Up next in 10
In this video, you will learn about Safety Instrumented Systems (SIS).
#instrumentation #safety #automation
✨ FOLLOW US ✨
👉WhatsApp: https://whatsapp.com/channel/0029VaAbUecLNSa4rDPOV31o
👉Telegram: https://t.me/+u3qORX5FKec1NjA1
👉LinkedIn: https://www.linkedin.com/company/instrumentationtools/
👉Facebook: https://www.facebook.com/instrumentationtoolss/
👉Instagram: https://www.instagram.com/instrumentationtools/
👉YouTube: https://youtube.com/instrumentationtools?sub_confirmation=1
👉JOIN Courses: https://automationcommunity.com/
Tags:
Safety Instrumented System SIS, SIS basics for beginners, what is SIS in instrumentation, safety PLC systems explained, functional safety IEC 61511, SIL levels explained, safety lifecycle in process industry, SIS vs BPCS difference, industrial safety systems training, emergency shutdown systems ESD, safety interlocks in plants, hazard analysis HAZOP LOPA, safety engineering basics, process safety instrumentation, SIL verification validation, fail safe systems, safety control systems tutorial
Show More Show Less View Video Transcript
0:04
Welcome back to another explainer. If
0:07
you're the kind of person who loves
0:08
figuring out how the hidden world around
0:10
us actually works, well, you are in
0:11
exactly the right place. Today, we're
0:14
diving into something that is literally
0:15
saving lives every single day, right
0:17
under our noses. Safety instrumented
0:20
systems, or SIS for short. If you're a
0:22
beginner to all this industrial
0:23
engineering stuff, don't worry. We're
0:25
going to cut through all the complex
0:27
acronyms, paint a really clear picture
0:28
of how this works, and figure out
0:30
exactly how massive chemical plants and
0:32
oil refineries stop catastrophic
0:34
disasters in their tracks. It is
0:36
honestly super fascinating, so let's get
0:38
into it. So, here's our quick road map
0:40
for today. We're going to hit the
0:41
industrial safety challenge first, then
0:44
break down the difference between BPCS
0:46
and SIS. After that, we'll look at the
0:49
actual anatomy of an SIS, decode how
0:51
engineers measure safety using SIFs and
0:54
SILs, and finally, we'll wrap up with
0:56
how they design these systems for
0:57
absolute reliability.
0:59
Okay. I want you to imagine, just for a
1:01
second, the absolutely massive stakes at
1:04
play inside a modern petrochemical
1:06
refinery. We're talking mind-boggling
1:08
pressures, boiling chemicals, highly
1:10
volatile gases. Now, what happens if a
1:13
primary valve just gets stuck, or a
1:15
regular control computer totally freezes
1:17
up? The temperature starts rising, the
1:19
pressure spikes. What happens when those
1:21
standard everyday operational controls
1:23
just suddenly fail? Well, without a
1:25
completely independent backup plan,
1:26
we're looking at massive property loss,
1:28
environmental devastation, toxic
1:30
releases, and worst of all, the loss of
1:32
human life. It's serious stuff.
1:35
To stop that from happening, facilities
1:37
use a strategy called layers of
1:38
protection. Because in industrial
1:40
environments, safety is never just one
1:42
single thing, right? It's a cascading
1:44
series of safety nets. At the bottom,
1:47
you've got your basic day-to-day
1:48
controls, your alarms, your human
1:50
operators. But if all of those fail, you
1:52
move up the danger ladder.
1:54
Those red and yellow zones you're
1:55
seeing, that is the safety instrumented
1:57
system. It acts as this critical, fully
2:00
automated, absolute last line of defense
2:02
right before a disaster hits. And right
2:04
before passive physical barriers like
2:06
huge concrete containment dikes have to
2:08
do the heavy lifting.
2:10
All right, section one, the industrial
2:12
safety challenge. Let's define what
2:13
we're actually dealing with here.
2:15
So, a safety instrumented system, or
2:17
SIS, is basically an independent
2:19
guardian angel for an industrial
2:21
facility. It's a completely distinct,
2:23
dedicated set of engineered hardware and
2:25
software controls. And its sole purpose
2:27
in life is to just monitor for dangerous
2:29
conditions and automatically pull the
2:31
plug, execute a safe shutdown, if things
2:33
go sideways.
2:35
The really key word here is passive. The
2:37
SIS just sits there. It's completely
2:39
dormant. It is not adjusting flow rates
2:41
or trying to make production more
2:42
efficient. It is entirely invisible
2:44
until a critical emergency demands an
2:46
immediate, life-saving intervention.
2:49
Which brings us to section two, BPCS
2:52
versus SIS explained.
