CODES AND STANDARDS

(Relevant to INTECH’s scope of work)

REVISION HISTORY

1 29-Aug-2011 First Issue JA MA

Rev WRT RVW
Date Description Comments
# by by
 TABLE OF CONTENTS

1. NFPA 72...............................................................................................3
2. NFPA 70...............................................................................................6
3. NFPA 85...............................................................................................8
4. CLASSIFICATION OF HAZARDOUS LOCATIONS...................9
4.1. NEC DIVISION CLASSIFICATION SYSTEM.............................................9
4.1.1. Class I Locations......................................................................................9
4.1.2. Class II Locations..................................................................................10
4.1.3. Class III Locations.................................................................................10
4.2. SUMMARY OF CLASS I, II, III HAZARDOUS LOCATIONS..................11
5. NEMA ENCLOSURE TYPES.........................................................12
6. IP CODE............................................................................................14
6.1. SOLIDS, FIRST DIGIT.................................................................................14
6.2. LIQUIDS, SECOND DIGIT.........................................................................15
6.3. ADDITIONAL LETTERS............................................................................17
7. IEC 61508..........................................................................................18
7.1. HAZARD AND RISK ANALYSIS...............................................................18
7.2. SAFETY INTEGRITY LEVEL.....................................................................20
8. IEC 61511...........................................................................................21
9. AICHE - CCPS..................................................................................22
10. API RP 556.........................................................................................23
11. API RP 14C........................................................................................23
12. OSHA 29 CFR 1910.119...................................................................24
13. ISA 18.2..............................................................................................25
14. EEMUA 191.......................................................................................26
15. IEEE 603............................................................................................27
16. Comparisons of standards (Hoffman).................................................28

2
 1. NFPA 72

National Fire Alarm Code

The National Fire Protection Association (NFPA) is a United States organization charged
with creating and maintaining minimum standards and requirements for fire prevention
and suppression activities, training, and equipment, as well as other life-safety codes and
standards. This includes everything from building codes to the personal protective
equipment utilized by firefighters while extinguishing a blaze.

The NFPA 72 specifies "the application, installation, location, performance, inspection,

testing, and maintenance of fire alarm systems, fire warning equipment and emergency
warning equipment, and their components". Below are some extracts from the NFPA 72
relevant to INTECH’s scope of work.

4.4.1.3.1 Power Supply Sources

At least two independent and reliable power supplies shall be provided, one primary and
one secondary, each of which shall be of adequate capacity for the application.

4.4.1.4 Primary Power Supply

4.4.1.4.1 Dedicated Branch Circuit. A dedicated branch circuit of one of the following
shall supply primary power:
(1) Commercial light and power
(2) An engine-driven generator or equivalent in accordance with 4.4.1.9.2, where a
person specifically trained in its operation is on duty at all times
(3) An engine-driven generator or equivalent arranged for cogeneration with commercial
light and power in accordance with 4.4.1.9.2, where a person specifically trained
in its operation is on duty at all times

4.4.1.4.2 Mechanical Protection

4.4.1.4.2.1 The dedicated branch circuit(s) and connections shall be mechanically
protected.

4.4.1.4.3 Overcurrent Protection

An Overcurrent protective device of suitable current-carrying capacity that is capable of
interrupting the maximum short-circuit current to which it can be subject shall be
provided in each ungrounded conductor.

4.4.1.4.4 Circuit Breakers and Engine Stops

Circuit Breakers and Engine stops shall not be installed in such a manner as to cut off the
power for lightening or for operating elevators.

3
4.4.1.5.3 Capacity
4.4.1.5.3.1 Unless otherwise permitted or required by 4.4.1.5.3.1(A) or 4.4.1.5.3.1(B), the
secondary power supply shall have sufficient capacity to operate the fire alarm system
under quiescent load (system operating in a nonalarm condition) for a minimum of 24
hours and, at the end of that period, shall be capable of operating all alarm notification
appliances used for evacuation or to direct aid to the location of an emergency for 5
minutes.

4.4.1.5.3.1(A) The secondary power supply for emergency voice/alarm communications

service shall be capable of operating the system under quiescent load for a minimum of
24 hours and then shall be capable of operating the system during a fire or other
emergency condition for a period of 15 minutes at maximum connected load.
4.4.1.5.3.1(B) The secondary power supply capacity for supervising station facilities and
equipment shall be capable of supporting operations for a minimum of 24 hours.

4.4.1.5.3.2 The secondary power supply capacity required shall include all power supply
loads that are not automatically disconnected upon the transfer to secondary power
supply.

4.4.1.5.4 Secondary Power Operation. Operation on secondary power shall not affect the
required performance of a fire alarm system or supervising station facility. The system
shall produce the same alarm, supervisory, and trouble signals and indications, excluding
the alternating current (ac) power indicator, when operating from the secondary power
source as are produced when the unit is operating from the primary
power source.

4.4.1.5 Secondary Power Supply

4.4.1.5.1 Secondary Power Supply for Protected Premises Fire Alarm Systems. The
secondary power supply shall consist of one of the following:
(1) A storage battery dedicated to the fire alarm system arranged in accordance with
4.4.1.8
(2) An automatic starting, engine-driven generator serving the dedicated branch circuit
specified in 4.4.1.4.1 and arranged in accordance with 4.4.1.9.3.1 and storage batteries
dedicated to the fire alarm system with 4 hours of capacity arranged in accordance with
4.4.1.8

4.4.1.5.2 Secondary Power Supply for Supervising Station Facilities.

4.4.1.5.2.1 The secondary power supply shall consist of one of the following:
(1) Storage batteries dedicated to the supervising station equipment arranged in
accordance with 4.4.1.8
(2) A dedicated branch circuit of an automatic-starting, engine-driven generator arranged
in accordance with 4.4.1.9.3.2(A) and storage batteries dedicated to the supervising
station equipment with 4 hours of capacity arranged in accordance with 4.4.1.8
(3) A dedicated branch circuit of multiple engine-driven generators, at least one of which
is arranged for automatic starting in accordance with 4.4.1.9.3.2(A)

4
4.4.1.6 Continuity of Power Supplies
4.4.1.6.1 The secondary power supply shall automatically provide power to the protected
premises fire alarm system within 10 seconds, whenever the primary power supply fails
to provide the minimum voltage required for proper operation.

4.4.1.6.3 Required signals shall not be lost, interrupted, or delayed by more than 10
seconds as a result of the primary power failure.

4.4.1.8 Storage Batteries

4.4.1.8.1 Marking. Batteries shall be permanently marked with the month and year of
manufacture, using the month/year format.

4.4.1.8.3 Battery Charging

4.4.1.8.3.1 Adequate facilities shall be provided to automatically maintain the battery
fully charged under all conditions of normal operation.

4.4.1.8.3.2 Adequate facilities shall be provided to recharge batteries within 48 hours

after fully charged batteries have been subject to a single discharge cycle as specified in
4.4.1.5.3.

4.4.1.8.4 Overcurrent Protection

4.4.1.8.4.1 The batteries shall be protected against excessive load current by overcurrent
devices.

4.4.3.7 Alarm Signal Deactivation

4.4.3.7.2 When an alarm signal deactivation means is actuated, both audible and visible
notification appliances shall be simultaneously deactivated.
4.4.3.7.3 The means shall be key-operated, located within a locked cabinet, or arranged to
provide equivalent protection against unauthorized use.

4.4.4.1 Voltage, Temperature, and Humidity Variation

Equipment shall be designed so that it is capable of performing its intended functions
under the following conditions:
(1) At 85 percent and at 110 percent of the nameplate primary (main) and secondary
(standby) input voltage(s)
(2) At ambient temperatures of 0°C (32°F) and 49°C (120°F)
(3) At a relative humidity of 85 percent and an ambient temperature of 30°C (86°F)

4.4.4.2 Installation and Design

4.4.4.2.2 Devices and appliances shall be located and mounted so that accidental
operation or failure is not caused by vibration or jarring.

Note: More codes relevant to INTECH’s scope of work can be found in Chapter 4 of
NFPA 72.

5
 2. NFPA 70

National Electric Code

The National Electrical Code (NEC), or NFPA 70, is a United States standard for the safe
installation of electrical wiring and equipment.
The NEC codifies the requirements for safe electrical installations into a single,
standardized source. It is part of the National Fire Codes series published by the National
Fire Protection Association (NFPA).

The NEC is composed of an introduction, nine chapters, annexes A through I, and the
index. The introduction sets forth the purpose, scope, enforcement and rules or
information that are general in nature. The first four chapters cover definitions and rules
for installations (voltages, connections, markings, etc.), circuits and circuit protection,
methods and materials for wiring (wiring devices, conductors, cables, etc.), and general-
purpose equipment (cords, receptacles, switches, heaters, etc.). The next three chapters
deal with special occupancies (high risk to multiple persons), special equipment (signs,
machinery, etc.) and special conditions (emergency systems, alarms, etc.). Chapter 8 is
specific to additional requirements for communications systems (telephone, radio/TV,
etc.) and chapter 9 is composed of tables regarding conductor, cable and conduit
properties, among other things. Annexes A-I relate to referenced standards, calculations,
examples, additional tables for proper implementation of various code articles (for
example, how many wires fit in a conduit) and a model adoption ordinance.

Below are some codes relevant to INTECH’s scope of work.

