Professional Documents
Culture Documents
Safety Instrumented Systems Vs Process Control Systems: Differences Between A SIS and A BPCS
Safety Instrumented Systems Vs Process Control Systems: Differences Between A SIS and A BPCS
Integrated Systems
Tweet (http://twitter.com/share)
When choosing a control system for your facility, there are many factors to take into consideration
including system reliability (translated into plant uptime), upkeep and maintenance costs,
installation costs, compatibility with installed control systems, quality of support from
manufacturers, etc. But what about process safety? When is it necessary to choose a Safety
Instrumented System (SIS) instead of a Basic Process Control System (BPCS)? And what do these
two terms mean? In this article, we explore these questions.
“Process control systems (PCS) are active, or dynamic. They have analog inputs and analog
outputs, perform math and number crunching, and have feedback loops. Process controls act
1 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
positively to maintain or change process conditions. They are there to help obtain best performance
from the process and o�en are used to push the performance to the limits that can safely be
achieved. Hence, most failures in these systems are inherently self-revealing. PCS must be flexible
enough to allow frequent changes. Process parameters (e.g. set points, PID settings, MAN/AUTO,
etc) require changing. Portions of the system may also be placed in bypass, and the process may be
controlled manually. They are not built with safety in mind and are not dedicated to the task.
Because they are operating at all times they are not expected to have diagnostic routines searching
for faults.
Safety systems, however, are just the opposite of process control systems. They are dormant, or
passive. They sit there doing nothing and hopefully will never be called into action. An example
would be a pressure relief valve. Normally the valve is closed. It only opens when the pressure
reaches the set value. If the pressure never exceeds that value, the valve never operates. Many
failures in these systems may not be self-revealing. If the relief valve is plugged, there is no
immediate indication. A PLC could be hung up in an endless loop. Without a watchdog timer, the
system would not be able to recognize the problem. There is a need for extensive diagnostics in
dormant, passive safety-related systems. Safety systems should be incorruptible - need to be kept
to a fixed set of rules and access for changes carefully restricted. And they must be highly reliable
and be able to respond instantly when a hazardous situation develops.”
A common question people ask is, “Can I program a BPCS to perform safety functions?” The answer
is absolutely “yes.”
But try to ask a BPCS manufacturer the following question: “Assuming that I write perfect bug-free
code, can you guarantee with measurable certainty that your control system will consistently
perform my safety functions on demand?” The answer you will likely receive is, “No.”
A key di�erence between process and safety control is the fact that you need to know, with
measurable certainty, that the safety system will respond when required to. So, while you can
program safety functions in a basic process control system, there is no guarantee that the system
will do its job when required.
In a typical balanced dra� system, an Induced Dra� fan and a Forced Dra� fan act in tandem to
keep the furnace under a slight vacuum. This way, if the furnace is not perfectly sealed, the
combustion process remains in the furnace rather than a�ecting the environment outside the
furnace. A�er several smooth hours of run time, it was evident that the brick furnace was not
2 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
perfectly sealed because sparks and smoke began to pu� through various small openings where
brick met steel.
A�er a few panicked minutes of trying to pinpoint an issue with the PLC code, I realized that all of
the I/O signals were static - nothing was changing. My PLC was locked up. The only solution was
to toggle the power to the CPU. Once I did this, I was able to restart the fans and re-engage the dra�
control. I never saw this issue again on that job site, but I had learned that PLCs can indeed lock up.
Thankfully my story does not include anyone getting hurt or injured unless you count my
embarrassment of having a boiler house that smelled like a campfire!
With the basic di�erences understood, we can now explore one method of determining when to use
a SIS based on the Safety Life Cycle.
Determining Safety Integrity Levels (SIL) for Your Process Application (/blog
/determining-safety-integrity-levels-sil-your-process-application)
The Safety Life Cycle (see Figure 1) provides a repeatable framework whereby all process hazards
are identified and analyzed to understand which hazards require the use of a SIS for mitigation.
By design, this is a cyclic process, not a linear process with an endpoint. Any changes in process
design, operating conditions, or equipment requires cycling back to the beginning to ensure any
changes are properly implemented.
