IEC TR 63176:2019

IEC TR 63176 ®
Edition 1.0 2019-01
TECHNICAL
REPORT
Process analysis technology systems as part of safety instrumented systems
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
IEC TR 63176 ®
Edition 1.0 2019-01
TECHNICAL
REPORT
Process analysis technology systems as part of safety instrumented systems

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110; 25.040.40 ISBN 978-2-8322-6407-2

– 2 – IEC TR 63176:2019 © IEC 2019
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviated terms . 7
3.1 Terms and definitions . 7
3.2 Abbreviated terms . 9
4 Qualification process . 10
4.1 Overview. 10
4.2 Recommendation for constructor requirements . 12
4.3 Recommendation for plant operator requirements . 13
4.4 Basic testing (analyser only) . 14
4.5 Engineering . 14
4.5.1 General . 14
4.5.2 Design data . 15
4.5.3 Analyser including application . 15
4.5.4 Sample conditioning . 15
4.5.5 HFT . 15
4.5.6 Failure Mode Effects and Diagnosis Analysis of the PAT system
(FMEDA) . 16
4.5.7 Estimation of the PFD value . 16
PAT
4.5.8 Proven performance – from case to case following prior in-service
testing of the PAT system . 17
4.5.9 Safety logic in the PAT system . 17
4.5.10 Sample switching . 18
4.5.11 Compilation of a plan for periodic inspections during the runtime . 18
4.6 Commissioning of the safety system . 18
4.7 Documentation of the qualification process . 18
5 Regular operation . 19
5.1 General . 19
5.2 Periodic testing during runtime . 19
5.3 Documents and records in operation . 19
5.3.1 General . 19
5.3.2 Maintenance schedule . 19
5.3.3 Working instructions . 19
5.3.4 Record of work realised . 19
5.3.5 Fault data recording . 20
5.4 Evaluation of fault data and handling of deviations . 20
5.5 Modifications. 20
5.5.1 Modifications to the PAT system . 20
5.5.2 Modifications of the process engineering process . 20
5.6 Decommissioning and recommissioning . 21
5.6.1 Decommissioning . 21
5.6.2 Recommissioning . 21
5.7 Grandfathering . 21
Annex A (informative) Basic testing of analysers . 22
Annex B (informative) FMEDA – documentation of safety assessment (example) . 25

Annex C (informative) PFD – numerical time-discrete determination . 26
Bibliography . 29

Figure 1 – Qualification process levels for a PAT measuring system . 12
Figure A.1 – Basic testing process for analysers in SIS . 24
Figure B.1 – FMEDA – documentation of safety assessment (example) . 25

Table 1 – Minimum HFT requirements according to SIL . 16

– 4 – IEC TR 63176:2019 © IEC 2019
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
PROCESS ANALYSIS TECHNOLOGY SYSTEMS AS PART OF SAFETY
INSTRUMENTED SYSTEMS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC TR 63176, which is a Technical Report, has been prepared by subcommittee 65B:
Measurement and control devices, of IEC technical committee 65: Industrial-process
measurement, control and automation.
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
65B/1111/DTR 65B/1131/RVDTR
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.

