INHERENTLY SAFER AUTOMATION

November 2016

Automated systems, whether in manual or automatic mode, are complex systems where many different devices must work successfully to achieve the desired functionality. Sustaining automated system performance requires many different skill sets and planned activities to assure that the systems work as desired when required. In general, inherently safer practices can create safeguards that have less potential for dangerous failure, whether the failure occurs due to safeguard design, to a support system disruption or to human error. Some inherently safer practices bring a higher potential for spurious, or unnecessary, activation of the safety systems. If spurious operation causes intolerable losses, the functional specification should state a target spurious trip rate.

Inherently safer practices can significantly influence the automation equipment selection, fault tolerance, response to detected equipment failure, and response to detected support system failure, such as loss of communications or utilities. It is not possible to create a complete list of the automation features that could be considered inherently safer than alternative choices.  Instead, each inherently safer strategy is defined below as it applies to automation. Then, a short list of examples is provided to illustrate the strategy.

Minimize applied to automation – reducing the use of automation features that tend to increase the failure mechanisms that result in system failure.

• Select devices that do not require additional instrumentation in order to make them function properly in the given process; for example, using a remote sealed level in plugging services instead of using a device that requires process connection purging, or using a mass flow meter instead of using pressure, temperature, and density to compensate a volumetric flow reading
• Minimize blind spots in measurement by using devices that are applicable over the full range of process operating modes
• Where possible, eliminate inherently weak components, such as sight glasses, hoses, rotameters, bellows, and plastic components

Substitute applied to automation– replacing an automation feature with an alternative that reduces or eliminates the frequency of dangerous failure.

• Use materials of construction with lower corrosion or erosion rates
• Use a device that provides a direct measurement of the process parameter being controlled rather than using an indirect measurement
• Select devices that fail to the safe state on loss of any utility, such as power or instrument air, instead of devices which require energy to take action

Moderate applied to automation– using automation features to facilitate operating the facility under less hazardous conditions; using automation features which minimize or limit the impact of dangerous failure of the automation system on the process operation.

• Provide operator with redundant indication of safety variables using simple graphical displays that build trust in the automation system
• Consider minimum flow stops to prevent loss of flow in sensitive services
• Use confirmation of change prior to taking action on operator commands
• Provide first out indication and sufficient additional information to allow the operator to quickly diagnose and respond to the causes of process deviation

Simplify applied to automation– specifying automation features in a manner that eliminates unnecessary complexity and makes operating and maintenance errors less likely, and which is forgiving of errors.

• Configure systems such that loss of communication or loss of signal results in the safe state
• Make the navigation of the operator HMI and safety HMI intuitive and user-friendly
• Use distinctive labeling in plant documentation, the operator HMI, and on the components in the field for safety devices: use logical numbering for device groupings
• Use valve designs that offer a visual indication of actual position

These inherently safer practices should be implemented as part of the design, operation, maintenance, and testing of the process control and safety systems, where practicable. The sustainability and resiliency of these automation systems can be significantly enhanced through the application of the inherently safer strategies during the automation lifecycle. Contact SIS-TECH for more information on how to design and manage inherently safer automation.

---

 

SIS-TECH Announces 2017 Training Course Schedule

November 2016

Houston, Texas – SIS-TECH Solutions 2017 Training Course Calendar is now available. Courses cover process hazards analysis, risk assessment, alarm management and the design of instrumentation and controls systems for safety applications.  Whether you simply need to know more about a subject or wish to obtain your certification in functional safety, SIS-TECH has a course for you.

SIS-TECH offers approximately 2 courses per month through-out the year. Course duration varies from 1 day to 4 days depending on course topic. All courses are taught by SIS-TECH employees with extensive knowledge and experience in process safety management and control system design.

---

 

Monica Hochleitner Hired as a Senior SCAI consultant

November 2016

SIS-TECH Solutions LP has hired Monica Hochleitner as a Senior SCAI consultant. Along with her over 25-year experience in the process industry, Monica is a certified functional safety expert since 2008 and holds a FS Eng (TÜV Rheinland) certificate. She specializes in hazards analysis, alarm management, safety instrumented system design, and auditing.  Monica conducts training for instrumentation and controls professionals in English and Portuguese.

