Improving Safety in Process Control

Environmental law, customers, and good business sense require finding effective ways to integrate plant safety into industrial process systems. No one wants an unsafe situation, but overengineering safety can put a company out of business almost as fast as a major violation.Regulatory agencies' standards and regulations require process plants to protect against accidental damage to person...

09/01/1998


Key Words
 
  • Process control & instrumentation

  • Safety

  • Process control systems

  • Standards and regulations

  • Redundant control


Environmental law, customers, and good business sense require finding effective ways to integrate plant safety into industrial process systems. No one wants an unsafe situation, but overengineering safety can put a company out of business almost as fast as a major violation.

Regulatory agencies' standards and regulations require process plants to protect against accidental damage to personnel and the environment. Agencies include the U.S. Occupational Safety and Health Administration, the American Petroleum Institute, and the U.S. Environmental Protection Agency, to name of few. In the European community, standard and certifying agencies include the International Electrotechnical Commission, and TÜV.

To minimize risk, these agencies generally need extensive documentation of process design, operation, maintenance, training, and plant renovations.

Compliance with regulations often requires formal company safety and operation review. Techniques such as a Hazard and Operability (HAZOP) study, Hazard Analysis (HAZAN), or Fault Tree Analysis (FTA) can reveal potential operating and safety-related design problems. A hazard study may disclose, for example, that a plant should implement a Safety Instrumented System (SIS) to properly minimize a potentially hazardous process condition.

Instrumented systems designed to protect the plant differ significantly from systems designed for basic process control. Safety instrumented systems continuously monitor selected variables, but remain inoperative until an abnormal and possibly dangerous condition arises. To function successfully, a SIS requires a higher level of performance and diagnostics than normally needed by general-purpose process control equipment. Additionally, plants often specifically identify safety systems, and physically separate them from general-purpose control systems.

The ANSI/ISA-S84.01-1996 "Application of Safety Instrumented Systems for the Process Industry" standard defines SIS as, "A system composed of sensors, logic solvers, and final control elements for the purpose of taking the process to a safe state when predetermined conditions are violated."

This definition can also be applied to other commonly used plant safety systems, such as emergency shutdown systems, safety shutdown systems, and safety interlock systems.

Key questions to ask

A process control engineer implementing a safety instrumented system must answer several questions:

  • What level of risk is acceptable?

  • How many layers of protection is needed?

  • When is a safety instrumented system required?

  • Which architecture should I choose?

Industry standards now exist that provide a basic framework for answering these questions.

ISA S84.01 was organized around the safety life cycle (see flowchart). This systematic approach for designing safety systems can be applied to various hazardous processes—conception through decommissioning. Even so, many methods for performing the initial activities of safety life cycle are out of the standard's scope.

Evaluate risks

The best way to minimize risks in plant operation is to design inherently safe processes. In practice, total inherent safety is not always achievable.

Risks prevail wherever hazardous or toxic materials are stored, processed, or handled. Since it is difficult, if not impossible, to completely eliminate all levels of risk, some level of operational risk must be agreed upon. To specify the required performance of a safety system, control engineers must determine an acceptable level of operational risk.

After properly identifying process hazards, using a HAZOP study is among the ways to evaluate each process risk, usually by considering the severity and likelihood of a hazardous event. Determining severity requires the control engineer to assess site-specific conditions, including population density, in-plant traffic patterns, and meteorological data. Control engineers can determine the likelihood of a hazardous event by certain qualitative or quantitative techniques or in some cases by examining historical data.

After understanding the severity and likelihood of a hazardous event, engineers can rank the risks (see graphic). Risk reduction techniques would be necessary if the process exhibited risk higher than the company's acceptable level.

Multiple independent protection layers, or IPLs, reduce risk for process plants that operate with potential to cause harm. Control engineers design each protective layer to avoid or mitigate the harmful effects of a hazardous event. Protection layers start at the process and work outward to a community emergency response during an escalating incident (see graphic). Each layer should be separate and stand alone.

Rating for safety

ISA S84.01 does not specify how to decide if a Safety Instrumented System is needed, nor does it require any particular method of hazard analysis. (The American Institute of Chemical Engineering's documentation does address this.) The ISA standard does provide a common rating system called the Safety Integrity Level (SIL).

SIL defines three levels of safety performance for a safety instrumented system: 1, 2, and 3. The higher the SIL value, the greater the risk reduction. This increased risk reduction results from availability of the safety functions. Factors such as redundancy, frequent testing, and diagnostic fault detection tend to increase SIL levels, improving the SIS risk reduction. (For European and other countries in process of adopting draft international standard IEC D61508, a four-layer model is standard.)

ISA S84 shows a correlation that exists between the SIL values and three key performance metrics—safety availability, probability of failure on demand (PFD), hazard reduction factor (HRF). Safety availability represents the fraction of time that a safety system can perform its designated safety service when the process is operating (see table). PFD indicates the probability of a system failing to respond on demand. The following expression defines the relationship between safety availability and PFD:

Safety Availability = 1– PFD.

It often may be desirable to express the SIL level in terms of the hazard reduction factor, where HRF is defined as: HRF = 1/PFD.

