Safety System Bad Actor Identification – Late Testing
Let’s face facts – in the real world not all instrumentation in a Safety Instrumented Function (SIF) gets tested at the assumed test interval per the Safety Integrity Level (SIL) Calculations. Why is this? Well, a variety of reasons are typically tossed about:
- Outage duration is reduced – now the time needed to complete all the tests is gone…
- Production is going well and profits are soaring – not a good time for an outage, let’s wait till the next outage…
- Too difficult right now – to test that instrument we’ve got to set up scaffolding, the test is complicated to execute, let’s just delay this test...
So, we all agree that in the real world not all instruments get tested. But, does management understand what this does to them from a risk standpoint? If they did, would they make the same decisions? Would we delay testing instrumentation, whose primary purpose is to prevent loss of primary containment? If late testing occurs occasionally, is it a big issue? What if it is the “norm” within the organization?
Your company has started the journey for compliance to the IEC 61511 safety lifecycle. But, it’s a long and arduous path to gain organizational alignment around the benefits of the safety lifecycle. So what’s a relatively quick win you could achieve that will help demonstrate to management some of the end game benefits of the safety lifecycle?
Here are your simple steps to success:
- Review facility Safety Critical Equipment (SCE) List
- Compare SCE List to SIF List
- If any SIF instrumentation is not on the SCE List, in theory, you may not be testing these devices at all
- Review for the past “X” years the Deferred Testing Log and compare it to the SIF List
- Present a report to management that shows impact of late or non-tested SIF instrumentation
- Document the assumed SIF Risk Reduction Factor (RRF) target from the LOPA versus the achieved RRF based upon your late testing review
- Calculate assumed and actual increased financial risk based upon the late testing bad actors
Below is a sample of what one might find:
Late testing can have a significant impact on risk. Organizations tend to test the “easy” devices and defer the “hard” to test devices. Application of the IEC 61511 safety lifecycle to your SCE instrument program re-focuses maintenance activities on ensuring devices, with the primary purpose to prevent loss of primary containment, are maintained in good working order per the assumptions in the LOPA.
Every time we’ve been involved with the above review process, some eye opening items are discovered which help focus awareness on the benefits of the safety lifecycle. By highlighting some late testing bad actors and reviewing the financial impacts on the business, you can start to gain management alignment and improve understanding of your IEC 61511 compliance efforts.