110.16 Flash Protection. Switchboards, panelboards, industrial control panels, meter

socket enclosures, and motor control centers that are in other than dwelling occupancies
and are likely to require examination, adjustment, servicing, or maintenance while
energized shall be field marked to warn qualified persons of potential electric arc flash
hazards. The marking shall be located so as to be clearly visible to qualified persons
before examination, adjustment, servicing, or maintenance of the equipment.

110.21 Marking. The manufacturer’s name, trademark, or other descriptive marking by

which the organization responsible for the product can be identified shall be placed on all
electric equipment. Other markings that indicate voltage, current, wattage, or other
ratings shall be provided as specified elsewhere in this Code. The marking shall be of
sufficient durability to withstand the environment involved.

110.26 Spaces About Electrical Equipment. Sufficient access and working space shall
be provided and maintained about all electric equipment to permit ready and safe
operation and maintenance of such equipment. Enclosures housing electrical apparatus
that are controlled by a lock(s) shall be considered accessible to qualified persons.

6
 (1) Depth of Working Space. The depth of the working space in the direction of live
parts shall not be less than that specified in Table 110.26(A)(1)(1) unless the
requirements of 110.26(A)(1)(a), (A)(1)(b), or (A)(1)(c) are met. Distances shall
be measured from the exposed live parts or from the enclosure or opening if the
live parts are enclosed.

Table 110.26(A)(1)(1)
Nominal Minimum Clear Distance
Voltage to
Condition 1 Condition 2 Condition 3
Ground
0–150 900 mm (3 ft) 900 mm (3 ft) 900 mm (3 ft)
151–600 900 mm (3 ft) 1.1 m (31⁄2 ft) 1.2 m (4 ft)

Note: Where the conditions are as follows:

Condition 1 — Exposed live parts on one side of the working space and no live or grounded
parts on the other side of the working space, or exposed live parts on both sides of the working
space that are effectively guarded by insulating materials.
Condition 2 — Exposed live parts on one side of the working space and grounded parts on the
other side of the working space. Concrete, brick, or tile walls shall be considered as grounded.
Condition 3 — Exposed live parts on both sides of the working space.

(a) Dead-Front Assemblies. Working space shall not be required in the

back or sides of assemblies, such as dead-front switchboards or motor
control centers, where all connections and all renewable or adjustable
parts, such as fuses or switches, are accessible from locations other
than the back or sides. Where rear access is required to work on
nonelectrical parts on the back of enclosed equipment, a minimum
horizontal working space of 762 mm (30 in.) shall be provided.

(2) Width of Working Space. The width of the working space in front of the
electric equipment shall be the width of the equipment or 750 mm (30 in.),
whichever is greater. In all cases, the work space shall permit at least a 90 degree
opening of equipment doors or hinged panels.

312.11 Spacing. The spacing within cabinets and cutout boxes shall comply with
312.11(A) through (D).

(A) General. Spacing within cabinets and cutout boxes shall be sufficient to provide
ample room for the distribution of wires and cables placed in them and for a separation
between metal parts of devices and apparatus mounted within them as follows.

(3) Live Parts. There shall be an airspace of at least 12.7 mm (0.500 in.) between the
walls, back, gutter partition, if of metal, or door of any cabinet or cutout box and the
nearest exposed current-carrying part of devices mounted within the cabinet where the
voltage does not exceed 250. This spacing shall be increased to at least 25.4 mm (1.00
in.) for voltages of 251 to 600, nominal.

7
8
 3. NFPA 85

Boiler and Combustion Systems Hazard Code

NFPA 85: Boiler and Combustion Systems Hazards Code is a comprehensive document
that applies to the full range of large boiler installations and pulverized fuel systems. It
contains important provisions for boiler or combustion system designers, operators, and
enforcers working with these systems. The standard covers:

 Single Burner Boiler Operation

 Multiple Burner Boilers
 Pulverized Fuel Systems
 Stoker Operation
 Atmospheric Fluidized-Bed Boiler Operation
 Heat Recovery Steam Generator Systems

The purpose of NFPA 85 is to provide safe operation and prevent uncontrolled fires,
explosions and implosions. Some of the key requirements of this standard relate to the
burner management system logic. Many countries and companies require compliance
with NFPA 85 for burner management systems.

9
 4. Classification of Hazardous Locations

A hazardous location can be an industrial or commercial environment specifically defined

in the National Electrical Code (NEC) in which flammable or explosive gases, liquids, or
dusts may be present. These explosive agents may be present at all times, only during
abnormal operations, or only when components or processes fail.
The two classification systems for hazardous locations are the NEC Division
Classification system and the IEC Zone Classification system.

4.1. NEC Division Classification System

Article 500 of the NEC classifies hazardous locations according to the properties of the
flammable vapors, liquids or gases or according to the combustible dusts or fibers which
may be present and the likelihood that a flammable or combustible concentration or
quantity is present.

