Upload
asimozma
View
217
Download
0
Embed Size (px)
Citation preview
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 1/8
1
Functional Safety Management – The good, the bad and theugly! Lessons learned while striving for compliance with IEC 61511.
By Michael Scott, PE, CFSE
An efficient functional safety management program encompasses engineering, maintenance,
and operations personnel all working together for a common goal – prevention of loss of
containment. This may sound straight forward but requires multiple entities within an
organization to align to achieve this common objective and can be difficult to implement within
a complex organization. So what does a “good” functional safety management system look
like?
Lessons Learned
First, let’s discuss the evolution / awareness process an organization typically adopts on their
road towards functional safety management. This evolution / awareness process is borne of
the best intentions but, typically leads the end user to an intermediate undesirable position
short of their ultimate end goal. This results in regret costs and schedule delays in achieving a
fully compliant functional safety management system.
Step 1 - Desire for IEC 61511 – Functional Safety – Safety Instrumented Systems for the
process industry sector ” Corporate Alignment
In this step, the organization identifies the desire for IEC 61511 compliance and
champion(s) within the organization to convince management of the benefits of
managing functional safety via a performance based methodology. Given full
compliance with EIC 61511 requires multiple entities within an end users organization to
align, a commitment from management is essential. This alignment change typically
requires a significant paradigm shift within the end user organization. Thus, this first
step is often the hardest.
Step 2 – Modify Process Safety Risk Ranking to Support SIL Selection
In order to adopt IEC 61511, one needs to assign / calculate a required Safety Integrity
Level for a given Safety Instrumented Function. Thus, the end user organization has to
modify their current risk analysis methodology (i.e. Process Hazards Analysis (PHA)) to
support Safety Integrity Level (SIL) selection (i.e. Layer of Protection Analysis (LOPA)).
This task is typically owned by a corporate process safety department and multiple
methods of Risk Analysis and SIL Selection currently exist and the process safety
department has to make decision(s) on which methodology to adopt and which tool(s)
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 2/8
2
are they going use to support their overall risk analysis process. Most organizations are
looking to implement solutions that are aligned with their current wo rk process as close
as possible. Thus, requiring the least amount of changes in how they currently conduct
their risk analysis efforts. This concept sounds reasonable and very practical but,
ultimately is the first misstep made by most organizations.
Step 3 – Identification of Areas of Concern
Once an organization has bought into the performance based risk concepts contained in
IEC 61511, the first desire is to identify a work process to complete a risk analysis on all
facilities within the organization. Many companies made the decision to focus on those
unit operations that historically were deemed to have a higher risk than other units.
Thus, a program would typically be developed to conduct a Risk Analysis / SIL Selection
on some small sub-set than the entire portfolio of processes within the organization.
Once again this concept sounds reasonable and very practical but, ultimately this is
another common misstep if an overall holistic approach is not adopted by the
organization.
Step 4 – Development of Initial Safety Instrumented Systems Deliverables
Once the Risk Analysis / SIL Selection efforts for the high risk unit operations have been
completed, the end user is often anxious to review how the existing instrumentation /
controls fare from a performance based design review standpoint. Thus, Safety
Instrumented System deliverables are immediately generated for those Safety
Instrumented Functions (IPF) that were identified in the Risk Analysis / SIL Selection
process. These deliverables typically consist of the following:
IPF List
Safety Requirements Specification
Cause & Effects
SIL Verification Calculations
Functional Test Plans
Once again, this concept sounds reasonable and very practical but, ultimately this is
once again a misstep if an overall holistic approach is not adopted by the organization.
Step 5 – Identification of Gaps
With SIS deliverables completed, the organization wants to focus on Gaps. A Gap means
the organization needs to develop a project to spend dollars to close the Gap. Gaps
generally fall into three major categories from an end user standpoint:
1. Capital Project required to install instrumentation / controls to achieve the
required level of risk reduction for existing kit
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 3/8
3
2. Operations & Maintenance activities to begin testing SIFs and tracking of failures,
demands, time in bypass, etc.
3. Incorporation of SIS work process into the everyday Management of Change
(MOC) process
Most organizations on the learning curve for IEC 61511 compliance immediatelyimplement bullet 1 and testing of SIFs in bullet 2. Remainder of bullet 2 – tracking of
failures, demands, time in bypass, etc and all of bullet 3 incorporation of the SIS work
process in everyday MOC process is tackled sometime in the future because the
difficulties within the organization to be able to implement changes to achieve bullets 2
and 3. Once again this concept sounds reasonable and very practical but, ultimately this
is also a misstep if an overall holistic approach is not adopted by the organization.
