Hi all (again), I am currently working with a Client which has asked me to carry out a C&I compliance assessment on vendor skid coming from China. The skid is fair size (approx. 400m²) as it contains a full Pyrolysis unit along with it's own BPCS Control System and Independent Fail Safe Controller. Among all the other C&I compliance checks I am doing, the Functional Safety checks is one of the main items on my radar. My initial TQ's to this particular vendor contain queriers around how they have managed their SIL rated trips, i.e. which Safety Standard have they complied with? and also what lifecycle documentation they can provide, i.e. Hazard Study Reports, SRS, SIL Verification Calcs, SIF Validation evidence etc? (I am awaiting their response) .. I often hear that we should treat Vendor packages as black boxes, however I believe there must be some level of assessment which must be carried out by the Principal Designer to ensure the equipment being supplied is compliant to our standards, and has followed robust safety lifecycle? My question to the team is, what sort of assessment would you carry out on 3rd party skids the size of this? Again, any opinions on this one would be hugely appreciated!

Hi all. I would like to hear everyone’s views and opinions on having one valve for control and one valve for safety, Or if they would have one valve that does both. If you have one valve what’s are your argument for, independence, CCF, and control system errors.

Hi All. Just thought I would post in here to get others thoughts on a scenario I have come across recently. I know it’s best practice to avoid a single element being used in multiple SIFs, but are there any factors to take into consideration for the calculation. For example, several vessels have a common feed supply and whilst each have their own level sensor and logic solver, the common feed line overfill trip valve is shared for all vessels. Each SIF will have a calculation of all components, but all are actually using the same valve. My understanding is no common cause can really be applied as all have a 1oo1 output function. On another note, the configuration would also result in more demands on the valve with it being shared. Downtime and maintenance would also be impacted if shared. Again, just to get other thoughts on other factors that should be taken into account in this scenario. Thanks, Craig

Hi everyone, @Noah Tibasiima has raised the following question, but it was added to another post and may have been overlooked. I have been sleeping on this for a while. I would be interested in hearing how others approach the determination of Maximum Out of Service Time (MOST) when a safety function is bypassed. There is a document out there discussing this (I kinda forgot the title) but it is not mainstream FS if I am not mistaken. However it discusses using time at risk to set maximum time that an IPL can be bypassed. An explanation that stuck with me was this: When an IPL or SIF is bypassed, its PFD during that period is effectively 1.0, since it is guaranteed to fail on demand. Because of that, the time spent in bypass cannot be arbitrary. To keep the average PFD of the function within its tolerable target over the proof test interval, the duration of the bypass has to be limited. The way I saw it derived was by essentially equating the risk contribution accumulated during the bypass period with the allowed risk budget allocated to that IPL/SIF over the full interval. In simplified terms, the MOST becomes the maximum time the function can remain bypassed before the average PFD target is exceeded. My questions to those reading this: 1. How are you determining MOST in practice, do you derive it analytically from the SIF PFD target, or do you rely on more conservative procedural limits? 2. Do you treat the bypass state strictly as PFD = 1, or do you incorporate compensating measures (temporary IPLs, administrative controls, etc.) into the calculation? 3. Are there particular company or industry guidelines you have found useful for setting these limits? Curious to hear how others handle this in operating facilities because I can swear I have told someone before go look up the SRS😂, yet they were dealing with a legacy system

Greetings to all members of this community, both experienced and beginners. I'm glad to join it. I'll try to contribute as much as I can. I've used LinekdIn a lot over the past few years, but lately it's become quite irritating. A warning to those seeking reliable knowledge. LI is currently publishing a ton of posts about functional safety, written by people who have no clue about it. They're generated by AI and contain basic errors. That's why I'm glad to see new initiatives like this community emerging! I'm curious if you feel the same way?