4.1.1. Class I Locations

Class I locations are defined by the NEC as those locations in which flammable gases or
vapors are or may be present in the air in quantities sufficient to produce explosive or
ignitable mixtures. Class I locations are divided into groups determined by the specific
gas or vapor involved: Group A, Group B, Group C, or Group D. These locations are
further classified as to whether hazardous concentrations of flammable gases or vapors
are likely to occur in the course of normal operations (Division I) or only in the case of an
accident or some unusual operating condition (Division 2).

Enclosures that can be used for Class I locations:

Class I, Division 1

• NEMA Type 7 enclosures (Hoffman does not manufacture any of these enclosures)
• Purged general-purpose enclosures (subject to approval by the inspection authority
having jurisdiction)

Class I, Division 2

• Same as those listed for Class I, Division 1

• General-purpose enclosures (such enclosures are permitted for some applications by
Article 501 of the NEC if the equipment does not constitute a source of ignition under
normal operating conditions)

10
4.1.2. Class II Locations

Class II locations are defined by the NEC as those locations that are hazardous due to the
presence of combustible dusts. Class II locations are grouped according to the specific
dust involved: Group E combustible metal dusts or other combustible dusts having
resistivity of less than 105 ohm-centimeters; Group F combustible dusts such as carbon
black, charcoal, and coal or coke dusts having resistivity greater than 102 ohm-
centimeters or less than 108 ohm-centimeters; and Group G containing grain dusts or
other combustible dusts having resistivity of 105 ohm-centimeters or greater. Class II
locations are further classified as to whether combustible dusts may be present in the air
under normal operating conditions (Division 1) or whether combustible dusts are not
normally in the air but which may accumulate on or near electrical equipment (Division
2).

Enclosures that can be used for Class II locations:

Class II, Division 1

• NEMA Type 9 enclosures

• Pressurized general-purpose enclosures (subject to approval by the inspection authority
having jurisdiction)

Class II, Division 2

• Same as those listed for Class II, Division 1

• General-purpose enclosures (such enclosures are permitted for some applications by
Article 502 of the National Electrical Code if the equipment does not constitute a source
of ignition under normal operating conditions)

4.1.3. Class III Locations

Class III locations are defined by the NEC in Article 503 as those locations that are
hazardous because of the presence of easily ignitable fibers or flying, but not in quantities
sufficient to produce ignitable mixtures. Class III locations are locations in which
ignitable fibers or materials producing combustible flying are handled, manufactured, or
used (Division 1) or locations in which ignitable fibers are stored or handled but where
no manufacturing processes are performed (Division 2).

Enclosures that can be used for Class III locations:

• General-purpose enclosures (dust-tight)

11
4.2. Summary of Class I, II, III Hazardous Locations

Summary of Class I, II, III Hazardous Locations

CLASSES GROUPS DIVISIONS
1 2
I Gases, A: Acetylene Normally explosive Not normally present
vapors, and and hazardous in an explosive
liquids B: Hydrogen, etc. concentration (but may
accidentally exist)
C: Ether, etc.

D: Hydrocarbons, fuels,
solvents, etc.
II Dusts E: Metal dusts
(conductive,*and explosive)
F: Carbon dusts (some are
conductive,* and all are
explosive)
Ignitable quantities of Dust not normally
dust normally are or suspended in an
may be in suspension, ignitable concentration
or conductive dust (but may accidentally
may be present exist). Dust layers are
present.

G: Flour, starch, grain,

combustible plastic or
chemical dust (explosive)
III Fibers Textiles, wood-working, etc.
and flying (easily ignitable, but not
likely to be explosive)
Handled or used in Stored or handled in
manufacturing storage (exclusive of
manufacturing)

12
 5. NEMA enclosure types

National Electrical Manufacturers Association (NEMA) defines standards for various

grades of electrical enclosures typically used in industrial applications. Each is rated to
protect against designated environmental conditions. A typical NEMA enclosure might be
rated to provide protection against environmental hazards such as water, dust, oil or
coolant or atmospheres containing corrosive agents such as acetylene or gasoline.

Type 1
General-purpose. Protects against dust, light, and indirect splashing but is not dust-tight;
primarily prevents contact with live parts; used indoors and under normal atmospheric
conditions.

Type 2
Drip-tight. Similar to Type 1 but with addition of drip shields; used where condensation
may be severe (as in cooling and laundry rooms).

Type 3 and 3S
Weather-resistant. Protects against weather hazards such as rain and sleet; used outdoors
on ship docks, in construction work, and in tunnels and subways.

Type 3R
Intended for outdoor use. Provides a degree of protection against falling rain and ice
formation. Meets rod entry, rain, external icing, and rust-resistance design tests.

Type 4 and 4X
Watertight (weatherproof). Must exclude at least 65 GPM of water from 1-in. nozzle
delivered from a distance not less than 10 ft for 5 min. Used outdoors on ship docks, in
dairies, and in breweries.

