1. Overview of SIS (Safety Instrumented System)
A Safety Instrumented System (SIS) refers to an instrumentation system capable of executing one or more safety functions. SIS is a broad concept that includes several subsystems such as:
ESD (Emergency Shutdown System)
BMS (Burner Management System)
HIPPS (High Integrity Pressure Protection System)
F&GS (Fire and Gas System)
These components form a complete safety architecture that is critical for managing risks in petrochemical and industrial facilities.
2. Key Subsystems of SIS
2.1 Emergency Shutdown System (ESD)
ESD is widely used in petrochemical plants to safely shut down process units during emergency conditions. It was introduced into China through imported process packages in the late 20th century. However, its early applications were limited in scope and not fully integrated with safety management systems.
Originally, ESD was viewed as a logic controller-only solution. With the increasing understanding of SIS in the industry, ESD is now recognized as one of its important types. It is important to note that if the existing ESD system is implemented using a standard PLC and lacks the required functional safety certification, it should not be equated with a true SIS.
2.2 Burner Management System (BMS)
The BMS is typically supplied as a packaged system with industrial burners. It is responsible for:
Purging
Leak detection
Ignition
Flame monitoring
Combustion safety controls
BMS ensures that the burner transitions to a safe state under abnormal conditions to prevent the accumulation of fuel-air mixtures that could lead to explosions.
In practice, due to limited awareness and regulation, BMS configurations often vary. Some use standard PLCs, while others adopt certified safety controllers.
2.3 High Integrity Pressure Protection System (HIPPS)
HIPPS is mainly used for overpressure protection in upstream applications such as gas fields and offshore platforms. It provides a high-integrity safety barrier when traditional relief systems (like pressure relief valves) are inadequate.
2.4 Fire and Gas System (F&GS)
F&GS is part of the fire protection system, responsible for detecting fires and gas leaks and triggering emergency actions such as:
Fire suppression system activation
Ventilation control
Alarm notification
The Gas Detection System (GDS) is an integral part of F&GS and is often of particular concern to automation professionals.
3. Challenges in F&GS Design and Responsibility
In China, no national standard for F&GS design has been established. While major EPC contractors for large-scale projects may issue internal F&GS design guidelines, many small to mid-sized projects lack clear design responsibility:
Some are managed by Instrumentation Engineers
Others fall under the Electrical discipline
This ambiguity often results in inconsistent F&GS system implementations.
4. SIL Requirements for Gas Detection Systems (GDS)
A frequently asked question in safety system design is:
“Does the GDS require Safety Integrity Level (SIL) certification?”
The answer depends on whether the GDS is involved in the safety interlock logic. According to the GB/T 50770-2013 (Design Specification for SIS in Petrochemical Industry):
If gas detectors do not participate in any interlock logic, they can be configured as standalone GDS without SIL requirements.
If gas detectors do participate in safety interlocks (e.g., triggering shutdown valves or emergency systems during a chlorine leak), they must be included in the SIS, and their components must meet the relevant SIL requirements.
5. Updated Standards and Configuration Guidelines
The newly released GB/T 50493-2019 (“Design Standard for Flammable and Toxic Gas Detection and Alarm Systems in Petrochemical Industry”) provides important upgrades:
Gas detection systems must be independent from other control systems
Alarms and fault signals must be transmitted to the fire control room
Gas detectors must not connect directly to the fire alarm controller input loop
If a gas signal is used in SIS logic, the detector should be installed independently
In fire linkage applications, the detector signal must first be processed by a certified gas alarm controller, then forwarded to the fire alarm system
6. Conclusion
SIS is not a single system, but a framework composed of various subsystems—each with a distinct purpose. Understanding the scope, integration, and safety requirements of ESD, BMS, F&GS, and HIPPS is critical for ensuring safe and compliant system designs in modern industrial facilities.
Properly distinguishing whether components like GDS need to meet SIL standards, and clearly assigning design responsibilities between disciplines, will significantly improve system integrity and project execution.