Safety Life-Cycle Planning

By Feng Tao, PhD; Dan Bourlet, R.E.T.; Jon Blois, PE

The petrochemical industry is one of the most experienced in terms of using safety instrumented systems (SIS) or conventional emergency shutdown systems. In this industry, safety systems were employed even before the issue of the first ISA 84 standard in 1996.

The petrochemical industry is familiar with SIS standards, requirements from the Occupational Safety and Health Administration Process Safety Management program and the Environmental Protection Agency chemical accident prevention provisions. Some leading companies have even more detailed corporate design criteria to supplement performance-based SIS standards.

But now many industries besides petrochemical are being pressed to assume corporate social responsibility and improve safety for employees and the environment. Many of these industries have not been typical users of safety systems, but now want to adopt SIS to enhance process safety.

When new industries are ready to embrace safety systems, they often find themselves lost in the swamp of safety standards and terminology. Unlike users in petrochemical industry, they are not familiar with SIS and rigorous regulation requirements from federal regulatory bodies. This does not mean that they have neglected process safety issues or that they have a bad safety record; but they recognize that improvements can be made.

Many companies find themselves playing catch-up in terms of safety system implementation. In the design and construction of new facilities, safety systems often are excluded from the project. For existing facilities, some companies are finding it best to hire safety consultants to examine compliance with safety system standards.

New users, new problems

Companies for whom SIS is a new concept find they are unfamiliar with the concept of the safety life cycle. Managers and engineers often struggle over these questions:

• What is the procedure for development of a safety instrumented system?
• What are the exact requirements for a safety system?
• How will safety systems affect daily operation and maintenance?

Safety system integrators (SSI) and safety consultants can guide users through the safety life cycle and provide answers to these and other questions.

The safety life cycle can be divided into three stages: analysis, design/realization, and operation and maintenance. Normally, the SSI’s main role is in design/realization. The SSI will finish detailed design and implementation based on the safety requirements specification provided by users. After site acceptance testing, the system will be handed over to users for operation and maintenance.

There must be management buy-in of safety standards and of the associated life- cycle concept. Some safety-related design and activities may conflict with company’s existing concepts or design criteria because the safety standards are relatively new. As a result, the safety design may not be recognized by the management/operation departments.

If this conflict is not resolved at the beginning of the project, two problems may arise. First, the user engineers may not agree with the design provided by the safety system integrator. Even if this problem is resolved and implementation is successful, there is no guarantee that the safety system will be effectively operated and maintained.

Another issue is insufficient risk analysis and inappropriate safety system performance requirements. This can be addressed by properly executing the first stage of the safety life cycle, the generation of the safety requirements specification. Unfortunately, some users fail to exercise due diligence at this stage, and the quality of risk analysis is sacrificed. This can cause problems in areas like safety integrity level (SIL) assessment.

When an instrumented function is rated with a high SIL, users may not understand the implications of this designation. Because they are in a hurry to continue to the next stage of the project, they may not try options to lower the SIL rating. This is often the situation in a big project when everyone wants to make up time on the schedule. Early feedback to the design team can design out process risks, reduce the SIL and cut cost of ownership.

For new users of SIS, issues like these are common and can be resolved by getting safety system integrators involved early. This can ensure that the safety requirements specification is correct and that the safety design is cost-effective.

Safety life-cycle planning helps

Safety life-cycle planning in the early stages of a project can control project execution risk and achieve a cost-effective design. The ISA 84.01/IEC 61511 standard divides the safety life cycle into 10 phases and specifies inputs/outputs for each phase. But in addition to the separate phases, it is useful to prepare a governing document on safety life-cycle planning.  

This overview document defines the project execution path, the individual steps and the methods used, the corporate resources needed and the definition of important safety terms directly related to the project. This gives all parties involved in the project a clear road map for project execution. Users should ratify this document before the project moves into detailed execution, as it brings these diverse and cost-effective benefits:

• Helps reach mutual agreement: Because the execution path and a brief description of each step and the method used in that step are described, all parties involved in the project will know the development process of the safety system. From a project execution standpoint, this document acts like a road map, and it should decrease the resistance faced from the project execution team.
• Gains management support:  All the resources needed from users are listed in the document. During the project, information from the user engineer and from the operation and maintenance departments will be needed. This information will include existing engineering documents and drawings, near-miss accident records and reparation/maintenance records. To obtain the information needed, the support of management may be required.
• Identifies missing information: The company may not have the information necessary for the project, or the information may not be ready for use. This situation should be identified before the project moves forward. For example, some companies do not have a risk matrix, necessary when using layer-of-protection analysis or a risk graph in determination of the SIL.
• Brings up potential difficult issues: Some issues may not look important at the early stages in the project, but are vital for the safety system design. For example, device reliability data must be used in probability-of-failure-on-demand calculations. It can be difficult to obtain these data because many vendors don’t like to release this information. Therefore, this risk should be put on the table prior to detailed design, and users should focus on getting the information in the selection and procurement phase.
• Provokes the thinking process: User engineers are prompted to answer questions that help them think about system design criteria and performance requirements. Sufficient feedback from users eventually helps to develop a safety system suitable for their needs.

Besides the safety life-cycle plan, documents for each phase of the safety life cycle should be prepared as required by the standards. These efforts can significantly improve the quality of the project.