Professional Documents
Culture Documents
QP GUIDELINE FOR
SAFETY INTEGRITY LEVEL REVIEW
REVISION 1
Rev1
TABLE OF CONTENT
Page No
FOREWORD
1.0
INTRODUCTION..
2.0
SCOPE .
3.0
APPLICATION .
4.0
POLICY ..
5.0
5.1
5.2
TERMINOLOGY
DEFINITIONS ..
ABBREVIATIONS
5
5
7
6.0
REFERENCE STANDARDS........................
7.0
METHODOLOGY/APPROACH ...................................
8.0
8.1
8.2
9
9
10
9.0
9.1
9.2
9.3
9.4
9.5
9.6
9.7
REQUIREMENTS.............................................................................................
PREPARATION OF THE REVIEW...................................................................
SIL REVIEW.....................................................................................................
VALIDATION OF SIF........................................................................................
CAUSE DEMAND SCENARIO.........................................................................
CONSEQUENCES OF FAILURE ON DEMAND (CoFD)................................
INDEPENDENT SAFEGUARDS......................................................................
SIL ASSESSMENT CALIBRATED RISK GRAPH METHOD........................
11
11
12
13
13
14
14
14
10.0
10.1
10.2
PLANNING.......................................................................................................
PREPARATION OF THE REVIEW...................................................................
TIMING OF THE REVIEW................................................................................
20
20
20
11.0
11.1
11.2
11.3
20
20
20
21
12.0
12.1
APPENDICES.................................................................................................
APPENDIX I: TYPICAL SIL REVIEW WORKSHEET USING RISK GRAPH
METHOD..........................................................................................................
APPENDIX II: TYPICAL SIL ACTION SHEET..................................................
APPENDIX III: TYPICAL SIL REVIEW REPORT TABLE OF CONTENT.......
APPENDIX IV: SIL REVIEW PREPARATION ITEMS CHECKLIST.................
22
12.2
12.3
12.4
Page 2 of 31
22
23
24
25
Custodian Dept: ST
Rev1
26
27
28
31
Page 3 of 31
Custodian Dept: ST
Rev1
FOREWORD
This document has been developed by Corporate HSE Support Department, reviewed and
edited by Corporate Quality and Management System Department and circulated for review by
user departments before being endorsed by QP Management to provide guideline.
This document is published for QP Departments/ Contractors/ Consultants utilization. It shall
be emphasized that the document to be used for QP operations wherever applicable and
appropriate.
This document is subjected to periodical review to re-affirm its adequacy or to conform to any
changes in the corporate requirements or to include new developments on the subject.
It is recognized that there will be cases where addenda or other clarifications need to be
attached to the standard to suit a specific application or service environment. As such, the
content of the document shall not be changed or re-edited by any user, but any addenda or
clarifications entailing major changes shall be brought to the attention of the Custodian
Department.
The custodian of this document is Corporate HSE Support Department (ST). Therefore, all
comments, views, recommendations, etc. on it shall be forwarded to the same and copied to
Manager, Corporate Quality & Management Systems Department (QA).
Page 4 of 31
Custodian Dept: ST
1.0
Rev1
INTRODUCTION
Safety Integrity Level (SIL) review is an analysis which aims at the determination of the
appropriate reliability required from the elements of the Safety Instrumented Functions
(SIF) identified in prior safety reviews (e.g. HAZOP).
The approach of this guideline is to remove the uncertainty regarding the safety
integrity, cost effectiveness and availability requirements, reducing over and under
engineering, in a traceable manner.
SIL study is a method to record all the SIF for a project development and document the
expected reliability level. SIL study provides a basis for future maintenance and
operating strategies. SIL shall be conducted during FEED phase and /or EPIC phase in
accordance with Project HSE Plan or as required by the outcome of Safety Reviews of
a project.
SIL assignment is based on the amount of risk reduction that is necessary to mitigate
the risk associated with the process to a tolerable level. All of the Safety Instrumented
Systems (SIS) design, operation and maintenance choices must then be verified
against the SIL assigned.
2.0
SCOPE
This guideline details the structure, responsibilities and techniques of the Safety
Integrity Level (SIL) review.
