Do I need a safety instrumented system?

Paul Gruhn, Moore Process Automation Solutions -- Control Engineering, 1/1/2000

The number one goal of any safety system or device is to protect people and do it while remaining unnoticed. Sensors and activation mechanisms for automobile airbags are safety systems. On commercial airplanes, flight attendants explain that a sudden cabin depressurization will automatically cause oxygen masks to drop from the overhead compartments. In our homes, smoke and carbon monoxide detectors, ground fault protectors, and automatic garage-door reversal mechanisms are each a form of a safety system.

At work, light curtains protect us from crushing our arms and hands in presses, dikes provide liquid containment if a vessel ruptures, relief valves and rupture-disk protect against overpressuring vessels, and flammable gas and low oxygen detectors alert of unsafe conditions.

Deciding if safety instrumented systems are necessary may be as simple as determining if the process is covered by U.S. Occupational Safety and Health Administration (OSHA, Washington, D.C.) regulations such as 29 CFR 1910.119 "Process Safety Management of Highly Hazardous Chemicals (PSM)." But responsible companies don't require regulations to do the right thing. Responsible companies already know it's better for business tangibles and intangibles to avoid accidents. Companies manage risk and safety by assessing the process, identifying and quantifying risk, and defining the independent safety layers that may exist or could be used.

It begins when a company defines their tolerable level of risk. Tolerable risk (death) is a taboo subject, especially in the U.S., but juries place dollar amounts on life every day using a subjective rationalization that transcends engineering or science.

A simple definition of risk is "potential for injury and/or death" but that definition requires more detail. What is a tolerable level of risk? What is a tolerable injury or death rate? How many people can a company tolerate killing? (The answer is not "zero." No company is willing to permanently close their doors if there is a single accidental death.)

The English promote a concept called ALARP (As Low As Reasonably Practical). If the risk is above a certain threshold, it must be reduced. If the risk is below a different threshold, it is low enough to be considered acceptable. When the risk is somewhere in between, further considerations to lower the risk are required.

Common sense tells us which industries have high risk. We all know of major nuclear accidents in the U.S., Soviet Union, and now Japan. Many of us live near refineries that have gone "boom." There have been major chemical plant accidents in Flixborough, England; Seveso, Italy; Bhopal, India; and Pasadena and Channelview, Texas.

When OSHA 29 CFR 1910.119 PSM was enacted in 1992, OSHA estimated 25,000 U.S. facilities would be affected and 264 deaths and 1,534 injuries/illnesses would be avoided annually.

To avoid confusion about which facilities were covered by the regulations, OSHA provided high-risk industries a simple definition; any U.S. facility site with over 10,000 pounds of flammable material, toxic materials exceeding defined thresholds, or any explosive materials is covered by the OSHA PSM regulation.

So how do you lower the risk of a facility to a tolerable level?

The chemical industry has promoted the concept of "inherently safe" designs for over a decade. Designing inherently safe processes requires balancing the risk to workers and surrounding community with economics. For example, the early manufacture of nitroglycerin was a batch process. Operators watched a single gauge to ensure the process remained in the safe operating range. Occasionally operators fell asleep, resulting in a search for a replacement operator. Accident investigation identified the operator going to sleep as the root cause. The solution was to provide the operator a one-legged stool. Real nitroglycerin manufacturing safety was achieved through a process redesign. Changing from batch to a small volume, continuous reaction process reduced the amount of material and resulted in an inherently safe design.

Part of designing inherently safe processes requires identifying hazards and operating problems and assigning quantified levels of risk to each identified hazard well before the process design is complete.

If the risk is above a certain threshold, it must be reduced.

Before adding complex safety instrumented systems, consider simple, noninstrumented safety protection layers. For example, an overflow vessel, dike, or containment wall could prevent a spill. Extra heavy vessel walls or pressure relief valves could prevent a pressurized vessel from bursting. These simple devices may reduce the risk to a tolerable level.

Now you're prepared to answer the question, "Do I need a safety instrumented system?" If the risks of your process canbe controlled to a tolerable level without a safety instrumented system—no. If the risks cannot be controlled to an acceptable level by the application of noninstrumented layers, then—yes.

Do you have a safety instrumented system question? E-mail dharrold@cahners.com