PROCESS SAFETY STANDARDS

Process Safety
Recent Events
Recent - High profile chemical plant incidents Chemical plants by there very nature of
West Fertilizer Company, West TX, 2013 – containing volatile chemicals and operating
• Ammonium nitrate explosion, loss of life, injuries, and property loss temperature are dangerous.
Williams Chemicals, Giesmar LA, 2013
• Olefins plant explosion, loss of life, injuries, and property loss Often the control system are the “last line of
BP Amoco, Texas City TX, 2005 defense” in protecting from a loss event.
• Refinery Explosion in Isom Unit, loss of life, injuries, and property loss

Older high profile incidents

Union Carbide, Bhopal India, 1984
• Toxic release of Methyl Isocyanate 20K+ fatalities: Essentially there were breakdowns in most areas of PSM, poor mechanical integrity
(vessel condition, vent scrubbers, temper control systems), poor planning (manual operations/close to large population centers), poor
usage of safety systems (system turned off and in disrepair), poor operation of the plant (too much MIC stored in a vessel), etc..
Process Safety
Theory & Common Terms
Process Safety Management (PSM)
The proactive and systematic identification, evaluation, and mitigation or prevention of chemical releases that
could occur as a result of failures in process, procedures, or equipment.

• Part of OSHA Occupational Safety and Health Standards, Process Safety Management of Highly
Hazardous Chemicals (29 CFR 1910.119)
• PSM applies to most industrial processes containing 10,000+ pounds of hazardous material
What does PSM cover?
• Process Control and Information Systems
• Mechanical Integrity (piping, vessels, instruments, and
containment systems)
• Employee training, Involvement, and Contractor
management
• Process Hazard Analysis, LOPA, FMEA and other risk
assessment work processes
• Operating Procedures (Pre-Startup Safety Review,
Safe/Hot Work Permits, and Management of Change)
• Incident Investigation & Emergency Planning and
Response
• Compliance Audits
Process Safety
Theory & Common Terms
Process Safety Management is a regulation, promulgated by the U.S. Occupational Safety and Health
Administration (OSHA). A process is any activity or combination of activities including any use, storage,
manufacturing, handling or the on-site movement of highly hazardous chemicals (HHCs) as defined by OSHA and
the Environmental Protection Agency.

ANSI/ISA S84: is a consensus standard for SIS for process industries. Includes electrical, electronic, and
programmable electronic technology. Provides information related to the design and manufacture of SIS products,
selection, application, installation, commissioning, pre-startup acceptance test, operation, maintenance,
documentation and testing.

ESD/Safety System: Refers to a Emergency Shutdown System. Typically a completely separate control system
(separate field instruments, controller, IO, power supply and enclosures from BPCS) which monitors. key safety
inputs and shutdowns the system in event an unsafe condition is detected. Typically SIL rated.

SIF: Control functions performed by an SIS are called Safety Instrumented Functions. Example of a SIF Measure
temp of reactor, if too high, close feed valve, turn on cooling pump.

SIL: Refers to Safety Integrity Level. It is a relative level of risk-reduction provided by a safety function. The higher
the SIL rating, the lower the Probability of Failure on Demand (PFD).

SIS: Safety Instrumented System. A set of HW & SW controls used on safety systems. Typically separate
instruments, power supplies, and controllers from the BPCS to independently ensure process safety.
 Process Safety
Theory & Common Terms
PHA/H&RA: Refers to Process Hazard Analysis (the term used by OSHA) and Hazard and Risk Assessment (the term used by IEC/ISA).
This is a study to identify what Hazards are present, the likelihood of Harm (explosion, damage of equipment or human/environmental
health) and what is required to Mitigate the identified risk (likelihood of harm).

Methods to achieve this include HAZID, HAZOP, What If Checklist, FMEA, etc.

These studies lead into process design considerations (e.g. Relief, Vessel Pipe ratings)
and SIS requirements (e.g. SIL rating).
 The US Government is taking notice
Responding to recent catastrophic chemical facility incidents in the
United States, President Obama issued Executive Order (EO) 13650:
“Improving Chemical Facility Safety and Security” on August 1,
2013.
The focus of the EO is to reduce
risks associated with hazardous
chemical incidents to owners and
operators, workers, and
communities by enhancing the
safety and security of chemical
facilities.
 OSHA Requirements
In 1991 OSHA published 29CFR1910.119, Process Safety
Management (PSM) of highly hazardous chemicals.
• Where it applies
• “A process which involves a chemical at or above the specified threshold quantities listed in Appendix A .”
• 10,000lbs of Anhydrous Ammonia
• 1,500lbs of Chlorine
• 10,000lbs of Flammable Liquid (flashpoint <100oF) or Gas (Category 1)
• “ This OSHA standard is required by the Clean Air Act Amendments as is the Environmental Protection
Agency's Risk Management Plan.”

• Where is DOES NOT apply

• Oil or Gas drilling facilities, Service operations, or normally unoccupied remote facilities.
 What Does Complying with OSHA Mean?
• What does all of this mean ?
• It means you can (as an End User) develop your own Processes internally which meet
all of the objectives laid out in 29CFR1910.119
OR
• You can follow a Process Safety standard written by End Users, for End Users,
based on all of the lessons the International Process community has learned over
the years.
• What is that Process Safety standard ?
• IEC61511 - Functional safety – Safety instrumented systems for the Process Industry
Sector
• ISA84.00.01 - Functional Safety: Safety Instrumented Systems for the Process
Industry Sector
How OSHA PSM and Industry STDs Sync
• OSHA 29CFR1910.119 • ANSI/ISA 84.00.01/IEC61511
• Mandates PHA by May 1997 and every 5 years after. • Perform an H&RA (PHA), update/review on change.

• Mandates prompt implementation of

• Define Safety Requirements (SRS).

recommendations. • Design SIS according to SRS.

• Install, Commission & Validate SIS (against SRS).
• Mandates operating procedures/safe work practices
• Maintain SIS.
(yearly validated).
• MOC process.
• Mandates training, refreshed at least very 3 years.
• Mandates a Mechanical Integrity program. Functional Safety Management (FSM), Functional Safety Audits (FSA) & LifeCycle Planning

• Mandates testing (RAGAGEP). Hazard &

Operation

Clause 16
Clause 8
Risk Analysis
And Maintenance
(H&RA)

Verify Verify
Design & Engineer

Clause 11,12
Safety

•
Instrumented
System (SIS)

Lifecycle
Verify

Mandates ‘Management of Change’.

Allocation of

Clause 17
Clause 9
Safety Functions Modification
to Protection Layers

Verify Verify

Clause 14,15
Install,

Based
Commission
and Validate

•
Verify

Clause 10,12
Safety

Mandates ‘Incident Investigation’.

Clause 18
Requirements Decommissioning
Specification (SRS)

Verify Verify

• Mandates Compliance audits every 3 years. Analyze Phase Realize Phase Operate Phase

Prescriptive (legislation), with little guidance Performance, with guidance & examples
 ISA84 Standard - History
ISA84.00.01 is the US National Standard for Process Safety
• 1996 – ANSI/ISA-S84.01 was published.
• The intent of ISA-S84.01 was to publish a “Sector Specific Safety Standard”, based on the CCPS
principles, published in the 1991 book “Guidelines for the Safe Automation of Chemical Processes”.

• 2004 – ANSI/ISA-84.00.01 was published.

• This is identical to IEC61511, Edition 1, with the exception that clause 1y was added, which related to
“grandfathering” so that it would not conflict with OSHA 29CFR1910.119 (OSHA PSM).
 ISA84 Standard - Information
ISA84.00.01 like IEC61511 has three (3) parts, but it does differ
from IEC61511 in that it has multiple ‘Technical Reports’.

• 2004 – ANSI/ISA-84.00.01 Parts 1, 2 & 3.

• These are identical in content and purpose as IEC61511.

• ISA84 Technical Reports.

• There are seven (7) Technical Reports, which have been produced by cross functional teams intended
to provide specific guidance and examples.
 ISA84 Standard - Information
• TR84.00.02 – SIL Calculations.
• TR84.00.03 – Mechanical Integrity.
• TR84.00.04 – Guidance on implementation of IEC61511.
• TR84.00.05 – Burner Management.
• TR84.00.07 – Fire and Gas.
• TR84.00.08 – Wireless for Safety.
• TR84.00.09 – Security for SIS.
Process Safety Fundamentals
Safety Systems are defined by Two International Standards

• Product • System Integrators and End Users

Manufacturers
(Rockwell
Automation)

13
 IEC61511 Information
It is important to understand that IEC61511 has three (3) parts to
the standard.
• IEC61511-1
• This is what in IEC terms is called the ‘Normative’ part, this is essentially the part that provides the
‘Mandatory’ clauses, although it should be noted that not all clauses are in fact mandatory.

• IEC61511-2
• This is a clause by clause explanation of the meaning of part 1, this is known as an ‘Informative’ part.

• IEC61511-3
• This is another ‘Informative’ part of the standard, it provides ‘real’ examples of how to apply various
methods and techniques referenced in part 1.
 IEC61511 Status
The IEC61511 maintenance cycle was delayed, principally because
it is derived from the IEC61508 standard, so it could not be
updated until IEC61508 Edition 2 was published.
• 2016 – IEC61511 Edition 2 was published (13 Years after Edition 1).
• There was no change in the intent of this standard, but new concepts around ‘Systematic Capability’
(Human Error) and ‘Cybersecurity’ were added. Other areas, such as Functional Safety Management,
Requirements traceability, Proven in use, Detailed design and Software integration testing were
clarified, strengthened and updated.
• A significant terminology change was made, ‘Software’ was changed to ‘Application Program’.
• There was some restructuring of the standard, the Application Software requirements were moved
from Clause 12 to Clause 10.
• Current published ‘stability date’ is 2019.
Changes to IEC61511
In July 2016, Edition 2 of IEC61511 was published by IEC, the key
changes as stated by IEC are as follows:
• This second edition cancels and replaces the first edition published in 2003. This edition
constitutes a technical revision. This edition includes the following significant technical
changes with respect to the previous edition:
• references and requirements to software replaced with references and requirements to application
programming;
• functional safety assessment requirements provided with more detail to improve management of functional
safety.
• management of change requirement added;
• security risk assessment requirements added;.
• requirements expanded on the basic process control system as a protection layer;
• requirements for hardware fault tolerance modified and should be reviewed carefully to understand
user/integrator options.
Changes to IEC61511
References and requirements to software replaced with references
and requirements to application programming
• The key thing here is that where ED1 referred to “Software”, where it was never really
clear whether this applied to Application Configuration, Application Programming,
Custom Software routines, etc. it now refers to “Application”.
• The standard specifically addresses Code/Configuration, designed and written in LVL and
FPL languages for Devices and Logic Solvers. This is consistent with the diagram in ED1
(Fig 3), which addresses what software is covered by IEC61511 vs IEC61508.
• The Application Software requirements are now part of Clause 10, instead of Clause 12 in
ED1.
Changes to IEC61511
Functional safety assessment requirements provided with more
detail to improve management of functional safety.
• Requirements for Competence strengthened and specific clause requiring Competency
management added.
• Suppliers claiming compliance with IEC61511 now require a Functional Safety
Management System in place meeting IEC61508.
• FSA scope expanded and formalized as being required in required in 5 stages, only one
was formal in ED1.
Changes to IEC61511
Management of change requirement added

• Management of Change has always been a requirement (Clause 17), what has changed is
that Management of Change has been linked with the changes in Functional Safety
Management (FSM – Clause 5), so Clause 17 now has references to an FSA from Clause 5.
Changes to IEC61511
Security risk assessment requirements added

• Security was not ignored in ED1, there are references to ‘security’ in Clause 11 and Clause
17, which in general have not changed.
• A new clause (8.2.4) has been added requiring an SIS Security Assessment for the SIS.
Changes to IEC61511
Requirements expanded on the basic process control system as a
protection layer.
• Clause 8 and Clause 9 have additional detail that makes it clearer about where, when and
how much credit can be taken for BPCS functions (and under what conditions).
Changes to IEC61511
Requirements for hardware fault tolerance modified and should
be reviewed carefully to understand user/integrator options.
• The key thing here is that the term Safe Failure Fraction (SFF) has been eliminated from
the standard.
• The two tables in ED1 for field devices and logic solvers that stated the HFT
requirements based on SFF have now been replaced by a single table stating HFT based
on SIL, although there are also specific requirements for DC (which are no longer part of
the table).
• HFT requirements are now referred directly back to the requirements stated in IEC61508
(Route 1H or 2H).
Changes to IEC61511
Other general changes, that are no less important are:

• Definitions – are now in line with IEC61508.

• High Demand and Continuous Mode are now separately defined and addressed (in line
with IEC61508).
• Process industry definition expanded.
• Grandfathering now added (part of Clause 5).
• Operation & Maintenance (Clause 16) expanded.
• Proven in Use and Prior Use clarified.
• Proven in use is the use of manufacturers data, Prior Use is documented service use.
How Rockwell Automation Can Help?
▪ An introduction to functional safety for
process applications

▪ Based on Rockwell’s practical experience of

Functional Safety applications over MANY
years

▪ FREELY distributed to Customers….

http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/safebk-
rm003_-en-p.pdf