QO Pere oer YOKOGAWA Safety Related ABBREVIATIONS AND DEFINITIONSDisclaimer This document was written in accordance with established regulations and standards of technology. Yokogawa SCE accepts no responsibility for the correctness of the regulations or standards on which this document is based. The use of this document to establish Safety instrumented Functions does not relieve the user from any of his responsibilty to establish procedures sufficient to ensure the safety of his operations or to meet legal obligations. Yokogawa SCE will accept no liability for correctness or completeness of this document. In particular, Yokogawa SCE does not guarantee the design of facilities or choice of products used when the user uses this document or any resulting modification of this document. Yokogawa SCE’s guarantee is restricted to the correction of errors or deficiencies reported by the purchaser within a reasonable period of time. Under no circumstances shall Yokogawa SCE be obligated to any amount beyond the purchase price of the document. References + IEC 61508: Functional safety of electrical/electronic/programmable electronic safety- related systems. - IEC, 2010. + IEC 61511: Functional safety — Safety instrumented systems for the process industry sector. - IEC, 2016. + ISA 84.01: Application of Safety Instrumented Systems for the Process Industries. - ISA: 2002. Satety Rolatea Antroviaons ana et age 2086Abbreviations IW 4001 1002 1008 2002 2003 2004 A 8 BDV Bus BPCS Cae pe Des prs E/EIPES ESD EspV ETS FE FEED FaG FGs FIT FIT FLD FME(CD)A FPSO FSM HAZOP HART HIS HI(P)PS, HMI ‘One out of one: demand or failing element effects the process to a safe state. ‘One out of two: demand detected by one element or simultaneous failing elements effect process to a safe state; diagnostics to lower both PFDavc and FTR. One out of three: either demand or failing element effect process to a safe state. ‘Two out of Two : two simultaneous demands or failing elements effect the process to a safe state Two out of three: demand detected by two elements or two failing elements effect process to a safe state. Two aut of four with diagnostics: demand detected by two elements or two failing elements effect process to a safe state. Availabilty: the figure that indicates the capability of a SIS to perform its safety functions. without causing a nuisance failure (trip or other nuisance action). Common cause factor for fault-tolerant architectures (multiple architectures) Blow Down Valve Bumer Management System Basic Process Control System Cause & Effect (diagram) Factor for Diagnostics Coverage > DCo= oy oandDCs= sds Digital (Distributed) Control System De-energise To Sate state principle Electrical/Electronic/Programmable Electronic System Emergency Shut Down Emergency Shut Down Valve Energise To Safe state principle Final Element Front End Engineering Design study Fire & Gas system Fire and Gas System Factory Integration Test Failure In Time E-9hr Functional Logic Diagram Failure Mode Effect (Critical, Diagnostics) Analysis Floating Production, Storage and Otfloading (vessel) Functional Safety Management Hazard and Operability study Highway Addressable Remote Transducer (communication protocol) Human Interface Station High Integrity (Pressure) Protection System Human Machine Interface Safely Relat Abbreviations end Detintions poge dotoO Icss lec IPL. IPs Is Iso 8 D Sd Su Da Du LAN LCR LED Ls Mos MTBF MTTNE MITR OREDA cos: PC PCB Pos PFD PFDAVG Paid PLO Psv RFI RTU SAT SE SER SFF SIF sil sis Integrated Control and Safety System International Electrotechnical Commission Independent Protection Layer Instrumented Protective System (Shell's equivalent of SIS) Intrinsic Safe International Standardisation Organisation Total falure rate (E-/hr) Failure rate for sate failures Failure rate for dangerous failures Failure rate for safe, detected (revealed) failures Failure rate for safe, undetected (un-revealed) failures Failure rate for dangerous, detected (revealed) failures Failure rate for dangerous, undetected (un-revealed) failures Local Area Network Local Control Room Light Emitting Diode Logic Solver Maintenance Override Switch Mean Time Between Failures (years) Mean Time To Nuisance Failures (years) (1/ Sd) Mean Time To Repair (hours) Offshore Reliability Data (SINTEF database) Operational Override Switch Proof test Coverage (factor to indicate imperfect testing and repair) Printed Circuit Board Process Control System Probability of a Failure on Demand: value that indicates the probability of the SIF to respond to a demand, Probability of a Failure on Demand, average over lifetime of the SIS. Piping & Instrumentation Diagram Programmable Logic Controller Pressure Safety Valve Radio Frequency Interference Remote Terminal Unit Site Acceptance Test Sensor ‘Sequence of Event Recording (Recorder) Safe Failure Fraction > SFF= 5+ oo gan Safety instrumented Function Safety Integrity Level Safety instrumented System Startup Override Saley Resta Abbreviations ana Datiitens page 418as SRS Safety Requirements Specification T Proof test interval (years) TL Life time of the SIS TOV Technischer UberwachungsVerein (German body, technical inspection agency) UPS Uninterrupted Power Supply Safely Relat Atbreviaions and Deinions pages ot 6sa Definitions Safely Risk harm Hazard Safety function SIF Safety integrity siL Random Hardware failure Systematic, Failure Safe failure Dangerous failure Common cause failure impact analysis Verification Validation Functional safety assessment Functional safety audit Proof test Demand Fault tolerant Freedom from unacceptable risk ‘Combination of the frequency of harm and the consequences of that harm Physical injury or damage to the health of people or damage to environment or property Potential source of harm Function implemented by a SIS which is intended to achieve or maintain the safe stato of the process, in respect of a specific hazardous event Safety instrumented Function Average probability of a SIS satisfactory performing the required safety functions, Safely Integrity Level corresponding of the average probability of a failure in demand (PFDavg) Failure occurring at a random time, with results in on or more possible degradation mechanisms in the hardwire Failure related to a deterministic way to a certain cause, which can only e eli by a modification. Failure which does not have the potential to put the SIF in a fail-to-function state Fallure which has the potential to put the SIF in a fail-to-function state Fallure causing coincident failures of two or more legs in a redundant (sub)-system ated ‘Activity of determining the effect that a change or detected problem will have on other functions Confirmation by examination that the result of a certain work (phase in the lifecycle) complies with the requirement’s for that phase Confirmation by examination that the result of the project complies with the requirements (SRS), and that the appropriate work methods have been applied Investigation to judge that the functional safety achieved by the SIS Systematic and independent examination te determined whether the procedures specific to the functional safety requirements comply with the planned arrangements, are implemented effectively and a suitable to achieve the specified objectives Pariodic test performed to detect failures in a safety function Request from the process to the safety system to bring the process to the safe state ‘A (sub)- system is considered fault tolerant if it continues to perform its functions in spite of the presence of one or more failures, Safely Relat Abtreiabons and Detitens page sos