ARC Advisory Group
Even though mandated by functional and process safety standards such as ISA-84 and ISA/IEC 61511, many automation and safety instrumented systems (SIS) vendors do not provide safety lifecycle management software that extends beyond the initial work performed to commission the SIS logic solver.
For upstream assets, this initial work was likely to be performed in a different location than where the platform achieves its first oil. Therefore, when the owner-operator has achieved this important milestone, only the bare minimum safety instrumented function proof testing for the most critical protective and mitigative functions has been performed.
While the mandated functional safety requirements specification (SRS) should provide a description of how safety should be maintained within a process or plant area, be aware that an SRS must also be produced for a fixed or floating platform or most other offshore assets. ARC has observed that most vendors do not support these requirements with an appropriate suite of supervisory software designed to make it easier to maintain, enforce, and prove compliance. This often puts an unnecessary burden on end users, who in the quest to reduce time to first oil and optimize production, often find it hard to allocate adequate time for proof testing to fully comply with all functional safety requirements. This includes the ability to prove compliance.
What types of things should end users consider as necessary parts of their safety lifecycle compliance program? For a start, it is helpful to consider factors such as if electronic safety lifecycle management tools are used to help meet traceability requirements, or if this is attempted manually. Are any tools used beyond those performing initial hazardous operations (HAZOP) and layer of protection analysis? Do the current software tools present "talk" to each other to share data or is the same data entered into different tools? In offshore applications, some of the most vital safety-related systems are those that must be energized to mitigate. Systems should be set up to automatically check the demand output solenoids.
A limited toolset
Automation suppliers typically offer tools to help owner-operators determine required safety integrity levels (SIL). However, that is where the functionality can often end. While some suppliers offer rudimentary utilities to help trace and document changes to the logic solver programming, most do not offer a full suite of "fully baked" software that meets the other traceability requirements for maintaining safety instrumentation.
Current limitations to most automation suppliers' solutions require extensive custom integration, which is both costly and time consuming. Other limitations include: a lack of a full, pre-integrated solution set for archiving, retrieving, and modeling data; the inability to scale from a platform-wide to an enterprise-wide solution; the fact that data streams of mobile safety workers should not be integrated; and that level three and/or level four enterprise applications should not be provided data integrations.
ISA/IEC 61511, ISA/IEC TR84.00.04, OSHA 1910, and other standards define specific requirements for effective safety lifecycle management. These standards organizations are collaborating to develop more holistic recommendations for end users that cover both SIL determination and best practices for SIS lifecycle management. All emphasize that being in compliance with safety lifecycle management requirements should extend beyond just proving the compliance of initial site acceptance testing and commissioning of production equipment, controllers, and processes.
This requires identifying and documenting that equipment, controllers, and processes are running as designed day after day, week after week, year after year. Processes change; equipment ages and wears; procedures become "culturally blurred"; and people become complacent, believing the results of their basic safety key performance indicators. They get lulled into a false sense of safety. Historically, this is when the serious "big incident" occurs, with the resulting tragic loss of life and damage to a company's financial success and reputation. Beyond the loss of human life, environmental damage, huge potential fines, and negative publicity, this could also result in someone going to jail.
Since this is a complex problem with potentially serious ramifications for non-compliance, ARC recommends that owner-operators return to an appropriate "beginning point" to obtain the needed clarity. Start with a thorough review of the existing HAZOPS from which sprang your safety integrated function (SIF) designs and SIL requirements. Then, specific real-time and historical data needed to confirm compliance with SIL requirements can be identified. Review and begin to track the statuses (automatic/manual/bypassed) that represent the control loops and their safety functions; some vendors can provide software to perform this task automatically.
It can be helpful to re-read the standards, focusing specifically on the safety lifecycle in relation to current operations to determine if the current safety requirements specification being utilized is sufficiently comprehensive. Additionally, it is important to understand what data is needed to comply with OSHA 1910, ISA/IEC 61511 and TR84.00.04, API 14C, OLF70.
The most important considerations are if the periodic safety proof tests are being performed, and that all knowledge workers are competent, qualified, and appropriately certified. Maintaining electronic or paper records of proof tests for each and every safety instrumented function in the operation is essential, and everything should be performed on time. If records are not kept of how often you proof tests are deferred or compromise a layer of protection against any of the many defined hazards, consider taking advantage of the broader process safety management solutions offered by several consulting and engineering companies with skills and experience in these areas. Review the respective functionalities of the automation and safety suppliers that offer tools for identifying appropriate SIL requirements and/or process safety management software. Some, but not all, offer software tools with capabilities for real-time risk analysis and management, real-time functional safety management, and real-time traceability. •
Joseph Scalia, senior consultant at ARC Advisory Group, covers process safety and functional safety for the chemical; oil and gas; power generation; and manufacturing industries. He has more than 30 years experience in industrial automation for discrete manufacturing and process control industries. Scalia has a Bachelor of Science in Electrical and Controls Engineering from Kettering University, and is a TUV-certified functional safety engineer. He has also received formal instruction in software architecture, software modeling, threat modeling, and cyber security.