Administered by Mary Kay O’ Connor Process Safety Center
Come meet our industry experts at booth #25 & #26
aeSolutions is proud to be represented by 4 different presenters during this year’s symposium. More info such as the keynote speakers, the latest event agenda, hotel and parking info can be found at https://instrumensymp.wpengine.com/
Tuesday, January 21st 10:00AM – Richard Hanner : Methodologies in Reducing Systematic Failures of Wired IPLs
The history of high consequence incidents in industry reveals that most accidents were the result of systematic failures, not hardware failures. However, a higher degree of focus in Engineering is often on the quantifiable failures of hardware. Process Safety risk gaps are often closed or reduced by several types of Independent Protective Layers (IPLs). Two common types are Safety Instrumented Functions (SIF) and Basic Process Control System (BPCS) functions. The SIFs typically reside within a SIL-rated programmable logic controller, and their achieved quantitative performance is calculated based on random hardware failures of the SIF hardware components. Conversely, BPCS protective layers are assigned generic industry-accepted probability of failure credits. The BPCS generic industrially-accepted probabilities of failure are conservatively assigned, and take into account unquantifiable human-induced systematic failures.
In either case, the likelihood of systematic failures can be reduced by recognizing design, specification, maintenance, and operations activities that are potential sources, and applying measures to prevent or reduce them. By reducing systematic failures, you reduce the risk in the business and increase confidence in meeting the intended integrity requirements. This technical paper will discuss the common sources of systematic failures and preventative or mitigative measures to prevent their occurrence.
Read the full paper Methodologies in Reducing Systematic Failures of Wired IPLs
Tuesday, January 21st 11:40AM – Paul Gruhn : The use of Bayesian Networks in Functional Safety
Functional safety engineers follow the ISA/IEC 61511 standard and perform calculations based on random hardware failures. These result in very low failure probabilities, which are then combined with similarly low failure probabilities for other safety layers, to show that the overall probability of an accident is extremely low (e.g., 1E-5/yr). Unfortunately, such numbers are based on frequentist assumptions and cannot be proven. Looking at actual accidents caused by control and safety system failures shows that accidents are not caused by random hardware failures. Accidents are typically the result of steady and slow normalization of deviation (a.k.a. drift). It’s up to management to control these factors. However, Bayes theorem can be used to update our prior belief (the initial calculated failure probability) based on observing other evidence (e.g., the effectiveness of the facility’s process safety management process). The results can be dramatic.
Read more and download the The use of Bayesian Networks in Functional Safety
Wednesday, January 22nd 3:30PM – Greg Hardin : Conducting an Effective Functional Safety Assessment
The Functional Safety Assessment (FSA) is a sometimes neglected requirement of the functional safety standards. The ANSI/ISA-61511 (previous revision was ANSI/ISA-84.00.01) and IEC-61511 standards require that at least one FSA be conducted prior to hazards, which are to be protected against or mitigated by instrumented protective functions, being introduced into the process. The standards also specify five different stages of the Safety Lifecycle (SLC) at which an FSA can be conducted, and the latest version of the ISA standard adds an additional mandatory FSA. The FSA is required to be executed in such a way that “judgement can be made as to the functional safety and safety integrity achieved by every SIF of the SIS”. While the standards do offer some guidance on what an FSA should cover, that guidance is very general. Part of conducting an effective FSA is identifying the scope of the assessment. This can be particularly troubling for large projects with multiple parties (engineering contractors, vendors, consultants, etc.) involved. This paper will cover examples of poor assessments, assessments done too late to have any impact, what can happen if the scope is poorly defined, suggestions to make assessments more effective, and the impact of the latest version of IEC 61511.
Thursday, January 23rd 10:00AM – Keith Brumbaugh : What is Truth? Do our SIL calculations reflect reality?
Is our industry stuck in the past? It seems like the industry’s current trend is to only look at random hardware failures as a factor in our Safety Integrity Level (SIL) calculations and not update assumptions as operating experience is gained. These hardware failure numbers are generally fixed in time, assumed to be average point values (rather than distributions), and either generic in nature or specific to a certain set of hardware and/or conditions which the vendors determine as suitable tests or likely failure modes. But are random hardware failures alone the only thing that will cause a Safety Instrumented Function (SIF) to fail? What if our assumptions were wrong? What if our installation doesn’t match the vendors assumptions? What else are we missing? How are we addressing the systematic failures?
An obvious problem with incorporating most systematic failures are the non-random nature of these failures. Many SIS practitioners will claim systematic error is addressed by following the standard, however even if the standard is followed to a T would you realistically claim there is a 0% chance your SIF will ever fail due to human factors or other systematic error? Some will say that systematic errors can’t be predicted, much less modeled… but is that true?
This paper will examine the factors which we tend to ignore when doing a hardware-based reliability calculation, with the idea that our traditional SIL calculations are merely a starting point. We will examine how to incorporate systematic errors into your SIF’s real-world model and capture all the evidence data after your SIF has been installed in the field after operating experience is gained, or industry incidents occur, using Bayes theorem. This path can also easily set you up for prior use justifications on your favored hardware.
Reverend Bayes, meet Process Safety. Use Bayes’ Theorem to establish site specific confidence in your LOPA calculation | by Dave Grattan and Keith Brumbaugh