To safety standards and beyond!

An overview of fuctional safety management shows it includes safety, protective, risk reduction, and administrative systems. (Click to enlarge)

Functional Safety in a Plant
Managing anything in a plant is sometimes difficult due to vested interest and politics, and management of functional safety is no different. This task is often given to a poor plant engineer with no stroke to get it accomplished with few resources. To successfully manage the functional safety process, the person responsible should report directly to the facility manager. There also needs to be an outside independent auditing authority. Each plant in a facility should have someone responsible for its functional safety systems, and that person should have a dotted-line connection to the facility-responsible authority.

Management and application of functional safety should be consistent within the facility, in the company and in the larger industry. Consistency comes from standardization and uniform application of the standards and techniques used, and from knowledge of industry practices. Engineers must know standards, but they also must know how similar units and facilities operate. Benchmarking of common process risk isn’t generally available. This can be developed internally, and should be to some extent. The common sources of industry practice are third-party consultants with plant-level and industry experience.

Functional safety-system competency is another area that should be addressed. S84 standard covers it in Section 5.2.2.2. It’s clear that management, implementation, and long-term support of functional safety requires competent personnel, and not just the next available engineer or employee.

SISs and other IPLs are mostly downstream protections. In short, the cat is almost out of the bag, and we’re trying to keep it from getting loose. Preventing the cat from even trying to get out of the bag by reducing the demand rate on the IPLs is an alternate but complementary approach. It certainly seems reasonable that initiating causes and process design for high-risk hazards should receive additional consideration in design, operation, and maintenance to minimize safety demands. This is analogous to a quality system where the IPLs are similar to the downstream measurement of quality, but the real success of a quality system is preventing the quality defect to begin with.

Intrinsic safe design of the process is a recognized approach to this need. It’s applicable to new units and projects, but is somewhat more limited for existing units. Reducing frequency of initiating causes of hazards (failures), consideration of human factors and systemic propagation of accidents, alarm rationalization, simplification (effective minimization of complexity), and a deeper consideration of abnormal conditions in process control design are also ways to reducing risk.

The Future
Some areas that need further work are standards or guidance covering the aspects of all functional safety systems, upfront reduction in risk, and a good look at process accident propagation. Accidents can consists of initiators, downstream events, human factors and systemic effects, including manpower reduction, reduction in experience levels, older plants, cultural effects and management policies. Work is also needed on risk benchmarking, overall evaluation of risk, and downstream analysis of the effectiveness of the S84 standard, its implementation, and related methodologies in reducing accidents or near misses.

There also must be an overall functional safety management plan to manage all aspects of functional safety in a facility or company. In addition, implementing such a plan requires the managing authority to have the stroke and resources to enforce its management plan. It’s not sufficient to let every plant in a facility manage its own functional safety, to make it a project-team responsibility, to assign it to a low-level engineer, or let it be subject to corporate guidelines with lax enforcement and implementation. The first case is the fox guarding the hen house; the second is a guard dog that’s only interested as long as it’s being fed; the third is equivalent to giving the task to a guard dog that is half the size of the fox; and the fourth is no guard dog at all.

All management of functional safety procedures and their implementation and operation should be audited for compliance by a third party. This should be either an independent, competent authority external to the facility but within the same company, or an outside consultant with the appropriate, plant-level experience and competence in the areas of managing functional safety. This level of auditing will help assure that apathy, political, and/or incestuous relationships in a facility don’t defeat the purpose of managing functional safety.

Though it’s a good start, it’s clear that ANSI/ISA 84.00.01 is just the tip of the iceberg toward management of functional safety. There still is much more to be done.

---

The Geneology of Safety

IN 1996, a major milestone in process safety was achieved when the requirements for safety instrumented systems (SISs), such as emergency shutdown systems, ESD, safety interlocks and safety systems, were codified in ANSI/ISA S84.01-1996, “Application of Safety Instrumented Systems for the Process Industry.”

In March 2000, OSHA officially recognized S84 as “recognized and generally accepted good engineering practice” for meeting the Process Safety Management (PSM) regulation CFR 1910.119 for safety instrumented systems.

During 1999-2002, the International Electrotechnical Commission (IEC) issued its standard 61508, “Functional safety of electrical/electronic/programmable electronic safety-related systems,” which provided an umbrella standard for safety systems for all types of industries.

In 2003-04, IEC 61511, “Functional Safety: Safety Instrumented Systems for the Process Industry Sector,” was adopted as the international standard for safety instrumented systems in the process industries.

In 2004, ISA and subsequently ANSI adopted the IEC 61511 standard with the addition of a grandfather clause and some conversion of text to ANSI/ISA 84.00.01 from 61511 as the new version of ANSI/ISA 84.00.01-2004.

For brevity’s sake, the term S84 will be used in further text, unless it’s more appropriate to use the full name. The new S84 standard brought with it a much more comprehensive standard that covered many of the PSM requirements, as well as substantially more management and documentation requirements. It also mentions covering environmental requirements in Section 1 (j).

---

About the Author

William L. (Bill) Mostia Jr., PE, principal of WLM Engineering Co., has more than 25 years experience applying safety, instrumentation and control systems in process facilities. He can be reached at wlmostia@msn.com.