Partial Valve Stroke Test. The Exida model (exSILentia) says that partial proof test coverage affects a main proof test coverage factor. I've been using and still following their model for many years. You can find an explanation of this model here: https://www.exida.com/blog/why_does_my_proof_test_coverage_change_with_partial_stroke_testing I'm curious what your approach to this topic is in your PFDavg calculations?

My proposed topic for discussion: I have experience in conducting a SIL requirement assessments for furnace burning systems. Each client of such analyses have a little bit different approach and risk assessment procedures which I should follow. However as an analyst and session leader I don't agree with them sometimes. It is always a challenge for me, as analyzing such a system raises many questions about the validity of decisions made during the LOPA. Briefly: This particular protection system consists of many instrumented safety functions protecting the furnace, like low and high pressure of the fuel gas, low pressure of combustion air, loss of flame, overpressure in the combustion chamber, wrong air/fuel ratio, CO/O2 flue gas detection, flue gas damper closure detection and some others depending on specific technology used. So the first issue of this SIL analysis is related to the layers of protection. In the most conservative case, we can't take any additional layers of protection independent of the analyzed function. Why? Because all possible other actions are still the same: close the double shutoff valves at the fuel supply line to the burners. The same valves which are part of the SIF we are talking about. What's more it's not always possible to ensure a low personnel presence rate in the hazardous area. This of course results in very high SIL requirements. But I always wonder if this approach is practical and not too conservative? The second question is whether each of these SIFs really needs to be analyzed separately, when most of them protect the furnace from loss of flame and a chamber from the formation of an explosive atmosphere. Perhaps some functions can actually be considered as a one SIF with redundancy and diversification of measurement systems detecting different physical quantities? This case is much closer to my approach of practical side of functional safety. By the way, I've got also a third point of view but maybe I will describe it a little bit later during a discussion.

Hi All, Just read an interesting article on the recent introduction of an ISA standard which provides guidance on the management of Independent Protection Layers - Low Integrity Protection Layers: ANSI/ISA-84.91.03-2025 Explained. This is an interesting subject as IPL's are an essential aspect when working out the target RRF of a SIF, however they are often forgotten about once the plant goes back into operation. Some sites do manage the maintenance of IPL's differently to non-safety loops, via a maintained IPL register, IPL validation and more stringent testing routines. However this is not always the case and a lot of the time IPL's just fall into the normal maintenance system as this article suggests. Would be interesting to hear from the group your thoughts on this subject .....

This session we're reviewing a live burner management system SIL scenario brought by Tomasz Barnert CFSE PhD. The scenario: a protection system with multiple SIFs protecting a furnace. The vendor is claiming SIL 2. Several genuinely contested questions around independence, compound SIF analysis, and LOPA conservatism. Tomasz has three specific questions for the group — and a third point of view he's been holding back for the session. No slides. No lecture. Bring your read on it. Premium members only. Link below.

Hi all, With regards to carrying out an FSA 5 assessment, is it deemed necessary to carry one out if you are only adding new SIFs into an existing Safety Logic Solver. In this example, the new SIF to be installed does not share any of the same elements (other than the logic solver) as any existing SIF's, and also the new SIF has no impact on any existing SIFs? My thoughts are no, but just wondering if anyone else can clarify if I am correct?