Digital twins for safety instrumented systems

Digitally-twinning safety instrumented systems, which are responsible for the operating safety in the process industry, can streamline operations and improve overall efficiency.

By Prasad Goteti and Steve Lindsay September 22, 2021
Courtesy: Honeywell Process Solutions, New Products for Engineers Database

Engineering designs for functional safety instrumented systems (SIS) used in the process industry are typically thorough, detailed, and are prepared following a safety life-cycle process.

This standard is internationally known as IEC 61511. In a non-digitized execution model, a great deal of valuable information is stranded – not always readily available to the user and may even be stored in another location. Traditionally, different teams create the documents, using separate tools with varying formats, to produce the required functional safety basis of design.

Consider this hypothetical scenario, which illustrates a common challenge:

A chemical company has had an unplanned trip in one of its process units and the operations and maintenance team are trying to understand the root cause. Upon investigation, the team observes the activation of a high-temperature interlock in one of the distillation columns, but the root cause is not yet clear.

Plant management requires a restart to production as soon as possible. However, to do that the operations team needs to review the latest process hazard analysis (PHA) report to understand what the associated risks are due to high temperature (HT) and they need to assess the options available to restart production in a safe manner.

The operations team does not have immediate access to the latest PHA report. In order to make a timely decision, the operations team would want to consider some of the following:

  • Was the process unit trip based on a real demand or a spurious trip?
  • If they bypass the safety interlock, what is the risk gap that will be created?
  • When was the last time a similar demand occurred?
  • When was the last time the inputs to this safety interlock were bypassed and why?
  • When was the last time all the instruments related to the safety interlock were calibrated.

Many operators frequently wrestle with these challenges and, when the situation is further considered, senior management may also want to know:

  • How safe is the process unit in general?
  • How many of the safety interlocks are in good working condition, and how many have been bypassed?
  • Are there recurring demands of safety interlocks which were not accounted for and if so, why?

All the above questions can be answered using traditional methods and techniques, but it often is time consuming, and the quality of the information is not always apparent.

Functional safety standards such as IEC 61511/ISA 61511 recommend a safety life-cycle to analyze process risks, design and implement Independent Protection Layers (IPLs) to mitigate the risks and maintain the IPLs during plant operations to manage potentially unmitigated risks.

The objective of the IEC 61511 standard is to manage functional safety throughout the life-cycle. Historically the engineering and operational data would be within disconnected software tools or documents. The aim of digitalisation is to simplify the ability to manage the data, and not to produce stranded deliverables only reused every revalidation cycle. The benefit of digitizing data management is to enable an evergreen design basis through which compliance to local and industry regulations can be quickly demonstrated at any given time.

Further benefits include the ability to access the data regardless of geographic location, empowering users to pull data relevant to their role and access features such as key performance indicators (KPIs) leveraging analytics within the dataset.

One way to meet these objectives is a comprehensive software toolset which can access and mine the data providing analytics and generating KPIs.

How digital twins can help safety instrumented systems

A digital twin is an example of a comprehensive software package that can import existing engineering documentation for any of the phases of the safety life-cycle as well as having the capability to execute the steps of the safety life-cycle. Using the previous HT scenario, a digital twin would facilitate safety life-cycle implementation using features such as:

  • Analysis modules like hazard and operability (HAZOP) and layer of protection analysis (LOPA) to examine the process unit’s risk and recommend IPLs to reduce the risk to acceptable levels.
  • Engineering modules to design and implement IPLs like safety integrity level (SIL) calculation engine, cause and effect chart generation and functional test plans to validate the safety instrumented functions (SIF).
  • Operational modules to consolidate relevant operational data related to the IPLs on a real-time basis like IPL demands with timestamps, stroke time of valves during a demand, time in bypass for each IPL and others.
  • Maintenance and inspection modules to record test results and ‘as found and as left’ information for IPL components.

The digital twin produces a centralized platform to digitize the data, execute the lifecycle steps while providing user/role-based access for process safety, functional safety, operations and maintenance engineers and management.

Why use a digital twin?

The digital twin provides a simplified and consistent method to realize the following benefits:

  • It produces dashboards by comparing design assumptions with operational data to generate relevant KPIs. These KPIs can be used to repair bad actors either in the running plant or on the drawing board. KPIs can be developed for normal plant operation and maintenance, management reporting as well as incident investigation.
  • All phases of the safety life-cycle are digitized and easily available for user access rather than document sets collecting dust in the classical method. Digitized and evergreen data also means that all the steps of the safety life-cycle are current.
  • It creates and models offline ‘what-if’ scenarios in any part of the safety life-cycle and sees the effect of a modification ripple down.
  • It provides an automated interface to other industry design packages such as computer maintenance management system (CMMS). Automated interfacing helps reduce both systematic and human error in data transfer.
  • It enables digitized data entry which creates potential monetary savings through all phases of the life-cycle through man hour reduction and improved data accuracy.
  • It continually validates design assumptions to actual performance, which leads to enhanced confidence among all users for successful risk management.

The digital twin creates an ability to focus on the design rather than creating design deliverables. It seamlessly connects the basis of design to the source of truth (the operational performance of the IPLs) on a continuous basis allowing generation of real-time KPIs.

This article originally appeared on Control Engineering Europe’s website. Edited by Chris Vavra, web content manager, Control Engineering, CFE Media,

Original content can be found at

Author Bio: Prasad Goteti is safety engineering consultant at Honeywell Process Solutions and Steve Lindsay is a business development director at Honeywell Process Solutions.