Process manufacturers have long used hazards and operability (HAZOP) studies, layers of protection analyses (LOPA), defense-in-depth (DiD) strategies and other risk-assessment methods to evaluate their applications and keep them safe. However, these programs don't always work as well as intended, according to David Huffman, business developer in ABB's U.S. Oil, Gas and Chemicals division.
"HAZOPs provide the key aspects of process safety for an application, and LOPA helps define what process safety is and where it should be. However, before looking at where interlocks and other safety equipment should go, some other basic safety analysis needs to happen first, and this is where a sequential automation approach can help increase process safety," said Huffman. "That's why the International Society for Automation's ISA106 committee is looking into doing sequential automation, which is also known as state-based control (SBC) and procedural control. It can give safety a much more active role in process applications, and can help make process safety the concern of all users."
Huffman presented "Improving Process Safety with State-Based Control" today at ABB Automation & Power World in Houston.
"ISA88 has been the manufacturing standard for recipes, controls and plant operations management in the chemical and pharmaceutical industries; we want ISA106 to do the same for the continuous process industries." ABB's David Huffman discussed the potential for state-based logic to improve the safety of continuous processes.Instead of merely dealing with protective layers, SBC includes the start-up, routine operations and shutdown of a process application. Huffman said this perspective grows out of the batch operations and industries covered by the ISA88 standard, and basically views each process application as a long-term batch process. Many chemical and pharmaceutical applications are big users of ISA88's SBC-based recipes and sub-elements.
"The concepts of sequential control have been historically ignored by the continuous process industries," explained Huffman. "What we're talking about now is taking what the operations guys do day in and day out, and bringing it into the operating environment's automation. This can be done because even the simplest continuous process runs with a procedural existence. In fact, most processes don't run in one stage anyway. They start and stop as they make different products, and so they use multiple states of control. All processes are basically big batch applications. So, the process industries could have adopted ISA88, but they did not, and so now the ISA106 committee is working on a new standard."
So far, the ISA106 committee passed its TR106.00.01 document in 2013, which details the models and terminology that an eventual standard may use. The committee is expected to draft recommended work practices for the proposed standard in another six months.
Huffman added there are four key areas in which SBC can contribute to better process safety:
- Consistent adherence to accepted, best practices, and the elimination of human-error opportunities;
- Systematically park the process into acceptable, sub-optimal conditions in place of shutdowns;
- Process state management of alarms and alarm controls based on equipment or process states to prevent unnecessary and standing alarms that contribute to operator overload/misinformation; and
- Manage operator access to control devices to prevent or minimize mistakes.
"I worked 20 years in process plants, and went through two strikes, and so I learned that written procedures don't always match what operators actually do," said Huffman. "Of course, operators sometimes come up with better solutions, but many of these better practices aren't documented. Operators on different shifts also run the same applications differently, and many plants also have different operating characteristics when they're running at full, three-quarter and half rates."
Huffman added that SBC principles can also be used to help process applications manage their alarms better. For instance, the ISA18 standard describes how using SBC can help manage alarms according to a predefined plan.
"Safe process applications need consistent adherence to best practices, and SBC provides control according to those best practices regardless of who is at the controls. There are no shortcuts or forgotten actions. Safe operation knowledge remains with the automation system as the people running the process change. And, as the process changes, modified or new procedures are executed accurately and immediately," added Huffman. "No one wants to automate every valve and device, but they can appropriately automate in ways that make financial sense, reduce variability, and add new equipment in the future."
Huffman added that SBC also keeps process applications running within safe operating parameters by creating new opportunities to keep them running rather than resorting to shutdown. "Shutdowns and startups are often the most dangerous situations, and handling them well may not be attainable by a normal operator's response reflexes," added Huffman. "However, SBC can handle them because it's analogous to the latest safety options on automobiles, such as reactive cruise control that slows the car down on approach, and returns it to normal when conditions improve."
Huffman reported that one of the main questions about SBC is: will it take control away from humans? "Partially yes and partially no," explained Huffman. "Humans need to be aware of their applications, but why make an operator deal with dozens or hundreds of alerts and alarm faceplates? The control system software should be able to handle them, and then the operator can make sure that the system is running properly and make adjustments as needed. We'll always need safety instrumented systems (SISs), but control system software can respond quicker than operators, and often keep the applications from needing to be tripped by the SIS.
"ISA88 has been the manufacturing standard for recipes, controls and plant operations management in the chemical and pharmaceutical industries; we want ISA106 to do the same for the continuous process industries."