Functional safety specialists may be stuck in the past and doing industry a disservice. The current industry trend is to only consider random hardware failures in safety integrity level probability of failure on demand calculations. But are random hardware failures the only thing that cause a safety instrumented function to fail? What if our assumptions […]Read More
- Keith Brumbaugh is a Senior Specialist with aeSolutions. He has a B.S. in electrical engineering with a minor in computer science from Texas Tech University. Keith is both a Professional Engineer (P.E.) and a Certified Functional Safety Expert (CFSE). He has over ten years of experience in instrumentation and safety systems engineering.
Posts by Keith Brumbaugh:
Industry uses many numbers in process safety associated with predicting the likelihood of rare, catastrophic events (e.g., failure rates, demand rates, incident rates, probability of failure, probability of ignition, etc.). Yet have you given serious thought to the accuracy and trustworthiness of those numbers? For example, layer of protection analysis (LOPA) often uses target numbers […]Read More
White Papers by Keith Brumbaugh:
Is our industry stuck in the past? The current industry trend is to only look at random hardware failures in safety integrity level (SIL) probability of failure on demand (PFD) calculations. No one would appear to be updating assumptions as operating experience is gained. Hardware failure rates are generally fixed in time, assumed to be average point values (rather than distributions), and either generic in nature or specific to a certain set of hardware and/or conditions which the vendors determine by suitable tests or failure mode analysis. But are random hardware failures the only thing that cause a safety instrumented function (SIF) to fail? What if our assumptions are wrong? What if our installations do not match vendor assumptions? What else might we be missing? How are we addressing systematic failures?
One obvious problem with incorporating systematic failures is their non-random nature. Many functional safety practitioners claim that systematic errors are addressed (i.e., minimized or eliminated) by following all the procedures in the ISA/IEC 61511 standard. Yet even if the standard were strictly adhered to, could anyone realistically claim a 0% chance of a SIF failing due to a human factor? Some will say that systematic errors cannot be predicted, much less modeled. But is that true?
This paper will examine factors which tend to be ignored when performing hardware-based reliability calculations. Traditional PFD calculations are merely a starting point. This paper will examine how to incorporate systematic errors into a SIF’s real-world model. It will cover how to use Bayes theorem to capture data after a SIF has been installed — either through operating experience or industry incidents — and update the function’s predicted performance. This methodology can also be used to justify prior use of existing and non-certified equipment.Read More
Bayes’ Theorem is an epistemological statement of knowledge, versus a statement of proportions and relative frequencies. It is therefore a method that can bridge qualitative knowledge with the rare-event numbers that are intended to represent that knowledge. Bayes’ Theorem is sorely missing from the toolbox of Process Safety practitioners. This paper will introduce Bayes’ Theorem to the reader and discuss the reasons and applications for using Bayes in Process Safety related to IPLs and LOPA. While intended to be introductory (to not discourage potential users), this paper will describe simple Excel™ based Bayesian calculations that the practitioner can begin to use immediately to address issues such as uncertainty, establishing confidence intervals, properly evaluating LOPA gaps, and incorporating site specific data, all related to IPLs and barriers used to meet LOPA targets.Read More
Many operating units have a common reliability factor which is being overlooked or ignored during the design, engineering, and operation of high integrity Safety Instrumented Functions
(SIFs). That is the Human Reliability Factor. In industry, there is an over focus on hardware reliability to the n’th decimal point when evaluating high integrity SIFs (such as SIL 3), all to the detriment of the human factors that could also affect the Independent Protection Layer (IPL). Most major accident hazards arise from human failure, not failure of hardware. If all that were needed to prevent process safety incidents is to improve hardware reliability of IPLs to some threshold, the frequency of near miss and actual incidents should have tailed off long ago – but it hasn’t. Evaluating the human impact on a Safety Instrumented Function requires performing a Human Factors Analysis. Human performance does not conform to standard methods of statistical uncertainty, but Human Reliability as a science has established quantitative limits of human performance. How do these limits affect what we can reasonably achieve with our high integrity SIFs? What is the uncertainty impacts introduced to our IPLs if we ignore these realities?
This paper will examine how we can incorporate quantitative Human Factors into a SIL analysis. Representative operating units at various stages of maturity in human factors analysis and the IEC/ ISA 61511 Safety Lifecycle will be examined. The authors will also share a checklist of the human factor considerations that should be taken into account when designing a SIF or writing a Functional Test Plan.
Achieving Safety Integrity Level (SIL) targets can be difficult when proof test intervals approach turnaround intervals of five years or more. However, some process units have planned and predictable unplanned shutdowns multiple times a year. During these shutdowns, it may be possible to document that the safety devices functioned properly. This can be incorporated into SIL verification calculations to show that performance targets can now be met without incorporating expensive fault tolerance, online testing schemes, etc. This can result in considerable cost savings for an operating unit.
This paper will discuss various solutions to meet a SIL target, taking credit for planned and unplanned shutdowns to help meet a SIL target, justification for applying diagnostic coverage in SIL verification calculations, summary of determining diagnostic credit, applying diagnostic credit from a shutdown event, and a case study.
During a Safety Instrumented System (SIS) implementation project at a plant site new to the ANSI/ ISA 84 process safety lifecycle world, we discovered the importance of utilizing graphic diagrams in the development of SIS‐related documentation to support the on‐site team meetings and document decisions. The author will present examples of the different types of graphic diagrams, methods in which the diagrams were utilized, and the benefits that each provided in the implementation of certain phases of an ANSI/ ISA 84 SIS lifecycle project. These diagrams were considered to be valuable process safety information and part of the final SIS Front End Loading design.Read More