Type 5
Dust-tight. Provided with gaskets or equivalent to exclude dust; used in steel mills and
cement plants.

Type 6 and 6P
Submersible. Design depends on specified conditions of pressure and time; submersible
in water or oil; used in quarries, mines, and manholes.

Type 7
Hazardous. For indoor use in Class I, Groups A, B, C, and D environments as defined in
the NEC.

13
Type 8
Hazardous. For indoor and outdoor use in locations classified as Class I, Groups A, B, C,
and D as defined in the NEC.

Type 9
Hazardous. For indoor and outdoor use in locations classified as Class II, Groups E, F, or
G as defined in the NEC.

Type 10
MSHA. Meets the requirements of the Mine Safety and Health Administration, 30 CFR
Part 18 (1978).

Type 11
General-purpose. Protects against the corrosive effects of liquids and gases. Meets drip
and corrosion-resistance tests.

Type 12 and 12R

General-purpose. Intended for indoor use, provides some protection against dust, falling
dirt, and dripping noncorrosive liquids. Meets drip, dust, and rust resistance tests.

Type 13
General-purpose. Primarily used to provide protection against dust, spraying of water and
non-corrosive coolants. Meets oil exclusion and rust resistance design tests.

14
 6. IP Code

The IP Code (or Ingress Protection Rating, sometimes also interpreted as International
Protection Rating) consists of the letters IP followed by two digits or one digit and one
letter and an optional letter. As defined in international standard IEC 60529, IP Code
classifies and rates the degrees of protection provided against the intrusion of solid
objects (including body parts like hands and fingers), dust, accidental contact, and water
in mechanical casings and with electrical enclosures. The digits (characteristic numerals)
indicate conformity with the conditions summarized below. Where there is no protection
rating with regard to one of the criteria, the digit is replaced with the letter X.

6.1. Solids, first digit

The first digit indicates the level of protection that the enclosure provides against access
to hazardous parts (e.g., electrical conductors, moving parts) and the ingress of solid
foreign objects.

First Object size Effective against

Digit protected against

0 — No protection against contact and ingress of objects

1 >50 mm Any large surface of the body, such as the back of a hand,
but no protection against deliberate contact with a body
part

2 >12.5 mm Fingers or similar objects

3 >2.5 mm Tools, thick wires, etc.

4 >1 mm Most wires, screws, etc.

5 Dust protected Ingress of dust is not entirely prevented, but it must not
enter in sufficient quantity to interfere with the satisfactory
operation of the equipment; complete protection against
contact

6 Dust tight No ingress of dust; complete protection against contact

15
6.2. Liquids, second digit
Protection of the equipment inside the enclosure against harmful ingress of water

Second Protected Testing for Details

Digit against

0 Not — —
protected

1 Dripping Dripping water (vertically falling drops) Test duration:

water shall have no harmful effect. 10 minutes

Water
equivalent to
1mm rainfall
per minute

2 Dripping Vertically dripping water shall have no Test duration:

water when harmful effect when the enclosure is tilted at 10 minutes
tilted up to an angle up to 15° from its normal position.
15° Water
equivalent to
3mm rainfall
per minute

3 Spraying Water falling as a spray at any angle up to Test duration: 5

water 60° from the vertical shall have no harmful minutes
effect.
Water volume:
0.7 litres per
minute
Pressure: 80–
100 kN/m²

4 Splashing Water splashing against the enclosure from Test duration: 5

water any direction shall have no harmful effect. minutes

Water volume:
10 litres per
minute
Pressure: 80–

16
 100 kN/m²

5 Water jets Water projected by a nozzle (6.3mm) against Test duration: at

enclosure from any direction shall have no least 3 minutes
harmful effects.
Water volume:
12.5 litres per
minute
Pressure:
30 kN/m² at
distance of 3m

6 Powerful Water projected in powerful jets (12.5mm Test duration: at

water jets nozzle) against the enclosure from any least 3 minutes
direction shall have no harmful effects.
Water volume:
100 litres per
minute
Pressure:
100 kN/m² at
distance of 3m

7 Immersion Ingress of water in harmful quantity shall Test duration:

up to 1 m not be possible when the enclosure is 30 minutes
immersed in water under defined conditions
of pressure and time (up to 1 m of Immersion at
submersion). depth of 1m

8 Immersion The equipment is suitable for continuous Test duration:

beyond 1 m immersion in water under conditions which continuous
shall be specified by the manufacturer. immersion in
Normally, this will mean that the equipment water
is hermetically sealed. However, with
certain types of equipment, it can mean that Depth specified
water can enter but only in such a manner by manufacturer
that it produces no harmful effects.

