SIL Validation

SIL Validation is a activity that is done as part of the Safety Instrumentation System Life Cycle as defined in the IEC 61508 / IEC 61511 Standards. Safety Integrity Level Validation activities include Software Validation, Documentation & Hardware Validation and the Site Functional Validation for each Safety Instrumented Function (SIF) associated with a Project.

Definition of Validation

As per IEC 61511, Validation is: “Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled. The Validation process is an activity of demonstrating that the Safety Instrumented Function (SIF) and Safety Instrumented System (SIS) under consideration after installation meet in all respects the performance criteria indicated in the Safety Requirements Specification (SRS).

Purpose of SIL Validation

The purpose of the SIS Validation is to systematically Review, Check, Test, Demonstrate and ensure that the SIS / SIF are designed, procured & installed to meet the Functional Requirements and are capable to meet the Performance Requirements indicated in the Safety Requirement Specification (SRS).

SIL Validation Scope

All the Safety Instrumented Functions (SIFs) connected to the SIS / ESD / IPS System, HIPPS System and F&G Systems, that are listed out in the Safety Requirement Specification (SRS) are subjected to the SIL Validation Process. That is all the SIFs that are rated as SIL 1, SIL 2 and SIL 3 are included for SIL Validation. SIF rated as SIL A or SIL 0 are not included for SIL Validation.

Codes & Standards:

The following are the primary International Codes & Standards associated with SIL Validation.

Apart from the International Codes & Standards, Company specific Standards would be applicable

Validation Process

As part of the Validation activity, the SIS / IPS / HIPPS shall be functionally tested to verify that:

  • Each SIF operates under normal and identified abnormal operating modes such a, start-up and shutdown
  • Instruments have been properly calibrated
  • Trip set points are correct
  • Start-up, automatic, manual, semi-automatic, steady state of operation function are as per design
  • Operation of SIF is not adversely affected by abnormal behavior of the BPCS, such as loss of communications
  • Communication with other systems functions correctly
  • Trip reset functions operated correctly
    • Maintenance overrides and manual operator over rides function as designed and alert the operator correctly
    • Manual trips function per design
    • Reasonably foreseeable abnormal conditions (degraded / upset conditions), perform as anticipated
    • The HMIs, including alarms, displays and associated diagnostics work correctly
    • Final elements operate correctly within the specified response time
    • The logic solver functions as specified, including functional logic, computations and signal conditioning
    • Documentation and Maintenance Procedure are duly made.

This process involves Process Safety application validation, in accordance with IEC- 61511, as per the Life Cycle activity.

However, this Validation Process does not include the validation of the development of Functional Logic Programs / Blocks involving “Full Variability Languages” as per IEC- 61508. Also, it does not include the Product (Sensor / Logic Solver / Final Elements) Design & Development and Certification.

Validation Methodology

There are 3 different stages involved in the SIS / IPS / HIPPS Validation Process.

  • Stage # 1: SIS Application Software Validation.
  • Stage # 2: SIS Documentation & Hardware Validation.
  • Stage # 3: SIS Functional Validation at site.

STAGE # 1

SIS Application Software Validation:

In general, the SIS / IPS / HIPPS Software Validation has to be done at the Vendor’s factory for a new system. The software validation has to be done as per IEC-61508 /IEC 61511 standards. This validation involves the complete SIS (Safety Instrumented System), which is designed / configured to execute multiple SIFs (Safety Instrumented Functions).

The SIS Software validation has to be done before or part of the FAT to ensure that all the functional requirements have been programmed / configured into the SIS in accordance with the SRS requirements, C&E Diagrams, Functional Logic Diagrams and the Functional Design Specifications. Before the start of the Software validation, a SIS Software Validation Procedure has to be developed by the SIL Consultant and reviewed / approved by the Client.

Various aspects of the SIS application software, including the software architecture, the Input / Output mapping, the Programming Language applied, the database contents, the logic & functional programming, the interface to the hardware modules, interface with the BPCS / HMI, the modularity of the software, the traceability, the change control process, the fault detection, degradation after a fault, reset requirements, documentation for future reference, etc have to be verified.

During this validation process, if any non-compliance or discrepancy is noted, then the same would be provided as Recommendation for implementation. A SIS / SIF Application Software Validation report would to be generated by the SIL Consultant comprising the objectives, input documents, process / method applied, the results obtained, the punch list / action items and the recommendations and submitted to the Client for review.

