ISA Portugal recently hosted a conference on functional safety. Emerson’s Russell Cockman, whom you may recall from earlier safety-related posts, presented 10 ways to improve functional safety without worrying where to put the decimal point in the calculation. From his title, you might anticipate that Russell would bring his humor to the serious subject of process safety—and he did.
I’ll elaborate on a couple of items in his list of ten, but let’s open this post with what they are:
- Use experts wisely but get your own competency up
- Get management buy-in, form your Functional Safety Management team
- Document your safety requirements
- Identify (and control) your safety assets
- Plan your proof tests and inspections
- Review and update your technology
- Manage your overrides
- Encourage people diversity
- Understand risk, focus on consequence
- Manage change effectively
Russell noted the high-level of complexity and sheer size in the IEC 61508 global safety standard with parts 1, 2 & 3 being approximately 175 pages. The IEC 61511 safety standard for process manufacturers is around 50 pages. The combination of standards, complexity, and confusion has led to a large supply of consultants to work with process manufacturers. He noted that most of the presenters at the conference including him had consultant in their job title.
Russell cautioned that a consultant doesn’t know everything—he knows different things than you, since you are the expert of your plant. You must identify and fill in the knowledge gaps and apply “good engineering judgment”.
Competency is an enormous part of safety. He shared a sailing analogy where examples of risk mitigation are lifejackets, flares, life rafts, etc. but the competency of the skipper and crew is paramount in safe operation.
The IEC safety standards are risk based and centered around two key concepts—the safety lifecycle and safety integrity levels (SILs). The safety lifecycle ensures structure and management of all activities, identifies the activities and objectives, and manages the verification steps. Safety integrity levels measure risk, quantify instrumented risk reduction, match design to SIL, and help you to monitor, perform and adjust the design as required.
It’s important to maintain integrity through your testing processes. The test interval impacts the average probability of failure on demand (PFDAVG) depending on the safety instrumented function’s architecture 1oo1 (one out of one), 1oo2, 2oo2, etc. Decreasing the proof test intervals decrease the PFD. Russell asked what percentage of hidden failures you are testing for.
Sensor diagnostics, such as 2-point sensor calibration checks and plugged impulse line detection, can extend coverage from greater than 50% of dangerous undiagnosed failures to greater than 95%. Proof testing requires careful planning to capture and record who did what, how they did it, when, and with what. Specific tests and inspections by tag are recorded, faults are reported and a rectification process initiated and all the who/how/when/with what are documented.
Russell shared his thoughts on the safety requirements specifications (SRS). We covered many of these ideas in an earlier post, Clear and Concise Safety Requirements Specifications. The key is to condense and consolidate information from the process design parameters, hazard and operability study (HAZOP), and layers of protection analysis (LOPA) into the SRS. The SRS is a controlled environment for reference of all process safety data relating to the safety instrumented system.
You can see I’ve only hit the first three items in Russell’s top ten, so I’ll save the others for future posts. You can join in conversations with Emerson safety subject matter experts in the safety instrumented system track of the Emerson Exchange 365 community.