PROOF TEST
PROCEDURES

A proof test is a periodic test of a Safety Instrumented Function conducted while the process is in operation or during a planned shutdown, with the purpose of detecting dangerous failures that the system's online diagnostics cannot reveal. These are the failures that accumulate silently between test cycles, reducing the probability that the SIF will operate correctly when a process demand occurs.

Proof test coverage is the proportion of dangerous undetected failures that a proof test procedure will reveal. A proof test with 100 percent coverage would detect every dangerous undetected failure present in the SIF at the time of testing. In practice, coverage depends on the scope and thoroughness of the test procedure: which components are exercised, whether final elements are fully stroked, whether the logic solver function is confirmed end-to-end, and whether the test conditions adequately simulate a real process demand.

The relationship between proof test coverage and SIL achievement is direct and quantitative. The PFDavg calculation for an SIF includes a term for proof test coverage. A procedure that achieves 90 percent coverage produces a different PFDavg than one that achieves 70 percent, and that difference determines whether the SIL target is being met. Procedures developed without reference to the SIL verification calculations cannot demonstrate that they maintain the safety case.

We develop procedures with explicit coverage analysis, confirming that the test steps specified will achieve the coverage assumed in the SIL verification, and documenting the basis for that assessment so that it can be reviewed during FSA 5 and regulatory audits.

Our proof test procedure development is structured to meet the requirements of:

• IEC 61511-1 Clause 16: Operation and maintenance requirements for safety instrumented systems, including proof test planning, execution, and documentation
• IEC 61511-1 Clause 11: Requirements for the development of proof test procedures as part of the SIS operation and maintenance planning
• IEC 61508 Part 2: Proof test requirements for hardware safety functions and diagnostic coverage assessment
• ISA 84 (ANSI/ISA-84.00.01): Equivalent proof test and maintenance requirements for process industry SIS applications
• ISA/IEC 62443: Where proof testing includes confirmation of cybersecurity control integrity for safety-related programmable devices, particularly following firmware updates or configuration changes

A proof test procedure that genuinely maintains SIL achievement is more than a list of steps. It is a controlled document that gives the test team everything they need to execute the test correctly, record the results accurately, and identify failures that require follow-up action.

Each proof test procedure we develop includes:

• Identification of the SIF being tested, with reference to the SRS and SIL verification record
• Prerequisites and preparation steps, including required process conditions, isolation requirements, permit to work references, and tools and equipment needed
• Step-by-step test instructions written in the level of detail appropriate for the maintenance team executing the test, with no ambiguity about what each step requires
• Acceptance criteria for each test step, stating the expected response and the pass or fail condition clearly
• Instructions for handling test failures, including immediate response actions, required notifications, and the process for raising a safety-related defect
• Documentation requirements, including the test record format, the signatures required, and the filing and retention requirements for test records
• Coverage assessment confirming the percentage of dangerous undetected failures that the procedure will reveal, with reference to the SIL verification assumptions
• Proof test interval, consistent with the interval assumed in the PFDavg calculation, with guidance on the maximum permissible overrun before the SIL target is at risk

Proof test procedure development requires an understanding of three things simultaneously: the SIL verification assumptions that define what the test must achieve, the process and operational constraints that define what is practical in the field, and the specific configuration of the installed SIF that defines what each test step must exercise. We bring all three to every procedure development engagement.

Proof test interval is one of the most operationally significant parameters in a safety lifecycle programme. A shorter interval maintains a lower PFDavg but increases the operational burden on maintenance teams and the risk of introduced failures during testing. A longer interval reduces maintenance demands but allows dangerous undetected failures to accumulate for longer, increasing PFDavg and potentially pushing the system outside its SIL target range.

We support clients in optimising proof test intervals by modelling the relationship between interval, coverage, and PFDavg for each SIF, identifying the interval that achieves the SIL target with the minimum operationally practical testing burden, assessing the impact of partial proof tests on the achievable interval for full proof tests, and evaluating whether diagnostic enhancements, redundancy changes, or component upgrades could support a longer interval without compromising SIL achievement.

Interval optimization is particularly valuable for facilities with long turnaround cycles, where the proof test interval for full proof tests is constrained by process availability, and for systems where test-induced failures have been a historical source of operational disruption.

• Maintained SIL achievement throughout the operating life of each Safety Instrumented Function, not just at the point of commissioning
• A testing regime that is consistent between test cycles, executed with documented evidence, and traceable to the SIL verification assumptions that underpin the safety case
• Clear, executable instructions that reduce the risk of test-induced failures, missed steps, and ambiguous results that generate unnecessary corrective maintenance workload
• A documented coverage assessment for each procedure that confirms SIL maintenance and supports FSA 5 and regulatory audit
• Optimized test intervals that balance SIL achievement against operational burden, supported by quantitative analysis rather than conservative assumptions
• Audit-ready test records that demonstrate due diligence in maintaining the functional safety performance of safety-critical systems through their operating life

• Proof test procedure for each SIF in scope, including prerequisites, step-by-step instructions, acceptance criteria, failure handling guidance, and documentation requirements
• Coverage analysis for each procedure, confirming the percentage of dangerous undetected failures detected and the basis for the assessment
• Proof test schedule aligned to the intervals assumed in the SIL verification calculations
• Test record template for each procedure, structured for consistent field use and audit readiness
• Proof test interval optimization analysis, where requested, including sensitivity modeling and recommendations
• Review record confirming procedure validation with the operations and maintenance team

Proof testing a modern safety instrumented system is not limited to confirming that sensors trip and valves close. Logic solvers run on programmable platforms with configuration files that can be altered. Networks carry signals that safety functions depend on. Firmware updates change system behavior in ways that are not always visible in functional testing. A proof test program that addresses only the traditional electromechanical components of an SIF and ignores the programmable and networked elements is leaving a portion of the dangerous failure space untested.

• Proof test procedures that address the complete SIF, including programmable logic solver configuration, network-dependent signal paths, and diagnostic function confirmation, where relevant to SIL maintenance
• Explicit coverage analysis linked directly to the SIL verification calculations, so that the relationship between the procedure and the safety case is documented and defensible
• Practical procedures written for the teams who will execute them, with a level of detail that eliminates ambiguity without creating unnecessary complexity
• Interval optimization capability that uses quantitative modeling to support decisions about testing frequency, rather than defaulting to conservative assumptions that increase operational burden
• Deep operational experience across high-consequence sectors, including oil and gas, energy, pharmaceuticals, and process manufacturing

We do more than write test steps. We help operations and maintenance teams understand what they are testing, why each step matters, and how the testing regime they follow is maintaining the safety performance of the systems they depend on.