Linking risks to SIL

To determine the application of an SIS for an actual installation, the control engineer should use a qualitative classification of risk assessment.

A qualitative evaluation of safety integrity level weighs the severity and likelihood of the hazardous event. It also considers the number of independent protection layers addressing the same cause of a hazardous event.

Once determined, such an SIL value becomes the basic communication interface and requirement parameter for implementing the safety instrumented system. (Such systems do not necessarily have to include a programmable electronic system. Hard-wired relay systems are often used and can meet SIL 3 requirements.) SIL 3 is quantified in ISA S84.01 as a Probability of Failure on Demand average range (PFD avg) of 10-3to 10-4.

Safety architectures

Several system architectures are applied in process safety applications, including single-channel systems to triple redundant configurations. Control engineers must best match an architecture to operating process safety requirements, accounting for failure in the safety system.

One concern is that many safety systems in operation, or under construction, do not follow basic protection principles. Unsafe practices include:

  • Performing the safety shutdown within the basic process control systems (BPCS) or distributed control systems (DCS).

  • Using conventional programmable logic controllers (PLCs) in safety critical applications. (Safety PLCs are certified to meet safety critical applications to SIL 2 and SIL 3.)

  • Implementing single element (nonredundant) microprocessor-based systems on critical processes.

The conventional PLC architecture provides only a single electronic path. Sensors send process signals to the input modules. The logic solver evaluates these inputs, determines if a potentially hazardous condition exists, and energizes or de-energizes the solid-state output. (Fire and gas detection systems, for example, use the "energized to trip" philosophy.)

In case of failure

Suppose the safety system de-energizes the output to move the process to a safe state. Suppose also that one of the components in the single path fails so that the output cannot be de-energized. Then the conventional PLC won't provide its desired safety protection function.

A special class of programmable logic controllers, called safety PLCs, represents an alternative. Safety PLCs provide high reliability and high safety via special electronics, special software, pre-engineered redundancy, and independent certification. The safety PLC has input/output circuits designed to be fail-safe, using built-in diagnostics. The central processing unit (CPU) of a safety PLC has built-in diagnostics for memory, CPU operation, watchdog timer, and communication systems.

Progress, complexities

Accurately evaluating the safety level for a specific control device in the context of a potential hazardous event poses a major and difficult problem for many control engineers. Associations and agencies worldwide have made considerable progress toward establishing standards and implementation guidelines for safety instrumented systems. These standards attempt to match the risk inherent in a given situation to the required integrity level of the safety system.

Unfortunately, many of these guidelines and standards are not specific to a particular type of process and deal only with a qualitative level of risk. Control engineers must use considerable judgment in evaluating risk and applying instrumentation that properly addresses established design procedures within budget restraints.

For more information about Moore Process Automation Solutions, Circle 274 or visit www.controleng.com/info:

Probabilities of Safety
Safety integrity levels (SIL) correspond to specific ranges of safety availability, probability of failure on demand (PFD), and hazard reduction factor (HRF).

SIL Safety availability Probability of PFD average range HRF
Cahners Business Information graphic with data from the ISA S84 standard
190-99%10-1 to 10-210-100
299-99.9%10-2 to 10-3100-1,000
399.9-99.99%10-3 to 10-41,000-10,000


Acronyms of Process Safety

BPCS basic process control systems
DCS distributed control system
FTA fault tree analysis
HAZOP hazard and operability
HAZAN hazard analysis
HRF hazard reduction factor
IPL independent protection layers
PFD probability of failure on demand
PLC programmable logic controller
SIL safety integrity level
SIS safety instrumented system
SRS safety requirement specification


Safety and Standards-Related Organizations
Safety knows no borders, but organizations for regulations, certifications, and standards do. Here are a variety of sources across the worldworth getting to know. For added information, circle the following numbers on the card in this issue or visit www.controleng.com/info.

Organization Location Website
American Petroleum Institute (API)Washington www.api.org
American Institute of Chemical Engineers (AIChE)New York www.iache.org
American National Standards Institute (ANSI)New York www.ansi.org
British Standards Institution (BSI)London www.bsi.org.uk
European Committee for Electrotechnical Standarization (CENELEC)Brussels www.cenelec.be
European Committee for Standardization (CEN)Brussels www.cenorm.be
Factory Mutual Research (FM)Norwood, Mass. www.factorymutual.com
Food and Drug AdministrationWashington www.fda.gov
Global Engineering DocumentsSt. Louis, Mo. global.ihs.com
International Electrotechnical Commission (EIC)Geneva www.iec.ch
International Organization for Standardization (ISO)Geneva www.iso.ch
ISA Research TrianglePark, N.C. www.isa.org/standards
Occupational Safety and Health Administration (OSHA)Washington www.osha.gov
National Fire Protection Association (NFPA)Quincy, Mass. www.nfpa.org
TÜV Product ServiceMunich, Germany www.tuvps.com
U.S. Environmental Protection Agency (EPA)Washington www.epa.gov
Cahners Business Information graphic with data from Moore Process Automation Solutions, Rockwell Automation, Internet.


Author Information
Charles M. Fialkowski is senior marketing specialist, Critical Systems Marketing, Moore Process Automation Solutions (Moore Products Co.), Spring House, Pa.




The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me