2:55
Let's compare these two systems.
2:57
Now, in any plant, the everyday
2:58
workhorse is the basic process control
3:01
system, the BPCS.
3:03
This is the active, dynamic system. It's
3:05
constantly taking in data from sensors
3:07
and tweaking valves and pumps to
3:09
perfectly regulate things like pressure,
3:11
temperature, and flow.
3:13
It is 100% focused on optimizing the
3:15
plant to be as efficient as possible.
3:18
This is the system the human operators
3:19
are actually staring at and interacting
3:21
with on their computer screens all day
3:23
long.
3:24
So, the absolutely crucial thing to
3:26
grasp here is the strict separation
3:27
between these two systems. Think of the
3:29
BPCS as the cruise control in your car.
3:31
It's active, right? It's constantly
3:33
adjusting the throttle to keep you
3:34
moving smoothly and efficiently. But the
3:36
SIS? The SIS is the airbag. It's it's
3:39
completely dormant in your steering
3:41
wheel, doing absolutely nothing to help
3:42
your gas mileage. But the split second
3:44
you hit a wall, it deploys independently
3:46
to save your life. It only cares about
3:48
safety. And just like your airbag isn't
3:50
wired into your cruise control computer,
3:51
the SIS has to be physically and
3:53
logically totally separate from the
3:55
BPCS.
3:56
Moving on to section three, the anatomy
3:58
of an SIS. Let's crack this thing open.
4:02
You can really see the strict sequential
4:04
flow of a safety function here, what we
4:06
call sensing to action. It flows cleanly
4:08
from left to right. It starts with the
4:10
physical sensors out in the field, moves
4:12
to the logic solver, which is kind of
4:14
the brain of the whole operation, and
4:15
then finally pushes out to the muscles,
4:17
the final elements like massive shutoff
4:19
valves. And again, this entire
4:21
architecture is completely separated
4:23
from the everyday BPCS equipment,
4:25
guaranteeing that if the normal plant
4:26
controls totally fail, the safety system
4:28
isn't left flying blind.
4:30
Let's zoom in on that first component,
4:32
the sensors.
4:34
These are the eyes and ears of the
4:35
safety system. These transmitters are
4:37
actively hunting for abnormal
4:39
deviations, like a pressure spike that's
4:41
suddenly way outside the normal safe
4:43
limits. And remember that independence
4:45
we just talked about? Engineers will
4:47
literally drill completely separate
4:48
holes, they call them process taps, into
4:50
a pipe specifically just for the SIS
4:52
sensors. Why go through all that
4:54
trouble? Because if the SIS and the
4:56
regular control system share the exact
4:58
same tap, and that tap got clogged up
5:00
with debris, well, both systems would
5:01
instantly go blind at the exact same
5:03
time. Engineers call that a common mode
5:05
failure, and physically separate sensors
5:07
are how you prevent it.
5:09
Okay, so next, that sensor data flows
5:11
right into the logic solvers. This is
5:13
the brain of our guardian angel. Modern
5:15
industrial plants use what are called
5:17
safety rated programmable logic
5:19
controllers, or safety PLCs.
5:21
This brain is built with insane levels
5:23
of fault tolerance, and it runs intense
5:25
continuous self-diagnostics. In fact, it
5:28
is specifically designed to be
5:29
fail-safe. What that means is, if the
5:31
brain itself suffers some sort of
5:33
internal electrical short or hardware
5:35
breakdown, it doesn't just freeze up and
5:36
do nothing. It's hardwired to
5:38
automatically drop its power and default
5:40
the whole system to a safe shutdown
5:42
state.
5:43
And finally, if that brain decides a
5:45
safety threshold has actually been
5:47
crossed, it fires a signal straight to
5:49
the final elements. These are the
5:51
muscles. We are talking about massive
5:53
automated actuators, incredibly
5:55
heavy-duty valves, and large electrical
5:57
relays.
5:58
These elements are the ones executing
6:00
the actual shutdown command. They're the
6:02
ultimate physical intervention. They
6:04
will literally slam a giant pipeline
6:06
shut to choke off a flow of combustible
6:08
fuel, or instantly open a huge relief
6:10
valve to vent out explosive pressure.
6:12
They actively isolate the hazard.
6:15
Okay, section four, measuring safety,
6:17
SIFs and SILs. Let's decode some more
6:20
jargon.
6:21
First up, the SIF, or safety
6:23
instrumented function.
6:25
Now, a SIF is not the entire plant
6:27
safety system. It's just one single
6:30
control loop designed to address one
6:31
very specific hazard.