Step 6 – Realization Data is Stagnant
In most large organizations, completion of steps 1 through 5 above is a significant
investment and takes multiple years to complete. However, because an overall holistic
approach to IEC 61511 compliance was not developed / planned in the beginning and
instead each department within the organization focused on implementation of a
solution that impacted their department the least, the maintainability of the results of
steps 1 through 5 is in most instances is not sustainable within the organization. Thus,
the data used to develop the deliverables has become stagnant because the IEC 61511
compliance exercise used a snap shot of data at the beginning of the project and did not
plan for an overall data management scheme for the life of the installation. For instance,
project A was implemented in Unit B. Assume project A added 2 defined SIFs and
deleted 1 existing SIF. In most organizations, the IEC 61511 compliance efforts did not
address ongoing projects and their impacts to Safety Instrumented System deliverables.Thus, either project A developed standalone Safety Instrumented System deliverables or
none at all. In both cases, a facility engineer cannot perform a simple task of generating
a master SIF List of devices to be tested. The initial IEC 61511 compliance efforts may
not have completed a review of all equipment (due to focusing on high risk areas) and /
or the MOC process to maintain the SIS design basis in an evergreen fashion was not
addressed during this interim period (several years).
This realization results in regret costs as the organization begins to tackle the harder
issues mandated by the overall holistic approach to IEC 61511 compliance. This implies
an overall work process and associated functional safety management tool(s) to ensurethe Risk Analysis / SIL Selection and associated SIS deliverables can be readily supported
in an evergreen fashion by existing personnel.
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 4/8
4
Key Attributes to Success Functional Safety Management
Having discussed the typical work process and pointing out short comings that may not
be obvious to an end user who has not lived through the above steps or is in middle of these steps, it is extremely important that the extent of these well intended missteps be
fully grasped by the reader. This will be accomplished by focusing on the attributes of
what a “good” functional safety management system looks like as opposed to dwelling
on the negatives achieved in some of the above key steps.
Step 1 - Desire for IEC 61511 – Functional Safety – Safety Instrumented Systems for the
process industry sector ” Corporate Alignment
Best practice for an organization would be to properly plan for functional safety
management activities and their impacts to the organization prior to implementation of IEC 61511. This planning would include the following:
Survey of each business unit / facility to identify how they currently execute each
phase of the safety lifecycle.
Realization that an evergreen overall functional safety management program is
mandatory and establish this requirement at the beginning of the IEC 61511
compliance project.
Begin a functional safety management tool selection process that addresses key
issues in the survey of each business unit / facility as well as the best practice
attributes noted below in steps 2 through 5.
If the overall program level plan does not account for an evergreen work process, the
resultant data collected will become stagnant and will provide limited benefit to end
users. This in turn will result in loss of confidence in the data by the end users and
undermine the value of IEC 61511 compliance to the overall organization.
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 5/8
5
Step 2 – Modify Process Safety Risk Ranking to Support SIL Selection
Best practice for an organization would be to utilize a functional safety management
tool that supports the following key criteria:
Risk Analysis and SIL Selection methodology that is tightly integrated such thatchanges in the Risk Analysis (i.e. PHA) are automatically fed into the SIL Selection (i.e.
LOPA) and vice versa.
Development of a Risk Analysis and SIL Selection methodology that supports data
extraction directly into a functional safety management engine to develop remainder
of the SIS deliverables.
This will improve the overall quality of the data set by minimizing re -typing of the same
information in multiple places. It also reduces the man-hour requirements to maintain a
valid PHA / LOPA and the resultant transmittal of data to the tool(s) completing the
remainder of the SIS deliverables.
Step 3 – Identification of Areas of Concern
Best practice for an organization would be to utilize a functional safety management
tool that supports the following key criteria:
Risk Analysis and SIL Selection methodology that supports an evergreen work process.
Thus, results from initial IEC 61511 compliance efforts, future project PHAs, and / or
future Revalidation PHAs can be managed together as a single entity.
This will allow a facility engineer to review a list of critical protection layers that need to
function to prevent loss of containment. Thus, the facility engineer would be able to
conduct a risk analysis if pressure transmitter PT-100 needed to be removed from
service on a temporary basis. The master evergreen risk analysis includes the facility
siting results from Project B that occurred last year and added a new control room in
close proximity to the unit of operation in question. Thus, the facility engineer does not
need to review the latest PHA Revalidation / LOPA along with all individual capital
projects that have occurred since the last PHA Revalidation / LOPA to perform an
accurate assessment of risk associated with PT-100 being out of service.
