ith the introduction of ISA-S84.01, “Application of Safety Instrumented Systems for the Process Industries,” in 1996, the safety instrumented systems (emergency shutdown systems, ESD, interlocks, etc.) landscape changed forever. For the first time we had an industry-wide consensus standard for these types of systems. This standard was also unique because of the large number of companies and other groups that participated in the process and the length of time it took to develop it (~12 years).
With the approval of the new IEC 61511 based on ANSI/ISA-84.00.01, “Functional safety: Safety Instrumented Systems for the Process Industry Sector,” in September 2004, the playing field for safety instrumented systems (SIS) is again changing. We now have a standard with an international flavor that covers the whole safety lifecycle with additional requirements and certainly additional documentation requirements.
The new ANSI/ISA-84.00.01 is identical to the IEC 61511 standard with the exception of the addition of a grandfather clause. The new clause is virtually identical to the OSHA 1910.119 grandfather clause with a few exceptions. For example the term “existing equipment” has been replaced with “existing SIS”, the word “employer” has been changed to “owner/operator” and the addition of a reference to ISA S84-1996 as a prior good practice are some of the most notable differences.
Let’s Discuss the Options
What can companies do in regards to implementing ANSI/ISA-84.00.01? Let’s discuss the options. Note however, that to simplify things, the ANSI/ISA-84 standard will be referred to as S84 with indication as to whether the new or old standard is being referred to.
At this time there are four main standards that affect process industry safety instrumented systems. These are ANSI/ISA-S84.01-1996, ANSI/ISA-S84.00.01-2004, IEC-61511-2004, “Functional safety: Safety Instrumented Systems for the process industry sector” and IEC-61508-1998—2000, “Functional safety of electrical/electronic/ programmable electronic safety-related systems.” In the scheme of things, ISA-S84.01-1996, ANSI/ISA 84.00.01-2004 and IEC-61511-2004 affect user and system integrator of user systems while IEC-61508-1998—2000 affects manufacturers. While IEC 61508 in the process sector is considered a manufacturer’s standard, there are a few instances where 61508 may be applied by the user through references from S84-2004 or IEC 61511.
The question often arises as to whether a company is required to meet the S84 standard. The short answer is No. However, that being said, in 2000 a letter from OSHA to the ISA stated that OSHA acknowledged S84-1996 as a “recognized and generally accepted engineering practice” for safety instrumented systems and that meeting the requirements of S84 for those aspects of OSHA 1910.119 Process Safety Management regulation that S84 covered, met the requirements of 1910.119. The EPA RMP regulations have similar requirements. A similar letter has been requested by ISA from OSHA for the new ANSI/ISA 84.00.01-2004 standard. These letters put companies that want to follow their own standards in the position of justifying that their standards are equivalent or better than S84 if put to the task.
So what options do companies have? There are basically four options: grandfather, meet S84-2004, meet equivalent company standards, or ignore the standards.
Wait Just a Minute Grandpa
One of the first things to raise its head when a company is looking into S84 is “Can we grandfather our systems?” After all, management might say “we’ve had these systems for a long time and nothing has gone wrong.” Many times this is a typical knee-jerk economic response by management reacting to the perceived cost of bringing systems in to compliance with S84 and OSHA. This attitude is often based on a misconception of what it takes to grandfather systems.
The ability to grandfather a safety instrumented system is rooted in S84’s grandfather clause which, in turn, is rooted in OSHA 1910.119’s grandfather clause. While the wording of these grandfather clauses is slightly different, the intent is the same.
The ANSI/ISA-84.00.01 grandfather clause states: “For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard (e.g., ANSI/ISA-84.01-1996), the owner/operator shall determine and document that the equipment is designed, maintained, inspected, tested and operating in a safe manner.”
“A company has basically four options: grandfather, meet S84-2004, meet equivalent company standards, or ignore the standards.”
The next question that usually comes up is: “How do I do the grandfathering process?” Currently, there is not much guidance on how its done. Some companies have third parties do it for them, which can provide an independent review.
The S84 committee is working on a S84 guideline technical report, which, among other things, will provide some guidance on grandfathering. There are several examples of grandfathering methods provided by various companies in the draft S84 guideline. They are primarily a checklist-based evaluation against some properties of the S84 standard (level of risk involved, separation, independence, testing, management of change, etc.) or evaluation of meeting company standards at the time of installation. If a company had strong safety instrumented system standards at the design and construction of the SIS, then it may be prudent to verify that the grandfathered system meets those standards and/or the key requirements of S84. On the other hand, a company with less stringent company standards may want to move on to the next step meeting the standard.
Even if a system has been grandfathered, it must still meet the requirements of OSHA 1910.119 which include testing, training, mechanical integrity, and management of change. There is also the matter of making changes in grandfathered systems and at what level of change triggers a requirement to meet the latest standard. Change in kind generally does not trigger an upgrade, but past that it can get a bit murky.
