HOW TO SELECT A SAFETY PLC

Bud Adler
Mike Scott, PE, CFSE Director, Business Development
V P, Process Safety Process Safety Systems
AE Solutions AE Solutions
Greenville, SC 29616 Lake Mary, FL 32746

KEYWORDS

Safety Instrumented System, SIS, Logic Solver, ANSI/ISA 84, IEC 61508, IEC 61511, Safety
PLC, Redundant Architecture, Lifecycle Cost, Benefit-to-Cost Ratio

ABSTRACT

Throughout the industrial process control industry Safety Instrumented Systems are becoming
high profile. Most companies have accepted that the performance-based standards such as
ANSI/ISA 84.01, IEC 61508 and IEC 61511 are here to stay and that conformance is not
optional. A growing number of instrumentation manufacturers have recognized the steadily
increasing interest that this market has shown in bringing their plants into conformance with
the standards. They have responded by introducing a wide range of products that are “suitable
for use” in Safety Instrumented Systems (SIS). These products include sensors, transmitters,
valves and valve positioners and a wide range of logic solvers.

Most users have little concern about being able to select a proper sensor, transmitter or valve
positioner but when it comes to choosing from the vast array of logic solvers, they often do
not know how to make a proper decision. The problem is clear when you consider the range
of choices for Logic Solvers that range from the relatively simple alarm trip architectures up
through the wide variety of safety PLCs offered by about twenty different manufacturers.
These PLC architectures cover the scale from simple one-out-of-one (1oo1) architectures up
through triple and quadruple redundant systems with differing degrees of self-diagnostics.

With all of these choices, how is a control engineer supposed to pick the “best” system for his
project and / or plant standard? If he errors on the side of conservatism, he may cost his
company tens of thousands of wasted dollars by selecting a more sophisticated system than is
warranted by the application. And, even worse, a simplistic system may not be in
conformance with the standards and could place human life at unnecessary risk. The problem
is exacerbated when all factors of lifecycle costs are considered.

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
This paper will present a systematic methodology for selecting a Safety PLC platform. It will
describe the evaluation of Safety PLC’s based upon both technical requirements (i.e. safety
requirements) and commercial requirements (i.e. availability and Life Cycle Cost analysis).

INTRODUCTION

Once you’ve completed your risk analysis, performed initial conceptual design and completed
some Safety Integrity Level calculations you may think that your work is complete?
However, there are other issues to consider. What about the economics of the project? Which
Safety Instrumented System architecture optimizes costs through increased availability and
reduced nuisance trips? Is the Safety Instrumented System even a sound financial investment
for the facility? For instance consider the following simple scenario:

• A person has a house located in a possible flood plain

• Cost of a flood insurance policy is $1,000 / year
• It is estimated that cost to repair flood damage to a typical home is $10,000
• Probability of a significant flood is once every 50 years

Is it a sound investment to purchase a flood insurance policy for the above event? Assuming
a 6% discount rate and home ownership for ten (10) years, a Future Value calculation yields a
cost of $13,181. Thus, the insurance policy as stated above would cost more than the actual
event. If one can analyze the above scenario, why not apply similar logic to review a
proposed Safety Instrumented System design?

This paper will highlight a five (5) step methodology, which can be applied to perform
economic analysis on Safety Instrumented Systems to ensure the “best” system has been
selected

1. Step 1 – Select an architecture for the SIS for evaluation (sensors, logic solver and
final elements)
2. Step 2 – Perform SIL Calculations to determine Probability of Failure on Demand
Average (PFDavg) and Mean Time To Fail Safe (MTTFS) based upon a given
Functional Test Interval
3. Step 3 – Calculate Lifecycle Cost in terms of Net Present Value (NPV)
4. Step 4 – Calculate Benefit-to-Cost Ratio
5. Repeat above steps for each possible SIS architecture being considered for the project

Note: Steps 1 and 2 represent tasks associated with the Safety Lifecycle and are typically
already being performed by designers of Safety Instrumented Systems.

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
 Start

SIS Conceptual Design

Architecture Options

Perform SIL
Calculations (PFDavg

Calculate Lifecycle

Calculate Benefit-to-Cost
Ratio

No Benefit Yes
To Cost >
1.0

No Lowest Yes
Lifecycle
Cost?

