
complete with test procedure and documentation
of results
Verify operation of field instruments
21
It should also be noted that any changes made during the PSAT have to be
well documented and all related documents have to be updated.
21
e ida.com
PSAT Activities 1
The PSAT will consist of the following activities:

Ensure sensors, logic solvers, and actuators
perform according to the SRS
Confirm proper SIS operation on bad process
variable values
Make certain SIS provides the proper annunciation,
displays, and external communications
Ensure computations by the SIS are correct
Verify SIS reset functions operate as defined in SRS
22
The PSAT activities listed on this and the following two slides
correspondingly support the SRS items listed earlier.
As for the FAT and commissioning tests, it is essential that test plans,
complete with procedures and responsibilities, be prepared and approved
prior to commencing the PSAT activities.
22
e ida.com
PSAT Activities 2
Test for degraded mode of operation

Bypass functions operate properly
Manual shutdown operates properly
Diagnostic alarm functions perform as required
Confirmation SIS performs as required on loss
of power and returns to proper state upon
re-application of power
23
Key operational characteristics must also be verified as part of the PSAT.
23
e ida.com
PSAT Activities 3
Verify that:
The SIS performs under all normal and
abnormal modes as identified in the SRS
Adverse interaction of the Basic Process
Control System (BPCS) and other
systems does not affect the proper
operation of the SIS
The proper logic and shutdown
sequence is achieved
24
PSAT activities also need to consider interactions with other equipment and
potential abnormal behavior.
24
e ida.com
PSAT Documentation
Completion of all checkout forms

Tools and equipment used, including calibration data
Test results
Version of test specification

Criteria for test acceptance
Version of SIS
Discrepancies between expected and actual results
Decisions taken when discrepancies occur

Sign-off/acceptance
25
One individual has to be assigned responsibility for the sign-off and

acceptance of the tests. This sign-off and individual responsibility are critical
to ensuring acceptable quality.
25
e ida.com
Pre-Startup Safety
Review Objectives
Prior to placing the SIS into

service, final checks are
required to confirm that the
SIS will actually function
as per the SRS
26
Prior to placing the SIS in operation, all documentation needs to be verified

with respect to PSAT, SRS, operating procedures, and maintenance
procedures.
26
e ida.com
Pre-Startup Safety
Review Activities 1
Prior to placing the SIS into service,

the following tasks should be performed.
Verify that:
All commissioning and PSAT activities were
completed
All maintenance and operating procedures are in
place
All personnel training has been completed
27
The final PSSR checks listed on this and the following slide must be
completed before the identified hazards are present.
27
e ida.com
Pre-Startup Safety
Review Activities 2
All bypass functions shall be returned to their

normal position
All process isolation valves shall be set according
to the process startup requirements
All test materials shall be removed
All forces shall be removed
28
These last few PSSR checks basically insure that the system is put into
operation mode and ready to run after all of the tests have been completed.
28
e ida.com
Validation Activities:
Final Checklist
Checklist: Factory Acceptance Testing
Item #
Item
Yes/No or
Comment
Have the procedures developed for the FAT been reviewed

and approved by:
Engineering contractor
Logic solver supplier
Owner representative?
Have the roles and responsibilities for all involved in the

testing been well defined and communicated?
Have personnel involved with the testing received

appropriate training?
Is all documentation required for the testing accurate and up

to date?
29
This slide shows some typical questions that should be part of a final
checklist for FAT, commissioning, PSAT, and PSSR.
A checklist is one of the most effective tools for ensuring that the tasks
identified in the FAT, commissioning, PSAT, and PSSR are completed
effectively.
29
e ida.com
Validation Lesson Review
Primary requirements for SIS

Factory acceptance tests
Commissioning
Pre-startup activities
Clarify related terminology

Responsibilities, activity details, and
checklists needed to satisfy requirements
30
The validation lesson began by noting the safety life cycle support for the
primary validation activities, such as factory acceptance tests,
commissioning, and pre-startup activity requirements. Next, some of the
more useful terms were defined. The majority of the lesson then focused
on the responsibilities and details of the different pre-startup testing and
validation activities. To be sure the material is thoroughly understood,
please take the time to go back and review any of the parts of this lesson
as needed before moving on to the quiz.
30
e ida.com
Any Questions?
Questions: Please send any questions to

info@exida.com. We will respond as soon as possible.
Additional Resources:
Free articles are available to download from the
exida.com website. These can be reached at
http://www.exida.com/articles.asp.
Additional resources including books, tools, and reports
are available from the exida on-line store. A product
listing is available at http://www.exida.com/products2/.
31
If you have any questions, please send them via email to info@exida.com.
Please refer to this particular lesson: Safety Instrumented System Validation.
Additional resources are available from the exida.com website, including a
series of free articles that may be downloaded. Books, reports, and
engineering tools are available at the exida on-line store.
exida.com is a knowledge company focused on system reliability and safety.
We provide training, tools, coaching, and consulting. For general information
about exida, please view our website at www.exida.com.
Thank you for your interest. Please consider other lessons in the on-line
training series from exida.com.
31

SIS Validation

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

SIS Validation

Enviado por

Direitos autorais:

Formatos disponíveis

e ida.

Safety Instrumented System

Welcome to the exida.com on-line lesson on Safety Instrumented System

Prerequisite and Companion Lessons

Introduction to Safety Instrumented

The Introduction to Safety Instrumented Systems and the Safety

Highlight primary requirements for SIS

Clarify related terminology

Copyright 2000-2002, exida.com

For any SIS, the following questions

Copyright 2000-2002, exida.com

We must also understand the origin and

Copyright 2000-2002, exida.com

Safety Life Cycle

Develop nonSIS Layers

Copyright 2000-2002, exida.com

In the ANSI/ISA84.01 standard, two distinct steps relate to testing prior to

Safety Life Cycle IEC61511

Operation and Maintenance

Design and Development of

Installation, Commissioning, and Validation

Copyright 2000-2002, exida.com

Copyright 2000-2002, exida.com

From these definitions, validation relates to activities that ensure compliance

Factory Acceptance Test (FAT)

Copyright 2000-2002, exida.com

Many logic solvers today consist of Programmable Electronic Systems which

Site Acceptance Tests (SAT)

Pre-Startup Acceptance Test (PSAT)

Copyright 2000-2002, exida.com

Pre-Startup Safety Review (PSSR)

Copyright 2000-2002, exida.com

Summary of ISA84.01 and

Copyright 2000-2002, exida.com

Design > Specify Components > Procure

Factory Acceptance Tests (FAT)

Copyright 2000-2002, exida.com

Copyright 2000-2002, exida.com

The objective of a Factory Acceptance

Copyright 2000-2002, exida.com

Copyright 2000-2002, exida.com

FAT should proceed according to a written plan and detailed documented

Check for correct installation and

Ready for pre-startup

Copyright 2000-2002, exida.com

Any system changes made during the commissioning have to be well

Grounding has been properly connected

Copyright 2000-2002, exida.com

Validation of Specific SRS

The SRS should contain these functional

Copyright 2000-2002, exida.com

Validation of Specific SRS

Selection of energize-to-trip or deenergize-to-trip

Copyright 2000-2002, exida.com

The overall PSAT objective is to verify that all

Copyright 2000-2002, exida.com

The PSAT will consist of the following activities:

Copyright 2000-2002, exida.com

Test for degraded mode of operation

Copyright 2000-2002, exida.com

Key operational characteristics must also be verified as part of the PSAT.

Copyright 2000-2002, exida.com

Completion of all checkout forms

Version of test specification