As part of the FAT, the application software testing shall include the following

  • Input processing and scaling
  • All calculated parameters
  • Automated and manual trips
  • Automated and manual operational overrides
  • Structured testing of all timers, permissive, automated and manual start-up overrides, voting logic
  • Start-up permissive should be failed to assure sequence start-up does not proceed
  • Input fail detection, along with logical degradation for voting inputs (i.e. 2oo3 to 1oo2 to 1oo1)
  • All HMI displays (graphics) proven and approved by operations. This includes all parameters and functions (reset indication and function, bypassing (MOS and OOS), disarming indication, first out indication).
  • All alarms function as per the Master Alarm Database table, including process alarms, diagnostic alarms (IPS hardware failure and transmitter comparison alarms), first failure alarms, trip alarms, and trip failure alarms (such as valve fail alarms)
  • Sequence of event recorder logging
  • The proper shutdown sequence activities including inter-trips
  • “What if testing” shall be deployed to prove logic and operator interface have no problems in abnormal conditions.
  • All timers are reset to their correct settings.

For an existing Facility, the existing Factory Acceptance Test Report would be reviewed by the SIL Consultant to get the necessary information to ensure that the above functional requirements are duly met in the installed system.

Hence, for the existing facility, the software validation would be done based on the documents applied for FAT, including the FAT Procedure / Check List, FAT Report / Punch List / Action Taken Register to close the Punch List and Vendor’s Quality management certificates / Reports.

STAGE # 2

SIS Documentation & Hardware Validation

This phase of the Validation is done, after the SIS / IPS / HIPPS has been installed at site, Mechanical completion done and Loop Checking is done.

The SIS Documentation & Hardware validation includes checking of SIF components make / model numbers, Architecture configuration, Safety Requirement Specification Report, SIL Verification Report, Functional Design Specifications, Panel General Arrangement Drawings, Junction Box wiring segregation, I/O module assignment, Instruments Calibration report checking, Loop Checking Report, Hydrostatic Testing report review etc to ensure that the SIF components have been configured / installed calibrated / tested as per the SRS and the other design documents.

At this stage, the validation doesn’t include functional testing of the SIF, logic solver and the associated software program. This SIF validation would be done after completion of the Action items / recommendations listed out in the SIL Verification Report. It is considered that the SIS Application Software Validation has been already developed and the punch list / action points / recommendations have been already implemented.

A SIF Documentation & Hardware Validation procedure would be made by the SIL Consultant, and submitted to the Client for review. The SIF Loop Documentation & Hardware Validation would be done by the SIL Consultant based on the input documents collected from the Company / Contractor / Vendor. The method / details indicated in the Client reviewed SIL Validation Procedure would be followed.

Before the start of the Validation, the construction documents including the Loop Diagrams / Calibration Certificates / Loop Testing Certificates etc. would be requested from the Contractor for each SIF. The construction documents would be reviewed by the Consultant and necessary modifications would be recommended to avoid common mode failures or any inconsistencies or deficiencies.

After the implementation of the hardware modifications (if any), the make / model / architecture configuration verification would be verified and validated for one SIF at a time. If discrepancy noted between the site installation and the SRS, then suitable recommendations would be made for resolving the differences.

Once the validation is completed for all the SIFs, the details would be compiled and submitted to the Client as SIF Documentation & Hardware Validation report. The Client feedback, if any would be reviewed and implemented in to the final report.
STAGE #3

SIS Functional Validation at Site:

The SIS Site Functional validation includes verification of SIF shutdown logical functions / Override functions / Reset functions / Etc. as indicated in the SRS, FDS and the other design documents. This has to be done at site with all the components of the SIF, including the Sensors / Logic Solvers / Final Elements fully installed and duly integrated.

A SIS Functional Validation procedure would be made by the Consultant, from their home office and submitted to the Client for reviewal the functional requirements indicated in the SRS, including the logic, override, reset etc. would be tested for the complete SIF, including the Initiators, Logic solver and Final Elements.

The SIF validation would be done after completion of the SIS Application Software validation and SIS / SIF Loop Documentation & Hardware validation. All the action items / recommendations listed out in the SIS Application Software Verification Report / SIF Loop Documentation & Hardware Validation Report should have been implemented before the start of the SIF Loop Functional Validation.

