Download the Safety Instrumented Systems training demo for free
Miami,FL Feb 23,2010—- Now you can download the first module of the seven module Safety Instrumented Systems e-learning course that has been recently launched by Abhisam Software, for free. Just visit the Safety Instrumented Systems training page here and near the top you can see a download link below the picture of a box shot.
Simply right click on it and select “Save Target”, it will be downloaded to your computer. It will only work on Windows though, not Mac. And you may need administrative rights to run it if you’re using Vista as it is a program and not just a document file.
The full course consists of seven modules, that are much bigger and more detailed than this one, which is just an introduction to get you started. Since Safety Instrumented Systems are growing in importance every year ( as they help plants comply to more stringent regulations that aim to protect people, the environment and of course assets from damage and destruction) it is a good idea to be updated about how these things work, rather than looking at it as a black box that does “safety”. Learning about SIS in more detail can give you an edge over other professionals who are still ignorant about these newer concepts.
If your plant has hazardous or other processes that require the installation of Safety Instrumented Systems to conform to OSHA and other regulations, or if you wish to comply to other international standards like IEC 61511, etc then this subject is very important to know.
Comments on this post are welcome as always.
Everything that you wanted to know about Safety Instrumented Systems but didn’t know whom to ask!
Jan1, 2010 - Miami, FL
Abhisam Software has just announced the release of their much awaited e-learning course on Safety Instrumented Systems. From the sneak previews that were shown to us last week, this course looks to be smashing. A hell of lot of use of Flash based animations and interactive simulations, real world solved problems and easy to understand text makes this a no brainer for anybody who wishes to understand Safety Instrumented Systems.
So if you are an Instrument engineer, Safety Manager, Control Systems engineer or other professional involved in Safety Instrumented Systems (known by various aliases in the process industry like Safety Shutdown Systems, Emergency Shutdown Systems, etc) then you must have this course with you. Consisting of seven modules the course covers the entire gamut of SIS including hazard and risk analysis, safety integrity level, standards, maintenance-the whole nine yards. Plus the price is ridiculously low in our opinion-just $157 for the early birds. If you compare this with the prices of other courses, seminars and books for the content that you will get, its a no brainer! Get it now and the mists around esoteric terms like SIL 3, IEC 61511, etc should all clear away in a jiffy.
Find out more here.
Designing Safety Instrumented Systems?- Five things to watch out for
Modern chemical and hydrocarbon processing plants, oil & gas production facilities, power plants and other similar process plants all have some instrumented systems that ensure functional safety. These are known as Safety Instrumented Systems (SIS for short). This post is about SIS and how you can avoid certain pitfalls while designing them. To those of you who are familiar with design of Safety Instrumented Systems, this may sound too basic, but nevertheless its a useful checklist to have.
1. Keep the big picture in mind. An SIS is a Risk Reduction measure, not an end in itself.
Any large processing plant has a certain degree of inherent risk that is associated with operating it. There is nothing alarming about it. The principle applies to any voluntary human activity, like say driving a car. Driving a car has some risk and to counter this risk, one takes some safety measures (wear seat belts, have air bags, keep tire pressure OK,etc). Similarly one reduces the risk of running a processing plant by employing safety measures, one of which is by having an SIS. Thus an SIS is not the only risk reduction measure.
Secondly the goal of any safety measure (including an SIS) is to reduce the inherent risk of a process to an acceptable level. Keep this principle in mind before jumping straightaway into SIL calculations, quad redundant PLCs, etc. Will this system reduce risk to an acceptable level? Is this the only way to reduce the risk? Will it work? are some of the questions that you should ask.
2. Quantify the inherent risk and the acceptable risk.
Make sure that you know what is the inherent risk of your process (either by calculations, or historical records, or other data). This may be expressed in a variety of ways including FAR (Fatal Accident Rate), Undesired Events per year, reportable accidents per year, worker injuries per year and so on. Now also make sure, that you know what is the acceptable level of risk in the same units. This information can be sourced from your corporate safety department, or risk management team.
Now use the equation
Risk Reduction = Inherent Risk-Acceptable Risk
to give you a measure that will define the amount of risk reduction that your system has to be able to do.
————————-Advt——————————————————
For a comprehensive, easy-to-understand, but very low priced training
course on Safety Instrumented Systems, click here. Free trial available.
—————————————————————————————
3. Get reliability data regarding your process equipment, instruments and systems before you start the design.
There is no sense in working with assumed or other vague figures. If at a later date the basic data was found to be erroneous, the entire exercise of calculating target SILs, verifications, etc will be pointless. Data can be sourced from manufacturers, third party database providers or your own historical data. Take the worst case figures out of the three sources, for your calculations.
