PETE 1024 · Instrumented Protection Systems and SIL

Led by Senior Instrumentation & Control Engineer Simulacrum

Instrumented protection systems and SIL from IEC 61508/61511 standards and LOPA through IPS design, redundancy, PFD calculation, ESD and fire and gas systems, HIPPS, proof testing, maintenance, management of change, cybersecurity, and compliance.

1. Module 1

   IPS Fundamentals: Architecture, Standards, and SIL

   Led by Senior Instrumentation & Control Engineer Simulacrum

   The question

   The IPS sits between the process and the catastrophe — when the DCS and the operator have both failed to contain the deviation, the IPS detects the dangerous condition and acts within seconds. This module covers the layers of protection model, IEC 61508 and IEC 61511 standards and the safety lifecycle, SIL 1–4 definitions with PFD ranges (SIL 1 at 0.01–0.1 through SIL 4 at 0.00001–0.0001), LOPA for SIL determination, the three IPS subsystems (sensors, logic solver, final elements) with voting architectures, and the safety instrumented function defined by cause-logic-effect.

   Outcome

   The student can describe the layers of protection, explain both standards, define SIL 1–4, apply LOPA, describe the three subsystems with voting, and define a SIF. (IPS fundamentals)

   Sub-units

   1. ○ 1.1 Layers of Protection and the IPS Role Open this unit → ✓ ↻
   2. ○ 1.2 IEC 61508 and IEC 61511: The Functional Safety Standards Open this unit → ✓ ↻
   3. ○ 1.3 SIL Determination: LOPA and the Target SIL Open this unit → ✓ ↻
   4. ○ 1.4 IPS Architecture: Sensors, Logic Solvers, and Final Elements Open this unit → ✓ ↻
   5. ○ 1.5 The Safety Instrumented Function: Cause, Logic, and Effect Open this unit → ✓ ↻
   Begin the course → Print certificate of completion
2. Module 2

   IPS Design: Components, Redundancy, and Reliability

   Led by Senior Instrumentation & Control Engineer Simulacrum

   The question

   Designing an IPS that achieves its required SIL is an exercise in reliability engineering — balancing safety (low PFD) against availability (low spurious trip rate). This module covers failure rates and the dangerous-undetected failure concept, diagnostic coverage (the fraction of dangerous failures detected by self-test), PFD calculation for 1oo1, 1oo2, and 2oo3 architectures, common cause failure as the dominant contributor in redundant systems with three mitigation measures (diversification, separation, staggered testing), SIL verification against architectural constraints, and spurious trip rate calculation.

   Outcome

   The student can define dangerous undetected failures and diagnostic coverage, calculate PFD for three architectures, explain CCF and three mitigations, verify a design against SIL target, and calculate spurious trip rate. (IPS design and reliability)

   Sub-units

   1. ○ 2.1 Failure Rates, Failure Modes, and Diagnostic Coverage Open this unit → ✓ ↻
   2. ○ 2.2 PFD Calculation: 1oo1, 1oo2, and 2oo3 Architectures Open this unit → ✓ ↻
   3. ○ 2.3 Common Cause Failure and Diversification Open this unit → ✓ ↻
   4. ○ 2.4 Safety Instrumented System Design: Architecture and SIL Verification Open this unit → ✓ ↻
   5. ○ 2.5 Spurious Trip Rate and Availability Open this unit → ✓ ↻
   Open this module → Print certificate of completion
3. Module 3

   ESD, Fire and Gas, and System Integration

   Led by Senior Instrumentation & Control Engineer Simulacrum

   The question

   The IPS comprises multiple subsystems that must work together — ESD for process hazards, fire and gas for fire protection, and HIPPS for overpressure. This module covers the ESD hierarchy (Level 0 total plant through Level 3 individual loop), three gas and three fire detection types with their executive actions, HIPPS as an alternative to relief valves for high-pressure systems at SIL 3, the cause-and-effect matrix that integrates all subsystems and ensures no gaps or conflicts, and the one-way communication between the IPS and the DCS that prevents a DCS failure from disabling safety functions.

