Here is what you will find in this edition:
- “Assigning SIL to HIPS; what should one know?” by Monica Hochleitner
- “Controls System of the Future” by Bill Mostia
- “Introduction to SIS Management (part 1)” by Eloise Roche
- Unsafe Automation, incident cases
- Product Focus
- Follow SIS-TECH on technical events and training calendar
Assigning SIL to High Integrity Protective Systems (HIPS); what should one know?
We are often asked “Why does my HIPS need to be SIL 3 when I only claim a risk reduction factor of 100 for pressure relief valve?”.
HIPS are generally expected to achieve SIL 3 and it should be designed to provide a reliability which is 10 times that of the relief valve (Lawley and Kletz, 1975). This is because the uncertainty in the relief device failure data and the difference in the modes of failure: a relief device that fails to operate at the set pressure may nevertheless operate at higher pressure, where as an SIS is more likely to fail completely.
Being a SIS, the HIPS should be designed in accordance with IEC 61511, i. e., the project must go through a hazard analysis, specification, design, verification, and maintenance. But it still requires examination of applicable regulations and standards including code- as API and ASME criteria for the protection of vessels and pipeline from excess pressure – and insurance requirements that may mandate the use of PRD.
Where justified by engineering analysis and documented in the process design basis, API 521 and ASME UG-140 requirements and procedures (commonly known as “Code Case 2211”) allow the use of a SIS instead of conventional design as long as the SIS meets or exceeds the protection provided by the PRD. WRC Bulletin 498, “Guidance on the Application of the Code Case 2211 – Overpressure Protection by System Design” warns that the HIPS must reduce the frequency of rupture or damage to less than 1 in 10,000 years, independent of the consequence severity. This generally results in a SIL 3 requirement for instrumented protection. The HIPS can be implemented using a single function or a combination of multiple functions and pressure relief devices, but in many cases only one SIL 3 layer is provided. These combinations of relief events determine the fault tolerance of the relief system design basis. The overall relief system should be fault tolerant and include sufficient safety margin to account for uncertainty when implementing SIL 3. This means that there are redundant input and output signals, regardless of whether implemented as a single SIL 3 function or multiple functions.
There is much more to be observed during a HIPS design, as common cause factors, time to respond, etc. More information can be found in “Working Under Pressure“.
Clouds Work Better with Fog
Control Systems of the Future
Through the looking class of emerging technologies
How might we expect emerging technologies to play out in the world of process control? Successfully predicting the future is difficult at best, so we sought out and consulted with industry visionaries and long-term planners to see where there is consensus about how rapidly developing operator interfaces, computing, data analytic and virtual reality will change our craft. Their informed speculation indicates these emerging technologies and others will be impacting our industries at an increasing, even amazing, rate. See more. . .
An Introduction to SIS Management – Part 1
What do you need for a Safety Instrumented System (SIS)? A couple of sensors? A logic solver, whether a safety relay, a certified trip amplifier, or maybe a more complicated programmable system? How about some valves or pump motors to perform the necessary action?
All of those answers would be more or less true. These components of the SIS certainly need to be of appropriate quality, and the configuration of components have an appropriate architecture, to support the safety integrity and operation reliability required by the specification for that safety function. Indeed, among our readers are professionals in companies that focus on providing one or more of the above components of a SIS.
But is that all? How about the people?
People select the protection strategy for the facility and propose specifications for the safety functions used in that protection strategy. People design the SIS hardware, program the SIS application software, and write the associated SIS procedures. People implement that hardware and software. People operate and maintain the plant following those procedures. People…
How good are the integrity and reliability of these human systems? Are they appropriate for SIL1, SIL2, or SIL3? Or do they fall short even of the expectations industry would have of Safety Controls, Alarms or Interlocks (SCAI) which aren’t required to live up to the full ISA-84.00.01 SIS standard?
