D. SRS - Safety Requirements Specification

The safety requirement specification (SRS) is a documentation requirement of IEC 61511 and ANSI/ISA S84.01-2003 and is an integral part of the Safety Lifecycle model.

The SRS is a summary of key decisions that must be made prior to the conceptual design. The purpose of the SRS is to define the envelope of the Safety Instrumented System (SIS) design. This document, or collection of documents, should be viewed as a basis of design. It is a crucial review step that will minimize downstream detail design changes that could impact cost and/or schedule.

The SRS consists of both safety functional requirements and safety integrity requirements. The software safety requirements specification shall be derived from the safety requirements specification and the chosen architecture of the SIS.

The SRS should include the following requirements:

Description of all the SIF necessary to achieve the required functional safety;
Requirements to identify and take account of common cause failures;
Definition of the safe state of the process for each identified SIF;
Definition of any individually safe process states which, when occurring concurrently, create a separate hazard (for example, overload of emergency storage, multiple relief to flare system);
The assumed sources of demand and demand rate on the SIF;
Requirement for proof-test intervals;
Response time requirements for the SIS to bring the process to a safe state;
The SIL target and mode of operation (demand/continuous) for each SIF;
Description of SIS process measurements and their trip points;
Description of SIS process output actions and the criteria for successful operation, for example, requirements for tight shut-off valves;
The functional relationship between process inputs and outputs, including logic, mathematical functions and any required permissives;
Requirements for manual shutdown;
Requirements relating to energize or de-energize to trip;
Requirements for resetting the SIS after a shutdown;
Maximum allowable spurious trip rate;
Failure modes and desired response of the SIS;
Any specific procedure requirements for starting up and restarting the SIS;
All interfaces between the SIS and any other system (including the BPCS and operators);
Description of the modes of operation of the plant and identification of the safety instrumented functions required to operate within each mode;
The application software safety requirements;
Requirements for overrides/inhibits/bypasses including how they will be cleared;
The specification of any action necessary to achieve or maintain a safe state in the event of fault(s) being detected in the SIS;
The mean time to repair which is feasible for the SIS;
Identification of the dangerous combinations of output states of the SIS that need to be avoided;
The extremes of all environmental conditions that are likely to be encountered by the SIS shall be identified;
Identification of normal and abnormal modes for both the plant as a whole (for example, plant start-up) and individual plant operational procedures (for example, equipment maintenance, sensor calibration and/or repair). Additional safety instrumented functions may be required to support these modes of operation;
Definition of the requirements for any safety instrumented function necessary to survive a major accident event, for example, time required for a valve to remain operational in the event of a fire.

Note: Non-safety instrumented functions may be carried out by the SIS to ensure orderly shutdown or faster start-up. These should be separated from the safety instrumented functions.

SRS - Safety Requirement Specifications Development
Inputs:	Deliverables:
PHA / Process design data Process dynamics for each SIF Process common cause considerations List of SIF with individual SIL targets. Process design drawings / narratives SIF Cause & Effect Matrices P&ID / Electrical drawings Data gathered during SRS development.	Functional Safety Requirements Integrity Safety Requirements Software Safety Requirements Comprehensive SRS Report