---

 

Diamond-SIS FM Approvals

November 2016

SIS-TECH’s Diamond-SIS has recently completed the rigorous testing in the FM Approvals test lab to demonstrate the new design still meets the requirements for Class 1, Div 2 Groups A, B, C, D. With the addition of the isolated 4-20mA repeated output, configuring the Diamond-SIS in an existing marshaling cabinet in the field becomes much less arduous and does it with less space. Z-Purge no longer has to be considered and finding that extra 3 inches of din rail space to mount it on is not so rare anymore. SIS-TECH has recently increased orders to electrical supply houses that report “due to its versatility, compactness (size), and the fact that it can be mounted virtually anywhere on site” offering protection from the weather, “becomes the independent layer of protection of choice”.

---

 

Safety Instrumentation and Control Reliability

October 2016

Safety Instrumentation and Control Reliability

Angela E. Summers, PhD, PE, President

A site’s risk analysis assumes that a particular level of risk reduction can be provided by the installed safeguards. The fundamental basis for this assumption is that the equipment is designed and managed according to recognized and generally accepted good engineering practices. Safe operation in the field is the goal, so site operation and maintenance records must ultimately demonstrate that the equipment as installed achieves the required risk reduction and is fit for purpose.

The achieved reliability of the process control scheme impacts the safety and profitability of the process unit operation. Higher process control reliability reduces the number of process upsets, shutdowns and restarts. Essentially, the more reliable the process control scheme, the safer the process unit is.

The key process safety objective is to identify failures, gaps or conditions and to correct them before they contribute to a major process safety incident [1].

The contribution of the process control scheme to abnormal operation can be tracked by automatically saving process safety event data whenever a safeguard is challenged. A process safety event reporter can be configured to flag events and to display important data for root cause analysis. Safety equipment are normally dormant and take specific action only when abnormal operation occurs, so it is a critical site responsibility to assure that safety equipment are not run to failure. An failure discovered during abnormal operation is not only undesirable but potentially dangerous.

Process safety regulations require a proactive maintenance program combined with quality assurance metrics to be applied to safety equipment. Many owner/operators establish a classification scheme to identify and prioritize the equipment that they will more highly manage. A process industry classification scheme can be found in ANSI/ISA 84.91.01 [2], “Mechanical Integrity of Safety Controls, Alarms, and Interlocks (SCAI).”  Safety controls, safety alarms, safety interlocks, and safety instrumented systems (SIS) are frequently implemented as safeguards to address abnormal process operation that potentially leads to loss of containment.

Procedures are needed for gathering information about failures and developing useful metrics regarding failures. The owner/operator must take corrective action to maintain safety if the failure rates exceed those assumed during design. Competent people are necessary to evaluate and analyze the data and then develop and implement plans to improve the instrument reliability. ISA TR84.00.04 Annex R [3] and ISA TR84.00.03 [4] provide guidance on selecting metrics for SIS, which can be applied equally as well to SCAI.

A database is needed to log service time and other information defined by the chosen failure data taxonomy. This database can be as simple as a spreadsheet or as complex as a computerized maintenance management system. Also needed is a collection method that is easy to follow, technicians motivated to correctly document the information, and people assigned responsibility for improving instrumentation reliability. Once sufficient information has been collected, the good and bad actors can be identified, and plans can be formulated and implemented to eliminate the bad actors and improve reliability.

Good actors are reliable technologies that have been proven through a volume of operating experience that they are fit for purpose.  Understanding what makes a device a good actor can help improve the site practices needed across the lifecycle and potentially reduce the overall cost of ownership through better design, specification, construction, installation, operation, and maintenance.

