Staying Safe Requires Layers of Protection

June 16, 2008
When It Comes to Plant Safety, Honeywell Tells End Users to Know What Layers of Protection They Have In Place, and to Find Out Which Needed Layers Are Missing

Think safety is expensive? Wait until you get a look at the bill for being unsafe.

The cost of process-related incidents in the U.S. is approximately $20 billion per year, but Honeywell Process Solutions (HPS) can help. Erik de Groot, market manager for HPS’ safety management solutions, reported on his company’s layered approach to safety during his “Integrated Safety System Solutions” presentation on the first day of Honeywell Users Group (HUG) 2008 on June 16 at the Arizona Biltmore Hotel in Phoenix.

“The first thing we advise users to do is to check the safety record of their facility, determine how many incidents they have per year, evaluate their present safety program, learn what layers of protection they now have in place and find out which needed layers are missing,” said de Groot. The main reasons for doing this include:

  • Profit by maintaining highest availability and maximizing throughput and utilization;
  • Reduced costs by positive impact on headcount, lower installed costs and reduced operational cost;
  • Safe production by maintaining lowest risk levels;
  • Company image maintenance via preventing incidents;
  • Environmental protection by keeping product within containment facilities.
“Honeywell’s layered approach to process safety includes a completely integrated solution from basic control via advanced applications to safety, fire-and-gas and security solutions.” Honeywell’s Erik de Groot discussed the company’s unrivaled ability to bring together multiple aspects of safety and security for its end users.
To help users achieve and maintain desired safety levels and gain the resulting benefits, de Groot reported that Honeywell’s layered approach—from the outside down to the core—includes physical security, emergency response, safety-instrumented systems (SIS), boundary management, effective operating environment, abnormal situation management, asset management and detection, and finally, secure process control. Specifically, HPS’ integrated safety solutions fit neatly within its overall mission of safety, reliability and efficiency. For instance, safety is directed by preventing and mitigating emergency situations; reliability is accomplished by robustness that maximizes process availability; and efficiency is enabled by remote management and data exchange. In addition, HPS recently integrated its safety and fire-and-gas capabilities.

“We’re also making it easier to exchange data between our process and safety systems,” explained de Groot.

To implement a safety program and achieve safer operation, de Groot reported that users and their applications must have competent people, reduce risks, install SISs, guarantee safety over their facility’s lifetime, maintain operational efficiency and address cost-of-ownership issues. To improve staff competence, HPS has captured its more than 20 years of proven methods and solutions and now offers its Global Project Execution Process and Tools, which are TÜV-certified and IEC 61511-compliant. These enable project execution by allowing users to access the multiple TÜV-certified engineering locations that HPS operates worldwide.

“These tools give users clear and consistent safety system designs that are easy to understand and maintain, as well as the availability of Honeywell’s global expertise and knowledge,” said de Groot. “We also have multiple Honeywell engineering centers for large projects that may require many resources, but still need to be TÜV-certified. This helps smooth installation, commissioning and start-up due to standard proven-in-use applications and solutions.”

To further reduce risk, de Groot added that HPS has several new and improved solutions. These include:

  • FSC R702.1 that supports Safety Manager I/O to cut costs and simplify migration to Safety Manager and is easier to use due to its Function Block Library Management tools, advanced forcing features that simplify optimization of safety applications and an Extended Help functionality.
  • Safety Manager R131 that has Safety Manager—C300 P2P (PCDI), Modbus TCP, SafeNet P2P, remote management, redundant AO, exchange output module, fault configuration per point, QPP-0002 and builder enhancements for large applications.
  • Remote Management with different security levels defined via configuration, including conservative, normal and progressive. Its unique IEC 62061- and IEC13849-approved confirmation mechanism allows management from any remote location and is password-protected.
  • QPP-0002 module that boasts 40% faster processing, 40% larger applications, increased memory capacity to store images of all embedded software, hot back-up of application, configuration and system software and even a self-learning principle.

“It’s important to have a safety life-cycle program in place, and Honeywell can make doing it easier—and easier to maintain,” said de Groot. For example, to design and configure HPS’ Experion Safety Manager to be SIL3-compliant, users don’t have to do anything. Unlike other alternatives, we have no dedicated ‘safety code,’ no ‘safety configuration,’ no external relays, no external monitoring measures, no voting scheme tweaking and no cycle-time monitoring. In this case, SIL3 comes for free.”

Likewise, users only need to perform four steps to make online modification of their SISs, and there’s even a software-based wizard to guide them through the online modification procedure. “This process also is simple, safe and TÜV-approved,” added de Groot.

In addition, de Groot reported that Experion Integrated Safety runs SM-C300 P2P over FTE between C300 controller and C Series I/O and Safety Manager controller and I/O, operates SafeNet P2P over FTE between Safety Manager components, and also can use Modbus TCP between Safety Manager and other devices. The Safety Manager controllers and I/O can be linked via SafeNet P2P over a separate and segregated network to a safety station and other safety components.

C300’s communications can share data between the process control system and the safety application by enabling a direct interface to the CEE controller family, currently C300, using built-in redundancy, multiple connections, bi-directional data transfer and fault reaction configuration per point, added deGroot.

If users need safety-related services, HPS’ life-cycle support includes hazard and risk analysis, allocation of safety functions to protection layers, safety requirements specifications for the SIS, design and engineering of the SIS, installation, commissioning and validation, operation and maintenance, modification and decommissioning. Complementary services include safety life-cycle structure and planning and management of functional safety assessment and auditing. Other services include verification.

De Groot added that it’s important for users to understand IEC 61511 prior-use rules about safety, which include 11.5.3 requirements for the selection of components and subsystems based on prior use. For instance, states that appropriate evidence shall be available that the components and subsystems are suitable for use in the safety instrumented system. He added that it should be noted that, in the case of field elements, there may be extensive operating experience either in safety or non-safety applications. This can be used as a basis for the evidence. “Likewise, users also can employ SIS-Health Monitoring Tool to secure data and determine failure-rate levels and then develop target requirements to aid proven-in-use arguments,” said de Groot.

“So how does Honeywell’s dedication to process safety compare to the alternatives? Honeywell’s layered approach to process safety includes a completely integrated solution from basic control via advanced applications to safety, fire-and-gas and security solutions. It also has TÜV-certified global project execution process and engineering centers, offers proven-in-use safety systems with long-guaranteed support and migration options that don't leave the customer behind, and the SIL level of the logic solver is guaranteed and doesn’t depend on the application. Also, all application and hardware changes can be made on-process; users have to freedom to select integrated or segregated systems; and users can access safety life-cycle consultancy and tools,” explained de Groot. “However, alternative programs have only loose product portfolios in which users must make the interaction work, and often have only country/site specific processes and engineering. They’re also limited by multiple products—some current and some obsolete without migration paths. These often require specific application considerations, additional safety measures and costly proof-testing. In addition, some changes to the safety system require users to stop their process or give the safety responsibility to the operators. This means they often have no choice—either you get it over-integrated or you get it too loose. There’s no in-house consultancy or life-cycle tools either.”

Finally, de Groot reported that Safety Manager’s and C300’s control integration, F&G FTA with HART support, improved robustness, remote management, QPP-0002 and SafeNet P2P in 2008 will pave the way for FF-SIS customer evaluation and Safety Manager remote I/O and Microsoft Vista OS support in 2009.