   Outcome

   The student can describe the ESD hierarchy, describe the F&G detection types and executive actions, explain HIPPS, read a C&E matrix, and explain the one-way DCS communication. (ESD, F&G, and integration)

   Sub-units

   1. ○ 3.1 The ESD System: Hierarchy and Process Trip Functions Open this unit → ✓ ↻
   2. ○ 3.2 The Fire and Gas System: Detection, Mapping, and Executive Actions Open this unit → ✓ ↻
   3. ○ 3.3 HIPPS: High-Integrity Pressure Protection Open this unit → ✓ ↻
   4. ○ 3.4 Cause-and-Effect Matrix: Integrating ESD, F&G, and HIPPS Open this unit → ✓ ↻
   5. ○ 3.5 IPS Integration with the DCS and the Operator Interface Open this unit → ✓ ↻
   Open this module → Print certificate of completion
4. Module 4

   Testing, Maintenance, and Proof Testing

   Led by Senior Instrumentation & Control Engineer Simulacrum

   The question

   The IPS may not be demanded for years — during which dangerous undetected failures accumulate and degrade the PFD. The proof test discovers these hidden failures and restores the PFD. This module covers the end-to-end proof test procedure (inject simulated trip at sensor, verify logic, verify valve closes), proof test coverage and its effect on PFD (imperfect tests leave some failures permanently undetected), partial stroke testing for shutdown valves (verifying valve freedom without process shutdown), field device testing for sensors, logic solvers, and final elements, and the documentation requirement for regulatory compliance.

   Outcome

   The student can describe the proof test procedure, explain coverage and its PFD effect, describe partial stroke testing, describe field device tests, and explain the documentation requirement. (IPS testing and maintenance)

   Sub-units

   1. ○ 4.1 Proof Testing: The End-to-End Functional Test Open this unit → ✓ ↻
   2. ○ 4.2 Proof Test Coverage and Its Effect on PFD Open this unit → ✓ ↻
   3. ○ 4.3 Partial Stroke Testing for Shutdown Valves Open this unit → ✓ ↻
   4. ○ 4.4 Field Device Testing: Sensors, Logic Solvers, and Final Elements Open this unit → ✓ ↻
   5. ○ 4.5 Maintenance Documentation and Regulatory Compliance Open this unit → ✓ ↻
   Open this module → Print certificate of completion
5. Module 5

   Management, Cybersecurity, Compliance, and Case Studies

   Led by Senior HSE Engineer Simulacrum

   The question

   The IPS is a managed system — the people must be competent, the changes must be controlled, and the cyber threats must be defended. This module covers MOC for IPS changes (five-step process, more rigorous than DCS MOC), competency requirements for four IPS roles (designer, technician, operator, manager) with the CFSE certification, cybersecurity for safety PLCs (network separation, data diode, physical security), compliance auditing across five areas (documentation, hardware, proof testing, bypasses, MOC), and three case studies — Texas City, Bhopal, and Longford — analysed for the specific IPS management failures.

   Outcome

   The student can describe the MOC process, explain the competency framework, describe the cybersecurity defences, describe the compliance audit, and identify the IPS failure in each case study. (IPS management, cybersecurity, and compliance)

   Sub-units

   1. ○ 5.1 Management of Change for Safety Instrumented Systems Open this unit → ✓ ↻
   2. ○ 5.2 Competency Requirements for IPS Personnel Open this unit → ✓ ↻
   3. ○ 5.3 Cybersecurity for Safety Instrumented Systems Open this unit → ✓ ↻
   4. ○ 5.4 Compliance Auditing and Performance Monitoring Open this unit → ✓ ↻
   5. ○ 5.5 Case Studies: IPS Failures in Major Incidents Open this unit → ✓ ↻
   Open this module → Print certificate of completion