; Safety Management Terms Glossary
Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Safety Management Terms Glossary


Safety Management Terms Glossary document sample

More Info
  • pg 1
									  Functional Safety Terms and Acronyms

This list of functional safety terms and acronyms has been compiled from a number of sources listed
at the end including the IEC 61508, IEC 61511 (ISA84.01) standards. It is meant to provide a general
reference for engineers practicing safety lifecycle engineering in the process industry. As such it
provides both safety and related non-safety term definitions in a clear useable form. It specifically
highlights the most important terms and acronyms from the safety lifecycle standards with working
level definitions. The reader is encouraged to pursue IEC 61508 or IEC 61511 for additional
definitions and for additional information on applying the safety lifecycle to the process industry.
Comments and feedback on this document are welcome and can be sent to info@exida.com noting
the title and version of the document.
The definitions appearing in this glossary are provided solely for general informational purposes.
They are not intended to be complete descriptions of all terms, conditions and exclusions applicable
to the practice of safety engineering. Also, in the case of any inconsistency between the definitions in
this glossary and the definitions appearing in the applicable codes and standards, the definitions
contained in the those codes and standards shall govern.

Issued for general distribution: Version 1.0 on 24 November 2006 by Dr. Eric W. Scharpf, CFSE.

2oo3                  Two out of three logic circuit (2/3 logic circuit) A logic circuit with three
                      independent inputs. The output of the logic circuit is the same state as any two
                      matching input states. For example a safety circuit where three sensors are
                      present and a signal from any two of those sensors is required to call for a shut
                      down. This 2oo3 system is said to be single fault tolerant (HFT = 1) in that one
                      of the sensors can fail dangerously and the system can still safely shut down.
                      Other voting systems include 1oo1, 1oo2, 2oo2, 1oo3 and 2oo4.
IEC 61508             The IEC standard covering Functional Safety of electrical / electronic /
                      programmable electronic safety-related systems The main objective of
                      IEC61508 is to use safety instrumented systems reduce risk to a tolerable level
                      by following the overall, hardware and software safety lifecycle procedures and
                      by maintaining the associated documentation. Issued in 1998 and 2000, it has
                      since come to be used mainly by safety equipment suppliers to show that their
                      equipment is suitable for use in safety integrity level rated systems.
IEC 61511             The IEC standard for use of electrical / electronic / programmable electronic
                      safety-related systems in the process industry. Like IEC 61508 it focuses on a
                      set of safety lifecycle processes to manage process risk. It was originally
                      published by the IEC in 2003 and taken up by the US in 2004 as ISA 84.00.01-
                      2004. Unlike IEC 61508, this standard is targeted toward the process industry
                      users of safety instrumented systems.
                     Functional Safety and Reliability
                     Terms and Acronyms                   Issue 1.0         November 2006

Actuator              A device responsible for putting a mechanical device into action such as a
                      valve. Single acting actuators act in only one direction such as in a spring
                      and diaphragm actuator where the spring acts in a direction opposite to the
                      diaphragm thrust. Double acting actuators have a power supply that acts to
                      move the actuator in two normally opposite directions. Pneumatic actuators
                      converts the energy of a compressible fluid, usually air, into motion. Vane
                      actuators are typically fluid-powered devices where the fluid acts upon a
                      movable pivoted member (the vane) to provide rotary motion to the actuator
ALARP                 As low as reasonably practicable. The philosophy of dealing with risks that
                      fall between an upper and lower extreme. The upper extreme is where the
                      risk is so great that it is rejected completely while the lower extreme is
                      where the risk is, or has been made to be, insignificant. This philosophy
                      considers both the costs and benefits of risk reduction to make the risk “as
                      low as reasonably practicable”.
Algorithm             A prescribed set of well defined rules or processes for the solution of a
                      problem in a finite number of steps
Analogue I/O          Input or output signals to or from the filed that vary continuously over a
                      range of values. Typically voltage, electric current, temperature, or pressure
                      signals are analogue.
Annunciator           A device or group of devices that call attention to changes in process
                      conditions that have occurred. Usually included are sequence logic circuits,
                      labeled visual displays, audible devices, and manually operated
                      acknowledge and reset push buttons.
Architecture          The voting structure of different elements in a safety instrumented function.
                      See Architectural Constraints, Fault Tolerance and 2oo3.
Architectural constraints or AC
                       Limitations that are imposed on the hardware selected to implement a
                       safety-instrumented function, regardless of the performance calculated for a
                       subsystem. Architectural constraints are specified (in IEC 61508-2-Table 2
                       and IEC 61511-Table 5) according to the required SIL of the subsystem,
                       type of components used, and SFF of the subsystem’s components. Type A
                       components are simple devices not incorporating microprocessors, and
                       Type B devices are complex devices such as those incorporating
                       microprocessors. See Fault Tolerance.
As-built              A document revision that includes all modifications performed as a result of
                      actual fabrication or installation. Note for safety systems, that where the
                      actual installation does not conform to the design information, then the
                      difference shall be evaluated and the likely impact on safety determined. If
                      the difference has no impact on safety, then the design information shall be
                      updated to “as built” status. If the difference has a negative impact on
                      safety, then the installation shall be modified to meet the design
Asynchronous communication
                      Circuitry or operation without common clock or timing signals. Often called
                      start/stop transmission; a way of transmitting data in which each character
                      is preceded by a start bit and followed by a stop bit.

                                                 Page 2 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                    Issue 1.0           November 2006

Auto-tuning          Controller feature that calculates proportional, integral and derivative (PID)
                     output settings based on calculations using measured process dynamics
                     and combining those with the parameters of a PID controller. Calculations
                     may be based on transient responses, frequency responses or parametric
Availability         The probability that a device is operating successfully at a given moment in
                     time. This is a measure of the “uptime” and is defined in units of percent.
                     For most tested and repaired safety system components, the availability
                     varies as a saw tooth with time as governed by the proof test and repair
                     cycles. Thus the integrated average availability is used to calculate the
                     average probability of failure on demand. See PFDavg.
Basic process control system
                     System which responds to input signals from the process, associated
                     equipment, and/or an operator and generates output signals causing the
                     process and its associated equipment to operate in the desired way. The
                     BPCS can not perform any safety instrumented functions rated with a safety
                     integrity level of 1 or better unless it meets proven in use requirements. See
                     proven in use.
Batch process        A process that manufactures a fixed quantity of material by subjecting
                     measured quantities of raw materials to a time sequential order of
                     processing actions using one or more pieces of equipment. Typically used
                     for small volume production of high value materials.
β-factor             Beta factor, indicating common cause susceptibility. The fraction of total
                     failure rate that is attributed to a single cause in common with other units in
                     the group. A common cause failure will result in all units with the group
                     failing simultaneously.
BLEVE                Boiling liquid expanding vapor explosion. A specific type of fireball that can
                     occur as the result of the situation where a vessel containing a pressurized
                     liquid comes in direct contact with external flame. As the liquid inside the
                     vessel absorbs the heat of the external fire, the liquid begins to boil,
                     increasing the pressure inside the vessel to the set pressure of the relief
                     valve(s). The heat of the external fire will also be directed to portions of the
                     vessel where the interior wall is not “wet” with the process liquid. Since the
                     process liquid is not present to carry heat away from the vessel wall, the
                     temperature in this region (usually near the interface of the boiling liquid),
                     will rise dramatically causing the vessel wall to overheat and become weak.
                     A short time after the vessel wall begins to overheat, the vessel can lose its
                     structural integrity and a rupture will occur. After vessel rupture, a fireball
                     will usually result with the external fire available as the ignition source.
BMS                  Burner management system. The control system designed to improve
                     combustion safety and assist the operator in starting and stopping the
                     burners. It also should prevent mis-operation and damage to the fuel
                     preparation and burning equipment. The BMS can include: interlock system,
                     fuel trip system, master fuel trip system, master fuel trip relay, flame
                     monitoring and tripping systems, ignition subsystem, main burner
                     subsystem, warm-up burner subsystem, bed temperature subsystem, and
                     duct burner system.
BPCS                 See Basic Process Control System.

                                                Page 3 of 33
                    Functional Safety and Reliability
                    Terms and Acronyms                   Issue 1.0          November 2006

Burn-in             Device operation, usually under accelerated environmental conditions that
                    simulate life in the devices' intended application, used to detect early-life
                    (infant mortality) failures. Such testing helps to ensure that constant failure
                    rate assumptions for equipment are valid and do not lead to accidents
                    during plant start up.
Bus                 A group of wires or conductors, considered as a single entity, which
                    interconnects part of a system.
Butterfly valve      A valve consisting of a disc inside a valve body which operates by rotating
                     about an axis in the plane of the disc to shut off or regulate flow.
Calibration curve   A plot of indicated value versus true value used to adjust instrument
                    readings for inherent error; a calibration curve is usually determined for
                    each calibrated instrument in a standard procedure and its validity
                    confirmed or a new calibration curve determined by periodically repeating
                    the procedure.
Capacitance         The ability of a capacitor to store a charge. The greater the capacitance, the
                    greater the charge that can be stored. Also applied to tanks in process fluid
                    flow systems.
Cause and effect diagram
                     One method commonly used to show the relationship between the sensor
                     inputs to a safety function and the required outputs. Often used as part of a
                     safety requirements specification. The method’s strengths are a low level of
                     effort and clear visual representation while its weaknesses are a rigid format
                     (some functions can not be represented w/ C-E diagrams) and the fact that
                     it can oversimplify the function.
Cavitation           A two stage phenomenon of liquid flow. The first stage is the formation of
                     voids or cavities within the liquid system; the second stage is the collapse or
                     implosion of these cavities back into an all liquid state. Cavitation can cause
                     excessive wear and damage to devices in regions where the voids are
CFSE/CFSP           Certified Functional Safety Expert/Professional Qualifications for safety
                    engineers in either process applications, machine applications, hardware, or
                    software that demonstrates competence in safety lifecycle activities. These
                    qualifications are administered by the non-profit CFSE Governance
                    managed by a global consortium of vendor, user, integrator and consultant
Check valve         A flow control device that permits flow in one direction and prevents flow in
                    the opposite direction
CPT or PTC           Proof test coverage – The percentage failures that are detected during the
                     servicing of equipment. In general it is assumed that when a proof test is
                     performed any errors in the system are detected and corrected (100% proof
                     test coverage).
CPQRA               (Guidelines for) Chemical Process Quantitative Risk Analysis

