top of page

Instrumented Protective Function Performance Follow-up on Norwegian Continental Shelf (NCS) Assets

  • Writer: Marcus Norlin | Consultant
    Marcus Norlin | Consultant
  • Jun 16
  • 5 min read

In this article:




Introduction

It is recommended by the Norwegian Ocean Industry Authority (Havindustritilsynet or Havtil, for short) that the International Electrotechnical Commission (IEC) 61508 and 61511 standards for Functional Safety are applied on offshore platforms/assets for implementation and management of Functional Safety, covering Instrumented Protective Functions (i.e. functions where electrical, electronic and programmable electronic systems are used as safety functions, further referred to as “IPFs”)*. Assets which were designed and built prior to the IEC standards became normative on the Norwegian Continental Shelf (NCS), typically do not follow the IEC 61508/61511 standards for management of safety systems. Naturally, for such assets, it is impossible to retroactively apply the IEC 61508/61511 principles for design, installation and commissioning of IPFs, since these phases have already been completed. However, the principles for following up the performance of IPFs during the operational phase, remain valid also for “older” functions. Hence, to demonstrate that IPFs on your asset are managed and performing in accordance with regulations and requirements, it is necessary to apply a consistent approach for following up the performance of these functions.


This Insight shares a suggestion on how a register can be established for your IPFs through the following process:

  • Identification and categorization of IPFs on the asset;

  • Allocation of performance requirements to the IPFs, based mainly on Probability of Failure on Demand (PFD);

  • Calculation of IPF reliability based on generic or operational data.


This will help you keep track of your IPFs, both in the Process systems** and Emergency Shutdown Systems (ESD), and ensure they are performing within their reliability requirements.


Base documentation and tools

Any spreadsheet tool, e.g. Microsoft Excel, can be used for mapping and building a register of IPFs on your asset. The following examples of documentation are helpful for mapping of Process system IPFs:

  • Process & Instrumentation Diagrams (P&ID) and System Control Diagrams (SCD);

  • Hazard and Operability (HAZOP) studies, Safety Analysis Tables (SAT) and Process Safety studies;

  • Logic diagrams, e.g. Cause & Effect (C&E), Block Logic Diagrams (BLD) etc.


For the Emergency Shutdown (ESD) and Fire and Gas (F&G) systems, the identification of IPFs is typically simpler and less time-consuming than for the Process systems (depending on the availability of documentation). ESD and F&G functions can often be defined on a “generic” level, meaning they do not have either a specific initiator or specific final elements, as they provide a global protection of the installation, e.g., ESD segregation based on fire or gas detection.


Establishing an IPF register

The method starts with identification of IPFs in the Process systems, ESD system and F&G system. The process functions can be limited to those for which HAZOP is required, according to NORSOK P-002, or limited to the systems having been covered in previous hazard identification and risk assessments on the asset.  Another limitation may be applied in terms of the selection of type of functions to be included in the register. As a starting point, functions which are represented in Appendix A of Offshore Norge (ON) GL 070 could be considered in the identification process.


The identification should result in the following outputs regarding each function:

  • Initiator(s) for the function (when applicable);

  • Logic node(s), performing the function;

  • Final element(s), which takes the Equipment Under Control (EUC) to a safe state (when applicable);

  • EUC.


Figure 1 Examples of useful inputs for establishing an IPF register
Figure 1 Examples of useful inputs for establishing an IPF register

The P&IDs and SCDs of the platform can be used to identify the transmitters, logic nodes and final elements which make up the structures of the IPFs in the Process system. For ESD and F&G functions, other types of documentation such as Ducting & Instrumentation (D&ID) diagrams and HVAC SCDs will be helpful.


HAZOP studies and SATs can then be used to identify the scenarios which the IPF is intended to protect against (often by finding the corresponding transmitter in the HAZOP worksheet and/or SATs) and the final elements which are critical for achieving safe state, as well as the EUC.


