Dear All, Long time i don't post. I am back with my planning to verify my SIL achievement of logic solver. I am using ABB AC800M HI (SIL3 capable), and has 1oo2D architecture where both CPU & Safety Module (diverse with the CPU) is executing logic simultaneously and have cross diagnostic feature. I saw exida 8 variables of PFDavg is describing in 1oo1 architecture only, and i know that exida uses Markov Process (continuous markov) for modelling. I want to verify my SIL achievement use the same method, however i have 1oo2D architecture not 1oo1 and i need to consider the beta factor as well in my equation. Any of you have the literature to derive the PFDavg from markov process? I have discussed with AI as well and it can show me how to do from addressing the states and kormogolov differential equation, but i'm not entirely sure, i know you all may have experience regarding this matter, if you can please give me the flowchart how to do or to share some whitepaper of this matter, i may need some actual literature to back me up of my calculation later.

Can anyone share their experience? Very practical two questions related to an issue which exists in many PFDavg calculations. What's your approach to a safety loop that includes typical electrical final elements, e.g. contactors? Although the IEC61508 and IEC61511 standards apply to electrical devices, many such solutions widely used in industry lack certification and reliability data. And if the data is available, it's usually related to PFH and is based on B10d - not well suitable for demand mode of operation calculations. Second one: how do you confirm their systematic capability?

Hi All, Just read an interesting article on the recent introduction of an ISA standard which provides guidance on the management of Independent Protection Layers - Low Integrity Protection Layers: ANSI/ISA-84.91.03-2025 Explained. This is an interesting subject as IPL's are an essential aspect when working out the target RRF of a SIF, however they are often forgotten about once the plant goes back into operation. Some sites do manage the maintenance of IPL's differently to non-safety loops, via a maintained IPL register, IPL validation and more stringent testing routines. However this is not always the case and a lot of the time IPL's just fall into the normal maintenance system as this article suggests. Would be interesting to hear from the group your thoughts on this subject .....

1. Based on your experience with FSA Stage 1 to 5 in EPC Oil & Gas projects, what are the most critical anomalies or non-conformities usually identified onsite compared to approved documents such as SRS, Cause & Effect, FAT, and SAT? 2. From your lessons learned, what are the most frequent issues encountered during FSAs: - poor SIS bypass management, - overdue proof testing, - DCS/SIS integration gaps, - incomplete MOC process, - or field vs As-Built discrepancies?

My proposed topic for discussion: I have experience in conducting a SIL requirement assessments for furnace burning systems. Each client of such analyses have a little bit different approach and risk assessment procedures which I should follow. However as an analyst and session leader I don't agree with them sometimes. It is always a challenge for me, as analyzing such a system raises many questions about the validity of decisions made during the LOPA. Briefly: This particular protection system consists of many instrumented safety functions protecting the furnace, like low and high pressure of the fuel gas, low pressure of combustion air, loss of flame, overpressure in the combustion chamber, wrong air/fuel ratio, CO/O2 flue gas detection, flue gas damper closure detection and some others depending on specific technology used. So the first issue of this SIL analysis is related to the layers of protection. In the most conservative case, we can't take any additional layers of protection independent of the analyzed function. Why? Because all possible other actions are still the same: close the double shutoff valves at the fuel supply line to the burners. The same valves which are part of the SIF we are talking about. What's more it's not always possible to ensure a low personnel presence rate in the hazardous area. This of course results in very high SIL requirements. But I always wonder if this approach is practical and not too conservative? The second question is whether each of these SIFs really needs to be analyzed separately, when most of them protect the furnace from loss of flame and a chamber from the formation of an explosive atmosphere. Perhaps some functions can actually be considered as a one SIF with redundancy and diversification of measurement systems detecting different physical quantities? This case is much closer to my approach of practical side of functional safety. By the way, I've got also a third point of view but maybe I will describe it a little bit later during a discussion.