Session Actions

Session Details

Safety Instrumented Systems (SIS)

7 November 11:00 a.m. - 12:30 p.m.

Session Type: Paper

Track: Industrial Automation and Control

Paths(s): TechnicianTechnician   ManagementManagement   EngineerEngineer   


Too Little, Too Late: Functional Safety Assessment Learnings

Nicholas Sands CAP, PE, DuPont Read Bio

Nick is currently a Manufacturing Technology Fellow working for DuPont's Kevlar®, Nomex®, and Tyvek® businesses and the Global Alarm Management Leader for DuPont. In his 23 years with DuPont, he has been a business process control leader, site process control leader, process control consultant, and plant control engineer in several different businesses. He has worked on or led the development of several corporate standards and best practices in the areas of automation competency, safety instrumented systems, alarm management, and process safety. 

Nick is an ISA (International Society of Automation) Fellow, served as ISA vice president of Professional Development, Co-chair of Standards & Practices committee 18 working on Alarm Management, and a volunteer in the development of the Certified Automation Professional program.  He is also secretary of the IEC (International Electrotechnical Commission) committee working on the alarm management standard IEC62682.  He has written many articles and papers on alarm management, safety instrumented systems, and professional development.

Nick is a Certified Automation Professional and a licensed engineer in the state of Delaware.  His path to instrumentation and control started when he earned his BS in Chemical Engineering from Virginia Tech. When not working or reading, Nick enjoys recreational mushing with rescued huskies.


Conducting a functional safety assessment (FSA), after validation of the safety instrumented system (SIS) and before the introduction of the process hazards, is one of the most inconvenient requirements of ANSI/ISA-84 (IEC61511).  It occurs when the project team is stressed to make the start-up date and there are too few hours in the day. But a double check of the systems, especially the systems that prepare the operations team, can catch oversights driven by tight process schedules and limited resources.  This paper shares the findings from a series of FSAs and provides some suggestions for improving future SIS projects and startups.

Roll Out and Maintenance Integration of SIS Proof Test and Inspection

John Kelley ISA84 SFS, aeSolutions Read Bio

John is a Senior Specialist in aeSolutions' Safety Instrumented Systems Front-End Loading (SIS FEL) group. John works closely with clients in the oil and gas industry, developing and implementing a Layer of Protection Analysis (LOPA) testing program across 20 processing facilities and evaluating and developing SIS system documentation. He is dedicated to improving the process safety lifecycle programs of his clients, and is particularly knowledgeable of OSHA 1910 compliance, having managed the development of Safe Operating Limits Tables for 18 facilities. John's extensive testing experience and strong technical skills have led him to champion preventative maintenance as a means to meet difficult reliability targets and provide value to his clients.

Education, Registrations and Affiliations

  • Bachelor of Science in Electrical Engineering - Clemson University
  • ISA84 SIS Fundamentals Specialist


Proof test and inspection serves two primary purposes within the safety lifecycle: to find and repair failures in the system, and validate the failure rate assumptions used in the safety integrity level (SIL) calculations. Many facilities may have robust preventative maintenance systems, but lack sufficient or clear documentation on the failure mechanism to allow classification. There may also be differences in how individual facilities within the same corporation record test results.

It is highly beneficial for a corporation to record and classify failures in a consistent manner so that the instrumentation reliability data can be easily compared and compiled into metrics across multiple facilities or assets.

Challenges with implementing a new or modified approach to testing of Safety Instrumented System (SIS) instruments include issues such as education of participants and stakeholders, integrating the new proof testing procedures with the current maintenance plans and schedule, and documenting failures identified outside of testing. It is critical to create a plan which deals with these challenges ahead of pushing SIS proof testing to facilities.

This paper reviews the technical and management challenges associated with implementing a standard SIS proof testing philosophy and documentation strategy across a multi-facility upstream oil and gas business unit.

Instrumentation for Electrical Lockout Tagout Verification

Chris Devine, Industrial Control & Electrical Read Bio

Chris is a Director of “Industrial Control & Electrical” and “Redbusbar"

He holds a Bachelor of Electrical and Computer Engineering, Associate Diploma of Electrical Engineering and is an Electrical Fitter/Mechanic.

He is a member of the Association of Professional Engineers, Scientists and Managers Australia, Institute of Instrumentation and Control Australia and is a Registered Practising Engineer of Queensland.

Chris has worked for the South East Queensland Electricity Board, Comalco Aluminium Powder, Sinclair Knight Merz and Paterson Flood Engineers.

He has held senior project and plant maintenance supervisory roles.  Fields of interest included power, hazardous areas and instrumentation & control in the bulk materials, chemical, mineral processing and explosives industries.

He holds international patents for SwitChek and DeadEasy isolation verification devices.


This presentation discusses new instrumentation that confirms the isolated state of electrical disconnect switches prior to conducting equipment maintenance. Verification that electrical isolation switches are off is a vital activity when performing equipment Lockout Tagout procedures.

The current methods for verification of electrical isolation are presented. Common methods used by plant operators and maintenance personnel include Test for Dead / Live-Dead-Live Check, Try-Start / Try-out, visible break isolators and mains voltage indicator lamps. Safety hazards and limitations associated with these verification methods are then discussed. An example is presented that demonstrates how Test for Dead / Live-Dead-Live Check may produce unexpected results. In addition, circumstances preventing the use of the Try-Start / Try-out method are presented highlighting practical constraints for its universal use. Challenges associated with mains voltage, indication lamps and the new problems they introduce are also detailed. The limitations of these widely used isolation verification methods open the door for a new approach to address poorly understood safety problems.

Finally a new instrument, DeadEasy, is introduced that aims to provide an unskilled worker with a highly accurate electrical, isolation verification result. The design of the instrument and how it addresses the short comings of existing isolation verification methods and technologies is explained.