In this edition of The SIS-TECH Advisor Summer Issue, July 2016:
- Ask Doctor SIS: “Second article discussing changes on IEC 61511 ed 2 series”, by Angela Summers
- “High/Continuous Demand Hazardous Scenarios in LOPA”, by Bill Mostia and Hui Jin
- “SIS Management (part 6) – Training and Competency Assessment”, by Eloise Roche
- Unsafe Automation, incident cases
- “The Anatomy of a Reliable Instrumented Control Loop”, by Patrick Skweres
- SIS-TECH Application Announces New Product, by Pete Fuller
- Follow SIS-TECH on technical events and training calender
Ask Doctor SIS
IEC 61511 ed 2 changes: Treatment of Existing Systems
When ISA voted to accept the 1st edition of IEC 61511 as the US national standard, what was colloquially called the “grandfather clause” in ANSI/ISA 84.01-1996 was added to its scope:
ANSI/ISA 84.00.01-2004 Clause 1 y) For existing SIS designed and constructed in accordance with codes, standards, or practices prior to the issue of this standard (e.g., ANSI/ISA-84.01-1996), the user shall determine that the equipment is designed, maintained,inspected, tested and operating in a safe manner.
This clause was intended to emphasize that the existing equipment could be maintained as is, as long as it met the performance specification. Compliance requires collection of sufficient information and records that a reasonable person would believe that the functions of the SIS will operate as required when demanded.
In developing the 2nd edition, the US again pursued the inclusion of the existing system clause, so that the US and international versions would match exactly. Now, all delegations were in the same position as the US during 1st edition. Are the SIS designed per the 1st edition unsafe?
This is the second of a series. Don’t miss the next issue!
High/Continuous Demand Hazardous Scenarios in LOPA
William (Bill) L. Mostia, Jr, PE, ISA Fellow
Hui Jin, Risk Analyst, PhD
Angela Summers, President, PhD
Layer of protection analysis (LOPA) has become one of the most important risk analysis techniques in the process industry. It is commonly used to determine the safety integrity requirements for protection layers, especially the safety integrity level (SIL) for safety instrumented functions (SIF). Once a SIL has been assigned to a SIF, the SIF is designed, installed, operated, maintained, tested, and managed according to IEC 61511. The standard requires that the SIL of the SIF be verified quantitatively against defined ranges based on its mode of operation. A key question is how the mode of operation impacts LOPA calculation.
One basic assumption in LOPA is that the safety integrity of the protection layers (including SIF) is given by the well-known average probability of failure on demand (PFD), which is the safety integrity measure for low demand mode per IEC 61511. However, what if the hazard scenario involved has a high (nominally defined as more than once a year) or continuous demand function? IEC 61511 explicitly defines the safety integrity measure for high/continuous demand SIF as the frequency of dangerous failures per hour (PFH), instead of PFD. In some scenarios, there is a mixture of safeguards operating in different modes, e.g. both low demand and high/continuous modes. Does LOPA still work? Is your SIL determination correct? Are your verification calculations correct?
This paper was presented at the the 12th Global Conference on Process Safety.
SIS Management Part 6: Training and Competency Assessment
Think of a complex task that you have learned to perform? How did you learn to do it? How did you know when you were doing it correctly? How did you know you were doing it well enough to use it in a situation that might involve risk?
An example that many readers will be able to relate to is the skill of driving a car. Was attending a driver’s education class all that was needed to develop the skill of driving? Of course not! Driving a car is a complex activity that involves a combination of nearly autonomous motor skills with the advanced cognitive skills required to successfully interpret and respond to the surrounding environment.
Similarly, the management of safety controls, alarms, and interlocks requires the successful performance of many complex tasks. In order to ensure that the overall risk reduction program will perform as expected, the SCAI management program must assure the competence of each person in executing his or her task(s). Two essential aspects of such a program are:
- Conducting Training
- Assessing Competency
Unsafe Automation Incident
In the following example, insufficient training on bypassing the safeguards on a medical materials sterilization chamber led to an explosion.
- 4 injuries;
- community evacuated;
- facility damaged.
Read more about the Ontario incident here.
The Anatomy of a Reliable Instrumented Control Loop
During the 71th Annual Instrumentation Symposium for the Process Industries in January 27-29, 2016, Patrick Skweres, from SIS-TECH presented a workshop under the title “Preparing Yourself to Design a Reliable Instrument Loop”.
