Module 3 - IEC 61508 and IEC 61511

Question 1

When should you use IEC 61508 instead of IEC 61511?

Answer 1

IEC 61508 should be used by device manufacturers, IEC 61511 should be used by system integrators and end users in the process industry

Question 2

For a SIL 4 application, which functional safety standard should be used?

Answer 2

IEC 61508

Question 3

When is it a legal requirement to comply with IEC 61508?

Answer 3

When specified by government regulation or through a commercial contract

Question 4

When is it a legal requirement to comply with IEC 61511?

Answer 4

Compliance with IEC 61511 is the same as for IEC 61508 but only as far as IEC 61511 is applicable. This means it is only required by government regulation or through a commercial contract

Question 5

What is the difference between a SIF, SIL, and SIS?

Answer 5

A SIF is a an automatic function to protect process system. A SIL is a rating applied to a SIF to identify its target failure measures. A SIS is the combination of all the SIFs in a system.

Question 6

What are the two components of total risk reduction?

Answer 6

Partial risk reduction through a SIS and partial risk reduction through all other means

Question 7

What is a protection layer?

Answer 7

A protection layer is any independent mechanism that reduces risk by control, prevention, or mitigation

Question 8

What can be done to optimise the cost and level of protection when designing a SIS?

Answer 8

Setting appropriate acceptable risks, and selecting appropriate SILs

Question 9

What is the difference between high demand and low demand modes?

Answer 9

Low demand mode is where the SIF is only performed on demand with a frequency of less than once per year. High demand mode is also performed on demand but with a frequency greater than once per year.

Question 10

What is continuous mode?

Answer 10

Where the SIF retains the process state as part of its normal operation

Question 11

Why is it important to identify If a system is high or low demand mode?

Answer 11

Because IEC 61508 stipulates different formulas for each mode of operation

Question 11

Why is it important to identify If a system is high or low demand mode?

Answer 11

Because IEC 61508 stipulates different formulas for each mode of operation

Question 12

When can low demand be used even if the SIF frequency is greater than once per year?

Answer 12

When the test interval can be guaranteed to be at minimum twice the demand frequency

Question 13

List the PFDavg and RRF values for each SIL rating

Answer 13

SIL 1 : RRF 10-100 PFD 10^-2 – 10^-1
SIL 2 : RRF 100-1000 PFD 10^-3 – 10^-2
SIL 3 : RRF 1000-10000 PFD 10^-4 – 10^-3
SIL 4 : RRF 10000-100000 PFD 10^-5 – 10^-4

Question 14

What are the two main types of failures?

Answer 14

Random hardware failure and systematic failure

Question 15

What is the mathematical relationship between PFDavg and RRF?

Answer 15

They are the inverse of each other

Question 16

What is the mathematical relationship between PFDavg and RRF?

Answer 16

They are the inverse of each other

Question 17

How can we minimise hardware failures?

Answer 17

Reduce the dangerous failure rate, improve proof testing, or increase hardware fault tolerance

Question 18

How can we minimise software failures?

Answer 18

Quality processes and management

Question 19

What are the key steps of the safety lifecycle as defined in IEC 61511?

Answer 19

1. Hazard and risk assessment
2. Allocation of safety functions to protection layers
3. SRS
4. Design and engineering
5. Installation and commissioning
6. Operations and maintenance
7. Modification
8. Decommissioning