That is where SIS Management comes in. Management of the SIS is just as essential to functional safety effectiveness as are the hardware and software used to perform the safety function itself. It is this collection of safe automation management system practices that limits the potential for systematic error and ensures the human portions of the functional safety program are robust enough to support the claimed risk reduction. Crucial elements of SIS Management include:
- Verification of Hazard and Risk Analysis Assumptions
- Maintenance and Repair
- Bypass Management
- Automation Change Management
- Pre-startup Verification and Validation
- Training on Safety Controls, Alarms, and Interlocks (SCAI)
- Functional Safety Audits and Assessments
Demonstrated over and over again in the public record of industry incidents, defects in the above safe automation management systems will sooner or later lead to failure of the hardware, application software, or operating procedures which make up the working parts of the instrumented protection systems, whether these are Safety Controls, Safety Alarms, Safety Interlocks, or SIS. These degraded safeguards are then incapable of performing their crucial safety function when the situation called for it, sometimes with fatal consequences.
Over the next editions, I will cover each of the safe automation management system elements in more detail, including what they are in relation to instrumented safeguards and some key SCAI concepts to consider when developing these management systems for your company.
In the meantime, I suggest visiting the “Unsafe Automaton” section in this edition, to see one example of how failures in the above management systems can accumulate over time with catastrophic result. Which of the above management system failures would you identify?
Unsafe Automation
Welcome to the new Safe Automation Related Incident newsletter feature!
Each edition of the SIS-TECH Solutions newsletter will contain a brief summary of an industry incident which will focus on the subset of causes or learning points from that incident that are closely related to one or more of the safe automation management system practices and other safe automation principles.
For this edition, we start with a summary of an explosion of a facility in Pascagoula, Mississippi, October 13, 2002. As with many large process safety incidents, this case study involved an accumulation of systematic failures that occurred at multiples steps in the Safety Lifecycle, leaving the safeguards incapable of responding to the initiation of the final event.
Product Focus: Lunch & Learn
The Diamond-SIS is a SIL 3 certified logic solver manufactured by SIS-TECH Applications for more than a decade. With ZERO reported failures, the Diamond-SIS is a proven performer that is a simple, low-cost solution for your alarming and shutdown needs. Throughout the month we schedule product demonstrations to bring you up to speed on the new release capabilities and to discuss your application needs. Recent applications to highlight are:
Contact Cristobal Acosta to know more about L&L meetings.
Speaking Engagements
Events:
28th Annual Environmental, Health & Safety Seminar
Moody Gardens Convention Center Galveston, Texas
June 1 – 4, 2015
Incidents that Define Safe Automation
“Since 1992, loss events in the process industry have occurred that brought renewed effort in defining the requirements for safe automation on a global scale. To emphasize the importance of safe automation, this presentation will discuss case studies of previous incidents, including a brief description of the incident and the major lessons to be learned. This presentation does not make any attempt to replicate these previous lessons learned, but instead focuses on the contribution of inadequate design, installation, testing, maintenance, and operation of the process control and safety systems.”
Speaker: Angela Summers.
7th CCPS Latin American Conference on Process Safety
Hotel Windsor Atlantica, Rio de Janeiro
August 10 – 12, 2015
How effective is your safety system?
“Some organizations invest hundreds, sometimes thousands, of dollars in safety engineering services trying to reduce to a minimum the existing risk of their enterprise. However, this does not mean that the plant will reach the designed safety after implementation. This presentation will discuss important aspects of process safety management and how they are connected to the effectiveness of the safety systems.”
Speaker: Monica Hochleitner
Training:
Jul. 14, 2015, TÜV Rheinland FSEng Training/Certificate – 4 day course in hazards identification techniques, requirements for designing and managing SIS. Certification is available.
Sep. 15, 2015, Process Hazard Analysis – 2 day course in fundamentals of the Process Hazard Analysis (PHA).
Sep. 22, 2015, SIS Implementation – 3 day course in an overview of the SIS management system – the Safety Lifecycle. Certification of completion from MKOPSC. An optional test may be taken to become PRISM-Certified.
Oct. 5, 2015, Instrumentation Technology – 3 day course in selection, sizing, installation, maintenance and calibration of devices used in the automation of industrial processes.
Nov. 10, 2015, Layers of Protection Analysis – 2 day course in fundamentals of Layers of Protection Analysis (LOPA)..
Nov. 17, 2015, SIL Verification Using Quantitative Techniques – 2 day course in verification of safety instrumented functions..
Nov. 19, 2015, SIL Solver – 1 day course using SIL Solver Software; a SIL verification tool.