The Software validation done as part of Phase 2 would not be repeated at Site. Only the Functional Logic along with all the SIF Components would be tested. The SIF Loop Functional Validation would be done at site by the Consultant’s team comprising the SIL Chairman & the SIL Instrumentation Engineer, along with the Client’s SIL Validation team. The method / details indicated in the Client reviewed SIL Validation Procedure would be followed.

This validation would be done at for each SIF under live (energized) condition, but without having the Process fluids in the circuits. This validation is part of the SAT (Site Acceptance Test) and has to be done as part of the Pre-commissioning activities. The SIF loop can’t be commissioned into actual service, until the SIF loop meets all the functional requirements, as demonstrated during this validation.

The SIF Loop’s critical performance related function, i.e SIF Response time, as indicated in the SRS would be actually tested at site for each SIF. If the SIF fails to meet the response time requirements, then the SIF would be considered as “Failed” during the Site Validation process and suitable modifications would be recommended.

Once the SIF Loop Functional validation is completed for all the SIFs and all the SIFs have met the functional requirements, then the details would be compiled and submitted to the Client as SIS / IPS / HIPPS Site Functional Validation report. The Client feedback, if any would be reviewed and implemented in to the final report. The Typical check list will be customized further, as part of the SIL Validation procedure.

INPUT DOCUMENTS REQUIRED

The following are the typical list of input required for SIS Validation:

  • SIF related P&IDs.
  • Cause & Effect Diagrams.
  • Control / Shutdown Narrative.
  • Interlock & Logic Diagrams.
  • SIS / HIPPS / IPS Input / Output List (including I/O Assignment tables).
  • SIS / HIPPS / IPS Purchase Specification.
  • Safety Requirement Specifications (SRS).
  • SIL Verification Report.
  • SIL Validation Procedure.
  • Site Acceptance Test Procedure.
  • SIS / HIPPS / IPS Functional Design Specification (Contractor / Vendor)
  • Sensor / Transmitters Data Sheets.
  • Final Elements / Valves Data Sheets.
  • SIF Loop Diagrams (including the Channel / Module allocation details).
  • ICSS Architecture Diagram with interface to the HIPPS / IPS.
  • SIS Panel GA Drawings.
  • HIPPS / IPS Factory Acceptance Test (FAT) Report including the Punch List closeout Report.
  • Certification from the SIS / HIPPS Vendor on the Software development (complying with IEC 61508 / 61511 requirements)
  • Sensor / Logic Solver / Final Elements SIL Certificates.
  • Sensor / Logic Solver / Final Elements Safety Manuals.
  • Sensor / Final Elements Process & Pneumatic Hook-up Diagrams.
  • SIF Components Calibration Reports (including the Reference source validity details).
  • SIS Loop Checking Report (including Continuity / Insulation) Test Report.
  • SIF Hydrostatic Testing Report.
  • Other documents as required to supplement above details.

SIL Validation Activity Deliverable

  • SIL Validation Procedure.
  • SIL Validation Report, including all completed Check Lists, Supportive Documents, Certificates etc.

SIL Validation Consultant’s Expertise

The SIL Chairman / SIL Consultant shall have following experience / expertise from the past Projects:

  • A Graduate Instrumentation & Control System Engineer with more than 20 Years’ of working experience in Basic Design / Detailed Engineering / System Configuration / Installation / Testing / Commissioning / Performance Guarantee Run.
  • Certified Functional Safety Expert (CFSE) with valid Certificate.
  • Have experience in the development of Boolean & Ladder Based Interlock Logic Diagrams.
  • Have the experience of configuring the ESD / HIPP Systems.
  • Have the experience in the development / review of the Functional Design Specifications.
  • Have led / participated in the Factory Acceptance Test for actual Projects.
  • Have the experience of Installation Supervision and preparation of various tests, including Calibration, Loop Checking etc.
  • Have the experience of Leading / performed Site Acceptance Test.
  • Have the experience of commissioning of the Systems at Site.
  • Chaired SIL Assessment Workshops for multiple Projects
  • Developed Safety Requirements Specification for multiple Projects.
  • Performed SIL Verification for multiple Projects.
  • Have the experience of performing SIL Validation.

TYPICAL CHECK LIST

Checklist SIL Validation