                                                Page 4 of 33
                      Functional Safety and Reliability
                      Terms and Acronyms                    Issue 1.0          November 2006

CPU                    central processing unit: The part of a computing system that contains the
                       arithmetic and logical units, instruction control unit, timing generators, and
                       memory and I/O interfaces. This is typically a very complex element which
                       requires Type B classification for SIL hardware fault tolerance requirements
                       according to IEC 61508.
Common mode failure
                       A random stress that causes two or more components to fail at the same
                       time for the same reason. It is different from a systematic failure in that it is
                       random and probabilistic but does not proceed in a fixed, predictable, cause
                       and effect fashion. See systematic failure.
Consequence           The magnitude of harm or measure of the resulting outcome of a harmful
                      event. One of the two components used to define a risk.
Coriolis flow meter   A mass flow meter which measures mass flow of a fluid by determining the
                      torque resulting from radial acceleration of the fluid. The name comes from
                      the Coriolis effect that describes the accelerating force acting on any body
                      moving freely above the earth's surface, which is caused by the rotation of
                      the earth about its axis.
Coverage              See CPT
Cross talk            The unwanted energy transferred from one circuit, the disturbing circuit, to
                      another circuit, the disturbed circuit. Typically signals electrically coupled
                      from another circuit.
D Diagnostics          Some safety rated logic solvers are designated as having capital D
                       diagnostics. These are different from regular diagnostics in that the unit is
                       able to reconfigure its architecture after a diagnostic has detected a failure.
                       The greatest effect is for 1oo2D systems which can reconfigure to 1oo1
                       operation upon detecting a safe failure. Thus the spurious trip rate for such
                       a system is dramatically reduced.
Dangerous failure      A failure of a component in a safety instrumented function that prevents that
                       function from achieving a safe state when it is required to do so. See failure
Dead time              The interval of time between initiation of an input change or stimulus and
                       the start ofthe resulting response.
Decision table        A table of all contingencies that are to be considered in the description of a
                      problem, together with the actions to be taken. Decision tables can be used
                      in place of flow charts for problem description and documentation.
Derivative control    Change in the output that is proportional to the rate of change of the input.
                      Also called "rate control."
Design pressure       The maximum allowable working pressure permitted under the rules of the
                      relevant construction code. See also pressure, design.
Diaphragm             A sensing element consisting of a thin, usually circular, plate which is
                      deformed by pressure differential applied across the plate.
Diaphragm valve       A valve with a flexible linear motion closure piece that is forced into the
                      internal flow passageway of the valve body by the actuator.

                                                   Page 5 of 33
                        Functional Safety and Reliability
                        Terms and Acronyms                   Issue 1.0          November 2006

Diagnostic coverage A measure of a system’s ability to detect failures. This is a ratio between the
                    failure rates for detected failures to the failure rate for all failures in the
Differential gap        The smallest increment of change in a controlled variable required to cause
                        the final control element in a two position control system to move from one
                        position to its alternative position.
DP (Differential pressure) transmitter
                         A transducer designed to measure the pressure difference between two
                         points in a process and transmit a signal proportional to this difference,
                         without regard to the absolute pressure at either point. Often used to
                         measure flow by the pressure difference across a restriction in the flow line
                         or to measure level by measuring the pressure difference between the head
                         pressure produced by the height of a liquid in a vessel or tank and a
                         reference pressure.
Digital/Discrete I/O:    Input or output that senses or sends either "on” or “off" (1 or 0) signals to
                         the field. For example a discrete input would sense the position of a switch
                         as energized or de-energized. A discrete output would turn a pump or light
                         on or off.
DCS                      Digital or Distributed Control System. DCSs historically refers to larger
                         analog control systems traditionally used for PID control in the process
                         industries, whereas PLCs were used for discrete or logic processing.
                         However, PLCs are gaining capability and acceptance in doing PID control
                         while the DCS has come to mean the system of input/output devices,
                         control devices and operator interface devices which execute the stated
                         control functions and permit transmission of control, measurement, and
                         operating information to and from multiple locations, connected by a
                         communication link. The DCS is specifically separate from the safety
                         instrumented system (SIS) in that there are no meaningful random common
                         mode failures between the two systems.
Digital valve            A single valve casing containing multiple solenoid valves whose flow
                         capacities vary in binary sequence (1, 2, 4, 8, 16, ...); to regulate flow, the
                         control device sends operating signals to various combinations of the
                         solenoids; applications are limited to very clean fluids at moderate
                         temperatures and pressures.
DIN                     Abbreviation for the standards institution of the Federal Republic of
Displacement level meter
                         A device that measures liquid level by means of a float and balance beam
                         connected to a position sensor.
Diversity               applying different ways to performing a required function. Diversity may be
                        achieved by different physical methods or different design approaches.
Division 1-2            See Hazardous Area
Doppler effect flowmeter

                                                    Page 6 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0          November 2006

                      A device that uses ultrasonic techniques to determine flow rate; a
                      continuous ultrasonic beam is projected across fluid flowing through the
                      pipe, and the difference between incident beam and transmitted beam
                      frequencies is a measure of fluid flow rate.
Double block and bleed
                      A three valve configuration common in shut off applications. Two main shut
                      off valves (block valves) operate on the main process line to stop flow. Then
                      a third bleed valve to a vent can be opened to relieve pressure of remove
                      the process fluid from the region between the two block valves. Typically
                      considered as a 1oo2 voting shut off system provided the bleed valve
                      opening is not critical to achieving the safe state.
Dual-sealing valve    A valve which uses a resilient seating material for the primary seal and a
                      metal to metal seat for a secondary seal.
Duplex               Half duplex is where there is communications in both directions (transmit
                     and receive), but in only one direction at a given instant in time. Full duplex
                     is where there is communication that appear to have information transfer in
                     both directions (transmit and receive) at the same time.
Dust, combustible    Dust that (when mixed with air in certain proportions) can be ignited and will
                     propagate a flame.
Dynamic pressure     The increase in pressure above the static pressure that results from
                     complete transformation of the kinetic energy of the fluid into potential
                     energy in units of pressure.
Eddy current          A circulating current induced in a conductive material by a changing
                      electromagnetic field.
E/E/PE                Electrical / Electronic / Programmable Electronic See 61508 and 61511.
Effect Zone          The physical area in which a harmful effect is felt by a receptor. For a toxic
                     release, the area over which the airborne concentration exceeds some level
                     of concern. For a physical energy release, the area over which a specified
                     overpressure criterion is exceeded. For thermal radiation effects, the area
                     over which an effect based on a specified damage criterion [e.g., a circular
                     effect zone surrounding a pool fire resulting from a flammable liquid spill,
                     whose boundary is defined by the radial distance at which the radiative flux
                     from the pool fire has decreased by 5 kW/m2 (approximately 1600 BTU/hr-
EIA                   Electronics Industry Association who provide standards for such things as
                      interchangeability between manufacturers.
EMI                   Electromagnetic Interference: Any spurious effect produced in the circuits or
                      elements of a device by external electromagnetic fields. NOTE: A special
                      case of interference from radio transmitters is known as "radio frequency
                      interference (RFI)"
Elevation error      A type of error in temperature or pressure sensors that incorporate capillary
                     tubes partly filled with liquid; the error is introduced when the liquid filled
                     portion of the system is at a different level than the instrument case, the
                     amount of error varying with distance of elevation or depression.

                                                Page 7 of 33
                      Functional Safety and Reliability
                      Terms and Acronyms                  Issue 1.0          November 2006

Event (Independent) Events that do not affect each other (can be series or parallel). Tossing two
                    coins (parallel)or one coin twice (series) are generally considered to be
                    independent events.
Event (Initiating)     The first event in an event sequence (e.g., the stress corrosion resulting in
                       leak/rupture of the connecting pipeline to the ammonia tank)
Event (Intermediate) An event that propagates or mitigates the initiating event during an event
                     sequence (e.g., improper operator action fails to stop the initial ammonia
                     leak and causes propagation of the intermediate event to an incident; in this
                     case the intermediate event outcome is a toxic release)
Event tree analysis    A method of fault propagation modeling. The analysis constructs a tree-
                       shaped picture of the chains of events leading from an initiating event to
                       various potential outcomes. The tree expands from the initiating event in
                       branches of intermediate propagating events. Each branch represents a
                       situation where a different outcome is possible. After including all of the
                       appropriate branches, the event tree ends with multiple possible outcomes.
Exception reporting    An information system which reports on situations only when actual results
                       differ from planned results. When results occur within a normal range they
                       are not reported.
Explosion             Combustion which proceeds so rapidly that a high pressure is generated
                      suddenly. This high pressure or shock wave is the result of a turbulent flame
                      boundary and is very difficult to predict relative to a flash fire which
                      propagates through laminar boundary flow.
Explosion (Physical) The result of sudden catastrophic rupture of a high-pressure vessel. The
                     blast wave is caused when the potential energy stored in the high-pressure
                     vessel is transferred to kinetic energy when that material is released. The
                     effect zone is determined by the quantity of energy released and the blast
                     shock wave overpressure resulting from the explosion.
Explosion (Vapor Cloud)
                       The result of ignition of a cloud of flammable vapor, when the flame velocity
                       is high enough (turbulent and supersonic) to produce an explosive shock
                       wave. The effect zone is determined by the quantity of energy released and
                       the blast shock wave overpressure resulting from the explosion.
Explosion door        A door in a furnace or boiler setting designed to be opened by a
                      predetermined gas pressure.
Explosion proof enclosure
                       An enclosure that is 1) capable of withstanding an explosion of a gas or
                       vapor within it, 2) able to prevent the ignition of an explosive gas or vapor
                       that may surround it and 3) that operates with an external temperature that
                       a surrounding explosive gas or vapor will not be ignited from conditions
                       within the enclosure.
Fail close            A condition wherein the valve closing component moves to a closed position
                      when the actuating energy source fails.
Fail in place/last    A condition wherein the valve closing component stays in its last position
                      when the actuating energy source fails

                                                 Page 8 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                   Issue 1.0          November 2006