Bad actors are instruments that have repeated failures at a frequency inconsistent with design assumptions or operational needs. They are not only a reliability problem; they also increase operating costs, consume maintenance resources, and impact productivity. Identifying bad actors and resolving underlying problems shifts the instrument maintenance program from one that is reacting to work orders to one that is proactively taking care of problem devices before they affect safe operation.

An instrument reliability program with quality assurance metics provides many benefits to the owner/operator:

• Ensures that maintenance procedures are performed effectively throughout the safety equipment life
• Provides feedback to validate riskanalysis and functional specification assumptions
• Identifies sources of human errors and common cause failures so that the safety equipment can be designed to reduce the impact of these sources
• Demonstrates through prior useevidence (historical performance) that installed safety equipment is fit for purpose and acceptable for continued use
• Ensures that poorly performing safety equipment is identified and that actions are taken to correct deficiencies

References

• 2010. Guidelines for Process Safety Metrics. New York: AIChE.
• ANSI/ISA 84.91.01. 2012. “Mechanical Integrity of Safety Controls, Alarms, and Interlocks (SCAI)
• 2015. Guidelines for the Implementation of ANSI/ISA 84.00.01- Part 1, TR84.00.04-2015. Research Triangle Park: ISA.
• 2012. Mechanical Integrity of Safety Instrumented Systems (SIS), TR84.00.03-2012. Research Triangle Park: ISA.

---

 

SIS-TECH Announces New Video Series

October 2016

Houston, Texas – SIS-TECH Solutions announces a new 7 minute video series addressing topics related to instrumentation and controls in safety applications. The short videos may be live action, featuring SIS-TECH personnel, or animated.  These technical videos are intended to provide quick answers to frequently asked questions about the interpretation of instrumentation and controls standards in the process industry. For many years, SIS-TECH has offered traditional classroom style training for 1 day to 5 days through the Mary Kay O’Connor Process Safety Center.  Short on-demand webinars address special topic issues, so participants can get the information they need without having to travel.  SIS-TECH offers training on-line, on-demand, in-class, and now via YouTube.

---

 

Dean Bonifay as the Advisor of the Loss Prevention Group.

October 2016

SIS-TECH Solutions, LP has appointed Dean Bonifay as the Advisor of the Loss Prevention Group.  Bonifay joined SIS-TECH in 2013 as a Senior Loss Prevention Analyst.  He has 27 years of experience in the chemical industry, including PSM/RMP program development, PHA and LOPA facilitation and PSM/RMP auditing.  Dean is located in north Alabama and provides services for clients across the south east as well as other locations in the U.S.

---

 

SIS-TECH now distributor of Mimic software

October 2016

HOUSTON — SIS-TECH Solutions is now a distributor and integrator of the Mimic^TM simulation software by Mynah Technologies LLC. Mimic is used to create a dynamic simulation of a chemical process based on the in-service DCS/PLC (distributed control system/programmable logic controller) configuration.

“We evaluated a number of different tools and found Mimic allows us to create process simulations that align closely with how the process behaves in the actual operating environment,” said Julie White, Mimic project lead at SIS-TECH.

The Mimic software can be used to improve productivity and resolve transient issues that cause process upsets. From a safety perspective, the simulation provides a stronger rationale for selecting trigger levels for alarms, interlocks and safety instrumented systems; identifying the critical event data for troubleshooting; and improving operator response to abnormal operating conditions.

For more information, visit https://sis-tech.com or call (713) 909-2100.

---

 

SIS-TECH Fishes for Veterans in Texas Tournament

September 2016

SIS-TECH Solutions participated in the 13th Annual Texas Coastal Fishers of Men (TCFM) Fish & Fellowship Tournament earlier this year. As an avid fisherman, SIS-TECH’s Applications Advisor and Senior SCAI (safety controls, alarms and interlocks) Consultant Pete Fuller has competed in all 13 years of the tournament’s history. The TCFM Fish & Fellowship Tournament is held to raise money for HelpingaHero.org, a fantastic organization dedicated to building homes for veterans.