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 6/8
6
Step 4 – Development of Initial Safety Instrumented Systems Deliverables
Best practice for an organization would be to utilize a functional safety management
tool that supports the following key criteria:
SIS deliverable methodology that supports an evergreen work process. Thus, resultsfrom initial IEC 61511 compliance efforts, future project PHAs, and / or future
Revalidation PHAs can be managed together as a single entity.
SIS deliverable engine supports use of templates and a library of deliverables
SIS SIL Calculation engine that supports and stores “what if” calculations against a
given SIF
SIS SIL Calculation engine is capable of
automatically generating the associated Cause &
Effect Diagram
Functional safety management tool has MOC
capabilities within the tool itself
Functional safety management tool be capable of
developing and managing deliverables associated
with IPLs
Functional safety management tool should be
viewable by a large audience within engineering,
operations and maintenance
By maintaining the SIS deliverables in an evergreenfashion based upon latest project updates in concert with the latest Risk Analysis / SIL
Selection updates, a facility engineer can review the proposed scope of project X to de -
bottle neck Unit K for potential impacts to SIFs and / or critical Instrumented Protection
Layers (IPLs) (i.e. alarm with operator action). Thus identifying early in the project
lifecycle the need to modify a safety instrumented system and associated tasks /
deliverables that need to be generated by the project. This will greatly reduce regret
costs / schedule impacts if this scope is defined late in the project. By making the
functional safety management tool viewable by a large audience it helps facilitate the
communication / awareness process for these critical SIFs and / or IPLs. The remainder
of the other “best practices” bullets noted above are focused on reduction of man -hours
to generate and maintain SIS deliverables. This is critical if the end user organizationdesires to minimize additions and/ or maintain current head count through the IEC
61511 adoption process.
Step 5 – Identification of Gaps
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 7/8
7
Best practice for an organization would be to utilize a functional safety management
tool that supports the following key criteria:
Gap Tracking functionality that supports an evergreen work process. Thus, results
from initial IEC 61511 compliance efforts, future project PHAs, and / or future
Revalidation PHAs can be managed together as a single entity to manage Gaps.
These Gaps could be short falls in existing SIF designs that require additional field
devices, installation of a new inherently design concept, addition of new IPLs, etc.
Thus, the tool would communicate current as-is Risk Profile as well as the long term
view of what the risk profile could be if project A, B and C are implemented.
Ability to address operations and maintenance aspects of the safety lifecycle:
o Collection and analysis of failure rate data results from functional testing in a
paperless environment
o Assignment / management of failure rate data in concert with an approved
vendors list for instrumentation and controls associated with a Safety
Instrumented System
o Collection of failure rate data results from corrective work orders in a
paperless environment
o Collection and analysis of time a SIF or IPL is in bypass or mean time to repair
o Collection of root cause analysis data and comparison to initiating causes /
cause frequencies assumed in the Risk Analysis and SIL Selection methodology
(PHA/ LOPA) in a paperless environment
o Ability to conduct an override r isk assessment
o Ability to analyze impacts for deferred functional testing
o Key Performance Indicator feedback on goodness of the functional
management system components
Ability to support the day to day MOC process at the facility. Thus, the tool has the
ability to maintain risk analysis, SIS design basis and critical IPLs used in LOPA in an
evergreen fashion.
Conclusion
If an organization does not properly plan for functional safety management and set
specific goals for the program to ensure the data can be managed efficiently and
effectively in an evergreen fashion, initial IEC 61511 compliance efforts will fall short of
expectations. A successful implementation must include the following:
Commitment by management
7/27/2019 Functional Safety Management
http://slidepdf.com/reader/full/functional-safety-management 8/8
8
Recognition of the importance of an evergreen work process
Identification of key stakeholders within engineering, operations and
maintenance to support the paradigm shift of change required to implement an
evergreen functional safety work process
Selection of a functional safety management tool that supports the key attributesnoted in this paper
One can successfully implement a fully IEC 61511 compliant functional safety lifecycle
management tool that supports the attributes contained in this white paper with proper
planning and due diligence.
About the Author
Michael Scott, PE, CFSE ([email protected]) VP of Process Safety with aeSolutions who
has executed multiple functional safety lifecycle management projects and developed a suite of
functional safety lifecycle management tools aeShieldTM
and aeFacilitatorTM
to support these
projects.