Bill Goble and the Safety Life Cycle

Process Safety: The Must Know “Process Safety is getting less expensive to engineer and keep current,” said Bill Goble, principal partner and co-founder of exida, a provider of IEC 61508 Product Certification, IEC 61511 Process Certification, Consulting Services on IEC 61511 and other standards, as well as Reference Books, Training and Safety Lifecycle Engineering Software Tools. Goble provided a detailed overview of the state of the Safety Instrumented System world at the Siemens Automation Summit. He noted that when the standard also known as ANSI/ISA84.01-2004 was first published, it created a firestorm of protest from people who insisted that it was impossible to engineer to, too expensive to comply with, and would never be implemented. With the inrush of training and tools available to today’s safety engineer, that simply is not the case, he said. “Today it is easier and less expensive to implement IEC 61511/ANSI ISA 84.01-2004, and this trend will continue,” Goble declared. The outlook from the vantage of 2008 is far different than it was in 1998, with strong recognition of the need for functional safety and programs established in many companies. “The procedure development is in progress or finished,” Goble said, “and software tools are standardized.” “I used to say that it was unlikely that you’d ever see an OSHA audit,” he said, “and then I started hearing people tell me otherwise when I gave presentations. OSHA is now conducting surprise audits of your safety systems.” This should give you even more impetus, he suggested, to get your safety system program operational and keep it that way. Goble talked about the concept of the safety lifecycle, and the fact that this is a way to have a cost effective implementation of a safety system. “The safety lifecycle is a series of steps to be taken during the analysis, design and operation of a Safety Instrumented System to reduce design mistakes, increase safety and optimize cost,” he said. “The basics of the safety lifecycle are three questions,” he continued. “How much safety do I need? How much safety does my design have? How will I keep it safe?” One of the big issues remaining, Goble said, is how to deal with the Safety Requirements Specification or SRS. “There is a checklist of needed items in Clause 10 of IEC61511,” Goble noted. “This is the critical heart of the safety lifecycle.” Goble described in detail the process of creating and maintaining an SRS. He noted that the “realization” phase of the safety lifecycle often uses an iterative process to optimize the design based on capital expense and life cycle expense. “When the optimized design is complete,” Goble said, “it is likely that the information in the SRS needs to be updated.” Goble discussed equipment justification, and the concept of using either instruments that are certified to be designed in accordance with IEC 61511 or equipment that can be justified for the appropriate SIL level based on prior use. “Safety integrity justification is very important,” Goble said, “because of the difficulty in error-trapping complex software systems, and the computing power and operating systems inside a sensor of today is clearly comparable to the DCS Main Processor of 1990. Field instruments today are sophisticated and complicated—both hardware and software, and PLC products today are multi-processor, multi-tasking machines with strong capability and complexity. This makes the use of certified devices for critical SIL functions very important.” Prior use, on the other hand, generally means that a user company has many years of documented successful experience (meaning no dangerous failures) with a particular version of a particular instrument. This can provide justification for using that instrument even if it is not safety certified. Of course, Goble noted, the operating conditions must be recorded and be similar to the proposed safety application. “Users tell me,” Goble said, “We don’t have the failure data, or I don’t want to take responsibility for equipment justification, or we don’t have time to record all instrument failures, or this is a new instrument. Well, in that case, I can’t justify prior use.” “Prior use justification is one  of the main reasons companies should implement a good failure data collection system as part of their safety lifecycle procedures,” Goble said. “Other benefits include better process uptime and lower maintenance costs.” The biggest advance, according to Goble, is the proliferation of Safety Lifecycle support tools. “There are numerous process hazard analysis tools,” Goble said, “and SIL selection tools. SIL verification tools are reducing the cost of the realization phase, and operation and maintenance tools are making it possible to easily integrate SLC operation phase into the general O&M cycle of the plant.” Goble continued, “There are even new generations of integration tools that help users integrate the data and information from all the other tools they have been using to manage their safety lifecycle. Finally, manufacturers are helping to reduce the cost of SLC implementation, Goble noted. Manufacturers are now producing “safety manuals” for devices, with suggested proof test data, maintenance procedures, useful life and failure data. They can help you with a safety integrity justification report. “They are also building into their products advanced diagnostics that mean the opportunity for less proof testing, and fewer false trips.” “In the future,” Goble closed, “we’ll see better products, better engineering tools, safer plants, and lower costs.”