Logic diagrams should be utilized to verify whether the critical final elements identified in HAZOP/SAT are being activated by the identified functions. Otherwise, this should be discussed with the Process discipline and/or Instrument/Automation discipline for the asset.


Once the IPFs have been identified, they are allocated reliability requirements with regards to their Probability of Failure on Demand (PFD), which is the industry standard reliability indicator for instrumented protective functions. The reliability requirements for the functions can be derived deterministically, e.g. by use of ON GL 070, where minimum Safety Integrity Level (SIL) requirements are allocated based on the type of function. Layers of Protection Analysis (LOPA) is also an alternative, with the benefit of considering the likelihood and severity of the scenarios which the function is protecting against. However, LOPA will require significantly more effort than the deterministic method. Throughout the process, it can also be decided whether LOPA should be performed for a subset of IPFs.


At this point, you have created a register containing the configuration (initiator, logic solver and final elements) and reliability requirements of all relevant IPFs on your asset. The final step is to calculate the reliability of the IPFs using e.g. the PDS Method Handbook. This can be done by using either generic data (from e.g. PDS Data Handbook) or asset/company specific data of Dangerous Undetected (DU) failures for certain types of equipment. Since one of the main purposes of this exercise is to keep track of your IPFs in the operational phase of the asset, it is highly recommended that asset/company specific data are applied in the reliability calculations. If specific data is not available at the time, the register should be set up in such a way that it is easy to change data sources from generic to specific as field specific data becomes available.


Conclusion

There is great potential for assets on the NCS to improve follow-up of Instrumented Protective Function (IPF) performance in the operational phase. By following the steps above and utilizing common types of documentation, a comprehensive register of IPFs can be established in a cost-efficient manner. This will give you a solid basis for comparing actual performance of your IPFs, to performance requirements in applicable standards and regulations.


If you would like to learn more about this topic, please feel free to contact us. ORS Consulting can assist you with establishing an easy-to-use IPF register, with intuitive tools for updating and applying failure data from the operational phase.


*The denomination Safety Instrumented Function (SIF) is not used throughout this Insight since this is typically reserved for functions where the principles of IEC 61508 and 61511 has been applied throughout the function lifecycle. Hence, Instrumented Protective Function (IPF) is used instead.


**While all IPFs in the Process system should be configured in the Process Shutdown (PSD) system, there may be exceptions to this depending on the design of the asset, e.g. IPFs configured in the Basic Process Control System (BPCS). Such exceptions can be included or excluded in the scope of work for this methodology, although inclusion is recommended.



Download our quick guide to enhancing IPF performance on NCS assets and why it matters.








References

NORSOK P-002:2023 – Process system design, Chapter 7.3 Hazard and operability.


070 - Offshore Norge Recommended guidelines for application of IEC 61508 and IEC 61511 in the Norwegian petroleum industry (Recommended SIL requirements), Revision 06, 2023.


International Electrotechnical Commission, IEC 61508 – Functional safety of electrical/electronic/programmable electronic safety-related systems, 2010.


International Electrotechnical Commission, IEC 61511 – Functional safety  - Safety instrumented systems for the process industry sector, 2016.


SINTEF, Reliability Prediction Method for Safety Instrumented Systems - PDS Method Handbook, 2013 Edition.


SINTEF, Reliability Data for Safety Equipment - PDS Data Handbook, 2021 Edition.



Further reading

ORS Insight (in Norwegian) – Sikkerhetsinstrumenterte systemer i drift


SINTEF – 2023:00107 – “Guideline for follow-up of Safety Instrumented Systems (SIS) in the operating phase”, Version 3, [accessed on 2025.03.12] https://www.sintef.no/en/publications/publication/2144020/


Image by Thought Catalog

SUBSCRIBE TO RECEIVE OUR NEWS & INSIGHTS

Thanks for submitting!

© 2022 ORS Consulting. All Rights Reserved.

Privacy Policy

bottom of page