Fail open            A condition wherein the valve closing component moves to an open position
                     when the actuating energy source fails.
Fail safe            (or preferably de-energize to trip) A characteristic of a particular device
                     which causes that device to move to a safe state when it loses electrical or
                     pneumatic energy.
Failure rate         The number of failures per unit time for a piece of equipment. Usually
                     assumed to be a constant value. It can be broken down into several
                     categories such as safe and dangerous, detected and undetected, and
                     independent/normal and common cause. Care must be taken to ensure that
                     burn in and wearout are properly addressed so that the constant failure rate
                     assumption is valid.
Failure modes        The way that a device fails. These ways are generally grouped into one of
                     four failure modes: Safe Detected (SD), Dangerous Detected (DD), Safe
                     Undetected (SU), and Dangerous Undetected (DU) per ISA TR84.0.02.
FAT                   Factory acceptance test. A test performed before shipment to site, usually
                      at the vendor or integrator premises, often witnessed by the end user. Not a
                      mandatory step in IEC61511, but very common to avoid problems during
                      site acceptance testing (SAT) and site integration testing (SIT).
Fault propagation modeling
                      The analysis of the chain of events that leads to an accident. By analyzing
                      what events initiate that chain, which events contribute to, or allow the
                      accident to propagate, and establishing how they are logically related, the
                      event frequency can be determined. Fault propagation modeling techniques
                      use the failure rates of individual components to determine the failure rate of
                      the overall system.
Fault tolerance      Ability of a functional unit to continue to perform a required function in the
                     presence of random faults or errors. For example a 1oo2 voting system can
                     tolerate one random component failure and still perform its function. Fault
                     tolerance is one of the specific requirements for safety integrity level (SIL)
                     and is described in more detail in IEC 61508 Part 2 Tables 2 and 3 and in
                     IEC 61511 (ISA 84.01 2004) in Clause 11.4
Fault tree diagram   Probability combination method for estimating complex probabilities. Since it
                     generally takes the failure view of a system, it is useful in multiple failure
                     mode modeling. Care must be taken when using it to calculate integrated
                     average probabilities.
Fieldbus             A Fieldbus is a digital, two-way, multi-drop communication link between
                     intelligent measurement and control devices. It serves as a Local Area
                     Network (LAN) for advanced process control, remote input/output and high
                     speed factory automation applications.
Final element         Component of a safety function (such as a valve) which directly prevents
                      the harmful event and brings the process to a safe state.

                                                 Page 9 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                    Issue 1.0            November 2006

Fire (Flash)        The result of ignition of a cloud of flammable vapor, when the flame velocity
                    is too slow (laminar and subsonic) to produce an explosive shock wave.
                    When a gas phase mixture of fuel an air is ignited, a flame front travels from
                    the point of ignition in all directions where the fuel/air concentration is within
                    flammable limits. The velocity of the flame front will determine the type of
                    damage that will be caused by this event.
Fire (Jet)          Results when high-pressure flammable material is ignited as it is being
                    released from containment. The effect zone of a jet fire is proportional to the
                    size of the flame generated. As a high-pressure material is released from a
                    hole, the material will exit with a velocity that is mainly a function of system
                    pressure and hole size. As distance away from the hole increases, the
                    amount of oxygen in the mixture increases as air is entrained in the jet. As
                    the upper flammability limit threshold is crossed, the fuel and air react,
                    releasing the energy of combustion. As the combustion continues, entrained
                    air, unburned fuel and combustion products continue to move in the
                    direction of the release due to the momentum generated by the release.
Fire (Pool)         Results when spilled flammable liquids are ignited. The magnitude of the
                    effect zone created by a pool fire will depend on the size of the flame that is
                    generated, which in turn depends on the size of the spill surface and the
                    properties of the spilled fluid. The flame’s footprint is determined by the
                    containment of the liquid spill, which is often controlled by any dikes or
                    curbs present. If a spill is unconfined, the liquid will spread over an area
                    determined by the fluid’s viscosity and the characteristics of the surface on
                    which the material is spilled, such as its porosity.
Fireball            Result of a sudden and widespread release of a flammable gas or volatile
                    liquid that is stored under pressure, coupled with immediate ignition. This is
                    distinguished from a jet fire by the shorter duration of the event and the
                    difference in the geometry and shape of the flame. When a pressure vessel
                    containing a flammable gas or volatile liquid ruptures, the first result is the
                    quick dispersion of the flammable material as the high-pressure material
                    rapidly expands to atmospheric pressure. During this expansion, the release
                    will entrain large quantities of air as a result of the process. If the material in
                    the vessel is a volatile liquid, this process will also cause formation of an
                    aerosol with the dispersion of liquid droplets away from the release as a
                    result of the vapor expansion.
Fixed program language (FPL)
                    This type of language limits the user to adjusting a few parameters (for
                    example, range of the pressure transmitter, alarm levels, network
                    addresses). Typical examples of devices with FPL are: smart sensors (for
                    example, pressure transmitter), smart valves, sequence of events
                    controllers, dedicated smart alarm boxes, and small data logging systems.
Flammability        Susceptibility to combustion. flammable (explosive) limits The flammable
                    (explosive) limits of a gas or vapor are the lower (LFL or LEL) and the upper
                    (UFL or UEL) percentages by volume of concentration of gas in a gas-air
                    mixture that will form an ignitable mixture
Flash point         The minimum temperature where a liquid emits vapor in a concentration
                    sufficient to form an ignitable mixture with air near the surface of the liquid
                    but not sufficient to sustain combustion.

                                                Page 10 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                   Issue 1.0          November 2006

Floating ball         A full ball positioned within the ball valve that contacts either of two seat
                      rings and is free to move toward the seat ring opposite the pressure source
                      when in the closed position to effect tight shutoff
Flow straightener     A supplementary length of straight pipe or tube, containing straightening
                      vanes or the equivalent, which is installed directly upstream of a flow meter
                      for the purpose of eliminating swirl from the fluid entering the flow meter
FMEDA                 Failure Modes Effects and Diagnostics Analysis - This is a detailed analysis
                      of the different failure modes and diagnostic capability for a piece of
                      equipment. This is an effective method for determining failure modes and
                      failure rates, a requirement for certification against IEC 61508 in most
                      certification agencies.
Four-wire transmitter Electronic transmitter that has separate pairs of wires for signal and power.
Full variability language (FVL)
                      This type of language is designed for computer programmers and provides
                      the capability to implement a wide variety of functions and applications
                      Typical example of systems using FVL are general purpose computers. In
                      the process sector, FVL is found in embedded software and rarely in
                      application software. FVL examples include: Ada, C, Pascal, Instruction List,
                      assembler languages, C++, Java, and SQL.
Functional safety     Freedom from unacceptable risk achieved through the safety lifecycle. See
                      IEC 61508, IEC 65111, safety lifecycle, and tolerable risk.
Functional safety assessment
                      Activity performed by a competent senior engineer to determine if the safety
                      system does meet the specification and actually achieve functional safety
                      (freedom from unacceptable risk). This assessment is an important part of
                      reducing systematic failures. It must be performed at least after
                      commissioning and validation but before the hazard is present.
Fusible plug          A hollowed threaded plug having the hollowed portion filled with a low
                      melting point material. This element is often used to provide a mechanical
                      relief device triggered by temperature causing the process fluid to vent
                      when the plug material melts.
Gain                  1. Ratio of output signal magnitude to input signal magnitude; when less
                      than one this is usually called attenuation. 2. The relative degree of
                      amplification in an electronic circuit. 3. The ratio of the change in output to
                      the change in input which caused the change. 4. In a controller, the
                      reciprocal of proportional band Proportional band can be expressed as a
                      dimensionless number (gain) or as a percent.
Gasket                A sealing member, usually made by stamping from a sheet of cork, rubber,
                      metal or impregnated synthetic material and clamped between two
                      essentially flat surfaces to prevent pressurized fluid from leaking through the
                      crevice; typical applications include flanged joints in piping, head seals in a
                      reciprocating engine or compressor, casing seals in a pump, or virtually
                      anywhere a pressure tight joint is needed between stationary members.
                      Also known as "static seal."

                                                 Page 11 of 33
                 Functional Safety and Reliability
                 Terms and Acronyms                  Issue 1.0          November 2006

Gate valve        A valve with a closing piece in the form of a flat or wedge shaped gate
                  which may be moved linearly in or out of the flow stream. It has a straight
                  through flow path.
Gland            A device for preventing a pressurized fluid from leaking out of a casing at a
                 machine joint, such as at a shaft penetration for a valve or pump. Also
                 known as "gland seal."
Globe valve      1. A valve with a closure piece that moves in a straight line, one or more
                 ports, and a body distinguished by a globular shaped cavity around the port
                 region. 2. A type of flow regulating valve consisting of a movable disc and a
                 stationary ring seat in a generally spherical body. In the general design, the
                 fluid enters below the valve seat and leaves from the cavity above the seat.
Go/no go test     A test in which one or more parameters are determined, but which can
                  result only in acceptance or rejection of the test object, depending on the
                  value(s) measured.
Grab sampling    A method of sampling bulk materials for analysis, which consists of taking
                 one or more small portions (usually only imprecisely measured) at random
                 from a pile, tank, hopper, railcar, truck or other point of accumulation.
Ground loop      Circulating current between two or more connections to electrical ground.
                 This signal can be detected and displayed by electronic instruments. These
                 signals are generally not associated with the variable to be measured and
                 represent noise in the measuring system. They are typically broken
                 (removed) by adding optical coupling devices to the circuit.
HART             Highway Addressable Remote Transducer. The HART protocol was
                 originated by Rosemount in the late 1980's. The protocol was "open" for
                 other companies to use and a User Group formed in 1990.
Hazard           The potential for harm.
Hazard Matrix     A category based method for assigning a safety integrity level (SIL). The
                  user must create a matrix that assigns defined categories to the
                  consequence (one axis dimension) and likelihood (other axis dimension)
                  components of the risk with a SIL assignment associated for each entry in
                  the matrix. In some cases, quantitative tools, such as LOPA, are used to
                  assist the analyst in determining which category to use, but often the
                  assignment is done qualitatively, using engineering judgment.
Hazardous area   A US classification for an area in which explosive gas/air mixtures are, or
                 may be expected to be, present in quantities such as to require special
                 precautions for the construction and use of electrical apparatus.
                  Division 1 (hazardous). Where concentrations of flammable gases or vapors
                  exist a) continuously or periodically during normal operations; b) frequently
                  during repair or maintenance or because of leakage; or c) due to equipment
                  breakdown or faulty operation which could cause simultaneous failure of
                  electrical equipment. (See the US "National Electrical Code, Paragraph 500
                  4(a)" for detailed definition.)