Figure 1 – Economic Analysis Flowchart

LIFECYCLE COST

Lifecycle Cost is a technique that allows those responsible for system selection to consider all
of the costs incurred over the lifetime of the Safety Instrumented System rather than just the
initial purchase costs. This is especially important where the cost of equipment failure can be
significant. The intent of this evaluation is to include all costs of procurement and ownership

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
over the life span of the Safety Instrumented System. Procurement costs represent costs that
occur only once during life of the project. Operating costs occur over the life of the Safety
Instrumented System and can be repetitive. Costs associated with system failure can
dominate overall Lifecycle Costs.

A Lifecycle Cost evaluation can show one how to minimize overall cost of ownership by
initially selecting the “best” Safety Instrumented System architecture. The evaluation
considers the costs for: design, purchase, installation, start-up, functional testing, energy,
repair, a failure event, and lost production. To obtain the complete Lifecycle Cost, all yearly
operating costs are converted to “present value”. All future expenses are converted into their
current valve, accounting for discount rate (interest / inflation). Initial costs and the present
yearly costs are added to obtain total Lifecycle Cost. Refer to reference [5] for additional
information regarding Lifecycle Cost calculations. The proposed architecture for each Safety
Instrumented System should be evaluated for minimum Lifecycle Cost.

Table 1 – Lifecycle Cost Components

Lifecycle Costs
Procurement Costs Description
System Design Engineering costs associated with Front End Loading and
Detailed Design
Purchase Cost of Equipment including Factory Acceptance Testing
and shipping
Installation Construction costs associated with SIS
Start-up Commissioning, PSAT and Initial Functional Testing of
SIS
Operating Costs Description
Engineering Changes Engineering costs associated with maintenance
Consumption Power, spares parts, instrument air, etc.
Maintenance Inspection, Functional Testing
Cost of System Failure Description
Lost Production Cost of lost production
Asset Loss Cost of lost equipment

BENEFIT-TO-COST RATIO

Another tool to determine if the “best” Safety Instrumented System architecture has been
selected is to calculate the ratio of benefits to costs on a financial basis. If the ratio is greater
than one, the system is cost effective. For example if a system has a Benefit-to-Cost Ratio of
1.5, for every $1.00 invested, the system will return $1.50.

Therefore, the Benefit – Cost Ratio is as follows:

B-C Ratio = FNo-SIS x EVNo-SIS - FSIS x EVSIS

CostSIS + CostNT

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
Where,

B-C Ratio = The ratio of benefits to cost

FNo-SIS = The frequency of the unwanted event without a SIS
FSIS = The frequency of the unwanted event with a SIS
EVNo-SIS = The total expected value of loss of the event without a SIS
EVSIS = The total expected value of loss of the event with a SIS
CostSIS = The total lifecycle cost of the SIS (Annualized)
CostNT = The cost incurred due to nuisance trips (Annualized)

SAMPLE PROBLEM

The following sample problem will highlight how economic analysis must be an integral part
of the overall SIS architecture selection / design process.

A company has completed their initial risk analysis and SIL selection exercises associated
with a batch reactor. The team identified a single SIF for this particular unit operation. The
results are as follows:

Table 2 – SIF Summary

SIF ID SIF Description Hazard SIL Inputs Outputs

Potential
overpressure of
vessel with
High pressure in
subsequent release
1 reactor isolates 2 PT-101 HV-100
of flammable / toxic
inlet feed
material. Potential
fire / explosion and
injury / fatality

The SIL Selection process included a Layer of Protection Analysis (LOPA). Based upon the
above information the SIS Engineer needs to perform the following:

1. Select the “best” Functional Test Interval

2. Select the “best” SIS Architecture (sensor(s), logic solver & final element(s))
3. Design SIS for least cost of ownership over a 15 year time frame assuming a 6%
discount rate

Thus, the SIS Engineer needs to answer the following questions about the “best” design:

1. Sensors: transmitters versus switches and associated architecture (1oo1, 1oo2, 2oo3,
etc)

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
 2. Logic Solver: relays versus programmable electric and associated architecture (1oo1,
1oo1D, 1oo2, 1oo2D, 2oo3, 2oo4, etc.)
3. Final Elements: architecture and testing requirements (full stroke versus partial
stroke)

The P&ID for SIF-001 is shown below in Figure 2.