In order for an instrument to perform reliability over a specified life cycle requires effective communication and data exchange between numerous disciplines during the execution of a project return to operations and continuing operations . This sounds easy and a no brainer but missed hand-offs of data or the wrong data will lead to the incorrect instrument technology selection or incorrect installation contributing to performance reliability issues long term
Many companies have project work processes which detail the steps at which certain data is needed and exchanged. In a broad sense these “steps” can be broken into 4 broad steps or categories though many companies may break these into additional steps or sub-steps to make sure important details are not missed.
The four broad categories are:
- Front end process and design parameters: what is the intent of the instrument/loop and how it will meet the intent. Some of the disciplines/roles involved in this portion of the process are the plant manufacturing rep., process engineering, instrument SME.
- Detailed design and procurement: Designing the loop and specifying its components for long term reliability; the potential impact of and on other disciplines on the project: piping, mechanical, electrical, etc. The impact of environmental factors and plant location, regulatory issues, Long Term Cost of Ownership. Some of the roles involved in this portion are the ones previously mentioned above plus piping designers, electrical designers, and mechanical designers, instrument manufacturers among others.
- Construction: “If it ain’t broke, let’s try our best to break it”. If installation details and job instructions are not well understood or lacking, all the hard work done in the previous steps will destroyed during construction and installation. Additional roles added here are construction manager, construction reps, inspectors and individuals who will eventually be involved in maintaining the instrument after Recovery Time Objective (RTO).
- Maintenance and Reliability: In order to drive continuous improvement, maintenance management systems must be set up to assure easy means to capture performance data and incorporate in future design implementations. Roles involved here are instrument maintenance technicians and reliability engineers.
SIS-TECH Application News!
SIS-TECH Applications announces the latest revision of the Diamond-SIS – an alarm/trip module used for safety alarms, equipment protection interlocks, and safety instrumented systems in the process industry. The same input signal used to trigger the safe state of the Diamond-SIS output (rated for 5 amps total load) is easily transmitted back to the process control system through the isolated 4-20mA output now included in the same hand-sized footprint as the original release. No 3rd party equipment is needed to send the input signal to other systems. The Class 1 Div 2 rating of the din-rail mountable Diamond-SIS supports installation near tanks, boilers, heaters, furnaces, pumps, and other applications where the operator needs to interact with the process equipment locally, while being monitored for safe operation.
Please contact Pete Fuller for more information on SIS-TECH Applications.
What is SIS-TECH up to?
SIS-TECH Decatur Workshop will be held on Wednesday September 14, 2016 at Double Tree by Hilton Decatur Riverfront Hotel in Decatur, AL.
If you would like to attend to SIS-TECH Workshops, please contact Mandy Dixon at firstname.lastname@example.org
Mary Kay O’Connor Process Safety Center International Symposium
October 25-27, 2016
College Station – Hilton Conference Center
ISA Process Control and Safety Symposium
November 7-10, 2016
Houston – Houston Marriot Westchase
ISA Section Expo & Chili Cook Off
November 10th, 2016
Mary Kay O’Connor Instrumentation & Automation Symposium
January 24-26, 2017
College Station, TX
AIChE Spring Meeting & Global Congress
March 26-30, 2017
San Antonio, TX
Sep. 13, 2016, Process Hazard Analysis (PHA)
– 2 day course in fundamentals of the Process Hazard Analysis. Class outline
Sep. 20, 2016, SIS Implementation
– 3 day course in an overview of the SIS management system – the Safety Lifecycle. Certification of completion from MKOPSC. An optional test may be taken to become PRISM-Certified. Class outline
Oct. 4, 2016, Layers of Protection Analysis
– 2 day course in fundamentals of Layers of Protection Analysis (LOPA). Class outline
Oct. 18, 2016, TÜV Rheinland FSEng Training/Certificate –
4 day course in hazards identification techniques requirements for designing and managing SIS. Certification is available. Class outline
Nov 15, 2016, SIL Verification Using Quantitative Techniques
– 2 day course in verification of safety instrumented functions. Class outline
Nov 17, 2016, SIL Solver – 1 day course using SIL Solver Software; a SIL verification tool. Class outline