"The three main process safety standards are ANSI/ISA 84.00.01-2004, which is the grandpa that's pretty much been replaced by IEC 61511 for end users, and its umbrella standard, IEC 61508, which covers many industries, but they all call for addressing the safety lifecycle," explained Schmidt. "Whether they want to or not, I&E engineers are being charged with the responsibility for operating and maintaining SISs in compliance with regulations and standards; designing and installing SISs according to rigorous standards: establishing risk tolerance criteria; and assuring that hazard and risk assessments are done well."
Don't Confuse Consequences and Likelihoods
To accomplish these laudable goals of keeping staffers safe and preventing accidents, Schmidt laid out the classic steps of conducting thorough HazOp procedures and reports and other process hazard analyses (PHAs), which are crucial before trying to assess risks.
"We basically break processes into nodes, such as vessels and lines, and review each one for potential causes," said Schmidt. "We look at potential consequences, including events such as fires, explosions and toxic releases, and whether they impact personnel at the facility, environment, local community and finances."
After listing all safeguards, Schmidt recommended doing a quick, informal risk assessment (RA) that includes worst cases and likely causes. "We've found that most teams are very good at estimating consequence impacts, but none of us are that good at estimating actual likelihoods. Next, when something shows up in the hazop report, it's important to do a layer of protection analysis (LOPA) for that scenario."
Schmidt added that because risk has two components—likelihood and consequence—a useful RA should include a both a likelihood analysis and a consequence analysis that examine the event and its impact. "Statistical analysis, mostly commonly a LOPA [layers of protection analysis], is determined from loss experience in previous events, and frequently relies on experiences of team members," he said. "Meanwhile, consequence modeling determines extent of the event, determines the effect zone for it, and calculates its impacts' event based on both the extent and effect zone. The likelihood analysis in a LOPA includes linking the frequency of the initiating event to the frequency of the resulting event through a chain of enabling conditions and independent layers of protection, each with its own probability. LOPAs have become very popular because they're effective and they lead users away from subjective judgments."
Schmidt concluded that, "I&E engineers and managers must see that PHAs are done correctly and that safeguards and independent protection layers (IPLs) are identified appropriately. Safety integrity layer (SIL) assignments depend on first establishing risk tolerance criteria for the organization. Also, SISs must follow generally accepted good engineering practices, but these don't have to be IEC 61511 or ISA S84. Finally, I&E engineers must see that questions about architecture, proof-testing, using more than one basic process control system (BPCS) function and proven-in-use are settled for their organization."