Process safety: Managing process safety with flexible IO
Industrial facilities should approach safety and security holistically by addressing critical requirements from the process control network to the perimeter of the plant.
Industrial organizations are paying closer attention to safety applications for a variety of reasons, including strict industry regulations and widespread reports of safety incidents around the world. Plants need robust safety applications, which encompass all instrumentation and controls responsible for bringing a process to a safe state in the event of an unacceptable process deviation or failure.
To manage process safety challenges—including the role of defense-in-depth strategies for protecting critical plant assets—plant personnel must understand the application of current technologies in the marketplace, as well as new technologies for optimizing overall safety performance and reducing capital and operating costs throughout the project lifecycle.
Industrial facilities are under growing pressure to better manage their process and safety assets. Complying with legislation to safeguard personnel, communities, and the environment is a priority for both legal and ethical reasons. Effective safety applications are needed to enable proactive protection (versus responsive mitigation), help stop events before they happen, prevent injuries, and save lives.
Plant projects around the world are becoming larger and more complex. Greenfield construction often involves multiple engineering procurement contractors, while brownfield projects must be completed with minimal downtime. Operations of all types seek on-time or early start-up, as well as earlier-than-planned production to accelerate returns.
In the process industries, operations such as oil and gas platforms, liquefied natural gas carriers, and floating production, storage, and offloading units typically face space, weight, and power constraints for automation equipment such as I/O devices. In addition, these operations must ensure a sufficient number of spares for the lifecycle of the installed asset.
At greenfield sites, building adequate control room infrastructure is a high priority. This makes moving control and safety functionality to the field—as well as necessary hardware—a desirable alternative to traditional approaches. At the same time, users must cope with burdens such as time-consuming hardware configuration and programming, late design changes, frequent maintenance, and the need to reduce copper wiring connecting sensors, transmitters, and other devices with the control room.
Brownfield facilities also deal with issues related to spares availability, not to mention the need to install additional homerun cables as part of any expansion project.
Today, there is now a clear paradigm shift in the process industries from safety system cost to total cost of ownership. Current system architectures can be either centralized, distributed, or a combination of both. Each approach has its advantages and challenges.
Many operations continue to employ outdated safety solutions implemented in PLCs, control systems, or other legacy platforms. Due to the continuous improvement aspects of ISA-84: Standards for Use in Process Safety Management of Highly Hazardous Chemicals and IEC-61511: Functional safety: Safety instrumented systems for the process industry sector, plants are finding it necessary to replace these systems with a modern safety instrumented system (SIS). The need to execute safety instrumented functions that weren’t previously implemented or identified is also driving the implementation of SIS technology.
Implementing layers of protection
Ensuring the safety and security of personnel, equipment, and the environment is a priority for every industrial facility. This effort goes far beyond simply installing fail-safe controllers or an advanced SIS solution. In fact, to mitigate the risk of serious incidents, it is important to consider safety and security from all aspects of a plant’s operation.
Industrial facilities should take a holistic approach to industrial safety and security, addressing critical requirements from the process control network to the perimeter of the plant. This approach is intended to increase situational awareness of production processes and improve response to emergency situations arising from safety- or security-related incidents. When properly implemented, this approach helps protect people, assets, and the environment while sustaining a high level of operational and business performance.
At the core of best practices for integrated safety and security is defense-in-depth with independent layers of protection (see Figure 1). This strategy is included in the IEC 61511 standard, which stipulates that every layer of protection—including both control and safety systems—should be unambiguously independent. Some of the reasons for this basic requirement are to avoid common-cause faults, minimize systematic errors, and provide security against unintentional access.
With a layered solution, some layers of protection are preventive in nature (e.g., emergency shutdown), and some are there to mitigate the impact of an incident if it occurs (e.g., fire and gas protective systems or emergency response systems). Other layers of protection can deter incidents in the first place, or provide detection, alerting, and associated guidance.
Maintaining segregated systems
One of the major achievements of process control technology in recent years has been its integration of an increasing number of safety functions within the plant automation environment. The move toward sharing critical information with the process control system through an SIS has brought significant benefits.
Industrial organizations are seeking a unified control and safety infrastructure integrated at the controller and HMI level. This solution must comply with key industrial safety regulations as well as applicable cyber security standards. It must also meet industry requirements for high reliability and availability, simplify field device maintenance, and adapt easily to last-minute project engineering changes.
Experience has shown the most robust and reliable approach to control and safety integration maintains the well-established separation principle for the basic process control system and SIS. In this way, users can achieve complete operational integration through a single dashboard, using a fully separated safety network for greater protection.
Empowering plant personnel
Plant safety requires a comprehensive program for managing operator effectiveness, constant monitoring of distress indicators, and ongoing monitoring and maintenance for asset health. This integrated approach demands not only an understanding of safety’s relationship to human error, but also the interrelationships among root causes and interventions by plant systems and site personnel.
The layer of protection often missed in the plant safety architecture is the one requiring human intervention. It is essential to equip the operations group with technology and work practices to manage abnormal situations or the eventuality of an incident. In addition, as an experienced workforce transitions and domain knowledge is potentially lost, it becomes increasingly important to transform that knowledge into institutional procedures and practices. The operator should be properly equipped to recognize an event, as well as be capable of properly evaluating the situation and responding accordingly.