HV
100

PT
101 To Safe Location
Feed
PSV
FCV 102

Reactor

Figure 2 – High Pressure SIF Sketch

Using the steps highlighted in Figure 1 Economic Analysis Flowchart, the following analysis
was completed. To underscore the importance of cost of ownership the analysis shall be
completed for two (2) different nuisance trips cost scenarios (cost of nuisance trip is $10,000
and $150,000). In addition two (2) different cost of the event shall be evaluated (rupture of
vessel costs $1,000,000 and $12,000,000).

Step 1: SIS Conceptual Design Architecture Options

This was the first Safety Instrumented System to be installed in this particular area of the
plant. As such, the SIS Engineer decided to evaluate a wide variety of options with respect to
the architecture of the new SIS. Thus, the following options were to be evaluated:

• Switches versus transmitters and required redundancy if any

• Relays versus Safety PLC’s and required redundancy if any
• Valves and required redundancy if any
• 12 month test interval versus 24 month test interval

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
Step 2: Perform SIL Calculations (PFDavg and MTTFS)

The SIS Engineer completed the following SIL calculations based upon the following design
conditions:

Table 3 – SIS Architecture Analysis Summary

Case Sensors Logic Solver Final Func SIL PFDavg MTTFS

Elements Test
1a Switch Relay (1oo1) Valve 12 1 3.58 x 10-2 13.6
(1oo1) (1oo1) months
1b Switch Relay (1oo1) Valve 24 N/A N/A N/A
(1oo1) (1oo1) months
2a Switch Relay (1oo2) Valve 12 2 1.48 x 10-3 6.84
(1oo2) (1oo2) months
2b Switch Relay (1oo2) Valve 24 2 3.92 x 10-3 6.94
(1oo2) (1oo2) months
3a Xmtr (1oo1) Current Valve 12 1 1.85 x 10-2 20.21
Switch (1oo1) (1oo1) months
3b Xmtr (1oo1) Current Valve 24 N/A N/A N/A
Switch (1oo1) (1oo1) months
3c Xmtr (1oo2) Current Valve 12 2 4.09 x 10-4 10.11
Switch (1oo2) (1oo2) months
3d Xmtr (1oo2) Current Valve 24 2 1.37 x 10-3 10.24
Switch (1oo2) (1oo2) months
4a Xmtr (1oo2) Safety PLC Valve 12 1 8.67 x 10-4 5.26
(1oo1D) (1oo2) months
4b Xmtr (1oo2) Safety PLC Valve 24 2 2.22 x 10-3 4.25
(1oo1D) (1oo2) months
5a Xmtr (1oo2) Safety PLC Valve 12 2 7.29 x 10-4 10.63
(1oo2D) (1oo2) months
5b Xmtr (1oo2) Safety PLC Valve 24 2 1.95 x 10-3 10.79
(1oo2D) (1oo2) months
6a Xmtr (1oo2) Safety PLC Valve 12 2 7.30 x 10-4 10.99
(2oo3) (1oo2) months
6b Xmtr (1oo2) Safety PLC Valve 24 2 1.95 x 10-3 11.14
(2oo3) (1oo2) months

Note: Based upon the need to meet SIL 2 options 1a, 1b, 3a, 3b, and 4a have been eliminated
from further analysis since they could not reach SIL 2.

Step 3: Calculate Lifecycle Costs

To calculate the Lifecycle Costs several additional pieces of information are required. For
this sample problem, the following data was utilized:

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
 • Operating Costs were assumed to be $500 / year plus cost of functional testing.
• Functional Testing = 2 people for 8 hours @ $70/hr plus cost of 8 hours lost
production

Table 4 – SIS Lifecycle Cost Analysis Summary - $10,000 Nuisance Trip Cost

Case Functional Procurement Operating Cost of Lifecycle

Test Costs Costs System Cost
Failure
2a 12 months $26,000 $11,620 $10,000 $167,251
2b 24 months $26,000 $6,060 $10,000 $112,842
3c 12 months $34,100 $11,620 $10,000 $166,168
3d 24 months $34,100 $6,060 $10,000 $111,924
4b 24 months $67,600 $6,060 $10,000 $172,151
5a 12 months $82,600 $11,620 $10,000 $213,728
5b 24 months $82,600 $6,060 $10,000 $159,457
6a 12 months $107,600 $11,620 $10,000 $238,130
6b 24 months $107,600 $6,060 $10,000 $183,892

