Dr. Angela Summers
Automated systems, whether in manual or automatic mode, are complex systems where many different devices must work successfully to achieve the desired functionality. Sustaining automated system performance requires many different skill sets and planned activities to assure that the systems work as desired when required. In general, inherently safer practices can create safeguards that have less potential for dangerous failure, whether the failure occurs due to safeguard design, to a support system disruption or to human error. Some inherently safer practices bring a higher potential for spurious, or unnecessary, activation of the safety systems. If spurious operation causes intolerable losses, the functional specification should state a target spurious trip rate.
Inherently safer practices can significantly influence the automation equipment selection, fault tolerance, response to detected equipment failure, and response to detected support system failure, such as loss of communications or utilities. It is not possible to create a complete list of the automation features that could be considered inherently safer than alternative choices. Instead, each inherently safer strategy is defined below as it applies to automation. Then, a short list of examples is provided to illustrate the strategy.
Minimize applied to automation – reducing the use of automation features that tend to increase the failure mechanisms that result in system failure.
- Select devices that do not require additional instrumentation in order to make them function properly in the given process; for example, using a remote sealed level in plugging services instead of using a device that requires process connection purging, or using a mass flow meter instead of using pressure, temperature, and density to compensate a volumetric flow reading
- Minimize blind spots in measurement by using devices that are applicable over the full range of process operating modes
- Where possible, eliminate inherently weak components, such as sight glasses, hoses, rotameters, bellows, and plastic components
Substitute applied to automation– replacing an automation feature with an alternative that reduces or eliminates the frequency of dangerous failure.
- Use materials of construction with lower corrosion or erosion rates
- Use a device that provides a direct measurement of the process parameter being controlled rather than using an indirect measurement
- Select devices that fail to the safe state on loss of any utility, such as power or instrument air, instead of devices which require energy to take action
Moderate applied to automation– using automation features to facilitate operating the facility under less hazardous conditions; using automation features which minimize or limit the impact of dangerous failure of the automation system on the process operation.
- Provide operator with redundant indication of safety variables using simple graphical displays that build trust in the automation system
- Consider minimum flow stops to prevent loss of flow in sensitive services
- Use confirmation of change prior to taking action on operator commands
- Provide first out indication and sufficient additional information to allow the operator to quickly diagnose and respond to the causes of process deviation
Simplify applied to automation– specifying automation features in a manner that eliminates unnecessary complexity and makes operating and maintenance errors less likely, and which is forgiving of errors.
- Configure systems such that loss of communication or loss of signal results in the safe state
- Make the navigation of the operator HMI and safety HMI intuitive and user-friendly
- Use distinctive labeling in plant documentation, the operator HMI, and on the components in the field for safety devices: use logical numbering for device groupings
- Use valve designs that offer a visual indication of actual position
These inherently safer practices should be implemented as part of the design, operation, maintenance, and testing of the process control and safety systems, where practicable. The sustainability and resiliency of these automation systems can be significantly enhanced through the application of the inherently safer strategies during the automation lifecycle. Contact SIS-TECH for more information on how to design and manage inherently safer automation.