There’s a “Safety Lifecycle” poster on the wall, courtesy of one of our safety consultants, Exida. A few years ago, the Ohio Chemistry Technology Council had a conference focused on safety systems, and Exida kindly gave us a dozen or so such posters—normally sold for $5—to share with the attendees. Not surprisingly, it highlights the various services and software Exida offers at each phase in the lifecycle. Whether the complexity and intimidation of the safety lifecycle chart has grown with the array of services and software offered, or vice-versa, is something to ponder.
As one walks among the many pipes, vessels, rotating machinery and utilities infrastructure carrying flammable, explosive, toxic, high-voltage or otherwise life-threatening materials and energy in enormous volumes, often at high pressures and temperatures, you’d best be at least a little intimidated. If the process itself doesn’t scare you, the regulatory authorities are empowered to scare you with fines, penalties, and even jail time. When making choices regarding safety, it’s good to imagine yourself in a deposition explaining why your design failed to be effective in protecting people or the environment from harm.
OSHA in the plant for cause can also garner attention from investment analysts. Corporate leaders are afraid of lawyers and the government as well, and might be prone to send internal auditors your way so they can gain some measure of assurance that their scary but cash-producing manufacturing assets are not going to make any headlines. When the auditors depart, we’re fortunate if we’re not left with a bushel of findings and mandates that we have neither the time nor the resources to address.
Instruments are being revealed to be the crux of an increasing number of “protection layers,” from alarms that prompt an operator action to high-integrity interlocks that help ensure vessels are protected from overpressure and stay intact. Even if it’s “just an alarm,” it’s no longer acceptable to run to failure. Facing an ever-increasing number of instruments that warrant some measure of routine testing, we’re straining to come up with procedures to demonstrate efficacy, let alone execute them all. What are the alternatives?
When an alarm is claimed as a protection layer, one needs to ensure that the alarm setpoint and priority are kept intact in the DCS. Maybe you’ve already deployed periodic (or even daily) alarm “enforcement.” That’s when all the alarms in the alarm database are written back to the DCS, overwriting any setpoint changes or suppression. Enforcement might be sufficient to cite in lieu of a test to make the alarm sound. But is it possible to validate a measurement loop without physically running a test or calibration?
For instruments in such services, you might be able to justify a few extra dollars to get enhanced diagnostics. Some HART devices will generate an alert if the digital HART PV doesn’t correspond with the 4-20 mA analog output within some margin. The Rosemount 3051S can be purchased with a “power diagnostic” that can generate alerts if the current loop is compromised by water, corrosion or a faulty power supply. The same transmitter can use noise in the pressure signal to detect plugged impulse lines. Temperature transmitters have features like hot backup that can switch to a redundant sensor and generate an alert. Some have diagnostics to detect sensor degradation or drift.
One might be able to claim such diagnostics support measurement validation without a physical test or calibration, or at least extended test intervals. But the diagnostics themselves require some expertise and tuning to set up. Most likely, you’ll need procedures in place to address how they shall be monitored and what actions will be taken when the alerts come in. That the alert itself functions as designed might warrant testing. After all that, does the effort to configure and prove the efficacy of the diagnostic equal or exceed the effort to calibrate and test the conventional loop?
If only, if only our measurement and monitoring systems were capable of self-validation without exhaustive testing, maybe the increasing complexity of the safety lifecycle would be less of a burden. We don’t want to just check the box for auditors or simply change some cell on a spreadsheet from red to green—we want our instrumented systems to demonstrably protect our process plants from hazards and spurious trips.
