The role of maintenance in the future of safety

The international standard IEC 61508, known as the SIL standard -- can verify component safety at every stage of a product's life cycle. Safety integrity levels (SILs) reflect the amount of risk reduction. Maintenance and operation functions play a key role in their success


In the previouus issue of Machinery & Equipment MRO, (Sept. 2007, pg. 33) I wrote about IEC 61508 Standard, also known as the standard for SILs (Safety Integrity Levels). Now I would like to add more to the topic and focus on maintenance issues identified in the document.

This international standard considers all relevant overall electrical, electronic and programmable electronic systems (E/E/PES) and software safety life cycle phases (for example, from initial concept, through design, implementation, operation and maintenance, to decommissioning) where E/E/PESs are used to perform safety functions.

The document covers assessment of operations and maintenance regimes for the safety-related system. It applies to organizations involved with the policies, procedures, documentation and records of all activities involved with managing functional safety for installed and operating electrical, electronic and programmable electronic safety systems.

So what are the E/E/PES technologies concerned?

* Electrical (E): Electro-mechanical relays/interlocks

* Electronic (E): Solid-state electronics

* Programmable Electronic Systems (PES): Programmable logic controllers, microprocessor-based systems, distributed control systems, other computer-based devices (e.g. 'smart' sensors/transmitters/actuators).

In a simplistic form the extent of a Safety Related System (SRS) goes from a sensor through a logic solver (controller) to a final actuator/field device (it may be mechanical, such a valve or contactor). An SRS is defined as any system that implements safety functions necessary to achieve a safe state for the 'Equipment Under Control,' or to maintain it in a safe state.

Examples of such systems are as follows:

* Process plant emergency shutdown systems

* Fire and gas systems

* Crane automatic safe-load indicators

* Machine/robot safety system

* Steam boiler controls.

A recent study attributed almost 15% of failures of control systems to operation and maintenance issues.

The IEC 61508 Standard focuses on the hardware and software requirements of logic solvers. However, the failure rates of field devices usually dominate Probability of Failure on Demand (PFD) calculations.

There are often instances where protection against a hazard consists of a combination of an instrumented protective function working with mechanical/field devices to form parallel protective layers. This is common where over-pressure protection is concerned and a field/mechanical device such as relief valve forms a protective layer in addition to an instrument-based pressure trip function. Total over-pressure protection is provided by the combination of both layers and an SIL can be determined based on the consequences of complete failure of all layers. In this way, the contribution that each layer makes can be determined in the design, and the PFD is a combination of the PFDs for all layers.

Reliability data is fundamental to calculating the PFD. Although reliability data is generally readily available from logic solver suppliers, obtaining reliability data for field devices is often difficult.

Larger organizations have historically recorded this data in their maintenance management systems and data collected in this way takes into consideration local issues such as the environment, operating conditions and standards of maintenance. Smaller companies may not have such data available, which can be a problem when selecting field device architecture and determining test and maintenance frequencies.

In the absence of company-specific data, there are credible public domain sources that can be used but a conservative approach in the design, testing and maintenance regime should be considered. This can then be adjusted as experience with the equipment matures and data from the facility is captured.

Appropriate field devices can then be selected like building blocks to configure any required protective function. The selection of field devices, configuration of the architecture and frequency of test and maintenance intervals determine the PFD and hence the SIL that can be achieved.

It is prudent to ensure that designs embrace optimal testing and maintenance with full consideration of the life cycle implications. Integrated software tools can optimize design, safety and maintenance requirements.

The design, frequency of testing and periodic maintenance interval, the time taken for testing and maintenance/repair all interrelate and have an impact on the PFD calculation.

An important point to make is that testing alone is not sufficient, as this may not identify all possible hidden failures. A good analogy is to consider the brakes on a car. They are tested and operated regularly to ensure the safety of the occupants. However, if the braking system is not maintained, it will eventually fail at an unacceptable rate. Instrument-based protective functions are no different. For example, a blocked transmitter impulse line may not be identified during routine testing and little information is available about the internal condition of a valve and its actuator by simply testing. Just like with the car's braking system, maintenance is required at some stage to bring the instrument protective system back to the 'as new' condition.

Testing is normally undertaken at more regular intervals than maintenance is done, since maintenance is often scheduled for periods of plant shutdown in order to minimize operational disruption. Thus an online test without maintenance is referred to as an 'imperfect proof test'; the component is returned to the 'as new' condition at the maintenance interval.

With suitable selection of the equipment, architecture configuration and test interval, the maintenance interval can be designed to coincide with planned shutdowns, thus avoiding deferred production.

Operation and maintenance are very important components in the cycle of life of equipment. The SIL (IEC 61508) Standard makes a perfect tool to evaluate critical safety systems from cradle to grave. MRO

Simon Fridlyand, P.Eng., is president of S.A.F.E. Engineering Inc., a Toronto-based company specializing in industrial health and safety issues and PSR compliance. For more information, visit


Quick Enquiry
  • For validation please enter the text shown into the field below. Refresh Image

    CAPTCHA Image