Uncertain safety

Users seeking appropriate process safety systems aren’t getting enough help from unspecific standards and ideal-world certifications. Here’s how to gain useful safety capabilities in a buyer-beware world.

By Jim Montague

2 of 3 1 | 2 | 3 View on one page

Looking at the sheer number of refinery accidents, it might seem that most happen at U.S. facilities, but there is little or no thorough, historical accounting to confirm this anecdotal evidence. One of the most current studies, published in 2004 in AIChE’s Process Safety Progress concluded, “We identified that: (a) there are some problems with the government databases, (b) even with these problems, some important information can be extracted, and (c) descriptions of accidents are especially useful and educational. Some surprising and useful conclusions have also been developed; e.g., (a) major accident performance is continuing to degrade, (b) although PSM may be making a mark, something else is needed to improve industry’s accident performance, and (c) runaway reactions continue to be a significant cause of major accidents.”

European and other facilities worldwide have had significant accidents, but apparently on a less regular basis than in the U.S. If there are more accidents in the U.S., some observers say it may simply be because the U.S. has more refining operations and capacity, or that Europe regulates more closely because its denser population puts its refineries generally closer to populated areas. 

There’s less debate about the fact that regulators in Europe have greater authority than their U. S. counterparts to inspect and enforce process safety rules before plants are built, when they’re operating and after incidents occur, and that civil and criminal penalties are more severe for violators. The bulk of OSHA’s and other U.S. authorities’ regulatory presence occurs after accidents happen.

Going beyond guidelines, IEC 61511 has been adopted as national law in Spain, Belgium, the Netherlands and Australia. In fact, following one disaster, Australia’s government passed an industrial manslaughter law mandating jail time for plant managers found guilty of contributing to staff fatalities. According to former ExxonMobil safety guru and director of Invensys’ Premier Consulting Services, Bob Adamski, “We get lots of people from Australia going through our training classes to become TÜV-Certified Functional Safety Experts because they’ve found they can’t work without the certification.”

Though industrial regulations supposedly lag in the former Third World, several Asian nations with growing refining operations reportedly are studying European and Australian regulatory model and plan to adopt similar rules.

“When we recently proposed several jobs in Hong Kong and some smaller Asian countries, they all stated that we had to conform to IEC 61511,” reports Adler. “The larger, more sophisticated process applications are trying to follow these standards, but many of the mom and pops are fighting it kicking and screaming because they don’t understand that process safety can pay for itself.”

Substandard Use of Standards
Widely varying facilities, technologies, applications, risks and other factors make it hard to draft process safety standards that can be applied to all settings in each process industry, let alone one that can be applied across all of them.

Still, there are common threads, which led International Electrotechnical Commission’s (IEC) developers to draft its 61508 and 61511 standards and updates. ISA and its SP84 committee adopted IEC 61511 as the ANSI/ISA S84.00.01 standard and revised it in 2004. OSHA recently recognized S84 as one of its Recognized and Generally Accepted Good Engineering Practices.

One important difference between IEC 61511 and ISA S84 is a grandfather clause that encourages non-compliant applications to be updated, but allows them to continue operating if they’re doing so safely until the application is renovated or otherwise altered.

The grandfather clause, it should be clearly noted, is not a license to keep on with the status quo ante. As Dr. Summers noted in her article for Control, “The Grandfather Clause Is Not a Jolly Fat Man in a Red Suit” (August 2005), all that the grandfather clause does is provide for not having to do a “rip and replace” in order to assure compliance with current standards. You’re still expected to do all the engineering, training, testing and continuous improvement necessary to meet the current standards.

Summers adds the American Institute of Chemical Engineers’ (AIChE) Center for Chemical Process Safety is  is publishing a new book, Guidelines for Safe and Reliable Instrumented Protective Systems (IPSs), to expand on the SP84 committee’s effort to address the development and implementation of a comprehensive management system.

“Where S84 focuses on the life cycle of one layer of instrumented protection—the SIS—this new IPS book provides requirements and guidance for any instrumented system identified as providing risk reduction during a process hazards analysis,” she says.

Instilling process safety standards into a firm’s core values isn’t easy, says Rick Dunn, consultant and senior project engineer in DuPont’s engineering division in Wilmington, Del. “Companies exist to make money, but more are recognizing that safety can pay for itself, and that a lack of safety can make their profit and revenues vanish,” he says. “S84 has been implemented into DuPont’s internal standards because we recognize that process safety pays.”

Certifications Sufficient?
Process safety technologies are evolving as rapidly as plant-floor applications and the standards that cover them.    

Traditional process safety manufacturers, such as HIMA, Triconex and ICS Triplex, have been making redundant systems for many years. However, they’ve recently been joined by several dozen control system manufacturers, who report that safety and control devices can be more closely integrated, while their functions remain separate. Supporters of integrated SISs report that using multiple microprocessors gives their solutions enough computing power to do constant monitoring, test applications more frequently, conduct more internal diagnostics, trigger fewer nuisance trips and perform safe shutdown operations when needed.

2 of 3 1 | 2 | 3 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments