Safety beyond the SIF and SIS logic solver

The SIFs including the SIS logic solver do a good job of functional process safety. Yet it is sobering to watch the safety videos on the U.S. Chemical and Safety Hazard Investigation Board (CSB) website about incidents at various process industry plants which still happen, because they go beyond the core process safety. 28 April is the SafeDay - the World Day for Safety and Health at Work by the UN International Labour Organization (ILO) so take the opportunity to watch some of them. Like in previous years I’d like to share some ideas on how to improve occupational safety and health in plants. What are the developments and trends in state-of-the-art technology, best engineering practices, and methodology, for risk controls to proactively help in prevention of hazardous events and in the recovery from an event to reduce the consequence of it? And how exactly does each technology improve processes and help the people? Here are my personal thoughts:

Safety case gaps

The CSB videos cover incidents in refineries, chemical and petrochemical plants, terminals, depots, and more bringing attention to several contributing escalation factors (failed barriers) and barriers missing in the first place. The incident investigations by CSB illustrate there are still safety gaps in the industry. Threats and escalating factors showcased include but are not limited to valves passing, corroded pipes, transfer hose connection mix up, PRV isolated, mechanical float and tape level gauge failure, manual valves in the wrong position, static spark from mechanical float and tape level sensor, level sensor analog signal saturated and without status, level sensor failure not detected, dirty sight level glass, personnel fatigue, insufficient personnel training, no fire detection, no pressure vessel gauges, people in high-risk area during high-risk activity, manual monitoring and actuation, etc. Consequences include fires and explosions. Your plant may have experienced near misses or incidents like these. These are exactly the kind of industry issues the safety case regime tries to uncover and tackle.

Digital transformation (DX) of situational awareness

Plants already have preventive barriers (controls) to stop threats from leading up to events, and recovery barriers to mitigate the consequence of events. However, events still occur, and consequences may be severe because barriers were not provided for some threats, or the barrier provided is not very effective because it is manual, or barriers exist but have failed by some escalation factor. Escalation factors should in turn be stopped with escalation factor barriers. The safety case exposes these threats, consequences, and escalation factors, and subsequently uncovers the need for additional preventive barriers, recovery barriers, and escalation factor barriers. Most of these barriers are on the prevention side of the event which is good since it is best to prevent the event from occurring in the first place.

Digital transformation (DX) means plans are changing from manual and paper-based tasks, to new automatic, digital, software-based, and data-driven ways of working. This is made possible with new digital solutions based on new digital enabling technologies. Plants now make preventive barriers such as those which used to rely on infrequent manual inspection more effective by instead continuously monitoring these points and with new kinds of escalation barriers monitoring previously unsafeguarded escalation factors on existing barriers. That is, they use safeguards to monitor other safeguards are functional. Some solutions are used as barriers on both the preventive and recovery side.

Digitization of how the plant is run and maintained is a new approach already used by some plants. DX can fill some of these gaps by changing from manual and paper-based ways of working to new automatic, digital, software-based, and data-driven ways of working to help personnel monitor, respond faster correctly, learn, and anticipate. These new recommended ways of working include:

Monitoring: Incidents like those in the CSB video can potentially be avoided if personnel have the right information on hand. If people know a valve is passing, pipe walls are thin, if gas or flame is present, there are people in the vicinity, valves are in the wrong position, or the pressure or temperature is high they would act differently. This is situational awareness, and it is improved by monitoring, but manually monitoring all the points covered in the videos with sufficient frequency would be a superhuman task. The foundational element of DX is therefore to automate data collection. To sense every part of the plant. It is still people working but working with better and more complete information. These are extensions of the human senses. For instance:

·      Acoustic noise from passing valves

·      Pipe wall thinning due to corrosion and erosion

·      Level; electronically and digitally, without moving mechanical parts or analog signals

·      Presence of fire

·      Presence of toxic or flammable gas

·      Location of personnel

·      Position of manual valves

·      Pressure; and with local indication as well

·      Temperature

The measurement data goes into software and is displayed to personnel, used for alarms, in predictive analysis, procedural automation, or in interlocks.

This is just like your car warning you if you drive too fast, or get too close, or have low tire pressure.

Identification: In some incidents personnel did the right thing but in the wrong place. Incidents like those in the CSB video can potentially be avoided if personnel can confirm they work on the right piece of equipment. Plants often have arrays of identical equipment like tanks, reactors, pumps, manual valves, and hose connection points sitting side by side looking identical and therefore easily mixed up. Automatic identification (auto ID) of equipment like valves and hose fittings to positively confirm work like opening/closing, hose connection, and repair is carried out on the right equipment. It is still people working but working with better and more complete information.

Upskilling: Insufficient experience for abnormal situations and startups is another potential factor. Frequent practice on high-fidelity immersive and interactive dynamic simulators is a way to enhance learning and development to acquire and maintain manual skills for accurate and fast problem solving and response. It is still people working but working with better and fresher skills.

This is not an attempt to blame or eliminate the operator. Instead digital transformation provides personnel the information, tools, and skills they need to do their job right to help avoid incidents in the first place. The purpose of the new digital solutions is to make it easy to do it right, and make it hard to do it wrong.

DX augments workers

Note that DX is complementary to existing SIL-rated functional safety, it doesn’t take the place of the existing SIS and associated SIFs, and PRVs. It is an extension of the human operator. DX can help Major Hazard Installation (MHI) meet the current safety case and assist staying compliant with the latest regulations and standards as they evolve in the future.

DX is complementary to existing SIS, not a replacement

Digital Operational Infrastructure (DOI) for safety

While it might be possible to make the safety case with additional administrative controls, it is generally accepted that engineering controls are more effective. Administrative controls such as permit to work and warning signs/labels are not very effective. Instead engineering controls like alarms, Safety Instrumented Systems (SIS), and Pressure Relief Valves (PRV) are more effective as illustrated in the hierarchy of controls. As part of digitalization of work practices, plants are deploying a new Digital Operational Infrastructure (DOI) to support additional engineered controls to meet the safety case when there are gaps. Digital technologies are the underlying enablers for the solutions used for digital transformation of how the plant is run and maintained. Solutions include:

Wireless Sensor Network (WSN) and wireless sensors: Wireless makes it practicable to add in many advanced sensors for automatic monitoring to improve situational awareness. For instance:

·      Acoustic noise monitoring of valve passing

·      Ultrasonic thickness monitoring of corrosion and erosion in pipes

·      Level monitoring

·      Toxic and flammable gas detection

·      Position monitoring

·      Pressure monitoring with local indication

·      Temperature monitoring

I&C engineers are experts in selecting and sizing sensors for each use case and building the industrial grade network infrastructure for integrating these sensors into the software used by console operators and other plant personnel. Choosing the correct industrial wireless sensor network technology is critical. The recommendation is WirelessHART. All these sensors need to be ‘smart’; with self-diagnostics and digital communication to report if there is a problem with the sensor itself such that action is taken on good information, not bad, and that bad sensors are fixed. Many of these sensors are non-intrusive or reuse existing process connection of mechanical instrumentation they replace. They can therefore be installed while the plant is running. I&C engineers are the experts in this domain.

Sensing includes location awareness for geofencing, fatigue management, mustering headcount and rescue locating. Location awareness is a little different from traditional sensors in that it is a system of multiple pieces of hardware plus software, but it is sensing of location. Location sensing works by equipping personnel and assets with a location tag they carry on them as they move about in the plant. The plant has a grid of location anchors at fixed points in a grid pattern. As personnel and assets move about, the anchors pickup on the signals from the location tags enabling location awareness software to triangulate the location of personnel and assets. Plants may deploy location awareness in all areas or only in high-risk areas.

Radio Frequency Identification (RFID) tagging and Augmented Reality (AR): makes it practicable to positively identify valves, hose connections, and other equipment to reduce mistakes when working on these. These are a self-service for the operators, technicians, and engineers working in the field.

Modeling and simulation (Digital Twin): makes it practicable for console operators and field operators to practice tasks in the safety of a classroom until they have attained the required skill level. This includes classic console Operator Training Simulator (OTS) as well as new immersive Virtual Reality (VR) for classroom field operator training and emergency escape route practice.

These are just some examples of what some plants are already doing. Other solutions include Automatic Overfill Protection System (AOPS), remotely operated shutoff valves, as well as fire detection and automatic deluge.

Every Day a SafeDay

These new digital solutions help plants to avoid false reading and missed alarms, avoid fatigue, forgotten manual valves, mistaken locations, and avoid personnel in high-risk areas during high-risk activities. It helps plants detect high level, inadvertent heating, passing valves, pipe wall thinning, and detect sensor failure.

As a result, this helps plant avoid inadvertent runaway chemical reactions, loss of containment, mixing of incompatible material, overfill, and avoid release. That is, the plant becomes a safer place to work, and a good neighbor for the community.

Perhaps the most important aspect is that new technologies like wireless sensors, VR, networking, RFID tagging, and analytics make many new solutions practicable which has an impact on safety case methodologies such as the ALARP principle. Since there is now a new level of practicable, risk as Low As Reasonably Practicable (ALARP), is now lower than it was a few years ago, so best engineering practices such as design for safety should take these new solutions into account. Together, these measures help avoid mistakes, as people are better equipped to help things end up right even when mistakes are initially made.

Getting Started

As part of their Industrie 4.0 (Industry 4.0) initiatives plants invest in new Digital Operational Infrastructure to support not only health, safety, and the environment (HS&E), but also other operational departments and their functions such as reliability, maintenance, energy efficiency, production, and quality etc. using that same infrastructure. The best practice for DOI architecture is the NAMUR Open Architecture (NOA). NOA is a second layer of automation on the side of the existing SIS, and DCS, to not interfere with the safety of the SIS and robustness of the core DCS. Plants have a fully implemented SIS, and DCS, but usually limited digital infrastructure beyond that. Now it the time to elevate the DOI to benefit from better situational awareness to monitor, respond faster correctly, learn, and anticipate. This will also make the Fourth Industrial Revolution (4IR) much safer.

Schedule a meeting for 28/4 or today with your I&C team to discuss digitalization to improve occupational safety and health. Get your automation vendor involved early. Forward this essay to your safety manager now. And remember, always ask for product data sheet to make sure the software is proven, and pay close attention to software screen captures in it to see if it does what is promised without expensive customization. Well, that’s my personal opinion. If you are interested in digital transformation in the process industries click “Follow” by my photo to not miss future updates. Click “Like” if you found this useful to you and to make sure you keep receiving updates in your feed and “Share” it with others if you think it would be useful to them. Save the link in case you need to refer in the future.