Founded in 2006, Helping a Hero is a 501(c)(3) nonprofit, nonpartisan organization that provides support for military personnel severely injured in the war on terror. Its principal activity is to provide specially adapted homes for qualifying service members through partnerships made with builders, developers, communities and veterans. SIS-TECH has sponsored a team in the tournament now for two years in a row.

For more information, visit https://sis-tech.com, www.texascoastalfishersofmen.com or www.HelpingaHero.org, or call (713) 909-2100.

---

 

SCAI Management: Maintenance and Repair

September 2016

You are about to design your plant’s first safety instrumented system (SIS). So what is some of the initial information that you need before you can efficiently start?  No doubt you have the hazard and risk analysis document that describes the necessary safety controls, alarms and interlocks (SCAI) used to protect against the process safety hazards. P&IDs that show the locations of the proposed sensors, valves, and motors? Certainly! You even have logic diagrams ready that show all the process automation functions for your unit-operation, so you can easily verify independence.

Would you be surprised if I said that the facility maintenance and repair strategy for SCAI is also essential to have at the beginning of SIS design?

Too often, the mechanical integrity program for instrumentation is considered as an “after thought” to a project.  Indeed, some may think that there will be plenty of time to develop maintenance procedures and spare part plans after the project is installed and returned to operations. Nothing could be further from the truth when it comes to this element of SCAI Management.

As all SCAI devices are subject to periodic testing, the instrumentation maintenance and repair plan for the facility is a necessary input to SCAI design.  The following SCAI automation design decisions will be based on performance assumptions that depend on having an effective instrument mechanical integrity program:

• Approving instrumentation to be used in SCAI, based on reliable performance and appropriately low dangerous failure rates
• Adding instrument redundancy to facilitate online testing and repair and to achieve desired test intervals
• Incorporating isolation valves, taps and bleeds into piping design to facilitate planned preventive maintenance (PPM) and periodic device testing
• Laying out process equipment and piping so that failed SCAI devices are accessible in a timely fashion
• Designing compensating measures to manage the process safety risk while SCAI devices are out of service for testing or repair

Having a hardware design that accounts for testing and repair requirements is not the only thing that must be planned for in advance. SCAI instrument reliability management must also be worked into the facility staffing plan. Competent resources must be available to perform:

• Production management that ensures equipment will be ready to test on schedule and to manage exceptions to plan
• Execution of PPM, proof testing and visual inspections
• Capture and analysis of as-found/as-left data to ensure abnormal instrument performance is promptly escalated
• Timely repair of instrument failures
• Management of a spare parts program that avoids unplanned instrument changes
• Management of change (MOC) reviews for changes to SCAI instrumentation, including programming, configuration, or procedures
• Audits of the mechanical integrity program to identify longer term systematic failures and discrepancies from the initial design assumptions

Finally, there must be ongoing commitment from facility leadership to maintain sufficient staffing resources and competency to ensure that testing occurs according to plan and approved procedure, and to take timely corrective action upon notification of unacceptable results from the ongoing tests or the periodic audits. Some spot-audit interview questions facility leaders may want to address to their maintenance personnel include:

• Do the maintenance procedures contain clear pass/fail criteria for inspecting the device?
• Is the maintenance and repair program clear on how “bad actors” should be escalated? Do you know who to go to and what information to provide if you spot a “bad actor”?
• If the make/model/version/configuration of a SCAI device needs to be modified during a repair, does the maintenance procedure clearly indicate this a “change” that must follow MOC? Are PPM and test procedures updated and maintenance notified or retrained if necessary when such a change occurs?

In summary, all instrumentation and controls in safety applications must have a robust mechanical integrity program. Maintaining the device correctly is inseparable from claiming risk reduction for the function that uses it. The reader may refer to ANSI/ISA-84.91.01-2012 “Identification and Mechanical Integrity of Safety Controls, Alarms, and Interlocks in the Process Industry” and ISA TR84.00.03 “Mechanical Integrity of Safety Instrumented Systems (SIS)” for more guidance on this safe automation management practice.

---