Table 5 – SIS Lifecycle Cost Analysis Summary - $150,000 Nuisance Trip Cost

Case Functional Procurement Operating Cost of Lifecycle

Test Costs Costs System Cost
Failure
2a 12 months $26,000 $151,620 $150,000 $1,924,490
2b 24 months $26,000 $76,060 $150,000 $1,184,496
3c 12 months $34,100 $151,620 $150,000 $1,794,842
3d 24 months $34,100 $76,060 $150,000 $1,057,327
4b 24 months $67,600 $76,060 $150,000 $1,491,737
5a 12 months $82,600 $151,620 $150,000 $1,829,247
5b 24 months $82,600 $76,060 $150,000 $1,091,326
6a 12 months $107,600 $151,620 $150,000 $1,845,270
6b 24 months $107,600 $76,060 $150,000 $1,107,843

The above two tables underscore how the cost of a nuisance trip can dominate the overall cost
of ownership. In Table 4 with a nuisance trip cost being assumed to be $10,000, the best SIS
architecture consists of redundant pressure transmitters, current switches and valves tested
every 24 months. In Table 5 with a nuisance trip cost being assumed to be $150,000, the best
SIS architecture consists of redundant pressure transmitters, 1oo2D Safety PLC and 1oo2
Shutoff Valves tested every 24 months. Note depending upon actual costs utilized, the results
will vary and different SIS architectures may prove to be “best” for your project.

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
 Step 4: Calculate Benefit-to-cost Ratio

To calculate the Benefit-to-Cost ratio several additional pieces of information are required
and typically are available as a result of completing the SIL Selection process. For this
sample problem, the following data was utilized:

FNo-SIS = 1 / 50 years (from SIL Selection Risk Ranking process)

FSIS = Calculated based upon (PFDavg x FNo-SIS)
EVNo-SIS = Evaluate $1,000,000 or $12,000,000 events
EVSIS = Evaluate $1,000,000 or $12,000,000 events
CostSIS = Varies per architecture considered
CostNT = Evaluate $10,000 and $150,000 events

Note: To underscore importance of costs in overall analysis, two different event costs were
evaluated as well as two different cost of a nuisance trip.

Table 6 – SIS Benefit-to-Cost Ratio Analysis Summary - $10,000 Nuisance Trip Cost

Nuisance
Cost SIS Cost NT B-C
Cost NT EV No SIS EV SIS FNo SIS PFDavg FSIS Trip Rate
(per yr) (per yr) Ratio
(Yrs)
Case
2a $11,150 $10,000 $1,000,000 $1,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 1,462 1.79
2b $7,523 $10,000 $1,000,000 $1,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 1,441 2.65
3c $11,078 $10,000 $1,000,000 $1,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 989 0.95
3d $7,462 $10,000 $1,000,000 $1,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 977 1.14
4b $11,477 $10,000 $1,000,000 $1,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 2,353 0.93
5a $14,249 $10,000 $1,000,000 $1,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 941 0.82
5b $10,630 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 927 0.97
6a $15,875 $10,000 $1,000,000 $1,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 910 0.77
6b $12,259 $10,000 $1,000,000 $1,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 898 0.90

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
 Table 7 – SIS Benefit-to-Cost Ratio Analysis Summary - $150,000 Nuisance Trip Cost

Cost Nuisance
Cost Cost NT B-C
Case SIS (per EV No SIS EV SIS FNo SIS PFDavg FSIS Trip Rate
NT (per yr) Ratio
yr) (Yrs)