17
6.3. Additional letters
The standard defines additional letters that can be appended to classify only the level of
protection against access to hazardous parts by persons:

Level Protected against access to hazardous parts with

A Back of hand

B Finger

C Tool

D Wire

Further letters can be appended to provide additional information related to the protection
of the device:

Letter Meaning

H High voltage device

M Device moving during water test

S Device standing still during water test

W Weather conditions

18
 7. IEC 61508

Functional Safety of Electrical/Electronic/Programmable Electronic

Safety-related Systems
The International Electrotechnical Commission (IEC) is an international standards
organization that prepares and publishes International Standards for
all electrical, electronic and related technologies. IEC standards cover a vast range of
technologies from power generation, transmission and distribution to home appliances
and office equipment, semiconductors, fiber optics, batteries, solar energy,
nanotechnology and marine energy as well as many others.

IEC 61508 is an international standard of rules applied in industry. IEC 61508 is intended
to be a basic functional safety standard applicable to all kinds of industry. It defines
functional safety as: “part of the overall safety relating to the EUC (Equipment Under
Control) and the EUC control system which depends on the correct functioning of the
E/E/PE safety-related systems, other technology safety-related systems and external risk
reduction facilities.”
The standard covers the complete safety life cycle, and may need interpretation to
develop sector specific standards. It has its origins in the process control industry sector.

Central to the standard are the concepts of risk and safety function. The risk is a function
of frequency (or likelihood) of the hazardous event and the event consequence severity.
The risk is reduced to a tolerable level by applying safety functions which may consist of
E/E/PES and/or other technologies. While other technologies may be employed in
reducing the risk, only those safety functions relying on E/E/PES are covered by the
detailed requirements of IEC 61508.
IEC 61508 has the following views on risks:
 zero risk can never be reached

 safety must be considered from the beginning

 non-tolerable risks must be reduced (ALARP)

7.1. Hazard and Risk Analysis

The standard requires that hazard and risk assessment should be carried out: 'The EUC
(equipment under control) risk shall be evaluated, or estimated, for each determined
hazardous event'.

19
The standard advises that 'Either qualitative or quantitative hazard and risk analysis
techniques may be used' and offers guidance on a number of approaches. One of these,
for the qualitative analysis of hazards, is a framework based on 6 categories of likelihood
of occurrence and 4 of consequence.

Categories of likelihood of occurrence

Category Definition Range (failures per year)

Frequent Many times in system lifetime > 10-3
Probable Several times in system lifetime 10-3 to 10-4
Occasional Once in system lifetime 10-4 to 10-5
Remote Unlikely in system lifetime 10-5 to 10-6
Improbable Very unlikely to occur 10-6 to 10-7
Incredible Cannot believe that it could occur < 10-7

Consequence categories
Category Definition
Catastrophic Multiple loss of life
Critical Loss of a single life
Marginal Major injuries to one or more persons
Negligible Minor injuries at worst

These are typically combined into a risk class matrix

Consequence
Likelihood Catastrophic Critical Marginal Negligible
Frequent I I I II
Probable I I II III
Occasional I II III III
Remote II III III IV
Improbable III III IV IV
Incredible IV IV IV IV
Where:

 Class I: Unacceptable in any circumstance;

 Class II: Undesirable: tolerable only if risk reduction is impracticable or if the
costs are grossly disproportionate to the improvement gained;
 Class III: Tolerable if the cost of risk reduction would exceed the improvement;
 Class IV: Acceptable as it stands, though it may need to be monitored.

20
7.2. Safety Integrity Level
The Safety Integrity Level is determined primarily from the assessment of three factors.
Higher level Safety Integrity Levels require greater compliance in all three areas.

1) Improved reliability.
2) Failure to safety.
3) Management, Systematic Techniques, Verification and Validation.

SIL refers to a single method of reducing injury (as determined through risk analysis), not
an entire system, nor an individual component.

1) Improved Reliability
For systems that operate continuously (continuous mode) the allowable frequency of
failure must be determined. For systems that operate more than once a year (high
demand) the allowable frequency of failure must be determined. For systems that operate
intermittently (less than once a year / low demand) the probability of failure is specified
as the probability that the system will fail to respond on demand.
SI Low demand mode: High demand or continuous mode:
L average probability of failure on demand probability of dangerous failure per hour
1 ≥ 10-2 to < 10-1 ≥ 10-6 to < 10-5
2 ≥ 10-3 to < 10-2 ≥ 10-7 to < 10-6
3 ≥ 10-4 to < 10-3 ≥ 10-8 to < 10-7
4 ≥ 10-5 to < 10-4 ≥ 10-9 to < 10-8

2) Failure to Safety

Calculation of safe failure fraction (SFF) determines how Fail-safe the system is. This
compares the likelihood of safe failures with dangerous failures. Reliability by itself is
not sufficient to claim a SIL level. There are charts in IEC61508 that specify the level of
SFF required for each SIL.