3.0
APPLICATION
The SIL review of the project shall cover all Safety Instrumented Systems (SIS) in
process and utility units where there is potential for hazard to human safety,
environment or asset /production loss.
4.0
POLICY
QP is committed to protect the health and safety of its employees and others that may
be affected by its activities and to give proper regard to the conservation of the
environment. QP policy is to conduct its activities such that it strives towards an incident
free, secure, safe and healthy workplace.
Safety studies and reviews shall be performed during the course of a project or
modifications to an existing facility. This is to identify, qualify, quantify and to establish
that design safety measures shall provide adequate protection and mitigate any risk
involved with the proposed project development or the modifications.
5.0
TERMINOLOGY
5.1
DEFINITIONS
Basic Process
Control
System (BPCS)
Custodian Dept: ST
Rev1
Cause
Company
Consequence (C)
Consequences of
Failure on Demand
Demand Scenario
Design Intent
Final Element
Layers of Protection
Analysis
Logic Solver
Hazard
Licensor
triggering
SIF
action
Occupancy (F)
Probability of
Avoiding the Hazard
(P)
Probability of
Failure on Demand
Page 6 of 31
Custodian Dept: ST
Rev1
Recovery Measures
Safety Integrity
Level
Safety Instrumented
Function
Safety Instrumented
System
5.2
ABBREVIATIONS
CoFD
F&G
HAZOP
LOPA
LP
Loss Prevention
P&ID
PFD
PSD
QP
Qatar Petroleum.
SIL
EPIC
ESD
FEED
Page 7 of 31
Custodian Dept: ST
6.0
Rev1
SIF
SIS
REFERENCE STANDARDS
IEC-61508
7.0
METHODOLOGY/ APPROACH
The technical standard IEC 61511 sets out a good practice for engineering of safety
instrumented systems that ensure the safety of process industries. This standard
defines the functional safety requirements established by IEC 61508 in process industry
sector terminology.
It also focuses attention on one type of instrumented safety system used within the
process sector, the safety instrumented system (SIS).
IEC 61511 covers the design and management requirements for SISs. Its scope
includes initial concept, design, implementation, operation, and maintenance through
decommissioning. The standard starts in the earliest phase of a project and continues
through start up. It contains sections that cover modifications that come along later,
along with maintenance activities and the eventual decommissioning activities.
The standard consists of three parts as detailed under Clause 6.0.
The SIL review session is a guided team brainstorming activity that benefits from a
structured method and from the broad experience of a multidisciplinary team led by a
SIL facilitator.
The methodology that will be employed for the SIL determination is a technique uses a
semi qualitative method: calibrated risk graph, as defined in IEC 61511-3 Annex D.
Page 8 of 31
Custodian Dept: ST
Rev1
Essentially the SIL derived rating is a measure of risk reduction that is required to be
achieved by the safety instrumented system in order that the residual risk is acceptable
or is as low as reasonably acceptable (ALARP)
There are four levels of Safety Integrity for Safety Instrumented Functions, SIL1 to SIL
4. SIL 4 has the highest level of safety integrity and SIL 1 has the lowest. For SIF which
are assigned SIL 1 or SIL 2 no further studies or action shall be required. However, for
SIF which are assigned SIL 3 or 4, the SIL classification shall be considered in detail
using a Quantitative method: Layer of Protection Analysis (LOPA) as defined in IEC
61511-3 Annex F.
SIL classification study shall be carried out for all the elements of SIS; i.e. PSD, ESD
and F&G as identified in the Cause & Effect matrix.
The outcome of the SIL assessment is followed by a SIL verification study, where the
reliability of the SIS is verified.
Dedicated computer spreadsheet or dedicated SIL software shall be used for recording
SIL proceedings. The software tool used for determining SIL shall be in accordance
with IEC 61508/61511 and shall have a provision to calibrate the Risk Graph based on
QP SIL review guideline.
Note: Contractor shall develop project specific SIL procedure and terms of reference
consistent with QP SIL guideline and shall submit to QP for prior approval.
8.0
8.1
TEAM STRUCTURE
In performing a SIL review, the proper selection of team participants is very important.
