Safety does not come out of a box
The solution to making your process plant a safer place isn’t something you can buy. Much of it depends on changing the ways your people work and think.
Working with safety instrumented systems (SISs) for more than 20 years has taught me that technology alone cannot make process plants safer places to work. Over those years, I’ve been involved with the design and implementation of mission critical technology to satisfy functional safety standards such as IEC61508, IEC61511/ISA84, as well as other application specific standards. As important and helpful as those standards are, personal experience and the frightful number of safety incidents across our industries suggests that we need to go back to basics.
What is a process hazard?
We all have heard the saying, “If you don’t know where you’re going, any road will take you there.” When it comes to risk reduction, we need to have frank and open discussions about the risks we’re facing so we can be clear on where we’re going. The objective might not be to eliminate risk entirely, but to reduce it to an acceptable level that will allow the plant to function while protecting people in the plant along with the community, environment, and equipment.
Therefore, the first step is to understand the hazards and the risk. Without establishing the scope of the hazards, it is not practical to determine the necessary risk reduction required. This should be done to create the safety requirements specification (SRS) necessary to start a system design.
It shouldn’t be a surprise that an effective risk reduction strategy is typically aligned with a corporate safety vision or strategy. The reality of a commitment by senior management to an explicit safety vision becomes woven into the ethos of the company. Every level of the organization must understand the overarching reasons for the vision, and the organizational structure, management processes, technologies, and human resources that create a supportive framework to live the vision. Of course, it is crucial that the vision and values be communicated to people at every level, and that the effectiveness of the communication is verified.
While that may seem like the most obvious point, think of the number of times that safety culture, or a lack of it, is found among the top causes of incidents and accidents in process industries. Consequences of those lapses can range from minor injuries to environmental catastrophes making news headlines worldwide. If that anecdotal evidence isn’t enough, safety culture is top of list when the UK Health and Safety Executive publishes its “Ten Human Factor Issues” affecting safety in process plants.
Functional safety management
The late Trevor Kletz had a way of summarizing safety concepts very clearly. He observed, “We can’t enable people to carry out tasks beyond their physical or mental abilities.… [but] we can reduce the opportunities for such slips and lapses of attention by changing designs or methods of working.”
It is possible to improve safety by introducing and following well-thought-out procedures. Today’s safety standards introduced a functional safety management (FSM) system which created a series of work processes established on top of the traditional quality management system. These work processes address functional safety requirements from design to implementation of a process or system, to its eventual modification or decommissioning. Among other things, the FSM system requires documenting the risk reduction requirements and corresponding validation testing to demonstrate that the intended risk reduction was ultimately achieved. These procedures might require the involvement of two people and the issue of a permit. Such an approach provides an opportunity to run a check by an independent party to verify that everything necessary has been done.
Checklists can be viewed as a job aid that aims to provide a series of prompts that reduce the likelihood that standard operating procedures are not followed, or steps omitted. They are useful at catching slip-type errors where operators or engineers had the intention to perform the activity but were distracted by another task or simply forgot they had not performed the task.
Even when technology alone cannot make process plants safer, it can be made part of the solution. For years, the industry had relied on automation to support engineers, operators, and maintenance personnel in the plant. Today, rather than treating human beings as automatons, the industry can take advantage of new technologies in key areas to enhance the user situational awareness and decision making.
Ergonomics and operator alertness
One aspect of the design process is creating a comfortable operating environment. On any given day, operators need to sustain a high level of alertness and a clear understanding of exactly where the process is as it moves through the production cycle. This requires having real-time access to critical information to support decision making.
Some days are relatively quiet and that decision making process is simple and quite routine. However, it’s well known that humans are much less reliable at performing routine repetitive tasks than machines, and that human error is a frequent cause of malfunction in complex systems. Simply dismissing an accident by attributing the cause to human failing is shortsighted because it does not lead to constructive action. Systems need to be designed around people rather than the other way around. Technologies such as ergonomics, display design, HMI (human-machine interface) graphics, and alarm handling can help to reduce the occurrence or effects of some of these factors. When these can be combined with training simulators and advanced maintenance technologies, improvement in plant safety will soon be noticeable along with significant overall performance improvements.
