The Do’s and Don’ts of Process Safety | Automation.com

The Do’s and Don’ts of Process Safety

By Paul Gruhn, Rockwell Automation

Changes in technology have led to a variety of recent developments in process safety, with many suppliers releasing new systems that significantly depart from the past. These do’s and don’ts can help you choose the right safety-instrumented system for your process.

Do Take Advantage of Scalable Systems
The first popular safety PLCs introduced in the mid-1980s were triplicated. These systems naturally cost more than nonredundant general purpose PLCs, and multiple distributed systems scattered around a facility often were considered too expensive.

The most economical implementation of such systems was often one large, centralized system. One large 1,000 I/O (input/output) system was less expensive than 10 smaller 100 I/O systems.

However, not all applications need 1,000 plus I/O. That is why some vendors have developed safety PLCs ideally suited for small I/O applications. Still, using one system for small applications and a different system for large ones in the same facility is hardly an ideal solution.

A number of suppliers recently launched systems that can scale from small and stand-alone to large and distributed – all using the same hardware platform.

Don’t Settle for a Single Level of Redundancy
Like the early Ford Model Ts that came in any color you wanted – as long as it was black – you could get an early safety controller system in any configuration you wanted – so long as it was triplicated.

This level of redundancy ensures that the system is fault tolerant and can survive one or more possible failures. But not all parts of a process safety system require triple redundancy. Depending on the level of safety risk, some applications require only dual redundancy.

Three vendors have released safety PLCs that can be configured single, dual, or triple (one even offers quad). In one system, some modules can be single, others dual and others triplicated. Flexible redundancy within one system allows the system to more closely match your safety and reliability requirements for each loop, in a cost-effective manner.

Don’t Assume Two Vendors are Better Than One
The traditional approach for control and safety systems has been to buy two separate platforms from two separate vendors. The trend now is to have one supplier for both systems. That is because the control and safety systems often look very similar (although they are not interchangeable), and are usually programmed using the same software. This means users only have to attend one training course, and communication between systems is effortless.

Do Consider Using New Fieldbus Technology for Safety
Fieldbuses – digital networks for process instrumentation – allow multiple field devices to be connected on a single pair of wires. Features and benefits include reduced wiring, higher levels of internal diagnostics, and lower total costs.

Fieldbuses have been available for general process-control applications for a number of years, but many have questioned their use in safety.

The concern is that a digital message could be corrupted, or the configuration and functionality could be changed by an unauthorized party. Safety standards state that busses are acceptable only if they meet the integrity-level requirements. No busses could meet such requirements in the past, but this is changing.

The Fieldbus Foundation has been working on FOUNDATION Fieldbus for safety (FOUNDATION Fieldbus SIF) for several years with a consortium of users, safety PLC and field-device manufacturers. Early field-device products were demonstrated in the summer of 2008, and final products (both field devices and logic solvers) are nearing release.

The primary benefit touted by safety fieldbus manufacturers is diagnostics: being able to better and earlier predict problems before they impact the process, and even lead to a shutdown.

But how can a sensor communicate extensive diagnostic information on a standard 4-20mA signal? One such method is the use of HART (Highway Addressable Remote Transducer), which combines additional information – such as device diagnostics – with the standard 4-20mA signal. HART devices have been available for decades, but only recently have some safety PLCs been able to incorporate HART information directly.

Do Use Safety-Certified Field Devices
Though a controller may be certified for use in SIL 3 applications, that does not necessarily mean the system will perform at a SIL 3 level. Like a chain, the system is only as strong as its weakest link. In most integrated safety systems, the weak links have been field devices.

That is because of their lack of redundancy. One-out-of-two or two-out-of-three sensor configurations and one-out-of-two final element configurations are generally required for SIL 2. The total installed cost of a sensor has been reported as high as $10,000. Redundant final elements are even more expensive. This means implementing SIL 2 loops can be very pricey.

However, redundancy is not always the magic answer for safety. Diagnostics are also an important factor. Dozens of new safety-certified field devices are available with much higher levels of internal diagnostics than devices of the past. Single devices with high levels of diagnostics usually offer similar safety performance to redundant standard devices, at much lower costs.

Don’t Overlook the Need for Employee Certification
While it helps, a certified safety system does not automatically make a facility safe. Unfortunately, many systems do not work effectively because they were incorrectly specified, designed, installed, operated or maintained.

A competent workforce is an essential defense against risk. But achieving a high level of competency is easier said than done. After all, how do we know that all employees involved have the knowledge and skills they need?

Thankfully, various organizations offer certification and certificate programs to help ensure employees understand what is necessary to keep a plant operating as safely as possible. Organizations such as CFSE.org (Certified Functional Safety Expert), ISA (International Society of Automation), and TÜV (both Rheinland and SÜD) offer a variety of programs.

Even if you think all your employees are completely competent, the best way to be certain is through certification. Even one uncertified employee represents a potential safety hazard.

Do Stay Up to Date on Standards for Fire and Gas Systems
Current safety standards covering fire and gas systems are prescriptive and focus on commercial applications, such as buildings. Many in the process industry believe similar standards are needed for industrial applications.

But unlike safety instrumented system hardware, claiming any integrity level for fire and gas hardware alone does not allow users to determine if the overall system will meet the desired level of fire and gas risk reduction.

Two factors have a dominating impact on the safety performance of fire-and-gas systems, and may prevent most systems from ever meeting SIL 1 performance levels.

  • Detector coverage: Are there enough sensors strategically placed to actually see the problem? Are sensors being voted such that it takes more than one sensor to detect a problem, making it even less likely for multiple sensors to detect a problem?
  • Mitigation effectiveness: Will the mitigation effectively reduce the hazard?

Despite these factors, it is possible to apply performance-based concepts to fire and gas systems. It is possible to assign risk-reduction targets for fire and gas systems, and apply quantitative techniques in system verification. The ISA 84 committee published a technical report in 2010 on ways to account for detector coverage, mitigation effectiveness and other factors, thus allowing a quantitative, performance-based approach to fire-and-gas system design. Once the detector coverage and mitigation effectiveness limitations are better understood and addressed, focusing on the SIL rating of the hardware will be more meaningful.

About the Author
Paul Gruhn is the Global Process Safety Consultant at Rockwell Automation. Rockwell Automation manufactures and integrates safety instrumented systems. Gruhn is an ISA (International Society of Automation) Fellow and a voting member of the ISA 84 standard committee (Safety Instrumented Systems in the Process Industries). He also is the developer and instructor of ISA courses on safety systems, and co-authored the ISA textbook on the subject. In addition, Gruhn developed the world’s first modeling program for control and safety systems. He has a bachelor’s degree in mechanical engineering from Illinois Institute of Technology in Chicago, is a licensed professional engineer in Texas, and is an ISA Safety Instrumented Systems expert.

Did you Enjoy this Article?

Check out our free e-newsletters
to read more great articles.

Subscribe Now

MORE ARTICLES

VIEW ALL

RELATED