The review team shall consist of personnel who are knowledgeable in the process
technology and experienced in the operations of the process. The team shall have the
necessary SIL review experience and obtained formal SIL training techniques. The
chairman will be independent of the CONTRACTOR. QP will review and approve the
Chairmans resume prior to the SIL review.
The planned multidisciplinary core team necessary for the realisation of the SIL review
shall include the following disciplines and maximum number to be limited to 10 persons
excluding chairman and scribe.
a) Qatar Petroleum
Chairman
Page 9 of 31
Custodian Dept: ST
Rev1
c) Project Independent
Contractors LP Engineer
Scribe
d) Contractor
Process Engineer
Instrumentation Engineer
Loss Prevention Engineer
8.2
8.2.1 Chairman
The Chairman shall require a high level of technical and managerial skills. He shall
require expertise and experience in conducting SIL reviews and SIL verification studies.
He needs to remain independent of the discussion and shall not associate with the
project. The Chairmans resume shall be reviewed and approved by QP prior to a SIL
session.
The role of the Chairman is critical to the success of the meeting.
He shall:
Prepare, and make a presentation prior to the review on SIL techniques, rules
and assumptions to be used by the team during the review,
Page 10 of 31
Custodian Dept: ST
Rev1
8.2.2 Scribe
The role of scribe shall be skilled to record accurately outcome of the discussions.
Without being highly experienced the scribe needs to be familiar with engineering
terminology.
He / She shall:
Be familiar with the computer software used to record the review findings
before the start of the review,
Defining the success criteria for initiators and final elements, and
9.0
REQUIREMENTS
9.1
Prior to the review, the chairman shall collect the SIF description (SIF name,
initiator(s), final elements, success criteria, associated actions and design
Intent from the instrumentation specialist/ LP engineer
The chairman shall make a presentation to the team about the purpose and
scope of the SIL review and to focus the efforts of the team members.
The chairman shall make a presentation to the team about the methodology to
be used in the SIL review. This establishes a common starting basis for the
team that is necessary to conduct an effective SIL review.
The parameters of the Project Risk Matrix shall be presented to the team for
subsequent use in the evaluation of SIL assessment (Ref Appendix VII).
The process engineer shall present an overall explanation of the plants
process so that all team members have a clear understanding of the basic
operations of the plant. This also acquaints the team members with typical
scenarios that may lead to a hazardous condition.
Page 11 of 31
Custodian Dept: ST
9.2
Rev1
SIL REVIEW
The SIL review sequence process shall be divided into steps as follows:
Page 12 of 31
Custodian Dept: ST
Rev1
ASSESS
CLASSIFICATION
9.3
VALIDATION OF SIF
Instrumentation or LP engineer shall present each SIF to the review team to have the
same understanding of its purpose (design intend) among the team members.
9.4
Page 13 of 31
Custodian Dept: ST
Rev1
9.6
INDEPENDENT SAFEGUARDS
Where applicable, the team may list of Independent safeguards (independent from SIF)
which can reduce the event probability.
9.7
Definition
S1(CA)
S2 (CB)
S3 (CC)
S4(CD)
Multiple fatalities
Notes:
The classification system has been developed to deal with injury and
death to people.
For the interpretation of S1, S2, S3 and S4 parameters, the
consequences of the accident and normal healing shall be taken into
account.
Page 14 of 31
Custodian Dept: ST
Rev1
E1(CA)
E2(CB)
E3(CC)
E4(CD)
Definition
Definition
A1(CA)
A2(CB)
A3(CC)
A4(CD)
Page 15 of 31
Custodian Dept: ST
Rev1
Definition
Rare to more often exposure in the hazardous zone (normally
unmanned operation of the relevant part of the plant).
Occupancy less than 10%.
F1
F2
Definition
P1
P2
Page 16 of 31
Custodian Dept: ST
Rev1
W1
W2
W3
Definition
A very slight probability that the unwanted occurrences will happen
and only a few unwanted occurrences are likely: Once in every 30
to 100 years.
A slight probability that the unwanted occurrences will happen and
few unwanted occurrences are likely: Once in every three to 30
years.
A relatively high probability that the unwanted occurrences will
happen and frequent unwanted occurrences are likely: more than
once in every one to three years.