This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

– 6 – IEC TR 63176:2019 © IEC 2019
INTRODUCTION
This Technical Report is designed as a recommendation to aid users of process analyzer
technology that measures installations as part of safety instrumented systems and should be
treated exclusively as a recommendation. Formulations of a binding character encountered in
the recommendation are due to the safety-related content. However, the advisory character of
this document is maintained as a whole. Process analyzer technology measuring equipment is
used, for example, in the process industry as sensor components of safety instrumented
systems. In many cases, they represent the only or most efficient method for monitoring a
process variable, which, for its part, enables a reliable evaluation of designated use of the
system to be protected. Owing to the direct material interaction with the process medium,
process analyzer technology measuring equipment is in general more susceptible to failure
and requires more maintenance than the sensors widely used for pressure, temperature,
filling level and flow measurement. A consequence of this interaction is the inability to avoid
systematic failure completely. This problem is usually countered by checking the measuring
equipment at short, regular intervals.
The variety of process analytical measurement variables and methods and, consequently, the
comparatively limited number of process analyzer technology measuring devices used in each
case for a single, precisely limited, application makes a quantitative evaluation of functional
safety in accordance with IEC 61511 difficult in most cases. Beside the often-inadequate
specifications of manufacturers for evaluating components as safety instrumented systems,
there are an insufficient number of comparable applications. However, several hundred safety
instrumented systems have been successfully realized in the last 30 years among the process
analyser community using process analyzer technology measuring equipment.
Measures are proposed in areas where normative requirements cannot be fulfilled, or only
inadequately. These measures lead to an equivalent level of safety when applied carefully.
Requirements concerning functional safety of electrical and electronic systems are described
in IEC 61508, specified for “Safety instrumented systems for the process industry sector” in
the sector standard IEC 61511. The aim of this document is to describe a procedure for the
use of process analyzer technology measuring devices as part of safety instrumented systems
in a guideline.
PROCESS ANALYSIS TECHNOLOGY SYSTEMS AS PART OF SAFETY
INSTRUMENTED SYSTEMS
1 Scope
This document encompasses recommendations for planning, installation and operation (incl.
maintenance) of process analyzer technology measuring equipment in process industry safety
instrumented systems. It covers all necessary steps for the qualification of safety equipment
and supplements the safety management of safety instrumented system equipment through
the addition of special requirements for process analyzer technology equipment. This
document does not encompass the entire safety management of safety instrumented system
equipment.
The term “qualification” used in this recommendation refers exclusively to the testing of the
suitability of the process analyzer technology system for use in a safety instrumented system
device. It is different from the term "qualification" used in the pharmaceutical environment.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 61508-6:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
IEC 61511 (all parts), Functional safety – Safety instrumented systems for the process
industry sector
IEC 61511-1:2016, Functional safety – Safety instrumented systems for the process industry
sector – Part 1: Framework, definitions, system, hardware and application programming
requirements
IEC 61326-3-1:2017, Electrical equipment for measurement, control and laboratory use –
EMC requirements – Part 3-1: Immunity requirements for safety-related systems and for
equipment intended to perform safety-related functions (functional safety) – General industrial
applications
IEC 61326-3-2:2017, Electrical equipment for measurement, control and laboratory use –
EMC requirements – Part 3-2: Immunity requirements for safety-related systems and for
equipment intended to perform safety-related functions (functional safety) – Industrial
applications with specified electromagnetic environment
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

– 8 – IEC TR 63176:2019 © IEC 2019
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1.1
PAT measuring equipment
process analysis technology systems as entirety of all equipment and media necessary for
realization of the substance-related measurement function
Note 1 to entry: An exemplary, but not necessarily complete list includes sampling equipment, sample conveying
equipment, sample conditioning equipment, sample recirculation equipment, the analyser, PAT control units and
infrastructural equipment such as supply, reference and calibration media and the necessary power supply. From
case to case, a required cabinet or the location in an analyser house or room should be included.
3.1.2
basic testing
possible preselection of suitable analytical equipment for safety instrumented systems without
any reference to a specific measuring task
Note 1 to entry: This applies exclusively to the testing of analytical equipment according to the criteria mentioned
in Annex A.
3.1.3
application testing
test that ensures that the measuring task can be successfully realized with the PAT system
Note 1 to entry: This includes checking the configuration and, occasionally, programming of analytical equipment
to correspond to the measuring task, taking the influence of sample processing into consideration, especially its
accuracy, determining the influences of the matrix and state variables (pressure, temperature, flow), both of the
medium and the analytical equipment environment, and knowledge of the stability over time.
3.1.4
operational experience
knowledge available prior to using an analyser, including the required accessories for
comparable measuring tasks
Note 1 to entry: It therefore involves exclusively experience gained through actual use of comparable analytical
equipment for comparable measuring tasks.
3.1.5
in-service testing
monitored operation of the PAT system as part of a safety instrumented system during
production operation
Note 1 to entry: An explicit differentiation is made here between the procedure in the case of proven operational
performance of PAT systems and the corresponding procedure for safety instrumented system equipment.
Note 2 to entry: The test work to be realised, the timetable, specifications for the evaluation of results, additional
measures for the fulfilment of the safety function required from case to case during in-service testing and the
responsible personnel in this phase should be documented.
3.1.6
proven performance
entirety of knowledge that is part of the final decision in favour of or against the suitability of a
proposed process analyser installation as part of a safety instrumented system
Note 1 to entry: Proven performance will be achieved by sufficient operation experience including approvement of
suitability of the measuring task. If not practicable, proven performance can be achieved through in-service testing.
Note 2 to entry: Proven performance of PAT is finally determined by a team of experts and differs in the manner
of its determination from the method usually used for field devices and PLCs.