                                            Page 12 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0         November 2006

                      Division 2 (normally nonhazardous). Locations in which the atmosphere is
                      normally nonhazardous and may become hazardous only through the
                      failure of the ventilating system, opening of pipe lines, or other unusual
                      situations. (See the US "National Electrical Code, Paragraph 500 4(b)" for
                      detailed definition.)
                      Nonhazardous. Areas not classified as Division 1 or Division 2 are
                      considered nonhazardous. NOTE: It is safe to have open flames or other
                      continuous sources of ignition in nonhazardous areas [S12.4].
Hazardous material    Any substance that requires special handling to avoid endangering human
                      life, health or well being. Such substances include poisons, corrosives, and
                      flammable, explosive or radioactive chemicals.
HAZOP                Hazards and operability study. A process hazards analysis procedure
                     originally developed by ICI in the 1970s. The method is highly structured
                     and divides the process into different operationally-based nodes and
                     investigates the behavior of the different parts of each node based on an
                     array of possible deviation conditions or guidewords.
HFT                   Hardware fault tolerance (see fault tolerance)
H&MB                 Heat and Material Balance. An accounting of the distribution of the heat and
                     material input and output for a process. Usually prepared as part of the
                     process flow sheet or diagram (PFD) development early in an engineering
                     project. Usually part of the input to a HAZOP or other hazard identification
Heuristic            Pertaining to a method of problem solving in which solutions are discovered
                     by evaluation of the progress made toward the final solution, such as a
                     controlled trial and error method. An exploratory method of tackling a
                     problem, or sequencing of investigation, experimentation, and trial solution
                     in closed loops, gradually closing in on the solution. A heuristic approach
                     usually implies or encourages further investigation, and makes use of
                     intuitive decisions and inductive logic in the absence of direct proof known
                     to the user. Thus, heuristic methods lead to solutions of problems or
                     inventions through continuous analysis of results obtained thus far,
                     permitting a determination of the next step. A stochastic method assumes a
                     solution on the basis of intuitive conjecture or speculation and testing the
                     solution against known evidence, observations, or measurements. The
                     stochastic approach tends to omit intervening or intermediate steps toward
                     a solution. Contrast with stochastic and algorithmic.
HMI/MMI               Human or Man Machine Interface. Refers to the software that the process
                      operator "sees" the process with. An example HMI/MMI screen may show a
                      tank with levels and temperatures displayed with bar graphs and values.
                      Valves and pumps are often shown and the operator can "click" on a device
                      to turn it on, off or make a set point change.
HSE                  (UK) Health and Safety Executive
Hydrogen damage      Any of several forms of metal failure caused by dissolved hydrogen,
                     including blistering, internal void formation, and hydrogen induced delayed
IDLH                 Immediately Dangerous to Life and Health. Use in consequence analysis to
                     estimate toxic effects on people.

                                                Page 13 of 33
                    Functional Safety and Reliability
                    Terms and Acronyms                  Issue 1.0          November 2006

IEC                  International Electrotechnical Commission. A worldwide organization for
                     standardization. The object of the IEC is to promote international
                     cooperation on all questions concerning standardization in the electrical and
                     electronic fields. To this end and in addition to other activities, the IEC
                     publishes international standards. See 61508 and 61511.
Impact analysis      activity of determining the effect that a change to a function or component
                     will have to other functions or components in that system as well as to other
Impedance            The complex ratio of a force-like parameter to a related velocity-like
                     parameter - for instance, force to velocity, pressure to volume, electric
                     voltage to current, temperature to heat flow, or electric field strength to
                     magnetic field strength.
Incident             The result of an initiating event that is not stopped from propagating. The
                     incident is most basic description of an unwanted accident, and provides the
                     least information. The term incident is simply used to convey the fact that
                     the process has lost containment of the chemical, or other potential energy
                     source. Thus the potential for causing damage has been released but its
                     harmful result has not has not taken specific form.
Inductance           1. In an electrical circuit, the property that tends to oppose changes in
                     current magnitude or direction. 2. In electromagnetic devices, generating
                     electromotive force in a conductor by means of relative motion between the
                     conductor and a magnetic field such that the conductor cuts magnetic lines
                     of force.
Infrared             Any electromagnetic wave whose wavelength is 0.78 to 300 microns.
                     Typically used to detect moisture or heat/temperature.
Integral control     A type of controller function where the output (control) signal or action is a
                     time integral of the input (sensor) signal.
Interference, common mode
                     A form of interference which appears between measuring circuit terminals
                     and ground. See also EMI.
Interference, electromagnetic
                     Any spurious effect produced in the circuits or elements of a device by
                     external electromagnetic fields. NOTE: A special case of interference from
                     radio transmitters is known as "radio frequency interference (RFI)" See also
Interference, normal-mode
                     A form of interference which appears between measuring circuit terminals.
                     See also EMI.
Interlock            1. Instrument which will not allow one part of a process to function unless
                     another part is functioning. 2. A device such as a switch that prevents a
                     piece of equipment from operating when a hazard exists. 3. To arrange the
                     control of machines or devices so that their operation is interdependent in
                     order to assure their proper coordination.

                                               Page 14 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                  Issue 1.0           November 2006

Intrinsic safety   1. A type of protection in which a portion of the electrical system contains
                   only intrinsically safe equipment (apparatus, circuits, and wiring) that is
                   incapable of causing ignition in the surrounding atmosphere. No single
                   device or wiring is intrinsically safe by itself (except for battery-operated
                   self-contained apparatus such as portable pagers, transceivers, gas
                   detectors, etc., which are specifically designed as intrinsically safe self-
                   contained devices) but is intrinsically safe only when employed in a properly
                   designed intrinsically safe system. This type of protection is referred to by
                   IEC as "Ex I.". 2. Design methodology for a circuit or an assembly of circuits
                   in which any spark or thermal effect produced under normal operating and
                   specified fault conditions is not capable under prescribed test conditions of
                   causing ignition of a given explosive atmosphere. 3. A method to provide
                   safe operation of electric process control instrumentation where hazardous
                   atmospheres exist. The method keeps the available electrical energy so low
                   that ignition of the hazardous atmosphere cannot occur. 4. A protection
                   technique based upon the restriction of electrical energy within apparatus
                   and of interconnecting wiring, exposed to a potentially explosive
                   atmosphere, to a level below that which can cause ignition by either
                   sparking or heating effects. Because of the method by which intrinsic safety
                   is achieved, it is necessary to ensure that not only the electrical apparatus
                   exposed to the potentially explosive atmosphere but also other electrical
                   apparatus with which it is interconnected is suitably constructed.
I/O                 Input/Output. Refers to the electronic hardware where the field devices are
                    wired. Discrete I/O would have switches for inputs and send signals to
                    solenoid valves and pumps for outputs. Analog I/O would have continuously
                    variable process values inputs, and controller outputs.

I/S barrier         Intrinsic safety barrier. Physical element that limits current and voltage into
                    a hazardous area in order to satisfy Intrinsic Safety requirements.
IPL                 Independent protection layer or layers. This refers to various other methods
                    of risk reduction possible for a process. Examples include items such as
                    rupture disks and relief valves which will independently reduce the likelihood
                    of the hazard escalating into a full accident with a harmful outcome. In order
                    to be effective, each layer must specifically prevent the hazard in question
                    from causing harm, act independently of other layers, have a reasonable
                    probability of working, and be able to be audited once the plant is operation
                    relative to its original expected performance.
ISA                 Instrumentation, Systems and Automation Society See IEC 61511.
Jacketed valve     A valve body cast with a double wall or provided with a second wall by
                   welding material around the body so as to form a passage for a heating or
                   cooling medium. Also refers to valves which are enclosed in split metal
                   jackets having internal heat passageways or electric heaters. Also referred
                   to as "steam jacketed" or "vacuum jacketed. " In a vacuum jacketed valve, a
                   vacuum is created in the space between the body and secondary outer wall
                   to reduce the transfer of heat by convection from the atmosphere to the
                   internal process fluid, usually cryogenic.

                                              Page 15 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                    Issue 1.0          November 2006

Ladder diagram        Symbolic representation of a control scheme. The power lines form the two
                      sides of a ladder like structure, with the program elements arranged to form
                      the rungs. The basic program elements are contacts and coils as in
                      electromechanical logic systems. Typically programs of this form fall into the
                      limited variability language (LVL) category.
Lambda                Failure rate for a system. See failure rate.
Laser Doppler flowmeter
                      An apparatus for determining flow velocity and velocity profile by measuring
                      the Doppler shift in laser radiation scattered from particles in the moving
                      fluid stream
Latent fault          A fault that is present but hidden from regular means of detection. Typically
                      these faults can only be identified as part of an accident or a detailed proof
LEL/LFL               Lower explosive (or flammable) limit. See flammability.
Likelihood            The frequency of a harmful event often expressed in events per year or
                      events per million hours. One of the two components used to define a risk.
                      Note that this is different from the traditional English definition that means
Limited variability language (LVL)
                      This type of language is designed for process sector users, and provides
                      the capability to combine predefined, application specific, library functions to
                      implement the safety requirements specifications. An LVL provides a close
                      functional correspondence with the functions required to achieve the
                      application. Typical examples of LVL are ladder diagram, function block
                      diagram and sequential function chart
Linear variable differential transformer (LVDT)
                      A position sensor consisting of a central primary coil and two secondary
                      coils wound on the same core; a moving iron element linked to a
                      mechanical member induces changes in self induction that are directly
                      proportional to movement of the member.
Linear variable reluctance transducer (LVRT)
                      A position sensor consisting of a centre tapped coil and an opposing moving
                      coil attached to a linear probe; the winding is continuous over the length of
                      the core, instead of being segmented as in an LVDT.
Load cell             A transducer for the measurement of force or weight. Action is based on
                      strain gauges mounted within the cell on a force beam.
Loop                  A combination of two or more instruments or control or safety functions
                      arranged so that signals pass from one to another for the purpose of
                      measurement and/or control of a process variable or executing a safety
Longitudinal redundancy check (LRC)
                      Error detection scheme that consists of a byte where each bit is calculated
                      on the basis of the parity of all the bits in the block that have the same
                      power of two.