9.7.5 Risk Graph Personnel Safety, (Ref. IEC 61511-3 fig D.1)
Risk graph as referred in Figure 2 shall be used to determine SIL for personnel safety.
The consequences of the hazardous situation for personnel safety are determined as SIL
levels using risk graph.
Page 17 of 31
Custodian Dept: ST
Rev1
Page 18 of 31
Custodian Dept: ST
Rev1
Page 19 of 31
Custodian Dept: ST
Rev1
The selected SIL level for a safety interlock function is the highest of the three individual
SILs (Safety, Economical and Environmental) and defines a minimum SIL. It is always
possible to select a higher SIL level than the required SIL, if the project team thinks this
is preferred.
10.0 PLANNING
10.1
10.2
DOCUMENTS REQUIRED
Before the start of the SIL review exercise the following documents shall be available to
serve as input information for the discussion:
11.2
RECORDING
The findings of the application of the methodology presented above shall be recorded
during the session by the scribe with the computer spreadsheet or dedicated SIL
software.
The scribe records the results of this identification activity in a table type file (see
appendix I) using a computer and a video projector.
Use of a video projector shall allow the team to visualise the record. A SIL review
worksheet used for the report of the findings is presented in appendix I.
Page 20 of 31
Custodian Dept: ST
Rev1
Upon completion of the review the chairman will produce a report, which discusses the
findings of the review and details the critical findings.
11.3
Recommendation (Action /query items) shall be recorded and the corresponding SIL
ACTION SHEET (see Appendix II) shall be generated for subsequent follow-up by the
project.
The Project Engineer shall have the responsibility to ensure appropriate project followup of the action recommendations generated during the review are implemented (see
Appendix II).
A Formal SIL Close out Report with SIL verification study shall be submitted to QP for
approval.
Page 21 of 31
Custodian Dept: ST
Rev1
12.0 APPENDICES
12.1
CAUSE / DEMAND
CONSEQUENCES
INDEPENDENT
RECOMMENDA
SCENARIO
of FAILURE on
DEMAND (CoFD)
SAFEGUARDS
TIONS
recommendation
of the team (if
any)
of Failure on
demand of the SIF
Consequence
Parameter
Occupancy
Parameter
Probability of
Avoiding the
hazard Parameter
Demand Rate
Parameter
SIL Level
Safety
Environment
Economic
Name of person
Page 22 of 31
Custodian Dept: ST
Rev1
RESPOND BY:
MEETING DATES: DD MMM YYYY
(SIF Table 1)
DESIGN INTENT:
purpose of the SIF
CAUSE / DEMAND SCENARIO:
list here causes that will trigger the SIF to operate
CONSEQUENCES of FAILURE on DEMAND (CoFD):
list here all the consequences that will occur in case of Failure on demand of the SIF
.
INDEPENDENT SAFEGUARDS:
list here all the independent safeguards
RECOMMENDATIONS:
recommendation of the team (if any)
RESPONSE: (Action )
DATED:
SIGNED:
ENTER YOUR RESPONSE IN THE BOX ABOVE, THEN SIGN AND RETURN TO:
Page 23 of 31
Custodian Dept: ST
Rev1
TABLE OF CONTENT
1.0 SUMMARY
2.0 INTRODUCTION
3.0 SCOPE
4.0 TEAM COMPOSITION
5.0 DOCUMENTS REFERENCES
(Including to the present procedure)
6.0 GENERAL DESCRIPTION
7.0 FINDINGS OF THE REVIEW (if any)
8.0 CONCLUSION (as required)
In attachment:
9.0 COPY OF REFERENCE DOCUMENTS MARQUED DURING
REVIEW
10.0 SIF CLASSIFICATION RISK MATRIX
11.0 SIL WORKSHEET TABLES
12.0 SIF CLASSIFICATION REVIEW ACTION SHEETS (if any)
Page 24 of 31
Custodian Dept: ST
Rev1
Date: _ _/ _ _/ _ _
Logistics:
Dates defined: start date: _ _/ _ _/ _ _
Chairman selected:
Scribe selected:
End date: _ _/ _ _/ _ _
Name: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Yes/No
PID:
Yes/No
Date: _ _/ _ _/ _ _
Page 25 of 31
Custodian Dept: ST
Rev1
Parameter
Description
Consequence
Occupancy
Probability of
avoiding the
hazard
Demand rate
Page 26 of 31
Custodian Dept: ST
Rev1
Mean Failure
Rate per 106
hours
Per Year
(Continuous
Operation)
1 Failure
per
(years)
0.05
0.024
0.084
0.096
0.086 to 0.14
21
40
12
10
7 to 11
0.053 to 0.21
5 to 19
0.19
0.227
0.21 to 0.39
5.25
4.4
2.5 to 5
5.3
2.8
9.6
11
10 to 16 (1 to
20)
19 to 24 (1 to
10)
22
25.94
24 to 44 (1 to
10)
4.1
6.5
0.036
0.0575
27.8
17
Fusible Plug
H2S Gas Detector
IR HC Gas Detector
0.27
11.46
36.5
0.00237
0.1004
0.320
423
9.96
3.13
Item Leak Frequency (Offshore Hydrocarbon Release Statistics and Analysis, 2002, HID
Statistics Report HSR 2002 002, UK Health and Safety Executive, February 2003.)
