The 'Must Knows' of Process Safety

July 21, 2008
Better Products, Better Engineering Tools, Safer Plants and Lower Costs

“Process safety is getting less expensive to engineer and keep current,” said Bill Goble, principal partner and co-founder of exida, a provider of process safety consulting, training and certification services.

Goble provided a detailed overview of the state of the safety instrumented system (SIS) world at this week’s Siemens Automation Summit in Chicago. He noted that when the standard ANSI/ISA84.01-2004 was first published, it created a firestorm of protest from people who insisted that it was impossible to engineer to, too expensive to comply with, and would never be implemented. With the inrush of training and tools available to today’s safety engineer, that simply is not the case, he said. “Today it is easier and less expensive to implement IEC 61511/ANSI ISA 84.01-2004, and this trend will continue,” Goble declared.

“We'll see better products, better engineering tools, safer plants and lower costs.” Bill Goble of exida discussed how new safety life-cycle tools are making safety-instrumented systems easier to design correctly in the first place—and easier to manage properly over the long haul.
The outlook from the vantage of 2008 is far different than it was in 1998, with strong recognition of the need for functional safety and programs established in many companies. “The procedure development is in progress or finished,” Goble said, “and software tools are standardized.”

“I used to say that it was unlikely that you’d ever see an OSHA audit,” he said, “and then I started hearing people tell me otherwise when I gave presentations. OSHA is now conducting surprise audits of your safety systems.” This should give you even more impetus, he suggested, to get your safety system program operational―and keep it that way!

“The safety life cycle is a series of steps to be taken during the analysis, design and operation of a SIS to reduce design mistakes, increase safety and optimize cost,” Goble continued. “The basics of the safety life cycle are three questions: How much safety do I need? How much safety does my design have? How will I keep it safe?”

One of the big issues remaining, Goble said, is how to deal with the safety requirements specification or SRS. “There is a checklist of needed items in Clause 10 of IEC61511,” Goble noted. “This is the critical heart of the safety life cycle.”

Goble described in detail the process of creating and maintaining an SRS. He noted that the “realization” phase of the safety life cycle often uses an iterative process to optimize a design based on capital expense and life-cycle expense. “When the optimized design is complete,” Goble said, “it is likely that the information in the SRS needs to be updated.”

Goble discussed equipment justification and the concept of using either instruments that are certified to be designed in accordance with IEC 61511 or equipment that can be justified for the appropriate safety integrity level (SIL) based on prior use.

“Safety integrity justification is very important,” Goble said, “because of the difficulty in error-trapping complex software systems, and because the computing power and operating systems inside a sensor of today are clearly comparable to the control system main processor of 1990.

“Field instruments today are sophisticated and complicated, and controller products today are multi-processor, multi-tasking machines with strong capability and complexity. This makes the use of certified devices for critical SIL functions very important.”

Prior use, on the other hand, generally means that a user company has many years of documented successful experience (meaning no dangerous failures) with a particular version of a particular instrument. This can provide justification for using that instrument even if it is not safety-certified. Of course, Goble noted, the operating conditions must be recorded and be similar to the proposed safety application. “Users tell me,” Goble said, “We don’t have the failure data, or I don’t want to take responsibility for equipment justification, or we don’t have time to record all instrument failures, or this is a new instrument. Well, in that case, I can’t justify prior use.”

“Prior use justification is one of the main reasons companies should implement a good failure data collection system as part of their safety life-cycle procedures,” Goble said. “Other benefits include better process uptime and lower maintenance costs.”

The biggest recent advance in SIS, according to Goble, is the proliferation of safety life-cycle support tools. “There are numerous process-hazard analysis and SIL selection tools,” Goble explained. “SIL verification tools are reducing the cost of the realization phase, and operation and maintenance tools are making it possible to easily integrate the operation phase into the general operations and maintenance cycle of the plant. And there are even new generations of tools that help users integrate the data and information from all the other tools they have been using to manage their safety life cycle.”

Finally, manufacturers are helping to reduce the cost of SIS implementation, Goble noted. Manufacturers are now producing “safety manuals” for devices, with suggested proof-test data, maintenance procedures, useful-life and failure data. They can help you with a safety integrity justification report. “They are also building into their products advanced diagnostics that mean the opportunity for less proof-testing and fewer false trips.”

“In the future,” Goble closed, “we’ll see better products, better engineering tools, safer plants, and lower costs.”