Standards Complex, Yet Simple
The standards are not rocket science but are somewhat complicated and detailed. Some areas can be as clear as mud even for the experts, so meeting the standards is both simple and difficult at the same time. Meeting the standards requires a dedication of resources (people, time, and in some cases require new equipment) to implement the standard’s safety lifecycle. One of the primary drags on the process is the lack of in-depth knowledge of the standards and a thorough grasp on the methods needed to meet them. In days past, companies would have dedicated standards experts well-schooled in their implementation. These days many companies have done away with such experts to cut costs. So many times, properly implementing the standard basically comes down to developing the expertise in-house, employing outside expertise, or using a combination of the two.
A Tough Row to Hoe
If you wish to roll your own, there are training courses available from ISA and from firms that specialize in safety system work. But even with training, it can be an uphill row to hoe. It is easy to become a member of the S84 committee; all you need do is to sign up. There are a multitude of technical papers out there on safety systems, but they vary widely in useful content. There are a few books out there on the subject (see the reference section) and one can expect more to come in the near future. Many companies that wish to do it themselves often hire firms or consultants that specialize in this area for a few projects and learn from them before going it alone. This is neither a sink-or-swim endeavor, nor work for amateurs.
Many companies simply do not have the resources to do everything on their own and that leads them to hire outside contractors to do safety system work. This does not get them off the hook for everything though, as things like risk assessment can only be facilitated, but not determined by an outside firm.
Many companies farm out specialized areas such as SIL verification and quantitative analysis. There are certainly a number of companies that specialize in safety systems and provide a range of services to fit the clients needs. There are other firms where safety systems are not their specialty but provide this kind of work as part of a broader offering of engineering services.
Although many companies can provide quality safety system work, there are others whose expertise or quality may be found lacking. Unfortunately, the process is often so new and different one can easily be overwhelmed—not only by the good stuff but by smoke and mirrors as well. If you plan to use a consultant to provide some of your safety system work, pick your contractor well. Quality work can provide a safer plant and many times cut project costs too.
The use of your own company standards is a valid method of meeting the requirements of “recognized and generally accepted engineering practice” in OSHA 1910.119. The advantage of this is that you don’t have to change how you are doing things. The disadvantage is that in practice the standard that your company standards will be held against is the S84 standard, both in technical merit and as industry practice. For existing company standards this may make some sense if the standards have a strong base but for loosely standardized companies, it makes more sense to move on to S84-2004.
Certain less enlightened companies may choose to ignore the standards. Others, perhaps are simply unaware of the standards (which is not an valid excuse no matter what anyone says). This can lead such companies in a collision course with OSHA. Even it you are not covered by OSHA 1910.119 PSM, the General Duty clause may get you. The new standards provide OSHA with a much firmer ground for citations. Unfortunately, many of these same companies are same ones that are more likely to have substandard safety systems. Consciously ignoring S84 or equivalent can open a company up to criminal liability. It also may be grounds for a judgment of gross negligence. Remember that workman’s compensation protection laws may not protect a company from being sued directly in some states.
Help Is On the Way
While this can be confusing and a daunting task at first, there is some help on the way from the S84 committee. The committee has been hard at work on guidelines to help the user of the S84 standard. One of the major ones is a guideline for the S84 standard itself, which is getting close to a committee draft vote.
Others areas that the committee is working on is safety bus, burner management systems, fire and gas and electromagnetic compatibility. If you have any interest in these areas, the S84 committee can always use more participation in these areas and others that will develop in the future. There are also existing ISA technical reports on SIL verification and testing available (see the references). The future of SIS standards is one of more thorough, clear definition as the S84 and the international standards continue to evolve (you didn’t think that this was the end of it, did you?).
The S84 committee will be issuing technical reports in the future which will help clarify and assist the user in implementing safety instrumented systems. It is anticipated that OSHA will issue a letter in the near future regarding the new S84, which will further cement the standards status as a national standard and as “recognized and generally accepted engineering practice” for OSHA 1901.119.
1. Guidelines for Safe Automation of Chemical Processes, AIChemE Center for Chemical Process Safety, 1993, ISBN: 0-8169-0554-1.
2. Safety Shutdown Systems: Design, Analysis and Justification, Paul Gruhn, P.E. and Harry L. Cheddie, P.E., ISA,1998, ISBN: 1-55617-665-1
3. Control Systems Safety Evaluation & Reliability, 2nd ed , William M. Goble, ISA, 1998, ISBN: 1-55617-636-8.
4. Safety Integrity Level Selection, Systematic Methods Including Layer of Protection Analysis, Ed Marszal and Dr. Eric Scharpf, ISA, 2002, ISBN: 1-55617-777-1
5. Safety Instrumented Systems Verification Practical Probabilistic Calculations, William M. Goble and Harry Cheddie, ISA, Available 2005, ISBN: 1-556717-909-X.
6. Guidelines for the Safe and Reliable Protection of Chemical Processes, Angela Summers, AIChemE CCPS, Available Summer 2005.
7. Reliability, Maintainability and Risk: Practical Methods for Engineers, David J. Smith, Butterworth-Heinemann, 2001.
8. ISA TR84.00.02 “Safety Instrumented Function (SIF) Safety Integrity Level (SIL) Evaluation Techniques, Part 1-5”, ISA,2002.
9. ISA TR84.00.03 “Guidance for Testing of Process Sector Safety Instrumented Functions (SIF) Implemented as or within Safety Instrumented Systems”, ISA, 2002.