Operator effectiveness afforded by common and consistent HMIs across the entire operation, knowledge capture through automation of procedural operations, and an advanced alarming capability allow people to better prevent and respond to abnormal situations.
Integrating robust security
An industrial site is not truly safe without the right security. That’s why defense-in-depth must include physical security layers that reach not only beyond the perimeter fence, but also into the very heart of the control room. The integrated physical security element brings together often-disparate technologies to improve situational awareness and operator reaction time during an event or site emergency. In addition, digital video solutions, tightly integrated with plant DCS, can now allow cameras to function as process sensors. These systems can integrate at the database level so alarms, events, and digital recording triggers are native to the control system.
To ensure a sound protection strategy, the network and database infrastructure should also include built-in cyber security solutions. This includes an embedded and certified firewall—although cyber security goes well beyond this—starting within the end-user’s business network and extending to the core of the control architecture.
Using smart, flexible technology
Process safety applications present a range of operational challenges. In recent years, new technologies and products have emerged to address some of these issues, but in many cases they are limited and provide only partial solutions. Plant owners are seeking feature-rich solutions they can configure to meet their unique requirements. The need to accommodate legacy systems as well as new installations has underlined the necessity of compatibility and configurability. The current business climate also demands products that keep capital and maintenance costs at a minimum.
Within the plant control and safety architecture, the I/O subsystem is responsible for inputting hundreds or often thousands of different process measurements and other inputs into the system, and outputting control signals to a large number of final control elements. I/O represents one of the most significant parts of the system infrastructure, and, traditionally, a significant cost element. However, automation suppliers are working to reduce both the cost and the complexity of I/O by incorporating more intelligence and programmability into their solutions.
With the advent of flexible I/O systems, process manufacturers can now integrate more safety devices while simplifying installation and maintenance (see Figure 2). These systems employ innovative technology that allows instant configuration of I/O channels without additional hardware. They enable maximum architectural flexibility, lower cost of ownership, support SIL-3 application requirements, and are ideal for facilities that must integrate equipment, units, and other assets spread over wide geographic distances.
Developments in I/O technology offer an opportunity to liberate safety and process I/O, as well as control cabinets, from channel-type dependency. This concept enables multiple remote locations to be controlled out of a single centralized unit, with each channel of I/O individually software-configured either as analog input (AI), analog output (AO), digital input (DI), or digital output (DO). It reduces wasted I/O space and provides savings on both installation and operational costs because users no longer have to worry about having enough modules for AI, AO, DI, or DO configurations. The I/O connection can easily be configured—and reconfigured—at any time.
Plants that implement these technologies can also standardize on a universal cabinet with a generic configuration because any field signal can be connected to any I/O channel. Engineers are able to reduce documentation cost by knowing how much I/O needs to be supported, as well as its installation space requirement.
Some I/O systems are designed to support electronic (soft) marshalling, which allows the I/O module to be mounted close to the process unit to reduce or eliminate the need for homerun cables, marshalling panels, junction boxes, and field auxiliary rooms. With this new way of I/O deployment, field wires can be terminated on any I/O module or channel, regardless of signal type. It eliminates the scrambling needed in conventional marshalling approaches, thus reducing hardware complexity associated with installing, commissioning, and maintaining the system, resulting in savings on marshalling cabinets, inter-panel wiring, cabinet space, power requirements, and the traditional time needed to deploy these items.
By employing a flexible I/O approach, late changes resulting in costly project delays can now be done through remote access rather than manipulating hardware in the field. What previously took days or even weeks can be accomplished in minutes. Every day gained in the project schedule is an extra day of production. Because only one type of I/O module is needed for each project, engineers need only worry about I/O count—not I/O mix.
The latest technology advancements also limit the amount of training required for plant personnel. Only one category of I/O is needed to meet all of the input/output requirements on a typical SIS project. There are fewer interconnections with this type of solution—and consequently fewer failures—so testing and installation are easier.
Moving applications to the field
Most recently, automation suppliers have developed safety logic solvers designed to execute safety applications independently in the I/O module. Users can distribute safety logic into the field in close proximity to the process while maintaining a transparent overview. Such logic solvers safeguard the process even in the event of interruption in communication with the SIS. This approach is ideally suited to highly distributed applications, and reduces cost while increasing process availability and efficiency.
For example, in the upstream oil and gas industry, oil field operators can now implement a safety solution whereby the I/O module at each wellhead is integrated into the SIS and DCS, but can also act as a dedicated logic solver for the head if the central connection is lost. In effect, another layer of redundancy and separation is added to the system.
Meanwhile, pipeline integrity solutions and radar video surveillance for on-land facilities that allow significant savings over camera-only based solutions are expanding the scope and range of safety devices that can be integrated into the system in other areas.
Operational managers in process plants must address a host of pressing demands: worker safety, environmental stewardship, process uptime, and conservation of plant resources—and the list goes on. These challenges are stretching the limits of existing resources and expertise.
With innovations in automation technology, plants can optimize process safety systems in a wide range of installations, improve overall safety performance, and reduce capital and operating costs throughout the lifecycle of their projects.
Erik de Groot is marketing manager of safety systems for Honeywell Process Solutions. He has been active in the process industries in both process development and automation for 26 years, including 16 years with Honeywell where he started as an application engineer in Amsterdam, the Netherlands. He has a Bachelor’s degree in chemical engineering from the HTS Hilversum, the Netherlands.