3) Management, Systematic Techniques, Verification and Validation

Specific techniques ensure that mistakes and errors are avoided across the entire life-
cycle. Errors introduced anywhere from the initial concept, risk analysis, specification,
design, installation, maintenance and through to disposal could undermine even the most
reliable protection. IEC61508 specifies techniques that should be used for each phase of
the life-cycle.

21
 8. IEC 61511

Functional safety - Safety instrumented systems for the process industry

sector
IEC 61511 is a technical standard which sets out practices in the engineering of systems
that ensure the safety of an industrial process through the use of instrumentation. Such
systems are referred to as Safety Instrumented Systems.

The process industry sector includes many types of manufacturing processes, such as
refineries, petrochemical, chemical, pharmaceutical, pulp and paper, and power. The
process sector standard does not cover nuclear power facilities or nuclear reactors. IEC
61511 covers the application of electrical, electronic and programmable electronic
equipment. While IEC 61511 does apply to equipment using pneumatic or hydraulic
systems to manipulate final elements, the standard does not cover the design and
implementation of pneumatic or hydraulic logic solvers.
This standard defines the functional safety requirements established by IEC 61508 in
process industry sector terminology. IEC 61511 focuses attention on one type of
instrumented safety system used within the process sector, the Safety Instrumented
System (SIS). The standard does not provide requirements for other instrumented safety
systems, such as fire and gas systems, safety alarms, or safety controls.

In the United States ANSI/ISA 84.00.01-2004 was issued in September 2004. It primarily
mirrors IEC 61511 in content with the exception that it contains a grandfathering clause:

For existing safety instrumented systems (SIS) designed and constructed in accordance
with codes, standards, or practices prior to the issuance of this standard (e.g. ANSI/ISA
84.01-1996), the owner/operator shall determine and document that the equipment is
designed, maintained, inspected, tested, and operated in a safe manner.

22
 9. AIChE - CCPS

The American Institute of Chemical Engineers (AIChE) is a professional

organization for chemical engineers. AIChE plays a major role through joint initiatives
with industry, academia, and others for development of new technology and collaboration
of experts to achieve common goals. Center for Chemical Process Safety (CCPS) is a
non-profit, corporate membership organization within AIChE that addresses process
safety within the chemical, pharmaceutical, and petroleum industries. It is a technological
alliance of manufacturers, government agencies, consultants, academia and insurers
dedicated to improving industrial process safety. CCPS has developed over 100
publications relevant to process safety. Some of the publications include:

 Guidelines for Safe and Reliable Instrumented Protective Systems (ISBN: 978-0-
471-97940-1)
 Avoiding Static Ignition Hazards in Chemical Operations (ISBN: 0-8169-0800-1)
 Guidelines for Design Solutions for Process Equipment Failures (ISBN: 0-8169-
0684-X)
 Guidelines for Engineering Design for Process Safety (ISBN: 0-8169-0565-7)
 Guidelines for Preventing Human Error in Process Safety (ISBN: 0-8169-0461-8)
 Guidelines for Safe Automation of Chemical Processes (ISBN: 0-8169-0554-1)

These publications cover the design of Distributed Control Systems (DCS) and Safety
Interlock Systems (SIS) and contain other very useful background information.

23
 10.API RP 556

Instrumentation, Control, and Protective Systems for Gas Fired Heaters

The American Petroleum Institute, commonly referred to as API, is the main U.S trade
association for the oil and natural gas industry, representing about 400 corporations
involved in production, refinement, distribution, and many other aspects of the petroleum
industry. The association’s chief functions on behalf of the industry
include advocacy and negotiation with governmental, legal, and regulatory
agencies; research into economic, toxicological, and environmental effects; establishment
and certification of industry standards; and education outreach.

API RP 556 is the Recommended Practice for Instrumentation and Control systems for
Fired heaters and Steam generators. This recommended practice provides guidelines that
specifically apply to instrument, control and protective system installations for gas fired
heaters in petroleum production, refineries, petrochemical and chemical plants.
A gas fired general service heater defined in this practice liberates heat by the combustion
of fuel gas and this heat is transferred to liquids and/or gases in tubular coils all contained
within an internally insulated enclosure.

11.API RP 14C

Recommended Practice for Analysis, Design, Installation, and Testing of

Basic Surface Safety Systems for Offshore Production Platforms
This document presents recommendations for designing, installing, and testing a basic
surface safety system on an offshore production platform. The basic concepts of a
platform safety system are discussed and protection methods and requirements of the
system are outlined.

This recommended practice illustrates how system analysis methods can be used to
determine safety requirements to protect any process component. The analysis procedures
include a method to document and verify system integrity. In addition to the basic surface
safety system, this recommended practice covers ancillary systems such as pneumatic
supply and liquid containment. It is intended for design engineers and operating
personnel.