6:33
So, for example, a sensor detecting
6:35
abnormally high pressure in one specific
6:38
boiler, which is wired to a solver,
6:40
which then tells one specific gas valve
6:42
to close.
6:43
That one complete action, that's a SIF.
6:46
So, an entire SIS is really just a
6:48
collection of multiple individual SIFs,
6:51
each one looking out for totally unique
6:53
and specific hazard somewhere in the
6:54
facility. Now, to figure out exactly how
6:57
dependable each of those individual SIFs
6:59
actually needs to be, engineers use
7:02
SILs, or safety integrity levels. It's a
7:04
super simple scale ranging from one to
7:06
four, and they use this to precisely
7:08
quantify how much risk a function can
7:10
actually reduce. Basically, the higher
7:13
the number, the more ridiculously
7:14
reliable that safety function has to be
7:16
at preventing a disaster. But, here is
7:19
where it gets really interesting.
7:20
There's a massive trade-off. Yes, a
7:23
higher SIL means better risk mitigation
7:25
and a much lower probability of failure
7:27
on demand, meaning it's way less likely
7:29
to fail when you actually need it to
7:31
work.
7:32
But, moving from say a SIL one to a SIL
7:35
three, that massively skyrockets both
7:37
the engineering complexity and the
7:39
financial cost.
7:41
Actually, it's a known rule of thumb in
7:42
the industry that if an engineer
7:43
calculates a process is so dangerous it
7:45
requires a SIL 4 safety system, the
7:48
fundamental design of that plant is
7:49
probably just fatally flawed. A SIL 4
7:52
system is so wildly complex and so
7:54
incredibly expensive that it's usually
7:56
cheaper and smarter to just tear up the
7:58
blueprints and redesign the chemical
8:00
process from scratch so it's inherently
8:02
safer to begin with.
8:03
All right, our final section, section
8:05
five, designing for reliability. So, how
8:09
do they guarantee these systems actually
8:11
work? The secret sauce here is
8:13
redundancy. Specifically, there are
8:15
concept engineers called voting
8:17
arrangements because let's face it,
8:19
absolutely no piece of hardware is 100%
8:22
reliable. So, instead of trusting just
8:24
one sensor, engineers use multiple
8:26
redundant sensors and actually have them
8:28
vote on what action to take. This is
8:30
brilliant because it guarantees that one
8:32
single broken sensor won't cause a
8:34
hidden failure that leads to a real
8:35
explosion. And on the flip side, it
8:37
won't trigger a fake spurious alarm that
8:39
needlessly shuts down a plant, which can
8:41
literally cost a company millions of
8:43
dollars in lost production time. Let's
8:45
actually walk through a real world
8:46
example of this to make it super clear,
8:48
a one out of two or one out of two
8:50
voting architecture.
8:52
Imagine two pressure switches installed
8:54
side by side on a giant tank. Only one
8:57
of them needs to detect danger to pull
8:58
the alarm and trigger the shutdown.
9:01
Now imagine switch A suffers a really
9:03
dangerous hidden failure. Let's say its
9:05
internal metal contacts literally weld
9:07
themselves shut over time. It's
9:08
completely blind now. Fast forward a few
9:11
months and a real terrifying pressure
9:13
spike happens in the tank. Switch A does
9:16
absolutely nothing. But, because we
9:18
designed for redundancy, switch B is
9:20
right there. It accurately detects the
9:22
hazard, casts its vote, independently
9:24
opens the electrical circuit, and
9:26
successfully shuts down the plant. It
9:28
totally saves the day.
9:29
One component completely failed, but the
9:31
system as a whole worked flawlessly.
9:33
That's the power of voting.
9:35
And honestly, that brings us to the
9:37
ultimate question we have to ask
9:38
ourselves. As industrial facilities get
9:40
more and more complex, relying heavier
9:42
and heavier on artificial intelligence
9:44
and automated systems for their daily
9:46
operations, these independent safety
9:48
instrumented systems become our absolute
9:50
most vital guardians. It forces us to
9:52
ask, what really is the true engineering
9:54
cost of absolute safety? How much
9:56
redundancy is actually enough? The next
9:58
time you're driving down the highway
9:59
past a massive refinery or a towering
10:01
power plant, take just a second to think
10:03
about those completely invisible dormant
10:05
networks of sensors and logic solvers.
10:07
They're just quietly watching over us,
10:08
waiting for that one critical second
10:10
they are needed to prevent the
10:11
unthinkable. Pretty amazing stuff,
10:13
right? Thanks so much for joining me on
10:15
this explainer, and as always, keep
10:16
learning.
10:20
>> [music]
#Jobs & Education