Read Also: Safety is no accident
Invensys finished the project in 11 months, so the Glas Dowr was ready to leave the Sembawang shipyard in Singapore in June 2011, arriving at the Kitan Field in early July. First Oil was achieved on Oct. 14 of the same year.
Hofstee observes that part of the success was attributable to having the same people work on the entire system. "In my experience project delays often happen when work is handed over from one party to another. This didn't happen on the Glas Dowr Kitan project. All the work was carried out by the same people, which minimized project delays and disruption."
Not So Fast
There was a time, not so long ago, when SIS and control systems were completely separate, and best practice was to keep them that way from the time of their design until the end of their useful lives. Many companies still follow that practice.
"Safety has been more or less controlled by people of our generation, meaning older," says Dave Huffman, Oil, Gas and Petrochemical Business Development, Chemicals, for ABB. "We expect the safety system to be completely different technology from the regular controller system. Years ago, you didn't have the integration mechanisms you have today. As standards developed in the late 80s and early 90s, wording implied that safety systems have to be diverse, and one way to interpret diversity is to have the control system and the safety system from two different companies. This is the way it's been done, and there hasn't been a willingness to change."
It's also important to remember that the push to integrated systems is "vendor-driven," says Triconex' Elliott. "It does lead to a reduction of overall costs. It gives the ability to see all information from one source, however, when you solve one problem, you may create another one."
An integrated system may create security problems, he says. "Cyber threats make the landscape more complicated. Anything with an Internet connection makes for more vulnerability. Are the safety systems more exposed? What do we do in terms of protection?"
Cybersecurity issues aside, there are other good reasons why end users are often reluctant to integrate these two systems.
Answers to a question about separate or integrated safety systems posed in the LinkedIn Automation and Control discussion group are instructive about the complications of using an integrated system. But they also suggest that the choice of a separate or integrated system is not always and either/or proposition.
One respondent, a certified automation professional (CAP), says, "Risk or the potential for hazard is the main consideration. SIL [safety integrity level] is the measure of reliability of your risk-reduction system. These are two separate things for measurement, though it's obvious the higher risk figure has to be covered by a more reliable system. The automation choices finally depend on the SIL level determined. The most important figure is the PFDavg [probability of failure on demand, average], or the probability that the system will reliably fail in a safe mode when called upon to do so. The event requiring SIS [safety instrumented system] action could be a high/low probability, and thus has a high or low 'demand.' If without the use of an independent SIS, the required SIL level is attained, then you are spared the cost. However, if the risk prevails, you have to improve the SIL level by investing in an independent SIS, which will be one additional layer of protection and improve the reliability by a factor of 10."
In the same discussion, another commenter said, "An ICSS [integrated control and safety system] solution is a good feature, but it is necessary to clarify where it is clever to use it first."
He goes on to list some of the factors that need to be taken into account: whether the project is for a new plant or an upgrade, the size of the plant, the development and engineering issues, the impact on operations, maintenance and the lifecycle of the system, and the end user's standards, to name a few.