How to keep process facilities safe

Proper safety management can be taken to minimize risk.

By Paul Gruhn September 8, 2016

Modern industrial life has its rewards, but it also comes with risks. There is no such thing as absolute safety or zero risk. When major industry accidents happen, regulations often follow. In 1992, 29 Code of Federal Regulations (CFR) 1910.119 "Process Safety Management of Highly Hazardous Chemicals" was released by the Occupational Safety & Health Administration (OSHA) in the U.S., after several major process industry accidents. Other parts of the world have similar regulations. These regulations acknowledge that there is no such thing as zero risk, yet there are still expectations from companies to operate safely. How safe is safe enough?

In deciding an acceptable level of risk, some look at risks that society readily accepts, such as the 35,000 people who die in the U.S. every year in vehicle accidents. That 1 in 10,000 people-per-year risk has produced little public or government outcry, so it would appear to be a tolerable level of risk. Learn more about "how safe is safe enough," in the American Institute of Chemical Engineers, Center for Chemical Process Safety (AIChE CCPS) book Guidelines for Developing Quantitative Safety Risk Criteria.

Modern automation and control systems are very reliable; however nothing is perfect, everything fails, and it’s just a matter of when. Process facilities need multiple, independent layers to maintain safety, including integration of alarms, safety instrumented systems, pressure relief devices, scrubbers, flare systems, and fire and gas systems, among others. Layers shown in Figure 1 are used to lower risk in a facility.

OSHA expects organizations to follow recognized and generally accepted good engineering practices (RAGAGEP). For alarm systems, ANSI/ISA 18.2-2009 "Management of Alarm Systems for Process Industries" is the recognized standard. For safety instrumented systems (SIS), ANSI/ISA 84 (IEC 61511 Modified) "Functional Safety: Safety Instrumented Systems for the Process Industry Sector" is the recognized standard.

The first edition of ANSI/ISA 84 was released in 1996, the second edition in 2004, and a third edition may be released by the end of 2016. It is a performance-based standard. It does not mandate technologies, levels of redundancy, test intervals, functional logic, how to implement bypasses, or any other details. It does not state what levels of risk should be tolerable for the industry or any particular company. After all, the standard was written for the entire process industry; what is applicable for one facility may not be applicable for another.

The ANSI/ISA 84 standard is essentially a cradle-to-grave approach. A hazard and risk assessment is performed to identify hazardous scenarios (such as, what might go wrong) and evaluate the risk of each scenario (how often and how serious). This will eventually lead to the inputs, outputs, logic, and performance required of the SIS. A safety requirement specification (SRS) needs to be written to document the more than two dozen details needed to adequately design each safety function.

Most safety system problems originate from this step not being completed properly. The system will then be designed, tested in the factory, installed at a facility, and compared against the original specifications (as things may have changed over the lifespan of the project). The system will then require periodic inspection, testing, and maintenance. Any changes that may be required will need to go through a thorough management of change review process.

With the pervasive use of control systems and computers—operational technology (OT)—and use of commercial off-the-shelf (COTS) hardware and operating systems, there is an increased risk and concern of cyber attacks. Many attacks have been documented, and their frequency is on the rise. The issues are similar to industrial technology (IT) systems. Hackers may steal intellectual property, take over the control system, cause physical damage, or shut down a facility. The ISA 99/IEC 62443 series of cybersecurity standards was developed to protect facilities from these sorts of risks. Like the safety system standards, the cybersecurity standards also are performance-based and based on a lifecycle set of activities. 

Advancements in safety technology

Control systems, alarm systems, safety instrumented systems, and fire and gas systems represent technologies used to keep process facilities safe. In addition to standards and regulations, there have been many developments to these systems. Most process facilities were controlled in the past using a combination of programmable logic controllers (PLCs) and distributed control systems (DCSs), however now that terminology isn’t used by some vendors.

Modern systems are a hybrid blend of the two and have speed, processing, and communication with capabilities beyond the early generation systems (that are still running in many facilities). Electromechanical relays have been used in safety applications since before WWII. PLCs were designed specifically to replace relays, but they did not offer the same level of safety performance. Safety PLCs using very high levels of diagnostics have been available since the 1980s, and they continue to evolve.

For safety applications, there is an increasing trend for users and engineering firms to specify devices (logic solvers and field devices) that are certified for safety applications by third parties. While this does offer some benefits, certifying devices is not a requirement according to any of the standards, and it is not the proverbial silver bullet that solves all potential problems.

Qualified personnel to reduce risk

Solely using safety certified devices will not assure safety. Standards state that personnel specifying, implementing, and maintaining systems must be competent and qualified. Many experienced and knowledgeable baby boomers are retiring. There is a surprising lack of experienced workers in place to take over. Training facility personnel is key to becoming qualified in performing such work. While engineering-focused universities recently added safety programs to the curriculum, there is an immediate, more pressing need to educate the current workforce, the ones tasked with specifying, implementing, and maintaining these systems.

The best training on the market is currently offered by the International Society of Automation (ISA). ISA is a nonprofit organization that offers training that includes alarm management, safety instrumented systems, and cybersecurity. The organization offers qualification exams and recognized industry certificates for personnel working in the areas of safety systems and cybersecurity. ISA developed certifications for automation professionals and control system technicians and supports the Control System Engineer Professional Engineer license program. The training was also developed with the assistance of engineers in the field.

Paul Gruhn is a global functional safety consultant with aeSolutions, located in Houston, Texas. Edited by Emily Guenther, associate content manager, Control Engineering, CFE Media,


Key Concepts

  • How to enhance a facility’s safety process
  • Qualified personnel contribute to proper risk management
  • Standards and regulations reduce facility risks.

Consider this

What are the benefits of specifying devices that are certified for safety applications?


About the author

Paul Gruhn, a global functional safety consultant with aeSolutions in Houston, Texas, also is an ISA Life Fellow, a 25+ year member of the ISA 84 standard committee (on safety instrumented systems), the developer and instructor of ISA courses on safety systems, the author of two ISA textbooks, and the developer of the first commercial safety system software modeling program. He has a B.S. degree in Mechanical Engineering from Illinois Institute of Technology, is a licensed Professional Engineer (P.E.) in Texas, a Certified Functional Safety Expert (CFSE), and an ISA 84 Safety Instrumented Systems Expert.

See related articles on process safety linked below.