                                                  Page 16 of 33
                    Functional Safety and Reliability
                    Terms and Acronyms                  Issue 1.0           November 2006

LOPA                 Layer of Protection Analysis. A method of analyzing the likelihood
                     (frequency) of a harmful outcome event based on an initiating event
                     frequency and on the probability of failure of a series of independent layers
                     of protection capable of preventing the harmful outcome.
Markov analysis      A fault propagation method used to analyze failure rate or probability for
                     safety instrumented functions. A diagram is constructed to represent the
                     system under consideration including the logical relationships between its
                     components. In Markov analysis there are a group of circles, each of which
                     represents a system state. The different states are connected with
                     transitions, which are shown as arrows and indicate paths to move from one
                     state to another. The transitions are quantified using either failure rates
                     when the transition is from an OK state to a failed state or repair rates when
                     the transition is from a failed state back to an OK state. As with other
                     models, there are several solution methods to obtain results. For safety
                     instrumented system applications, the method using steady state equations
                     is not appropriate. Numeric discrete time solutions are excellent.
Mode (Continuous)    When demands to activate a safety function (SIF) are frequent compared to
                     the test interval of the SIF. Note that other sectors define a separate high
                     demand mode, based on whether diagnostics can reduce the accident rate.
                     In either case, the continuous mode is where the frequency of an unwanted
                     accident is essentially determined by the frequency of a dangerous SIF
                     failure. When the SIF fails, the demand for its action will occur in a much
                     shorter time frame than the function test, so speaking of its failure
                     probability is not meaningful. Essentially all of the dangerous faults of a SIF
                     in continuous mode service will be revealed by a process demand instead
                     of a function test. See low demand mode, high demand mode, and SIL.
Mode (High Demand) (also continuous mode per IEC 61511) Similar to continuous mode only
                   there is specific credit taken for automatic diagnostics. The split between
                   high demand and continuous mode is whether the automatic diagnostics
                   are run many times faster than the demand rate on the safety function. If the
                   diagnostics are slower than this there is no credit for them and the
                   continuous mode applies.
Mode (Low Demand) (also demand mode per IEC 61511) when demands to activate the safety
                  instrumented function (SIF) are infrequent compared to the test interval of
                  the SIF. The process industry defines this mode when the demands to
                  activate the SIF are less than once every two proof test intervals. The low
                  demand mode of operation is the most common mode in the process
                  industries. When defining safety integrity level for the low demand mode, a
                  SIF’s performance is measured in terms of average Probability of Failure on
                  Demand (PFDavg). In this demand mode, the frequency of the initiating
                  event, modified by the SIF’s probability of failure on demand times the
                  demand rate and any other downstream layers of protection determine the
                  frequency of unwanted accidents.
Modulation           1. The process or the result of the process by which some characteristic of
                     one wave is varied in accordance with some characteristic of another wave
                     (AM, amplitude modulation; PM, phase modulation; FM, frequency
                     modulation). 2. The action of a control valve to regulate fluid flow by varying
                     the position of the closure component.

                                               Page 17 of 33
                Functional Safety and Reliability
                Terms and Acronyms                  Issue 1.0            November 2006

MTTF             Mean Time to Failure - The average amount of time until a system fails or
                 its “expected” failure time. Please note that the MTTF can be assumed to be
                 the inverse of failure rate (lambda) for a series of components, all of which
                 have a constant failure rate for the useful life period of the components.
MTTR            Mean Time to Repair – The average time between the occurrence of a
                failure and the completion of the repair of that failure. This includes the time
                needed to detect the failure, initiate the repair and fully complete the repair.
MTTFS            Mean Time to Fail Spurious - The mean time until a failure of the system
                 causes a spurious process trip.
Multiplexing     The transmission of a number of different messages simultaneously over a
                 single circuit.
MWP              maximum working pressure. See Pressure, maximum working
NAK             Negative acknowledgment. This code indicates that the last block
                transmitted was in error and that the receiver is expecting a re-transmission.
Needle valve    Its essential design feature is a slender tapered rodlike control element
                which fits into a circular or conoidal seat. Operating the valve causes the
                rod to move into or out of the seat, gradually changing the effective cross
                sectional area of the gap between the rod and its seat. Typically used for
                precise low flow applications.
NEMA standard   Consensus standards for electrical equipment approved by the majority of
                the members of the US National Electrical Manufacturers Association.
NC / (NO)       Normally Closed (Normally Open) 1. A switch position where the usual
                arrangement of contacts permits (prevents) the flow of electricity in the
                circuit. 2. In a solenoid valve, an arrangement whereby the disk or plug is
                seated (open) when the solenoid is de-energized. 3. A field contact that is
                closed (open) for a normal process condition and open (closed) when the
                process condition is abnormal. 4. A valve with means provided to move to
                and/or hold in its closed (open) position without actuator energy supply. 5.
                Relay contacts that are closed (open) when the coil is not energized.
NIOSH            (US) National Institute of Occupational Safety and Health
Noise           1. In process instrumentation, an unwanted component of signal or. See
                "interference, electromagnetic". 2. Any spurious variation in the electrical
                output not present in the input. 3. An unwanted component of a signal or
                variable which obscures the information content. 4. Random variations of
                one or more characteristics of any entity, such as voltage, current, or data.
                5. A random signal of known statistical properties of amplitude, distribution,
                and spectral density. 6. Loosely, any disturbance tending to interfere with
                the normal operation of a device or system
Nozzle          1. A short flanged or welded neck connection on a drum or shell for the
                outlet or inlet of fluids; also a projecting spout through which a fluid flows. 2.
                A streamlined device for accelerating and directing fluid flow into a region of
                lower fluid pressure. 3. A particular type of restriction used in flow system to
                facilitate flow measurement by pressure drop across a restriction
Nuisance trip   See safe failure

                                           Page 18 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                   Issue 1.0           November 2006

Occupancy          A measure of the probability that the effect zone of an accident will contain
                   one or more personnel receptors of the effect. This probability should be
                   determined using plant-specific staffing philosophy and practice. See effect
Offset              1. A sustained deviation of the controlled variable from set point. This
                    characteristic is inherent in proportional controllers that do not incorporate
                    reset action. 2. Offset is caused by load changes. 3. The steady state
                    deviation when the set point is fixed. NOTE: The offset resulting from a no
                    load to a full load change (or other specified limits) is often called "droop" of
                    load regulation." 4. A constant and steady state of deviation of the
                    measured variable from the set point.
On-off control      A simple form of control whereby the control variable is switched fully on or
                    fully off in response to the process variable rising above the set point or
                    falling below the set point respectively. Cycling always occurs with this form
                    of control.
Orifice meter       A plate with a calibrated sharp edged hole in it. The plate is positioned
                    across the flow stream in a pipe for measuring fluid flow rates. It typically
                    has differential pressure taps positioned near the orifice and a calibrated
                    calculation element to convert the measured pressure difference into a flow
                    rate value.
OSHA               Occupational Safety and Health Administration
OSI                 Open system interconnection. A seven layered model of communications
                    networks defined by ISO. The seven layers are:
                    Layer 7 Application: provides the interface for application to access the OSI
                    Layer 6 Presentation: provides for data conversion to preserve the meaning
                    of the data.
                    Layer 5 Session: provides user to user connections.
                    Layer 4 Transport: provides end to end reliability.
                    Layer 3 Network: provides routing of data through the network.
                    Layer 2 Data Link: provides link access control and reliability.
                    Layer 1 Physical: provides an interface to the physical medium.
Overrange           In process instrumentation, of a system or element, any excess value of the
                    input signal above its upper range value or below its lower range value
Overrange limit    The maximum input that can be applied to a device without causing damage
                   or permanent change in performance.
Override control    1. Generally, two control loops connected to a common final control
                    element-one control loop being nominally in control with the second being
                    switched in by some logic element when an abnormal condition occurs so
                    that constant control is maintained. 2. A technique in which more than one
                    controller manipulates a final control element. The technique is used when
                    constraint control is important.

                                               Page 19 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                      Issue 1.0           November 2006

Overshoot                1. The amount of output measured beyond the final steady output value, in
                         response to a step change in the input. NOTE: Expressed in percent of the
                         equivalent step change in output. 2. A transient response to a step change
                         in an input signal which exceeds the normal or expected steady state
                         response. 3. The maximum difference between the transient response and
                         the steady state response.
Pareto chart             A display of the number of failures of components by part number in
                         descending order of failure rate or number of failures observed. Data may
                         also be shown taking into account the total cost of each failure.
Parity                   A check that tests whether the number of ones or zeroes in an array of
                         binary digits is odd or even used to verify data storage and transmission.
                         This is usually done by calculating the sum of the " 1 " bits in a data unit and
                         determining if it is either an odd or even number. A binary digit (parity bit) is
                         then added to a group of bits to make the sum of all the bits always odd
                         (odd parity) or always even (even parity).
PFDavg                   Probability of Failure on Demand average- This is the probability that a
                         system will fail dangerously, and not be able to perform its safety function
                         when required. PFD can be determined as an average probability or
                         maximum probability over a time period. IEC 61508/61511 and ISA 84.01
                         use PFDavg as the system metric upon which the SIL is defined.
                         Also Process Flow Diagram. A diagram of the basic process equipment
                         usually accompanied by a heat and material balance. Typically prepared
                         early in an engineering project, it is usually part of the input to a HAZOP or
                         other hazard identification process.
pH meter                 An instrument for electronically measuring electrode potential of an aqueous
                         chemical solution and directly converting the reading to pH value. pH is the
                         symbol for the measurement of acidity or alkalinity. Solutions with a pH
                         reading of less than 7 are acid; solutions with a pH reading of more than 7
                         are alkaline on the pH scale of 0 to 14, where the midpoint of 7 is neutral.
PHA                      Process hazards analysis. Required by both PSM and the safety lifecycle.
                         Identifying the hazards of a process for all reasonably foreseeable
                         circumstances, determining the sequence of events leading to harm, and
                         estimating the likelihood (frequency) and consequence magnitude of the
                         potential harm. Various hazard identification methods include Checklist,
                         What if?, What if? / Checklist, HAZOP (Hazards and Operability Study),
                         FMEA (Failure Modes and Effects Analysis), and Fault Tree Analysis.
Physical relief device
                         Mechanical equipment that performs an action to relieve pressure when the
                         normal operating range of temperature or pressure has been exceeded.
                         Physical relief devices include pressure relief valves, thermal relief valves,
                         rupture disks, rupture pins, and high temperature fusible plugs.
PID control              Proportional-plus-integral-plus-derivative control, used in processes where
                         the controlled variable is affected by long lag times.
Pigtail                  A 270° or 360° loop in pipe or tubing to form a trap for vapor condensate.
                         Used to prevent high temperature vapors from reaching the instrument.
                         Used almost exclusively in static pressure measurement.