2a $128,299 $150,000 $12,000,000 $12,000,000 0.020000 1.48E-03 0.00002960 6.84 $ 21,930 0.86
2b $78,966 $150,000 $12,000,000 $12,000,000 0.020000 3.92E-03 0.00007840 6.94 $ 21,614 1.04
3c $119,656 $150,000 $12,000,000 $12,000,000 0.020000 4.09E-04 0.00000818 10.11 $ 14,837 0.89
3d $70,488 $150,000 $12,000,000 $12,000,000 0.020000 1.37E-03 0.00002740 10.24 $ 14,648 1.09
4b $99,449 $150,000 $12,000,000 $12,000,000 0.020000 2.22E-03 0.00004440 4.25 $ 35,294 0.96
5a $121,950 $150,000 $12,000,000 $12,000,000 0.020000 7.29E-04 0.00001458 10.63 $ 14,111 0.88
5b $72,755 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-03 0.00003900 10.79 $ 13,902 1.08
6a $123,018 $150,000 $12,000,000 $12,000,000 0.020000 7.30E-04 0.00001460 10.99 $ 13,649 0.88
6b $73,856 $150,000 $12,000,000 $12,000,000 0.020000 1.95E-04 0.00000390 11.14 $ 13,465 1.07

As can be seen by the above Benefit-to-Cost numbers, not all architectures represent a sound
financial investment.

CONCLUSION

Based upon the scenarios evaluated it is readily apparent that one cannot simply stop at
completing a SIL calculation to determine if the required SIL has been achieved. Fourteen
(14) different SIS architectures were reviewed and of these designs only nine (9) met the
required SIL requirements. Upon further review, only two SIS architectures were clearly the
“best” in that they minimized cost of ownership, as well as, had a Benefit-to-Cost Ratio > 1.0.
These SIS architectures were as follows:

Table 8 – Final SIS Analysis Summary

Case SIS Architecture Nuisance Event Cost Lifecycle B-C Ratio Savings
Trip Cost
3d Xmtr (1oo2) $10,000 $1,000,000 $111,924 1.14 $126,206
Current Switch
(1oo2)
Valve (1oo2)
5b Xmtr (1oo2) $150,000 $12,000,000 $1,091,326 1.08 $833,164
Safety PLC
(1oo2D)
Valve (1oo2)

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
In summary, in today’s competitive business environment sound financial justification of a
project must be performed during the Safety Instrumented System conceptual design process.
This should include a Lifecycle Cost Analysis as well as a Benefit-to-Cost Ratio Analysis.
Based upon the scenarios reviewed, significant savings could be realized by selecting the
“best” architecture.

DISCLAIMER

Although it is believed that the information in this paper is factual, no warranty or

representation, expressed or implied, is made with respect to any or all of the content thereof,
and no legal responsibility is assumed therefore. The examples shown are simply for
illustration, and, as such, do not necessarily represent any company’s guidelines. The reader
should use data, methodology, formulas, and guidelines that are appropriate for their own
particular situation.

REFERENCES

1. ANSI/ISA S84.01-1996, Application of Safety Instrumented Systems for the Process

Industries, The Instrumentation, Systems, and Automation Society, Research Triangle
Park, NC, 1996.

2. IEC 61508, Functional Safety of Electrical/Electronic/Programmable Safety-related

Systems, Part 1-7,Geneva: International Electrotechnical Commission, 1998.

3. IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Industry
Sector, Parts 1-3, Geneva: International Electrotechnical Commission, 2003.

4. Dieter, G. E., Engineering Design A Materials and Processing Approach, McGraw-Hill,

1983

5. Goble, W.M., Control Systems Safety Evaluation & Reliability, 2nd Edition, ISA, 1998

6. Barringer, H. P, Life Cycle Cost and Good Practices, NPRA Maintenance Conference,
1998

7. Marszal, E & Scharpf, E, Safety Integrity Level Selection – Systematic Methods Including
Layer of Projection Analysis, 2002, ISA, Research Triangle Park, NC

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org
ABBREVIATIONS AND DEFINITIONS

1oo1 1-out-of-1
1oo1D 1-out-of-1 D (D for extensive self-diagnostics)
1oo2 1-out-of-2
1oo2D 1-out-of-2 D (D for extensive self-diagnostics)
2oo3 2-out-of-3
IEC International Electrotechnical Commission
MTTFS Mean Time To Fail Spurious
NPV Net Present Value
FV Future Value
PFDavg Average Probability of Failure on Demand
PLC Programmable Logic Controller
RRF Risk Reduction Factor
SIF Safety Instrumented Function
SIL Safety Integrity Level
SIS Safety Instrumented System

Copyright 2004 by ISA – The Instrumentation, Systems and Automation Society.

Presented at ISA AUTOMATION WEST; www.isa.org