Beruflich Dokumente
Kultur Dokumente
Process Safety
Recent Events
Recent - High profile chemical plant incidents Chemical plants by there very nature of
West Fertilizer Company, West TX, 2013 – containing volatile chemicals and operating
• Ammonium nitrate explosion, loss of life, injuries, and property loss temperature are dangerous.
Williams Chemicals, Giesmar LA, 2013
• Olefins plant explosion, loss of life, injuries, and property loss Often the control system are the “last line of
BP Amoco, Texas City TX, 2005 defense” in protecting from a loss event.
• Refinery Explosion in Isom Unit, loss of life, injuries, and property loss
• Part of OSHA Occupational Safety and Health Standards, Process Safety Management of Highly
Hazardous Chemicals (29 CFR 1910.119)
• PSM applies to most industrial processes containing 10,000+ pounds of hazardous material
What does PSM cover?
• Process Control and Information Systems
• Mechanical Integrity (piping, vessels, instruments, and
containment systems)
• Employee training, Involvement, and Contractor
management
• Process Hazard Analysis, LOPA, FMEA and other risk
assessment work processes
• Operating Procedures (Pre-Startup Safety Review,
Safe/Hot Work Permits, and Management of Change)
• Incident Investigation & Emergency Planning and
Response
• Compliance Audits
Process Safety
Theory & Common Terms
Process Safety Management is a regulation, promulgated by the U.S. Occupational Safety and Health
Administration (OSHA). A process is any activity or combination of activities including any use, storage,
manufacturing, handling or the on-site movement of highly hazardous chemicals (HHCs) as defined by OSHA and
the Environmental Protection Agency.
ANSI/ISA S84: is a consensus standard for SIS for process industries. Includes electrical, electronic, and
programmable electronic technology. Provides information related to the design and manufacture of SIS products,
selection, application, installation, commissioning, pre-startup acceptance test, operation, maintenance,
documentation and testing.
ESD/Safety System: Refers to a Emergency Shutdown System. Typically a completely separate control system
(separate field instruments, controller, IO, power supply and enclosures from BPCS) which monitors. key safety
inputs and shutdowns the system in event an unsafe condition is detected. Typically SIL rated.
SIF: Control functions performed by an SIS are called Safety Instrumented Functions. Example of a SIF Measure
temp of reactor, if too high, close feed valve, turn on cooling pump.
SIL: Refers to Safety Integrity Level. It is a relative level of risk-reduction provided by a safety function. The higher
the SIL rating, the lower the Probability of Failure on Demand (PFD).
SIS: Safety Instrumented System. A set of HW & SW controls used on safety systems. Typically separate
instruments, power supplies, and controllers from the BPCS to independently ensure process safety.
Process Safety
Theory & Common Terms
PHA/H&RA: Refers to Process Hazard Analysis (the term used by OSHA) and Hazard and Risk Assessment (the term used by IEC/ISA).
This is a study to identify what Hazards are present, the likelihood of Harm (explosion, damage of equipment or human/environmental
health) and what is required to Mitigate the identified risk (likelihood of harm).
Methods to achieve this include HAZID, HAZOP, What If Checklist, FMEA, etc.
These studies lead into process design considerations (e.g. Relief, Vessel Pipe ratings)
and SIS requirements (e.g. SIL rating).
The US Government is taking notice
Responding to recent catastrophic chemical facility incidents in the
United States, President Obama issued Executive Order (EO) 13650:
“Improving Chemical Facility Safety and Security” on August 1,
2013.
The focus of the EO is to reduce
risks associated with hazardous
chemical incidents to owners and
operators, workers, and
communities by enhancing the
safety and security of chemical
facilities.
OSHA Requirements
In 1991 OSHA published 29CFR1910.119, Process Safety
Management (PSM) of highly hazardous chemicals.
• Where it applies
• “A process which involves a chemical at or above the specified threshold quantities listed in Appendix A .”
• 10,000lbs of Anhydrous Ammonia
• 1,500lbs of Chlorine
• 10,000lbs of Flammable Liquid (flashpoint <100oF) or Gas (Category 1)
• “ This OSHA standard is required by the Clean Air Act Amendments as is the Environmental Protection
Agency's Risk Management Plan.”
Clause 16
Clause 8
Risk Analysis
And Maintenance
(H&RA)
Verify Verify
Design & Engineer
Clause 11,12
Safety
•
Instrumented
System (SIS)
Lifecycle
Verify
Clause 17
Clause 9
Safety Functions Modification
to Protection Layers
Verify Verify
Clause 14,15
Install,
Based
Commission
and Validate
•
Verify
Clause 10,12
Safety
Clause 18
Requirements Decommissioning
Specification (SRS)
Verify Verify
• Mandates Compliance audits every 3 years. Analyze Phase Realize Phase Operate Phase
Prescriptive (legislation), with little guidance Performance, with guidance & examples
ISA84 Standard - History
ISA84.00.01 is the US National Standard for Process Safety
• 1996 – ANSI/ISA-S84.01 was published.