                                                    Page 20 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0           November 2006

P&ID                 Piping and instrumentation drawing. Shows the interconnection of process
                     equipment and the instrumentation used to control the process. In the
                     process industry, a standard set of symbols is used to prepare drawings of
                     processes. The instrument symbols used in these drawings are generally
                     based on Instrument Society of America (ISA) Standard S5. 1. 2. The
                     primary schematic drawing used for laying out a process control installation.
Pitot tube            1. An instrument for measuring stagnation pressure of a flowing liquid; it
                      consists of an open tube pointing upstream, into the flow of fluid, and
                      connected to a pressure indicator or recorder. 2. An instrument which will
                      register total pressure and static pressure in a gas stream, used to
                      determine its velocity.
PLL                   Probable loss of life. A numerical expression for the magnitude of a
                      consequence in terms of the most likely number of lives that will be lost in a
                      given event or over a given time interval. The value need not be a whole
Plug valve           1. A valve with a closing element that may be cylindrical, conical or a
                     spherical segment in shape that is opened or closed with rotary motion. 2. A
                     type of shutoff valve consisting of a tapered rod with a lateral hole through
                     it. As the rod is rotated 90° about its longitudinal axis, the hole is first
                     aligned with the direction of flow through the valve and then aligned
                     crosswise, interrupting the flow.
Positioner            A position controller, which is mechanically connected to a moving part of a
                      final control element or its actuator, and automatically adjusts its output
                      pressure to the actuator in order to maintain a desired position that bears a
                      predetermined relationship to the input signal. The positioner can be used to
                      modify the action of the valve (reversing positioner), extend the
                      stroke/controller signal (split range positioner), increase the pressure to the
                      valve actuator (amplifying positioner) or modify the control valve flow
                      characteristic (characterised positioner).
PLC                  Programmable Logic Controller. These computers replace relay logic and
                     often have PID (proportional integral and derivative) controllers built into
                     them. PLCs are very fast at processing discrete signals (like a switch
                     condition). They can be designed for either regular or SIL rated applications.
Predictive control    1. A type of automatic control in which the current state of a process is
                      evaluated in terms of a model of the process and controller actions modified
                      to anticipate and avoid undesired excursions. 2. Self tuning. 3. Artificial
Pressure, design     The pressure used in the design of a vessel or device for the purpose of
                     determining the minimum permissible thickness or physical characteristics
                     of the parts for a given maximum working pressure (MWP) at a given
Pressure, maximum working

                                                Page 21 of 33
                       Functional Safety and Reliability
                       Terms and Acronyms                     Issue 1.0            November 2006

                         The maximum total pressure permissible in a device under any
                         circumstances during operation, at a specified temperature. It is the highest
                         pressure to which it will be subjected in the process. It is a designed safe
                         limit for regular use. NOTE: MWP can be arrived at by two methods: a)
                         designed-by adequate design analysis, with a safety factor; b) tested-by
                         rupture testing of typical samples.
Pressure relief device
                         A mechanism that vents fluid from an internally pressurized system to
                         counteract system overpressure; the mechanism may release all pressure
                         and shut the system down (as does a rupture disc) or it may merely reduce
                         the pressure in a controlled manner to return the system to a safe operating
                         pressure (as does a spring loaded safety valve).
Prior use                See Proven in use
Proof test               Testing of safety system components to detect any failures not detected by
                         automatic on-line diagnostics i.e. dangerous failures, diagnostic failures,
                         parametric failures followed by repair of those failures to an equivalent as-
                         new state. Proof testing is a vital part of the safety lifecycle and is critical to
                         ensuring that a system achieves its required safety integrity level throughout
                         the safety lifecycle.
Protection layer         See IPL.
Proven in use            Basis for use of a component or system as part of a safety integrity level
                         (SIL) rated safety instrumented system (SIS) that has not been designed in
                         accordance with IEC 61508. It requires sufficient product operational hours,
                         revision history, fault reporting systems, and field failure data to determine if
                         the is evidence of systematic design faults in a product. IEC 61508 provides
                         levels of operational history required for each SIL.
Proportional control     A control mode in which there is a continual linear relationship between the
                         deviation computer in the controller, the signal of the controller, and the
                         position of the final control element.
PSM                      Process safety management. Part of the US requirement under the
                         Occupational Safety and Health Administration (OSHA) guidelines for
                         managing risk when dealing with large quantities of certain materials. The
                         regulation (29 CFR 1910.119) was published in 1992 to help prevent or
                         minimize the consequences of catastrophic releases of toxic, reactive,
                         flammable, or explosive chemicals.
PTC or CPT               Proof Test Coverage – The percentage failures that are detected during the
                         servicing of equipment. In general it is assumed that when a proof test is
                         performed any errors in the system are detected and corrected (100% proof
                         test coverage).
PTI or TI                Proof Test Interval - The time interval between servicing of the equipment.
Purging                  1. The addition of air or inert gas (such as nitrogen) into the enclosure
                         around the electrical equipment at sufficient flow to remove any hazardous
                         vapors present and sufficient pressure to prevent their re entry. 2.
                         Elimination of an undesirable gas or material from an enclosure by means
                         of displacing the undesirable material with an acceptable gas or material.

                                                     Page 22 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0           November 2006

Pyrometer             Any of a broad class of temperature measuring instruments or devices.
                      Some typical pyrometers include thermocouples, radiation pyrometers,
                      resistance pyrometers and thermistors, but usually not thermometers. It is a
                      temperature transducer that measures temperatures by the EM radiation
                      emitted by an object, which is a function of the temperature.
Quick-opening valve Control valve with trim characteristic designed to produce large flow
                    capacity with small amount of valve opening.
Random failure        A failure occurring at a random time, which results from one or more
                      degradation mechanisms. Random failures can be effectively predicted with
                      statistics and are the basis for the probability of failure on demand based
                      calculations requirements for safety integrity level. See systematic failure.
Rated capacity        The manufacturers stated capacity rating for mechanical equipment, for
                      instance, the maximum continuous capacity in pounds of steam per hour for
                      which a boiler is designed.
Ratio controller      1. A controller that maintains a predetermined ratio between two or more
                      variables. 2. Maintains the magnitude of a controlled variable at a fixed ratio
                      to another variable.
Receptor              The object or persons on the receiving end of the harm in an unwanted
                      event. Common receptors include personnel, plant equipment, plant
                      production, the environment, and the general public.
Redundancy            Use of multiple elements or systems to perform the same function.
                      Redundancy can be implemented by identical elements (identical
                      redundancy) or by diverse elements (diverse redundancy). Redundancy of
                      primarily used to improve reliability or availability.
Reliability           1. The probability that a device will perform its objective adequately, for the
                      period of time specified, under the operating conditions specified. 2. The
                      probability that a component, piece of equipment or system will perform its
                      intended function for a specified period of time, usually operating hours,
                      without requiring corrective maintenance.
Reliability block diagram
                      Probability combination method for estimating complex probabilities. Since it
                      generally takes the “success” view of a system, it can be confusing when
                      used in multiple failure mode modeling.
Relief valve          An automatic pressure relieving device actuated by the pressure upstream
                      of the valve and characterized by opening pop action with further increase
                      in lift with an increase in pressure over popping pressure. See pressure
                      relief device.
Repeatability         The ability of a transducer to reproduce output readings when the same
                      input value is applied to it consecutively under the same conditions, and in
                      the same direction. NOTE(S): Repeatability is expressed as the maximum
                      difference between output readings; it is expressed as "within percent of full-
                      scale output." Two calibration cycles are used to determine repeatability
                      unless otherwise specified.

                                                Page 23 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0           November 2006

Repeater             1. Device used to extend the range over which signals can be correctly
                     transmitted and received for a given medium. 2. A device that amplifies or
                     regenerates data signals in order to extend the distance between data
Resealing pressure   The inlet pressure at which fluid no longer leaks past a relief valve after it is
Response             1. The change in output of a device in relation to a change of input. 2.
                     Defined output for a given input under explicitly stated conditions.
Risk                 Risk is a measure of the likelihood (frequency) and consequence (severity)
                     of an adverse effect. (i.e., How often can harm happen and what will be the
                     effects if it does?)
Risk (Inherent)       The risk from a completed process design that contains a given amount of
                      process materials at given process parameters (i.e. temperature, pressure,
                      etc.) Can usually be managed by good process engineering.
Risk (Unmitigated)   The level of risk that is present in a process before any safety instrumented
                     systems are considered. This level helps identify how much risk reduction is
                     required to be provided by any safety instrumented system installed as part
                     of a process. This unmitigated risk level must be defined in terms of both
                     consequence and likelihood.
Risk graph           A qualitative and category-based method of safety integrity level (SIL)
                     assignment. Risk graph analysis uses four parameters to make a SIL
                     selection: consequence, occupancy, probability of avoiding the hazard, and
                     demand rate. Each of these parameters is assigned a category and a SIL is
                     associated with each combination of categories. In some cases, quantitative
                     tools, such as LOPA, are used to assist the analyst in determining which
                     category to use, but typically the assignment is done qualitatively. Using the
                     selected categories, the analyst follows the resulting path that leads to the
                     associated SIL assignment.
Risk integral        A summation of risk as expressed by the product of consequence and
                     frequency. The integral is summed over all of the potential unwanted events
                     that can occur. If calculating the risk integral for loss of life, the
                     consequence of concern and thus the units of the integral are fatalities. It is
                     useful in combination with event trees to determine a total value of risk for
                     an group of related accidents.
RMP                   Risk management plan. Part of the US requirement under the Occupational
                      Safety and Health Administration (OSHA) guidelines for managing risk
                      when dealing with large quantities of certain materials.
RRF                  Risk Reduction Factor - The inverse of PFDavg
RTD                  Resistance Temperature Device
Rupture disc          A diaphragm designed to burst at a predetermined pressure differential.
                      Symbol rupture disc device A nonreclosing pressure relief device that
                      relieves excessive static inlet pressure via a rupture disc.
Safe area             1. Nonhazardous (unclassified) location. 2. An area in which explosive
                      gas/air mixture are not expected to be present so that special precautions
                      for the construction and use of electrical apparatus are not required.

