The Vital tool in Safety Management

Alarm Annunciators are a vital tool in safety management. The need for Functional Safety assessment continuously pushes the technical performance of alarm annunciators upwards. Operator involvement puts a limit on reliability of safety functions but may be beneficial in managing complex demands. The following describes the realistic boundaries of performance of alarm annunciators and operators in safety critical applications. The IEC61508 standard [3] deals with electronic and programmable-electronic devices which need to have proven design for high-reliability in order to ensure “functional safety”. The following are all examples od programmable electronic devices - microprocessors - micro-controllers - programmable controllers - application specific integrated circuits (ASICs) - PLCS - other computer based devices The standard defines four Safety Integrity Levels (SIL) which are be categorised according to Probability of Failure on Demand (PFD) or probability of failure per hour. SIL PFD Failures/hr SIL1 < 0.1 < 10-5 SIL2 < 0.01 < 10-6 SIL3 < 0.001 < 10-7 SIL4 < 0.0001 < 10-8 The Omni16c alarm annunciator range has been independently assesed for use in IEC61508 SIL 1 applications, however the use of alarm annunciators as part of safety-related systems is restricted by the reliability of human operators, which is generally considered insufficient to meet high reliability requirements. The IEC61508 standard does not exclude the possibility of a person being part of a safety-related system but human factor requirements are not considered in detail in the standard. The reliability associated with the human operator is most often considered to have an associated PFD (Probability of Failure on Demand) of 1E-01 (90% probability that the operator will successfully respond to the alarm). This makes even a SIL1 system difficult to design, however with a high level of operator training and clear procedures in place, it can be accepted that the operator PFD defines as "response to an alarm" can be as good as IE-02, in which case using an alarm annunciator such as the Omni16C in a SIL 1 system is acceptable. When applying IEC61508 to assess safety-related alarms it therefore becomes clear that the annunciators which involve the human operator can only be targeted at SIL 1 level at best. For a White Paper on "The role of Alarm Annunciators in managing plant safety" please contact Omniflex UK on 0161 491 4144 or email uksales@omniflex.com.

For more information on The Vital tool in Safety Management talk to Omniflex UK Limited