Search
-
Recent Posts
Recent Comments
- Gabi Spencer on The importance of Process Hazard Analysis studies
- Ephraim Gasitene Phonela on The importance of Process Hazard Analysis studies
- Gabi Spencer on ESC’s TÜV Rheinland Cyber Security Training Program
- David Dewdney on ESC’s TÜV Rheinland Cyber Security Training Program
- David Balfour on Functional Safety (FS) for Technicians – Proposed CompEx modules
Archives
- May 2022
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- January 2020
- July 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- November 2018
- August 2018
- April 2018
- March 2018
- February 2018
- November 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- August 2015
- June 2015
- May 2015
- February 2015
- November 2014
- September 2014
- July 2014
- April 2014
Categories
How Safe is Safe Enough – Q&A
Our recent Webinar “How Safe is Safe Enough?“, which was held in collaboration with IChemE’s Process Management and Control “Safety and Loss Prevention Special Interest Groups”, proved to be a hot topic of discussion with an interesting array of comments and questions. As usual, time was short, so here are a few points on the issues that were raised.
If you were not able to attend the Webinar, the video is available to watch on our website:
How Safe Is Safe Enough – Webinar by Ron Bell
Is a Safety Instrumented Functions (SIF) the best way to eliminate risk and prevent a hazardous event?
Although SIFs are designed to be effective in preventing and controlling hazards, they shouldn’t replace what is considered industry good practice with regards to the concept of inherent safety, after all, as Trevor Kletz [1] famously put it ‘What you Don’t have, Can’t leak’. There is a general hierarchy which should be applied as good practice when designing processes; there tends to be many variations, but in general it follows in order of priority:
Inherently Safer Design: Elimination, Substitution, Moderation and Simplification |
Engineering Controls: Passive Controls and Active Controls (SIFs) |
Administrative Controls: Procedures, Personnel Protection Equipment, Emergency Response etc. |
Inevitably no chemical process will be without risk, but processes can be made safer by adopting good practice.
What is Safety Integrity Level (SIL) ‘0’?
The term ‘SIL 0’ or ‘SIL a’ is commonly used to describe the requirement of an instrumented system which is required to reduce the risk by a factor of ≤10. This indicates that although additional risk reduction is required, the necessary amount of risk reduction is below the SIL 1 range and is thus outside the remit of IEC 61508 [2] and IEC 61511 [3]. However, the view of the HSE [4] is that if the system is implementing a safety function, it should still be subject to certain provisions. For instance, there must be provisions in place for periodic inspections, maintenance and proof testing of the instrumented system.
Can the Basic Process Control System (BPCS) be SIL Rated?
As far as the IEC 61511 [3] standard goes, the maximum risk reduction that can be claimed for a BPCS is a factor of 10, which falls below the SIL 1 band. However, for a BPCS to carry out Safety Instrument Functions (SIFs) of a specified SIL then you must manage, specify, design, maintain and operate the BPCS in accordance with the requirements in IEC 61511 [3]. This would make the BPCS a Safety Instrumented System (SIS).
Can Conditional Modifiers be applied to all operating modes?
Conditional Modifiers should be assessed for each specific operating mode as they may be valid for one operating mode but not the other. For example, one of the most common issues relates to the Conditional Modifier ‘Occupancy’. During normal operation personnel may only be present 10% of the time, however during start-up it is likely that the operators will be present for the entire operation, hence the 10% occupancy Conditional Modifier is no longer applicable. The impact of this needs to be assessed as it may leave you short of meeting the Target Risk and hence not achieving the Tolerable Risk which is a legal requirement.
How do you design a ‘SIL rated device’?
Firstly, there is no such concept as a ‘SIL rated device’. This term is sometimes used to characterise a device that has been developed to meet the requirements of IEC 61508 [2] and is to be used in a SIS to carry out a SIF in accordance with IEC 61511. Simply put, the device must meet the SIL requirements both in terms of random hardware failures and Systematic Failures. IEC 61508 addresses these two types of failure as follows:
- Random Hardware Failures: uses reliability modelling techniques to quantify the dangerous failures to meet the specified SIL; and,
- Systematic Failures: specifies techniques and measures which should be implemented to avoid and/or control systematic failures to meet the requirements of a specified SIL. If the measures and techniques applied are suitable for a SIF of SIL 1 then the device is said to have a Systematic Capability (SC) of 1. F
Engineering Safety Consultants run a 3 day TÜV accredited Safety Instrumented Systems course which provides an in-depth understanding of the requirements of IEC 61508 and IEC 61511 and the fundamentals for achieving and maintaining functional safety.
[1] CCPS Inherently Safer Chemical Processes, A Lifecycle Approach, Second Edition, 2009 ISBN 978-0471-77892-9
[2] IEC 61508, Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety Related Systems
[3] IEC 61511, Functional safety – Safety instrumented systems for the process industry sector
[4] UK HSE Document: Management of instrumented systems providing safety functions of low / undefined safety integrity, Oct 2014