• The intent of ISA-S84.01 was to publish a “Sector Specific Safety Standard”, based on the CCPS
principles, published in the 1991 book “Guidelines for the Safe Automation of Chemical Processes”.
13
IEC61511 Information
It is important to understand that IEC61511 has three (3) parts to
the standard.
• IEC61511-1
• This is what in IEC terms is called the ‘Normative’ part, this is essentially the part that provides the
‘Mandatory’ clauses, although it should be noted that not all clauses are in fact mandatory.
• IEC61511-2
• This is a clause by clause explanation of the meaning of part 1, this is known as an ‘Informative’ part.
• IEC61511-3
• This is another ‘Informative’ part of the standard, it provides ‘real’ examples of how to apply various
methods and techniques referenced in part 1.
IEC61511 Status
The IEC61511 maintenance cycle was delayed, principally because
it is derived from the IEC61508 standard, so it could not be
updated until IEC61508 Edition 2 was published.
• 2016 – IEC61511 Edition 2 was published (13 Years after Edition 1).
• There was no change in the intent of this standard, but new concepts around ‘Systematic Capability’
(Human Error) and ‘Cybersecurity’ were added. Other areas, such as Functional Safety Management,
Requirements traceability, Proven in use, Detailed design and Software integration testing were
clarified, strengthened and updated.
• A significant terminology change was made, ‘Software’ was changed to ‘Application Program’.
• There was some restructuring of the standard, the Application Software requirements were moved
from Clause 12 to Clause 10.
• Current published ‘stability date’ is 2019.
Changes to IEC61511
In July 2016, Edition 2 of IEC61511 was published by IEC, the key
changes as stated by IEC are as follows:
• This second edition cancels and replaces the first edition published in 2003. This edition
constitutes a technical revision. This edition includes the following significant technical
changes with respect to the previous edition:
• references and requirements to software replaced with references and requirements to application
programming;
• functional safety assessment requirements provided with more detail to improve management of functional
safety.
• management of change requirement added;
• security risk assessment requirements added;.
• requirements expanded on the basic process control system as a protection layer;
• requirements for hardware fault tolerance modified and should be reviewed carefully to understand
user/integrator options.
Changes to IEC61511
References and requirements to software replaced with references
and requirements to application programming
• The key thing here is that where ED1 referred to “Software”, where it was never really
clear whether this applied to Application Configuration, Application Programming,
Custom Software routines, etc. it now refers to “Application”.
• The standard specifically addresses Code/Configuration, designed and written in LVL and
FPL languages for Devices and Logic Solvers. This is consistent with the diagram in ED1
(Fig 3), which addresses what software is covered by IEC61511 vs IEC61508.
• The Application Software requirements are now part of Clause 10, instead of Clause 12 in
ED1.
Changes to IEC61511
Functional safety assessment requirements provided with more
detail to improve management of functional safety.
• Requirements for Competence strengthened and specific clause requiring Competency
management added.
• Suppliers claiming compliance with IEC61511 now require a Functional Safety
Management System in place meeting IEC61508.
• FSA scope expanded and formalized as being required in required in 5 stages, only one
was formal in ED1.
Changes to IEC61511
Management of change requirement added
• Management of Change has always been a requirement (Clause 17), what has changed is
that Management of Change has been linked with the changes in Functional Safety
Management (FSM – Clause 5), so Clause 17 now has references to an FSA from Clause 5.
Changes to IEC61511
Security risk assessment requirements added
• Security was not ignored in ED1, there are references to ‘security’ in Clause 11 and Clause
17, which in general have not changed.
• A new clause (8.2.4) has been added requiring an SIS Security Assessment for the SIS.
Changes to IEC61511
Requirements expanded on the basic process control system as a
protection layer.
• Clause 8 and Clause 9 have additional detail that makes it clearer about where, when and
how much credit can be taken for BPCS functions (and under what conditions).
Changes to IEC61511
Requirements for hardware fault tolerance modified and should
be reviewed carefully to understand user/integrator options.
• The key thing here is that the term Safe Failure Fraction (SFF) has been eliminated from
the standard.
• The two tables in ED1 for field devices and logic solvers that stated the HFT
requirements based on SFF have now been replaced by a single table stating HFT based
on SIL, although there are also specific requirements for DC (which are no longer part of
the table).
• HFT requirements are now referred directly back to the requirements stated in IEC61508
(Route 1H or 2H).
Changes to IEC61511
Other general changes, that are no less important are:
http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/safebk-
rm003_-en-p.pdf