This article was printed in CONTROL's June 2009 edition.
There's no groundswell of process industry end users clamoring to share their experiences and advice about best practices on process safety. Trust me, I've looked. So, when a major end user pops up and says he's willing to talk about process safety, I listen closely. Jan Wiegerinck, team leader for control and automation/process control optimization at Shell Global Solutions in the Netherlands, says this is one reason why safety standards are of such limited use. "Standards consist of many 'shalls' and 'shoulds,' but the question many users have is 'OK, now what?' Ironically, this is because standards are only understood by those who don't need them—those users who are all doing the right thing already," he explains. "The fact that many operators won't hit the red button because they'll be fired shows that many organizations are still in a non-safety culture. This is why the Piper Alpha incident escalated the way it did—because the neighboring platform wouldn't stop feeding the fire."
As a result, Wiegerinck says individual engineers or operators can't change their companies' overall process safety. "What we need the managers of these businesses to understand is that profit is not helped by meeting daily production targets through sacrificing people and equipment integrity," he says. "In the long run, accidents really are more costly than safety."
[pullquote]Because of this simple, but hard-to-apply truth, Wiegerinck reports that Shell's mindset also is changing to "if I don't hit the e-stop, then I'll be in trouble or fired."
"In the previous 10 to 20 years, the culture of maintaining production targets said the person who tripped the process just in time was a hero," explains Wiegerinck. "Now, you would not be a hero. In fact, unauthorized bypasses already have resulted in terminations."
About 10 years ago, Shell began making its transition to improved safety by implementing the IEC 61511 standard after its leaders and engineers realized that developing asset integrity meant keeping its systems intact and keeping product in the pipe. "Accidents with loss of containment are far more costly than safe shutdowns. This why so much attention is given to creating and maintaining asset integrity," says Wiegerinck. Shell has three main procedures for doing this:
- Ensure safe production (ESP) on the operations side with appropriate alarm handling, monitoring ongoing processes and staying ahead of them, and conducting organized shift handovers to avoid any surprises.
- Maintaining mechanical integrity by operating within equipment limits, such as preserving insulation and monitoring corrosion to avoid containment losses.
- Conducting instrument productive functions (IPFs), which are the same IEC 61511's safety instrumented functions (SIFs). To do this, Shell created SIFpro software that it uses and sells with its services to third-party users.
Wiegerinck says that to perform its own risk assessments, Shell conducts a hazop study to determine if a SIF is needed in a particular application, and then uses SIFpro to determine its safety integrity level (SIL). The same software tools also can be used to verify the design of SIFs and the hardware, software and test intervals they'll require. To meet its corporate risk level, Shell uses SIFpro to establish SILs, employs a software-based risk matrix, and calibrates it to meet the firm's corporate tolerability risk criteria. "Functional safety means realizing a SIF is needed and then achieving SIL and keeping on it until it becomes part of the full process life cycle, including managing changes," adds Wiegerinck.
In fact, Shell is creating a full life-cycle safety program for all 30 of its downstream refining facilities to be completed by 2012. "Bigger organizations may have more resources and safety experts, but smaller ones can get a good consultant and be more nimble about improving their safety," says Wiegerinck.
Profit isn't helped by meeting production targets by sacrificing people and equipment integrity. Accidents really are more costly than safety.