3 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
For the remainder of this article, we will focus on the steps to follow to determine when a SIS is
required, starting with the Process Hazard Analysis.
Fires
Explosions
Releases of toxic, hazardous, or flammable materials
Etc
Equipment failures
Instrumentation failures or calibration issues
Loss of utilities (power, cooling water, instrument air, etc.)
Human errors or actions
External factors such as storms or earthquakes
Etc
Both the Frequency and Severity of each process hazard must be analyzed:
How o�en could it happen? Tank spills could happen any time there’s a manual fill operation
(multiple times a year)
How severe is the result? Localized damage, fire, explosion, toxic gas release, death
Core to the PHA analysis is the fact that things can and do go wrong. You have to forget IF it will
happen and instead consider WHEN it will happen. Each identified hazard is assigned an
“acceptable” frequency. For purposes of the PHA, you cannot assume a hazard will “never” happen.
A hazard which results in simple First Aid could be considered “acceptable” if it could happen
4 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
The end result of the Process Hazard Analysis is a list of all possible process hazards with each one
assigned an acceptable frequency of occurrence. With the PHA complete, the next step in the Safety
Life Cycle is the Layer of Protection Analysis.
Figure 2: General view of plant safety protection layers. Used with permission from Magnetrol
(http://www.magnetrol.com/v2/pdf/MII/41-299.pdf).
The general steps of a LOPA are as follows. For every Process Hazard identified in the PHA:
5 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
Example: A tank fill operation that happens 250 times per year - “could” experience an overfill event
250 times per year.
A protection layer in the form of a proper vent/drain system could reduce the danger by a
factor of 100 (risk reduction factor)
The hazard resulting from tank overfill would have an e�ective frequency of 250/100 = 2.5
times per year
A�er the e�ective hazard frequency of each hazard is known, the key question is: “With non-SIS
protection layers applied, is the e�ective frequency lower than the acceptable frequency?”
In other words, once all Process Hazards are identified, and Protection Layers assigned if the
PHA/LOPA study concludes that existing protection cannot reduce risk to an acceptable or tolerable
level, a Safety Instrumented System will be required.
For those hazards where existing protection layers (including the BPCS) can reduce risk below the
acceptable level, a SIS is not required and it is acceptable to use the BPCS for hazard mitigation.
The role of the SIS is to reduce risk by implementing Safety Instrumented Functions (SIF). Two
example SIFs include:
Hazard: Tank overfill. SIF: The SIS stops the fill pumps at a predetermined safe level
Hazard: High temperature. SIF: The SIS opens a relay to cut power to a heater circuit at a
predetermined safe temperature
In any case, an SIF is a safety function implemented by the SIS to achieve or maintain a safe state.
An SIF’s sensors, logic solver, and final elements act in concert to detect a hazard and bring the
process to a safe state.
6 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
Yoset + (/users
/david-yoset)
Dave is a Project Manager with Cross Company Integrated Systems Group. He holds both a
Bachelor's and a Master's degree in Mechanical Engineering from Penn State University and has
more than 20 years experience in control systems engineering for the manufacturing and
chemical processing industries. He has experience in multiple control platforms including
Rockwell and Siemens.
LinkedIn (https://www.linkedin.com/in/dave-yoset-02b06a11)
RELATED POSTS
How to Cycle Three or More Pumps and Fans (/blog/how-cycle-three-or-more-pumps-and-fans)
Jack Daniel's Distillery Selected Cross' ISG for Distillery Expansion (/blog/jack-daniels-distillery-
selected-cross-isg-distillery-expansion)
Topics
Control System (/blog/topic/control-system)
7 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
Sort by Best
Recommend ⤤ Share
Cross Company
Maximum Performance - Minimum Size with LinTech 200 Series Linear Tables
Instrumentation
8 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
Integrated Systems
Blog Series
Andy Larson's Robotic Blog Series
9 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
10 of 11 10/09/2017 05:55 PM
Safety Instrumented Systems Vs Process Control Systems... https://innovativecontrols.com/blog/safety-instrumented...
11 of 11 10/09/2017 05:55 PM