1 Scope
This part of GB/T 21109 gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system, so that it can be confidently entrusted to place and/or maintain the process in a safe state. GB/T 21109 has been developed as a process sector implementation of GB/T 20438-2006.
In particular, this part
a) specifies the requirements for achieving functional safety but does not specify who is responsible for implementing the requirements (for example, designers, suppliers, owner/operating company, contractor); this responsibility may be assigned to different parties according to safety planning and national regulations;
b) applies when equipment that meets the requirements of GB/T 20438-2006, or of 11.5 of this part, is integrated into an overall system that is to be used for a process sector application but does not apply to manufacturers wishing to claim that devices are suitable for use in safety instrumented systems for the process sector (see GB/T 20438.2-2006 and GB/T 20438.3-2006);
c) defines the relationship between GB/T 21109 and GB/T 20438-2006 (Figures 2 and 3);
d) applies when application software is developed for systems having limited variability or fixed programmes but does not apply to manufacturers, safety instrumented systems designers, integrators and users that develop embedded software (system software) or use full variability languages (see GB/T 20438.3-2006);
e) applies to a wide variety of industries within the process sector including chemicals, oil refining, oil and gas production, pulp and paper, non-nuclear power generation;
Note: Within the process sector some applications, (for example, off-shore), may have additional requirements that have to be satisfied.
f) outlines the relationship between safety instrumented functions and other functions (Figure 4);
g) results in the identification of the functional requirements and safety integrity requirements for the safety instrumented function(s) taking into account the risk reduction achieved by other means;
h) specifies requirements for system architecture and hardware configuration, application software, and system integration;
i) specifies requirements for application software for users and integrators of safety instrumented systems (clause 12). In particular, requirements for the following are specified:
——safety life-cycle phases and activities that are to be applied during the design and development of the application software (the software safety life-cycle model). These requirements include the application of measures and techniques, which are intended to avoid faults in the software and to control failures which may occur;
——information relating to the software safety validation to be passed to the organization carrying out the SIS integration;
——preparation of information and procedures concerning software needed by the user for the operation and maintenance of the SIS;
——procedures and specifications to be met by the organization carrying out modifications to safety software;
j) applies when functional safety is achieved using one or more safety instrumented functions for the protection of personnel, protection of the general public or protection of the environment;
k) may be applied in non-safety applications such as asset protection;
l) defines requirements for implementing safety instrumented functions as a part of the overall arrangements for achieving functional safety;
m) uses a safety life cycle (Figure 8) and defines a list of activities which are necessary to determine the functional requirements and the safety integrity requirements for the safety instrumented systems;
n) requires that a hazard and risk assessment is to be carried out to define the safety functional requirements and safety integrity levels of each safety instrumented function;
Note: See Figure 9 for an overview of risk reduction methods.
o) establishes numerical targets for average probability of failure on demand and frequency of dangerous failures per hour for the safety integrity levels;
p) specifies minimum requirements for hardware fault tolerance;
q) specifies techniques/measures required for achieving the specified integrity levels;
r) defines a maximum level of performance (SIL 4) which can be achieved for a safety instrumented function implemented according to GB/T 21109;
s) defines a minimum level of performance (SIL 1) below which GB/T 21109 does not apply;
t) provides a framework for establishing safety integrity levels but does not specify the safety integrity levels required for specific applications (which shall be established based on knowledge of the particular application);
u) specifies requirements for all parts of the safety instrumented system from sensor to final element(s);
v) defines the information that is needed during the safety life cycle;
w) requires that the design of a safety instrumented function takes into account human factors;
x) does not place any direct requirements on the individual operator or maintenance person.
See Figure 5 for the relationship between system, hardware and software.
Foreword I
Introduction II
1 Scope
2 Normative references
3 Abbreviations and definitions
3.1 Abbreviations
3.2 Terms and definitions
4 Conformance to GB/T 21109
5 Management of functional safety
5.1 Objective
5.2 Requirements
6 Safety life-cycle requirements
6.1 Objectives
6.2 Requirements
7 Verification
7.1 Objective
8 Process hazard and risk assessment
8.1 Objectives
8.2 Requirements
9 Allocation of safety functions to protection layers
9.1 Objectives
9.2 Requirements of the allocation process
9.3 Additional requirements for safety integrity level 4
9.4 Requirements on the basic process control system as a protection layer
9.5 Requirements for preventing common cause, common mode and dependent failures
10 SIS safety requirements specification
10.1 Objective
10.2 General requirements
10.3 SIS safety requirements
11 SIS design and engineering
11.1 Objective
11.2 General requirements
11.3 Requirements for system behaviour on detection of a fault
11.4 Requirements for hardware fault tolerance
11.5 Requirements for selection of components and subsystems
11.6 Field devices
11.7 Interfaces
11.8 Maintenance or testing design requirements
11.9 SIF probability of failure
12 Requirements for application software, including selection criteria for utility software
12.1 Application software safety life-cycle requirements
12.2 Application software safety requirements specification
12.3 Application software safety validation planning
12.4 Application software design and development
12.5 Integration of the application software with the SIS subsystem
12.6 FPL and LVL software modification procedures
12.7 Application software verification
13 Factory acceptance testing (FAT)
13.1 Objectives
13.2 Recommendations
14 SIS installation and commissioning
14.1 Objectives
14.2 Requirements
15 SIS safety validation
15.1 Objective
15.2 Requirements
16 SIS operation and maintenance
16.1 Objectives
16.2 Requirements
16.3 Proof testing and inspection
17 SIS modification
17.1 Objectives
17.2 Requirements
18 SIS decommissioning
18.1 Objectives
18.2 Requirements
19 Information and documentation requirements
19.1 Objectives
19.2 Requirements
Annex A (Informative) Differences
Bibliography
Figure 1 Overall framework of GB/T 21109 IV
Figure 2 Relationship between GB/T 21109 and GB/T 20438-2006
Figure 3 Relationship between GB/T 21109 and GB/T 20438-2006 (see clause 1)
Figure 4 Relationship between safety instrumented functions and other functions
Figure 5 Relationship between system, hardware, and software of this part
Figure 6 Programmable electronic system (PES): structure and terminology
Figure 7 Example of SIS architecture
Figure 8 SIS safety life-cycle phases and functional safety assessment stages
Figure 9 Typical risk reduction methods found in process plants
Figure 10 Application software safety life cycle and its relationship to the SIS safety life cycle
Figure 11 Application software safety life cycle (in realization phase)
Figure 12 Software development life cycle (the V-model)
Figure 13 Relationship between the hardware and software architectures of SIS
Table 1 Abbreviations used in GB/T 21109
Table 2 SIS safety life-cycle overview
Table 3 Safety integrity levels: probability of failure on demand
Table 4 Safety integrity levels: frequency of dangerous failures of the SIF
Table 5 Minimum hardware fault tolerance of PE logic solvers
Table 6 Minimum hardware fault tolerance of sensors and final elements and non-PE logic solvers
Table 7 Application software safety life cycle: overview
Table A.1 Organizational differences
Table A.2 Terminological differences