                                                Page 24 of 33
                        Functional Safety and Reliability
                        Terms and Acronyms                  Issue 1.0          November 2006

Safe failure            Failure that does not have the potential to put the safety instrumented
                        system in a dangerous or fail-to-function state. The situation when a safety
                        related system or component fails to perform properly in such a way that it
                        calls for the system to be shut down or the safety instrumented function to
                        activate when there is no hazard present.
Safe failure fraction   See SFF.
Safe state              The state of the process after acting to remove the hazard resulting in no
                        significant harm.
Safety ground            1. A connection between metal structures, cabinets, cases, etc. which is
                         required to prevent electrical shock hazard to personnel. 2. Safety ground is
                         not a signal reference point.
Safety lifecycle         The procedures to first analyze the situation and document the safety
                         requirements (Analysis Phases). Then, translate these requirements into a
                         documented safety system design, using appropriate software and
                         hardware subsystems and design methodology (Realization Phases). Next,
                         evaluate the system against the required integrity and reliability
                         specifications and modify it as needed. Finally, operate and maintain the
                         system according to accepted procedures (Operation Phases), and
                         document the results to insure that performance standards are maintained
                         throughout the system’s life. See 61508 and 61511.
Safety manual            Document required for equipment certified in accordance with IEC 61508
                         that describes the conditions of use for that equipment in safety
                         applications. It typically includes usage requirements/restrictions,
                         environmental limits, optional settings, failure rate data, useful life data,
                         common cause beta estimate, inspection and test procedures. The “safety
                         manual” may be part of another document.
Safety requirements specification
                         Specification containing all the requirements of the safety functions that
                         have to be performed by the safety-related system. It includes both what the
                         functions must do and also how well they must do it. It is often a contractual
                         document between companies and is one of the most important documents
                         in the safety lifecycle process.
Sample interval          The rate at which a controller samples the process variable, and calculates
                         a new output. Ideally, the sample interval should be set between 4 and 10
                         times faster than the process dead time.
Sampling rate           For a given measurement, the number of times that it is sampled per
                        second in a time division multiplexed system. Typically, it is at least five
                        times the highest data frequency of the measurement.
SAT                     Site acceptance test. Involves shipment of the system(s) to site, installation
                        and start-up activities. Tests then validate that the installed safety
                        instrumented system and its associated safety instrumented functions
                        achieve the requirements as stated in the Safety Requirement Specification.
                        Note: Full loop checking may come at a later stage.
Saturation               A situation when a further change in the input signal produces no significant
                         additional change in the output.

                                                   Page 25 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                   Issue 1.0           November 2006

SCADA               Supervisory control and data acquisition: Operator interface and monitoring
                    of (usually remote) control devices by computer.
Seal chambers       Enlarged pipe sections in measurement impulse lines to provide a) a high
                    area to volume displacement ratio to minimize error from hydrostatic head
                    difference when using large volume displacement measuring elements, and
                    b) to prevent loss of seal fluid by displacement into the process. Also known
                    as Seal Pots
Seal leg           The piping from the instrument to the top elevation of the seal fluid in the
                   impulse line. seal on disk A seal ring located in a groove in the disk
                   circumference. The body is unlined in this case [S75.05].
Seat                The fixed area of a valve into which the moving part of a valve rests when
                    the valve is closed to retain pressure and prevent flow.
Segmented ball      A closure piece in a valve that is a segment of a spherical surface which
                    may have one edge contoured to yield a desired flow characteristic.
Sensor             device or combination of devices that measure the process condition (e.g.,
                   transmitters, transducers, process switches, position switches, etc.)
Sensor group       For complex safety functions, there may be more than one property which is
                   measured to determine if a shut down is required.
Set point          1. An input variable which sets the desired value of the controlled variable It
                   is expressed in the same units as the controlled variable.
Set pressure       The inlet pressure at which a safety relief valve opens; usually a pressure
                   established by specification or code.
SFF                 Safe Failure Fraction - The fraction of the overall failure rate of a device that
                    results in either a safe fault or a diagnosed (detected) unsafe fault. The safe
                    failure fraction includes the detectable dangerous failures when those
                    failures are annunciated and procedures for repair or shutdown are in place.
SIF                Safety Instrumented Function – A set of equipment intended to reduce the
                   risk due to a specific hazard (a safety loop). Its purpose is to 1.
                   Automatically taking an industrial process to a safe state when specified
                   conditions are violated; 2. Permit a process to move forward in a safe
                   manner when specified conditions allow (permissive functions); or 3. Taking
                   action to mitigate the consequences of an industrial hazard. It includes
                   elements that detect an accident is imminent, decide to take action, and
                   then carry out the action needed to bring the process to a safe state. Its
                   ability to detect, decide and act is designated by the safety integrity level
                   (SIL) of the function. See SIL.
Sight glass         A glass tube, or a glass faced section of a process line, used for sighting
                    liquid levels or taking manometer readings.
Signal common       1. The signal common shall refer to a point in the signal loop which may be
                    connected to the corresponding points of other signal loops. It may or may
                    not be connected to earth ground [S50.1]. 2. The reference point for all
                    voltage signals in a system. Current flow into signal common is minimized to
                    prevent IR drops which induce inaccuracy in the signal common reference.
Signal isolation   Signal isolation refers to the absence of a connection between the signal
                   loop and all other terminals and earth ground.

                                               Page 26 of 33
                   Functional Safety and Reliability
                   Terms and Acronyms                    Issue 1.0          November 2006

SIL                 Safety Integrity Level - A quantitative target for measuring the level of
                    performance needed for safety function to achieve a tolerable risk for a
                    process hazard. Defining a target SIL level for the process should be based
                    on the assessment of the likelihood that an incident will occur and the
                    consequences of the incident. The following table describes SIL for different
                    modes of operation.

                    LOW DEMAND MODE SIL
                       SIL                PFDavg                             RRF
                                      ≥ 10 to < 10                   > 10,000 to ≤ 100,000
                                          -5        -4
                        3             ≥ 10-4 to < 10-3                > 1,000 to ≤ 10,000
                                      ≥ 10 to < 10                     > 100 to ≤ 1,000
                                          -3        -2
                        1             ≥ 10 to < 10
                                          -2        -1
                                                                         > 10 to ≤ 100

                    HIGH DEMAND or CONTINUOUS MODE SIL
                       SIL           PFDavg per hour
                        4             ≥ 10-9 to < 10-8
                        3             ≥ 10-8 to < 10-7
                        2             ≥ 10-7 to < 10-6
                        1             ≥ 10-6 to < 10-5

SIL selection      The process of defining tolerable risk, confirming existing risk (both
                   likelihood and consequence) and assigning a SIL rated safety function as
                   needed to achieve a tolerable level of risk.
SIL verification    The process of calculating the average probability of failure on demand (or
                    the probability of failure per hour) and architectural constraints for a safety
                    function design to see if it meets the required SIL.
SIS                 Safety Instrumented System – Implementation of one or more Safety
                    Instrumented Functions. A SIS is composed of any combination of
                    sensor(s), logic solver(s), and final element(s). A SIS is usually has a
                    number of safety functions with different safety integrity levels (SIL) so it is
                    best avoid describing it by a single SIL. See SIF.
SIT                Site integration test. Once site acceptance testing is completed, the basic
                   process control system and the safety instrumented system (SIS)
                   communications and any hard-wired links are integrated and tested as a
                   complete system to ensure that the system as a whole functions correctly.
                   SIS signals, diagnostics, bypasses and alarms displayed on shared basic
                   process control system human machine interface (HMI) screens will be
                   tested during this stage.
Snubber             1. A device which is used to damp the motion of the valve stem. This is
                    usually accomplished by an oil filled cylinder/piston assembly. The valve
                    stem is attached to the piston and the flow of hydraulic fluid from one side of
                    the piston to the other is restricted. 2. A mechanical or hydraulic device for
                    restraining motion. 3. A device installed between an instrument and the
                    process used to protect the instrument from rapid pressure fluctuations.

                                               Page 27 of 33
                      Functional Safety and Reliability
                      Terms and Acronyms                   Issue 1.0          November 2006

Solenoid               A type of electromechanical operator in which back and forth axial motion of
                       a ferromagnetic core within an electromagnetic coil performs some
                       mechanical function; common applications include opening or closing
                       valves or electrical contacts.
Solenoid valve         A shutoff valve whose position is determined by whether or not electric
                       current is flowing through a coil surrounding a moving iron valve stem.
Span                  The difference between the upper and lower range values.
Spurious trip          See Safe failure
Standard condition    1. A temperature of 0°C and a pressure of 1 atmospheres (760 torr). Also
                      known as "normal temperature and pressure (NTP)"; "standard temperature
                      and pressure (STP)." 2. According to the American Gas Association (AGA),
                      a temperature of 60°F (1 5-5/9°C) and a pressure of 30 inches of mercury
                      (762 mm). 3. According to the Compressed Gas Institute (CGI), a
                      temperature of 20° C (68°F) and a pressure of 1 atmosphere.
Standpipe             A vertical tube filled with a liquid such as water.
Static head liquid level meter
                       A pressure sensing device, such as a gauge, connected in the piping
                       system so that any dynamic pressures in the system cancel each other and
                       only the pressure difference due to liquid head above the gauge position is
Static pressure       1. The pressure of a fluid that is independent of the kinetic energy of the
                      fluid. 2. Pressure exerted by a gas at rest, or pressure measured when the
                      relative velocity between a moving stream and a pressure measuring device
                      is zero.
Stochastic            Pertaining to direct solution by trial and error, usually without a step by step
                      approach, and involving analysis and evaluation of progress made, as in a
                      heuristic approach to trial and error methods. In a stochastic approach to a
                      problem solution, intuitive conjecture or speculation is used to select a
                      possible solution, which is then tested against known evidence,
                      observations or measurements. Intervening or intermediate steps toward a
                      solution are omitted. Contrast with "algorithmic" and "heuristic. "
Stress corrosion cracking
                       Deep cracking in a metal part due to the combination of tensile stress and a
                       corrosive environment, causing failure in less time than could be predicted
                       by simply adding the separate effects of stress and the corrosive
Supervisory control   A term used to imply that a controller output or computer program output is
                      used as an input to other controllers. See SCADA.
Suppressed range      A suppressed range is an instrument range which does not include zero.
                      The degree of suppression is expressed by the ratio of the value at the
                      lower end of the scale to the span.

