The Genius of ANSI/ISA S84.01–1996
The real genius of a standard is measured by the level of acceptance and the test of time. Often, we do not realize the true greatness of the work a group of people has accomplished until many years later.
In the case of ANSI/ISA S84.01–1996, two fundamental concepts were introduced. These are (1) the Safety Lifecycle and (2) probabilistic performance metrics. These two fundamental concepts have since spread into more than a dozen international standards, including IEC 61508, IEC 61511, and even ISO 26262, the automotive functional safety standard.
The genius of the Safety Lifecycle is not just the specification of an engineering process that starts with concept and ends with de-commissioning. The real brilliance is in the systematic method for management of risk. Risk analysis is completed and converted into a risk reduction requirement for each safety instrumented function. The methods needed to accomplish that task are flexible and have become effective and efficient with good software tools, starting with conventional HAZOP tools and shifting to newer tools that include Layer of Protection Analysis (LOPA) and integrated requirements generation.
Note that the actual inherent risk in a process is not a piece of public information, only risk reduction. The publication of inherent risk in the safety requirements specification was almost a stumbling block to the standard, but the concept of risk reduction specified by Safety Integrity Levels (SIL) was brilliant. The Safety Lifecycle goes on to relate engineering design and test requirements to the SIL. Higher risk reduction requires more careful design and more thorough testing. That makes sense.
The pioneering ANSI/ISA S84.01 standard also presented probabilistic performance metrics to evaluate a proposed design rather than prescriptive design patterns. There are many advantages to this approach. Innovation is most certainly permitted, and even in our appropriately conservative industry, we have seen many advances in safety design. Another strong advantage of probabilistic performance metrics is that companies can see how to optimize the economics of safety design. Tradeoffs can be made regarding capital expense (better hardware) versus operating expense (more proof testing). The “weak links” in designs that were thought to be safe-but were not, in fact, really that good-are identified.
Even the early ISA SP84 meetings saw considerable debate about the tradeoffs of prescriptive design patterns versus probabilistic performance standards. “Where is the failure ra te data we need? Manufacturers will never publish their failure data!”
Fortunately, the probabilistic concept has worked. Over time, detailed databases of needed information have been created. Most manufacturers have had their products analyzed, and will provide realistic failure rate/failure mode data.
Some of the concerns against the probabilistic performance method were correct, however. Some manufacturers use warranty return data that generally produces dangerously low failure rates because of optimistic assumptions used. One manufacturer even proudly proclaims, “My products never fail, unless the failure is caused by the user. And we do not count those as real failures.”
Blaming all failures on the user is not a good assumption for realistic failure data analysis. Fortunately, the trend is toward good, realistic data, as knowledge of analysis methods and proliferation of good data spreads in special-purpose engineering tools for probabilistic analysis.
In hindsight, it is amazing that the functional safety concepts created by the ISA SP84 committee during late 1980s have stood the test of time so well. These methods have spread from the process industries to machine industries, mining, robotics, elevators, the automotive industry, autonomous vehicles of all types, and many other sectors. We believe this has happened because these concepts are based on logical engineering methods, economic optimization, and risk management.
Great job, SP84 committee.
You can explore the subject of functional safety in more depth with the ISA Safety Series, a collection of six books covering the most important safety topics for today’s automation and control systems technician.
About the Authors
Iwan van Beurden, CFSE, and William M. Goble, CFSE, are the authors of Safety Instrumented System Design: Techniques and Design Verification (part of the ISA Safety Series).