3.1.7
calibration
inspection task, its purpose being to confirm the target condition
Note 1 to entry: "Calibration" means determining and documenting the deviation of displayed value of a
measurement from the correct value of the measurement.
Note 2 to entry: When calibrating a process analyser, the relationship between input and output is determined and
documented under specified conditions. Input value is the physical quantity to be measured. Output value is the
electrical output signal of the measuring device.
3.1.8
adjustment
setting or modification of an instrument in order to eliminate systematic errors as far as it is
necessary for the intended application
Note 1 to entry: Adjustment is the process by which a meter is set or adjusted so that the measurement errors are
as small as possible from the nominal value and are within the device specifications. This adjustment is a process
that changes the instrument permanently.
3.1.9
test interval
PAT systems as part of safety systems are subject to different test intervals for proof testing
with differing degrees of testing
Note 1 to entry: Examples being the following:
• Test interval for an internal PAT system diagnostic sensor (e.g. the flow meter)
• Test interval for an internal PAT system channel (e.g. automatic calibration)
• Test interval for an internal PAT system channel (e.g. inspection and servicing incl. manual adjustment)
• Test interval for the entire system (manual, PAT + rest of safety instrumented systems)
3.1.10
proof test
test for discovering errors in a technical safety system so that the system, if necessary, can
be returned to the condition in which it fulfils its intended function
3.1.11
proof test coverage
coverage of test for discovering errors in a technical safety system
Note 1 to entry: This term originally referred to the proof test. However, any test (see test interval) can, in
principle, achieve a coverage <= 1. For sensors, this means that the DU failure rate of the channel increases due
to non-function, while the DD rate decreases. Automatic calibration can usually only check a certain DU rate at
adequately brief time intervals. It can also not be ruled out that channel failures will remain undetected during
inspection and maintenance. Careful planning of test processes should ensure that there is only a low probability of
this occurring.
3.2 Abbreviated terms
DC diagnostic coverage
DD dangerous detected
DU dangerous undetected
FAT factory acceptance test
FMEA failure mode and effects analysis
FMEDA failure mode, effects and diagnostic analysis
HazOp hazard and operability study
HFT hardware fault tolerance
PAT process analyser technology
PFD probability of failure on demand

– 10 – IEC TR 63176:2019 © IEC 2019
PID piping and instrumentation diagram
SAT site acceptance test
SIF safety instrumented function
SIL safety integrity level
SIS safety instrumented system
SFF safe failure fraction
PTC proof test coverage
failure rate of i component
λ
i
μ repair rate of i component
i
unavailability through DD failure of i component
U
DD, i
U unavailability through DU failure of i component
DU, i
U unavailability of channel 1
ch1
U unavailability of entire system in the moon configuration
MooN
β
proportion of common cause failures
T maximum test interval
max
PFD proportion of pfd value due to common cause
beta
PFD pfd value of entire system without taking common cause into consideration
MooN
pfd value of the entire pat system
PFD
PAT
4 Qualification process
4.1 Overview
PAT measuring devices are generally complex SIS sensors individually tailored to suit the
specific requirements of the process engineering process and which describe the condition of
the process through measurement of the concentration of one or more substances.
The individuality of these sensors often makes it impossible to transfer operational experience
with a sufficient number from existing SIS to new PAT measuring equipment which is to be
planned. In-service testing of completed functional measuring equipment should be conducted
in these cases. The individuality of these measuring devices requires a high degree of
technical competence on the part of those involved in the process at all levels of the
qualification process described (see Figure 1). This includes (installation) constructors and
operators of the PAT system (see 4.2 and 4.3). Each qualification step will be documented
The qualification process will be performed by PAT-experts under participation of safety
engineers for process control and process engineering. All relevant process data for the PAT-
System performance will be confirmed by the responsible safety engineer.
Where several measuring methods are technically practical, these methods should be
examined and assessed. Further aspects to reduce/minimize the overall failure probability of
the PAT system should be considered right from the beginning of planning, including:
• the degree of redundancy/fault tolerance;
• homogeneous or diverse redundancy;
• operational experience/proven performance from other measuring equipment;
• risk associated with the metrological application (e.g. cross-sensitivities, ageing
processes, common cause failure).