                                                  Page 28 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0           November 2006

Systematic failure    A failure that happens in a deterministic (non random) predictable fashion from
                      a certain cause, which can only be eliminated by a modification of the
                      design or of the manufacturing process, operational procedures,
                      documentation, or other relevant factors. Since these are not
                      mathematically predictable, the safety lifecycle includes a large number of
                      procedures to prevent them from occurring. The procedures are more
                      rigorous for higher safety integrity level systems and components. Such
                      failures cannot be prevented with simple redundancy.
Target flow meter     A device for measuring fluid flow rates through the drag force exerted on a
                      sharp edged disk centered in a circular flow path due to differential pressure
                      created by fluid flowing through the annulus. Usually, the disk is mounted on
                      a bar whose axis coincides with the tube axis, and drag force is measured
                      by a secondary device attached to the bar.
Thermal type flow meter
                      An apparatus where heat is injected into a flowing fluid stream and flow rate
                      is determined from the rate of heat dissipation; either the rise in temperature
                      or some point downstream of the heater or the amount of thermal or
                      electrical energy required to maintain the heater at a constant temperature
                      is measured.
Thermistor           A temperature transducer constructed from semiconductor material and for
                     which the temperature is converted into a resistance, usually with negative
                     slope and highly nonlinear.
Thermocouple         Two dissimilar wires joined together that generate a voltage proportional to
                     temperature when their junction is heated relative to a reference junction.
                     See thermojunction.
TI                   Test Interval This acronym is typically used in risk analysis equations to
                     represent the proof test interval described above.
                      Temperature Indicator This acronym is used in piping and Instrumentation
                      Diagrams (P&IDs) to designate a device with measures and displays the
Thermojunction       Either of the two locations where the conductors of a thermocouple are in
                     electrical contact; one, the measuring junction, is in thermal contact with the
                     body whose temperature is being determined, and the other, the reference
                     junction, is generally held at some known or controlled temperature.
Thermowell            A thermowell is a pressure tight receptacle adapted to receive a
                      temperature sensing element and provided with external threads, flanges or
                      other means for pressure tight attachment to a vessel.
Time constant         1. The value t in an exponential response term. For the output of a first
                      order system forced by a step or an impulse, t is the time required to
                      complete 63.2% of the total rise or decay. In higher order systems, there is
                      a time constant for each of the first order components of the process. 2. The
                      length of time required for the output of a transducer to rise to 63% of its
                      final value as a result of a step change of input.
Torque tube flow meter

                                                Page 29 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                   Issue 1.0           November 2006

                      A device for measuring liquid flow through a pipe in which differential
                      pressure due to the flow operates a bellows, whose motion is transmitted to
                      a recorder arm by means of a flexible torque tube.
Transient response   The response of a transducer to a step change of input. NOTE: Transient
                     response, as such, is not shown in a specification except as a general
                     heading, but is defined by such characteristics as time constant, response
                     time, ringing period, etc
Trim                  The internal parts of a valve which are in flowing contact with the controlled
                      fluid. Can be designed to any of the following requirements:
                      Anti cavitation: reduces the tendency of the controlled liquid to cavitate.
                      Anti noise: reduces the noise generated by fluid flowing through the valve.
                      Balanced: minimizes the net static and dynamic fluid flow forces acting on
                      the trim.
                      Restricted or Reduced: has a flow area less than the full flow area for that
                      Soft-seated: with an elastomeric, plastic or other readily deformable material
                      used either in the closure component or seat ring to provide shutoff with
                      minimal actuator forces.
Turbine flow meter   A volumetric flow measuring device using the rotation of a turbine type
                     element to determine flow rate.
Turndown             The ratio of the maximum plant design flow rate to the minimum plant
                     design flow rate.
TÜV                   Technische Überwachungsverein (technical inspection association) Any one
                      of a number of different private German companies which provide
                      assessment services to various industries including process safety
Two-wire transmitter Electronic transmitter which uses the power wires (typcally 24vdc) for signal
                     transmission, usually by manipulating the current flow (typically 4-20mA) to
                     represent the desired signal.
U tube manometer      A device for measuring gauge pressure or differential pressure by means of
                      a U shaped transparent tube partly filled with a liquid, commonly water; a
                      small pressure above or below atmospheric is measured by connecting one
                      leg of the U to the pressurized space and observing the height of liquid
                      while the other leg is open to the atmosphere; a small differential pressure
                      may be measured by connecting both legs to pressurized space for
                      example, high and low pressure regions across an orifice or venturi.
UEL/UFL              Upper explosive (or flammable) limit. See flammability.
Ultrasonic flow meter A device for measuring flow rates across fluid streams by either Doppler
                      effect measurements or time of transit determination; in both types of flow
                      measurement, displacement of the portion of the flowing stream carrying the
                      sound waves is determined and flow rate calculated from the effect on
                      sound wave characteristics.
UL                   Underwriters Laboratories An independent US testing and certifying

                                                 Page 30 of 33
                    Functional Safety and Reliability
                    Terms and Acronyms                   Issue 1.0           November 2006

Useful life          See wearout
V Model              The basic project execution model that starts with high level design and
                     goes down to detailed design followed by testing of the detailed design and
                     then testing of the higher level design elements.
V orifice            "V"-shaped flow control orifice which allows a characterized flow control as
                     the gate moves in relation to the fixed Vee opening.
Validation           the activity of demonstrating that the safety instrumented function(s) and
                     safety instrumented system(s) under consideration after installation meets
                     in all respects the safety requirements specification.
Valve body           The part of the valve which is the main pressure boundary relative to the
                     ambient. The body also provides the pipe connecting ends, the fluid flow
                     passageway, and may support the seating surfaces and the valve closure
Valve body assembly An assembly of a body, bonnet assembly, bottom flange and trim elements.
                    The trim includes a valve plug which opens, shuts or partially obstructs one
                    or more ports.
Valve bonnet         An assembly including the part through which a valve plug stem moves and
                     a means for sealing against leakage along the stem. It usually provides a
                     means for mounting the actuator. Sealing against leakage may be
                     accomplished by packing or a bellows. A bonnet assembly may include a
                     packing lubricator assembly with or without isolating valve. Radiation fins or
                     an extension bonnet may be used to maintain a temperature differential
                     between the valve body and sealing means.
Valve flow coefficient (Cv) The number of US gallons (3.785 liters) per minute of 60°F (15.6°C)
                       water that will flow through a valve with a one pound per square inch (6.89
                       kPa) pressure drop.
Vapor pressure       1. The pressure of a vapor corresponding to a given temperature where the
                     liquid and vapor are in equilibrium. Vapor pressure increases with
                     temperature. 2. The pressure (for a given temperature) at which a liquid is in
                     equilibrium with its vapor. As a liquid is heated, its vapor pressure will
                     increase until it equals the total pressure of the gas above the liquid; at this
                     point the liquid will begin to boil.
Venturi meter        A type of flow meter that measures flow rate by determining the pressure
                     drop through a venturi constriction. A venturi is a constriction in a pipe, tube
                     or flume consisting of a tapered inlet, a short straight constricted throat and
                     a gradually tapered outlet; fluid velocity is greater and pressure is lower in
                     the throat area than in the main conduit upstream or downstream of the
                     venturi; it can be used to measure flow rate, or to draw another fluid from a
                     branch into the main fluid stream.
Verification         Activity of demonstrating for each phase of the safety lifecycle by analysis
                     and/or tests that, for the specific inputs, the deliverables meet the objectives
                     and requirements set for the specific phase.

                                                Page 31 of 33
                    Functional Safety and Reliability
                    Terms and Acronyms                  Issue 1.0           November 2006

Vortex flow meter    A device that measures flow by sensing the movement of vortices in a pipe
                     or conduit. The instrument usually is constructed with a partial barrier
                     (vortex shedder) inserted perpendicular to the flow to allow formation of
                     vortices, and sensor(s) to detect the passing vortices. The vortices are shed
                     from one side of the shedder and then the other side as the fluid flows
                     around the shedder. The sensor counts the number of vortices generated
                     per unit of time and the velocity of the fluid can then be calculated.
Wearout              The point where a piece of equipment has accumulated enough stress and
                     weakened to the point where its failure rate increases significantly. Note that
                     since essentially all safety systems assume a constant failure rate, theye
                     must be replaced before they reach this wearout point.
Windup               Saturation of the integral mode of a controller developing during times when
                     control cannot be achieved, which causes the controlled variable to
                     overshoot its set point when the obstacle to control is removed.
Zero shift           A change in the output in response to a zero input over a specified period of
                     time and at room conditions.. NOTE: This error is characterized by a parallel
                     displacement of the entire calibration curve [S37. 1]. 2. A shift in the
                     instrument calibrated span evidenced by a change in the zero value.
                     Usually caused by temperature changes, overrange, or vibration of the
Zone                 The international method of specifying the probability that a location is made
                     hazardous by the presence, or potential presence, of flammable
                     concentrations of gases and vapors. NOTE: Zone classification has not yet
                     been defined for dust.
                     Zone 0: Classification of a location in which an explosive concentration of a
                     flammable gas or vapor mixture is continuously present or is present for
                     long periods.
                     Zone 1: Classification of a location in which an explosive concentration of a
                     flammable or explosive gas or vapor mixture is likely to occur in normal
                     Zone 2: Classification of a location in which an explosive concentration of a
                     flammable or explosive gas or vapor mixture is unlikely to occur in normal
                     operation and, if it does occur, will exist only for a short time

Cross Instrumentation; “Control Valve and Actuator Definitions” downloaded                     from
Common%20terms/Glossary.xls on 17 November 2006
Gerry, John; “Glossary of Process Control Terms” downloaded from
http://www.expertune.com/glossary.html on 15 November 2006.
Goble, W. M, “Control Systems Safety Evaluation & Reliability.” ISA 1998
Guidelines for Chemical Process Quantitative Risk Analysis; (New York: American Institute of
Chemical Engineers Center for Chemical Process Safety) 2000.
IICA; “Dictionary of Technical Terms” downloaded from http://www.iica.org.au/info/terms/ on 15
November 2006

                                               Page 32 of 33
                     Functional Safety and Reliability
                     Terms and Acronyms                  Issue 1.0           November 2006

IEC 61508; Functional Safety of electrical / electronic / programmable electronic safety-related
systems, IEC, 1998, 2000.
IEC 61511 / ISA 84.00.01-2004; Functional safety - Safety instrumented systems for the process
industry sector IEC 2003; ISA 2004.
Marszal, E., and Scharpf, E.; “Safety Integrity Level Selection Systematic Methods Including Layer
of Protection Analysis” ISA 2002.
PAControl.com; “Foundation Fieldbus Glossary” downloaded from
http://www.pacontrol.com/ffglossary.html on 15 November 2006.

                                                Page 33 of 33

To top