Whether you're a weekend runner gunning for a 5k personal record or an aspiring Olympian with her eye on the medals stand, understanding one's current capabilities is a necessary first step in realizing one's athletic performance goals. Similarly, the first step in achieving—or restoring—the performance of your plant's safety systems begins with a cold-eyed assessment of their current capabilities. Only then can you begin to develop a plan to bring your safety systems to the desired level of performance.
The previous article in this special report ("The Safety Fitness Test"), discussed how to go about assessing the current risk-reduction capabilities of your plant's safety systems, and identifying gaps relative to goal. In this article, we'll focus on applying new safety system technology as a first step toward bringing performance back up to speed.
Among the first go-to solutions in the runner's toolkit is an upgrade to supporting systems and technology—notably new shoes or technical clothing, perhaps the purchase of a new GPS watch or even the hiring of a new coach if funds allow. True, money alone won't solve your fitness problems, but it's hard to focus on building new speed when shin splits or chafing forces you off course, or you can't tell just how fast or how far that last tempo run was. Similarly, your safety fitness assessment may have pointed to the need to update the plant's safety instrumented systems. Choose the right supplier and engineering partner carefully to make sure this project is off on the right foot from the very start.
'Proven in Use' Compliance
One of the key advances in safety systems practice promulgated in the IEC's 61508 and 61511 safety standards is the primacy of functional safety management systems (FSMS) for all organizations involved with safety instrumented systems work. This includes those organizations manufacturing the hardware and developing the software; those organizations engineering, installing, testing and validating them; and those organizations operating and maintaining them.
If your plant's safety systems were developed and installed under the aegis of the 61508 and 61511 standards, it's likely that standards compliance was mandated at the project stage. This means that the systems and instruments themselves—as well as the development and engineering organizations behind them—were certified by a third-party agency to conform to the standards.
But for systems that predate the 61508 and 61511 standards (and necessarily their certification to them), standards compliance dictates that users demonstrate safety performance by "proven in use" criteria. This non-trivial task may include retroactively demonstrating the adequacy of the manufacturer's quality management systems in use at the time, a thorough inventory and description of systems components and sub-systems currently in use, and demonstrated performance of these components and sub-systems in similar operating profiles and physical environments. This accumulation of documented evidence must adequately demonstrate that your plant's safety instrumented functions (SIFs)as implemented meet the current safety integrity level (SIL) requirements of your process.
Further complicating the risk profile of older safety instrumented systems is the spreading obsolescence and scarcity of system components, and shortage of personnel qualified to work with them. Indeed, many systems currently in use are beyond their supplier's stated support terms. As a result, "proven in use" compliance or the grandfathering of an older system may be an adequate near-term plan, but continued safety performance will require that many of industry's safety fitness plans incorporate a full system update or upgrade in the not-too-distant future. Indeed, a recent report by the ARC Advisory Group indicates that some two-thirds of the safety systems in use today are at or near the end of their supportable lives.
System Update Considerations
For process plants with older safety instrumented systems, then, the outcome of any responsible safety fitness assessment and planning process is likely not whether to upgrade, but the timing of the inevitable. In the real world, of course, replacing a dated or soon-to-be-obsolete system must take into account risk factors but also financial, production and other resource constraints. But with the decision to upgrade finally made, users face quite a different technology landscape than even 15 years ago.
Today, the bid specifications for more and more new plants include not only compliance with the IEC 61508/61511 standards but also "integrated safety" as a base requirement. While at first blush this contradicts long industry practice of ensuring diversity by physically separating safety systems from basic process control systems, new technology together with users' desire to reduce costs and improve productivity are fueling an industry-wide movement to integrated systems.
Integration, or at least "interfacing," of safety instrumented systems with basic process control systems is in fact not a new practice. Indeed, the IEC standards' non-prescriptive language doesn't rule out even the physical integration of control and safety in the same box or on the same network. Rather, the standards assert that functional safety cannot be compromised by a failure or by maintenance activities associated with the basic process control system.
Diagnostics technology, meanwhile, has advanced in its ability to intercept dangerous faults, and some of today's integrated safety alternatives feature embedded diversity in hardware and software that reach all the way back to separate development teams. As a result, some of today's integrated safety system options can meet demanding SIL 3 application requirements even without the use of hardware redundancy.
"Process safety systems suppliers continue to cost reduce their hardware offerings and integrate their safety solutions with basic process control systems," wrote Barry Young, principal analyst for the ARC Advisory Group in a recent report on the global safety systems market. "Suppliers offering a truly integrated offering of process and safety are saving end users substantial project costs in engineering and lifecycle expense," he said.
With current technology a range of separate, interfaced or integrated solutions are possible among process control system and safety system suppliers (see "Integrated Safety: The Four Architecture Options" below). The most highly evolved option—an integrated platform from a single supplier that is designed from the ground up to perform both safety and control functions—is typified by the ABB System 800xA process automation platform.
Integrated Safety: The Four Architecture Options
Because it performs as a single integrated system, it features both high- and low-level integration of control and safety system components without compromising the performance of either. Further, taken separately, the ABB High Integrity safety instrumented system can be deployed with control systems from other suppliers either in standalone mode or with top-end integration.
The 800xA platform with 800xA High Integrity safety system functionality features common engineering and visualization tools for both process control and safety functions, boosting both engineering efficiency and operator effectiveness. The integrated approach also allows functions such as information management, asset management and production management to be fully leveraged across the entire automation system. The ABB approach even enables certified safety controllers that can run both process control and safety applications simultaneously—a feature that in some high speed applications can both optimize safety and control performance while reducing capital and hardware needs.
Robust Safety with Lower Project Costs
While the safety components of an integrated environment must adhere to the design, testing, validation and certification processes applicable to safety systems, an integrated approach to control and safety functions can cut capital costs by eliminating some redundant aspects of independent safety and control networks. A smaller system footprint, a unified engineering environment and elimination of a custom interface between the control and safety systems also contribute to project savings.
With the ABB System 800xA, users can decide how much separation to maintain between safety and process control. Even if fully segregated systems are chosen, many residual benefits apply. For example, potential sources of common cause failure already have been analyzed and minimized during the design phase by the development team and independently reviewed by the assessor during the certification of the product. This effectively makes the system smarter and safer from the day it's turned on.
Further, integrated testing is performed during the design validation and verification test, which includes network security as part of the test protocol. Version control, compatibility and interoperability testing are included in the release procedure. The result is a set of common best practices resulting in implementation of an integrated safety system that costs less, works better and even extends the capabilities of the process control system.
In the case of ABB's System 800xA, access control and security are built into the system as an off-the-shelf set of features, including user privileges, user action validation and a common audit trail. It also includes such extended capabilities as write protection, SIL access control and authorization, bypass management, and override mechanisms. The result is a robust set of security controls that apply uniformly across all systems.
As safety systems get replaced, or as new projects are developed, there is an opportunity to decide how you want to address safety in your operation—not just today but for years into the future. Integrated safety can deliver significant performance and cost benefits not only during the project phase, but during the entire operating life of the system. And that's the safety system lifecycle phase that we'll discuss in the final article in this series: Once your safety system is running at peak performance, how can you keep performance from degrading over the next 20 years it's likely to be in use?