Metrological suitability can be ascertained from experience in earlier applications or is proven
in the context of an application test.
When using redundant systems, delta deviation monitoring of the measured values should be
considered.
Selection of the measuring method is followed by design of sample conditioning and
components relevant to this. Both the design and choice of components should
determining of
be justified where this is relevant to functionality and documented. Appropriate and reliable
equipment and components should be used for constructing the PAT measuring system.
Verification of reliability is usually based on the operational experience of the operator, but
can also be realized through a reliability assessment conducted by the manufacturer.
Assumptions of the (installation) constructor and/or plant operator specific to the application
(e.g. failure rates, proof test intervals, etc.) always take precedence over manufacturer
specifications. The constructor and/or operator are responsible for the SIL classification
appropriate for the application, regardless of any possible manufacturer recommendation.
Although preference should be given to the use of SIL-certified analysers, this does not mean
it is mandatory to use an analyser SIL-certified by the manufacturer. Consequently, an
analyser without SIL certification can be used in preference to a SIL-certified analyser.
It is also unnecessary to realize a specific application exclusively with an analyser approved
for this purpose by a particular manufacturer. For example, there is no reason why an
analyser certified as SIL1 by the manufacturer and with proven performance should not be
used in a 1-channelled SIL2 application if the qualification process is realized.
A detailed examination of the overall PAT system should be conducted in the case of PAT
measuring equipment. The aim here is to detect potential failures, evaluating these with
regard to the effect on functional safety. Appropriate measures for failure control, failure
avoidance, failure detection or the reduction of failure frequency can be derived from this. The
PFD value should be estimated. Options for estimation are mentioned in 4.5.6. The PFD value
of PAT is taken into consideration in the overall PFD value for SIS.
Where proven performance, an adequate HFT value (see 4.5.5) and a PFD value (see 4.5.7)
are available, the suitability of the PAT system for SIS should be assessed as a final
measure.
An SFF is inadequate, owing to the complexity of process analyser equipment. For this
reason, the SFF is neither evaluated nor indicated in the case of process analyser technology
systems.
Where adequate data is still not available to establish proven performance, but measuring
methods are already being used with great success in media of a comparative type, the
suitability of the PAT system as part of a SIS safety installation during active operation can be
determined based on the documented in-service testing process (see 4.5.8).
As a result of the in-service testing process, the operator may be faced with requirements that
need to be met to maintain functional safety. Finally, the life cycle of PAT measuring
equipment should be documented from commissioning to decommissioning.

– 12 – IEC TR 63176:2019 © IEC 2019
Proof of performance (Clause 4.5.8)

Figure 1 – Qualification process levels for a PAT measuring system
4.2 Recommendation for constructor requirements
The following requirements are derived from IEC 61511-1:2016, 5.2 and set out in concrete
terms to address process analyser technology issues. Verification of qualification of a PAT
installation as part of a SIS demands comprehensive knowledge and experience in the area of
process analyser technology and its use in chemical and/or physical processes. This
knowledge and experience can be compiled in an expert team, which realizes verification of

qualification. Persons, departments or organizations involved in the implementation of
measures in the safety life cycle should be competent to realize the tasks for which they are
responsible. Those responsible for the qualification process require adequate management
and leadership qualities for the respective task and an understanding of the consequences of
any event which may occur. New and complex applications or technologies should only be
used if the team is capable of understanding these and evaluating the safety aspect.
The following knowledge and experience should be available in the expert team:
• Knowledge of relevant chemical or physical process steps at the measuring location
The physical and/or chemical parameters at the me
...