To safety standards and beyond!

Hopefully, the way non-SIS mechanical IPLs are commonly handled is by placing them in the site’s mechanical integrity program. This is better than nothing, though integrity programs aren’t generally set up to handle IPLs and their requirements. Administrative IPLs usually are left up to plant personnel, and again have limited connection back to originating IPL requirements and the associated LOPA. More than likely, a lot of IPLs get lost in the shuffle.

Minimum Standards
It should be noted that ANSI/ISA 84.00.01 and the risk analysis techniques represent minimum standards practices and not maximum ones. The same applies to OSHA’s PSM, EPA’s RMP regulations, and to other industry standards. So, merely meeting the standards and regulations may not necessarily make a plant or facility safe.

What S84 Does and Doesn’t Cover
S84 covers safety instrumented systems (SISs). Indirectly, it can put requirements on identified layers of protection. However, it doesn’t have specific requirements of some other types of safety systems discussed below. It should be clear, however, that OSHA’s PSM and EPA’s RMP covers all associated safety and environmental systems.

Other Safety-Related Systems?
While ANSI/ISA 84.00.01-2004 provides comprehensive coverage for safety instrumented systems (SIS) and some minor coverage for independent layers of protection as part of its risk analysis, what about other safety-related systems that are covered by OSHA and EPA regulations? Some examples are facility/plant/unit/section manual emergency shutdown systems (ESDs), manually activated safety systems, and orphaned safety systems or layers of protection.

Facility/plant/unit/section manual ESDs are general-purpose, operator-initiated shutdown systems, commonly known as the “Big Red Button.” While these may be activated by detection of a known hazard, they’re typically a more general-purpose action of last resort (AOLR) against unidentified hazards, failure of all layers of protection for a hazard, an unexpected propagation path of a known hazard that bypasses existing layers of protection, or a catastrophic event. There are no industry standards that directly cover this type of system, though some people incorrectly assume that S84 applies to them (see ANSI/ISA 84.00.01-2004 Section 1(x)). This isn’t to say that some S84 principles and practices could or shouldn’t be applied to this type of system, but rather that the standard isn’t directly applicable.

What about other manually actuated safety systems, such as fire and gas and toxic detection systems? Some of these are automatically actuated, but many are manually actuated. Some may not even have a direct manual actuation of a safety system, and so the operator is expected to diagnose and solve the problem. These typically are actuated once the cat is out of the bag, and will hopefully to minimize the result of the hazard. If these are considered safety or environmental protection systems, then they’re covered as manual and operator-action systems under PSM and RMP.

What about orphaned safety systems or layers of protection? An orphaned safety system is an identified safety system or “layer of protection” that is shown not to be “required” by the risk analysis. It either currently exists or, for new systems, is a traditional safety system for that type of process. It also can be a safety system identified by the process designers or operators as desirable, or it even may be required by process design or company standards. These systems aren’t covered by S84, unless they’re identified as an SIS and they’re not IPLs because the risk analysis indicated they weren’t required.

These safety systems and similar ones are certainly covered by PSM and RMP in the facility’s mechanical integrity system. If you’ve got them, then they’re covered. This isn’t to encourage people to take out these systems, but to identify that they need to be managed.

One should remember that existing safety systems have evolved for many reasons based on accumulated operating experience (sort of a plant memory), and a spiffy engineering risk analysis doesn’t necessarily negate the need for such systems. Existing systems are based on experience (what has happened over time and what plant people worry about), while a risk analysis is based on personnel experience, engineering expertise and analysis (what has happened in the experience of the analysts present at the risk analysis, and what may happen by analysis and speculation based on engineering principles). Some companies designate these as SIL “A” or SIL “0,” and have specific requirements for these systems that use parts of S84 to meet PSM and RMP regulations.

All of these systems can be classified as functional safety systems (FSSs) that must be managed to insure that their integrity is maintained, and that they meet appropriate functional safety requirements, regulations and industry practices.

Functional Safety Management
Management of the SIS, identified layers of protection, and other identified safety systems that are engineered or are administrative protections come under the guise of the management of functional safety, and so are covered by requirements of OSHA’s PSM and EPA’s RMP as part of the management of process safety and the environment. ANSI/ISA 84.00.01 provides detailed guidance for SISs, but there is little the detailed guidance for managing other FSSs. Figure 1 below provides an overview of the management of functional safety.

FIGURE 1: MANAGEMENT OF FUNCTIONAL SAFETY