24
 12.OSHA 29 CFR 1910.119

Process Safety Management of Highly Hazardous Chemicals

The United States Occupational Safety and Health Administration (OSHA) is an agency
of the United States Department of Labor. Its mission is to prevent work-related injuries,
illnesses, and occupational fatality by issuing and enforcing standards for workplace
safety and health.

OSHA issued 29 CFR 1910.119 in 1992 that facilities with a dangerous amount of highly
hazardous chemicals maintain procedures to ensure safety in their operations. The
regulation outlines 14 key elements that aid employers in their efforts to prevent or
mitigate episodic chemical releases that could lead to a catastrophe in the workplace and
possibly to the surrounding community.

Some extracts from Process Safety Management of Highly Hazardous Chemicals are
given below:

Section d3: Process Safety information:“For existing equipment .. the employer shall
determine and document that the equipment is designed, maintained, inspected, tested,
and operating in a safe manner”

Section j: Mechanical integrity: “The frequency of inspections and test of process

equipment shall be consistent with applicable manufacturer’s recommendations and good
engineering practices, and more frequently if determined to be necessary by prior
operating experience.”

Section j5: Equipment deficiencies: “The employer shall correct deficiencies in the
equipment that are outside acceptable limits before further use in a safe and timely
manner when necessary means are taken to assure safe operation”

Section j6: Quality assurance: “In the construction of new plants and equipment, the
employer shall assure that equipment as it is fabricated is suitable for the process
application for which they will be used”

25
 13.ISA 18.2

Management of Alarm Systems for the Process Industries

The International Society of Automation (ISA) formerly known as The Instrumentation,
Systems, and Automation Society is a non-profit technical society for engineers,
technicians, businesspeople, educators and students, who work, study or are interested in
industrial automation and pursuits related to it, such as instrumentation. ISA is one of the
foremost professional organizations in the world for setting standards and educating
industry professionals in automation.

This standard addresses alarm systems for facilities in the process industries to improve
safety, quality, and productivity. The general principles and processes in this standard are
intended for use in the lifecycle management of an alarm system based on programmable
electronic controller and computer-based Human-Machine Interface (HMI) technology.
Implementation of this standard should consider alarms from all systems presented to the
operator, which may include basic process control systems, annunciator panels, safety
instrumented systems, fire and gas systems, and emergency response systems. The
practices in this standard are applicable to continuous, batch, and discrete processes.
There may be differences in implementation to meet the specific needs based on process
type.

26
 14.EEMUA 191

Alarm Systems- A Guide to Design, Management and Procurement

The Engineering Equipment & Materials Users’ Association (EEMUA) is a non-profit
membership organization that helps companies that own or operate industrial facilities
and the users of engineering equipment and materials.

Guide to Design, Management and Procurement Alarm systems form an essential part
of the operator interfaces to large modern industrial facilities. They provide vital support
to the operators by warning them of situations that need their attention and have an
important role in preventing, controlling and mitigating the effects of abnormal situations.
Since it was first published in 1999, EEMUA 191 has become the globally accepted and
leading guide to good practice for alarm management. The guide, developed by the
users of alarm systems in industry, is published in conjunction with Britain's Health &
Safety Executive and ASM, the Abnormal Situation Management Consortium (Arizona,
USA). It gives comprehensive guidance on designing, managing and procuring an
effective alarm system. Following the guidance in EEMUA 191 should result in better
alarm systems that are more usable and that result in safer and more cost-efficient
industrial operations.

EEMUA 191 includes guidelines around:

 roles and responsibilities

 alarm prioritization
 alarm review procedures
 benchmarks and measurement

27
 15.IEEE 603

IEEE Standard Criteria for Safety Systems for Nuclear Power

Generating Stations
The Institute of Electrical and Electronics Engineers is a non-profit professional
association dedicated to advancing technological innovation related to electricity. IEEE is
one of the leading standards-making organizations in the world. IEEE performs its
standards making and maintaining functions through the IEEE Standards Association
(IEEE-SA). IEEE standards affect a wide range of industries including: power and
energy, biomedical and healthcare, Information Technology (IT), telecommunications,
transportation, nanotechnology, information assurance, and many more.

In IEEE 603 Standard Criteria for Safety Systems for Nuclear Power Generating Stations,
minimum functional and design criteria for the power, instrumentation, and control
portions of nuclear power generating station safety systems are established. The criteria
are to be applied to those systems required to protect the public health and safety by
functioning to mitigate the consequences of design basis events. The intent is to promote
safe practices for design and evaluation of safety system performance and reliability.
Although the standard is limited to safety systems, many of the principles may have
applicability to equipment provided for safe shutdown, post-accident monitoring display
instrumentation, preventative interlock features, or any other systems, structures, or
equipment related to safety.

28
16.Comparisons of standards (Hoffman)

29
30
31