The role of operators in high-risk industries is clearly an important aspect of overall system design. There is a general consensus that operators’ tasks within control rooms have been largely automated, leaving operators spending the majority of their time as system supervisors and not system controllers. As a result, operator attention, reaction, and effectiveness are often overlooked as areas that can improve the performance and safety of a control system or plant. If the situation deteriorates, all too often an operator is left to understand inconsistent interfaces from a multitude of sources or data where there is not enough information to understand the abnormal conditions enough to take appropriate corrective action.
Fortunately, research from entities such as Center for Operator Performance and the ASM Consortium has led to guidelines for designing control rooms and operator displays to suit the needs of the operators, to promote effectiveness, improve comfort, and present simplified information displays that are easy to understand. All this takes place in a well-designed physical environment in which the operator can simulate the passage of time each day or call attention to a specific type of event. For example, lighting at 3:00 a.m. may be more subdued than at 1:00 p.m., and lights may take on a different color during an emergency. When these kinds of changes can take place, operators are more alert and able to handle the stress of an abnormal condition in the plant.
Creating effective alarms
The move from panel board control to DCSs created the problem of alarm management, which spawned a whole new industry. In the old days when adding an alarm was an expensive process and took up valuable real estate on the wall or console, users took a great deal of care choosing those that were most important. Such is not the case anymore, and as we know, too many alarms make conditions worse for the operators and the plant.
Concepts of human software engineering suggest that alarm system design should ensure prompt, reliable, and effective operator response. A poorly designed system will leave an operator failing to act at all, or selecting the wrong course of action.
Today we have standards such as ISA18.2 and EEMUA 191 to guide users through the alarm lifecycle process, and most systems have built-in features to support assessing the current situation in a plant and identifying nuisance alarms and bad actors as part of rationalizing alarms.
State-based control is another methodology available to assist engineers while working through the design phase. By managing the parameters across process states, optimized process conditions can be maintained during normal conditions and correct action can be taken automatically during abnormal conditions. In this scenario, state-based control provides an additional layer of protection for the plant.
Integrated control and safety
Integrating control and safety systems can provide an enabling technology to drive effective operations and minimize the sources of human error discussed earlier. Some of those benefits include:
- Analysis of potential common cause failures and designing those out of the system.
- Standard access control to prevent unauthorized access and secure the systems without introducing additional custom programming.
- Integrated testing at the product test lab rather than during a FAT (factory acceptance test) ensures all standard functions are working as the product was designed prior to market release. This reduces the scope of a FAT to project-specific requirements.
- Version control, compatibility, and interoperability are all considered prior to the release of the product, reducing maintenance- and product-lifecycle costs.
Prescribing a solution does not address the need for analysis that is behind the performance based functional safety standards. It is our responsibility as users to design a system that effectively provides the required risk reduction and to verify that we have reduced the risk to an acceptable and reasonable level.
There is no doubt that process safety and security are interconnected, and both should be given serious thought in the design process. Safety standards such as IEC 61511 do not restrict or prohibit combining control and safety; in fact, Part 2 indicates that “Physical separation between BPCS (basic process control system) and SIS may not be necessary provided independence is maintained, and the equipment arrangements and the procedures applied ensure the SIS will not be dangerously affected by failures of the BPCS or work carried out on the BPCS, for example, maintenance, operation or modification. Where procedures are necessary to ensure the SIS is not dangerously affected, the SIS designer will then need to specify the procedures to be applied.”
Having an integrated control and safety system with embedded access control not only provides security to the safety system and prevents unauthorized or unintended access, it also facilitates maintenance of the safety system with standard bypass or override methods.
These standard methods give the operator feedback of the condition in the safety system and are registered in the audit trail supporting best-in-class management of change.
Similar to safety systems, prescribing a security solution does not address the need for the analysis to ensure the automation infrastructure is free of known vulnerabilities and satisfies the needs of the industrial environment. Security deserves the same attention as safety as part of the cultural paradigm in manufacturing companies.
A two-sided effort
Reducing risk in a process manufacturing environment requires a technical and cultural effort. The most careful and conscientious people can be injured in a plant with faulty equipment, and the most sophisticated equipment can be defeated by careless people.
When careful people work with a safe attitude driven by a sound culture using well-maintained equipment and appropriate work practices, safe and reliable production will become a way of life.
Luis Durán is product marketing manager for safety systems, control technologies, and process automation for ABB.
For more information, visit: www.abb.com
Read more about process safety below.
- Creating a safe working environment requires technical and human elements.
- A corporate culture of safety has to be supported at all levels of a company.
- Design elements in a control room can help or hinder the ability of operators to react in a crisis situation.