Item:
Leak Frequency
(per year)
Flange
Valve
Instrument Connections
Pressure Vessel
Centrifugal pump
Shell & Tube Heat Exchanger
Launcher / Receiver
Centrifugal Compressor
Reciprocating Compressor
5.2 x 10
-4
4 x 10
-4
6 x 10
-3
2 x 10
-3
5 x 10
-3
3.5 x 10
-2
1 x 10
-3
8 x 10
-2
7 x 10
-5
1 leak per
(years)
19230
2500
1700
500
200
290
100
125
15
Page 27 of 31
Custodian Dept: ST
Rev1
Potential
Severity
SEVERITY
INCREASING SEVERITY
CONSEQUENCES
People
Asset/
Production
No injury
No damage
INCREASING PROBABILITY
A
B
C
Environment Reputation
No Effect
No Impact
Slight
Impact
Minor injury
Minor damage
or health
Minor effect
( < QR 350,000)
effect
Limited
Impact
National
Impact
Single
Fatality or
permanent
total
disability
Multiple
fatalities
Localised
Effect
Major damage
( < QR
Major Effect
35,000,000)
Extensive
damage ( > QR
35,000,000)
Massive
Effect
E
Occurres
Has
Occurres
Never
Has
several
Occurred
several
heard in
Occurred
times a
in
times a
Industry
in QP
year this
Industry
year in QP
site
No Risk
Low Risk
Regional
Impact
Medium Risk
High Risk
Internation
al impact
Page 28 of 31
Custodian Dept: ST
Rev1
or
an
Page 29 of 31
Custodian Dept: ST
Rev1
Major effect: Severe environmental damage; the company is required to take extensive
measures to restore the contaminated environment to its original state; Extended
exceeding of statutory or prescribed limits.
Massive effect: Persistent severe environmental damage or severe nuisance extending
over a large area; In terms of commercial or recreational use or nature conservancy, a
major economic loss for the company; Constant high exceeding of statutory or prescribed
limits.
3.0 ASSET DAMAGE/ LOSS OF PRODUCTION
Asset damage and loss of production is further explained for:
Slight damage: No disruption to operation with estimated cost less than QR 25,000.
Minor damage: Brief disruption to operation with estimated cost less than QR 350,000.
Local damage: Partial shutdown of operation; can be restarted with estimated cost up to
QR 3,500,000.
Major damage: Partial loss of operation; 2 weeks shutdown with estimated cost up to QR
35,000,000.
Massive damage: Substantial or total loss of operation with estimated cost in excess of
QR 35,000,000.
4.0 REPUTATION
Page 30 of 31
Custodian Dept: ST
Rev1
Revision: 1
Date: 24/03/2010
the
corporate
Note:
The revision history log shall be updated with each revision of the document. It shall
contain a written audit trail of the reason(s) why the changes/amendments have occurred,
what the changes/amendments were and the date at which the changes/amendments
were made.
Page 31 of 31
Custodian Dept: ST