4. Keep an eye on Common Cause Failures (CCFs).
It may sound simple and ridiculous, but sometimes we fail to foresee common cause failures, even in large projects that have several hundred engineers working on it. For example, is your BPCS and SIS powered from the same UPS? The same utility feeder? Could it become a CCF? Does your SIS card and BPCS card share a common backplane? What if the backplane fails-say due to ingress of moisture or rodents? Could it become a CCF? Ask these questions at the design stage itself to save yourself tears later.
For an interesting case study on how CCFs can lay low a very expensive and technologically sophisticated program like the International Space Station, here is an interesting link. A single CCF knocked off all redundant computers in the International Space Station, endangering the lives of the astronauts.
5. Keep an eye on the SIS components, especially sensors and final control elements. (Also ensure that your SIS loops do not use substandard components like cheap terminal strips, poor quality lugs, undersized signal wire and such things).
Are you aware that out of all documented failures of SIS loops, only 8% were related to the logic solvers (Safety PLCs) and fully 92% were failures related to sensors and final control elements. Contrast this with the amount of debate, discussion and time that is spent on designing the logic solver part of the SIS (heated discussions on whether we need triple redundant safety PLCs or quad redundant safety PLCs or something even more exotic).
The reality is that very few people focus attention to the non glamorous part of the SIS loop-the transmitter and the automated valves. Very likely they are the same types that are used in the “normal” loops. Is this a correct practice? Should not you be having a higher benchmark for these? Especially since their performance will ultimately decide the reliability of the SIS loop? Also be careful with your terminal strips. A poor quality termination can cause nuisance trips worth millions of dollars-have a better benchmark for these passive components in your SIS loops.
If you follow the tips above, I am sure you can have a better SIS in your plant. If you wish to learn about Safety Instrumented Systems, have a look here.
Comments are always welcome. You can also add any more tips that you may wish to share with our readers.
Cheers!
Explosion and fire at Buncefield Oil Storage Depot - Five companies to face prosecution
It is now almost three years since the Buncefield oil storage depot explosion took place and finally the authorities have declared, that they will be pressing criminal charges against five companies, ostensibly who have been found guilty of acts of omission.
For those of you who do not remember the case, here is a short overview. There were a number of loud explosions ( I mean really really loud-reportedly people in Netherlands and France heard it and it was recorded also a seismic event! ) and a massive fire at the Buncefield Oil Storage Depot in Hemel Hempstead, Hertfordshire, UK. Over 40 people were injured in the accident, fortunately there were no fatalities. Following the explosion, a Major Incident Investigation Board (MIIB) was established by the Health and Safety Commission, supported by the Board of the Environment Agency, UK.
There were a series of investigations and reports being published from time to time by this board and some of the significant findings were as follows -my summary of a rather long series of detailed reports:
a) No consequence analysis was done by any of the design engineers or safety experts, as to what could be the severity of the possible explosions of the flammable vapors generated from the petroleum storage tanks.
b) The level control loop, (that is supposed to control the level in the tank and prevent overfilling) on one of the storage tanks failed. It consisted of a Servo tank gauge connected to a series of valves. This failure led to overfilling and spillage of massive amounts of petroleum into the dikes surrounding the storage tank. Petroleum was being pumped in at a rate of about 550 m3/hr for more than three hours, yet the servo level gauge indication, failed to record any change at all!
However the DCS trend records could be salvaged and the above information was gleaned from them. Apparently the CCTVs were working and the footage showed petroleum overfilling and flowing into the tank dikes, but nobody was watching it at the time.
c) The overfill protection was provided by a point level switch which was supposed to be independently connected to an alarm/annunciator panel (separate circuit from the DCS loop). The panel had an override switch and it may be that the interlock was bypassed (no conclusive evidence since everything got burned in the subsequent fire, this may never be known). However it is warning to design engineers who think that by merely having a redundant level switch is good enough. Were there any common cause failures that both the continuous indication, as well as the interlock failed? Not known for sure.
d) The operators apparently did not notice anything amiss and neither was the control system very sophisticated, to tally the pumping rate into the tank to the rate of change of the level. Now here’s the cake. The pumping rate now increased to 890 m3/hr leading to the petroleum overflowing from the tanks, filling up the bunds and secondary containment areas and forming large vapor clouds. It seemed this occured because the inlet lines were common to all the tanks and the other tanks level indications were working, so the system diverted their inlets into this tank that appeared about half full (due to the faulty level indication). There must have been thousands of gallons of the stuff overflowing from all directions and nobody could notice anything! (Yes, it was about 3:00 am in the morning-but so what- were there no operator rounds of the premises or anything like that?- or it doesn’t happen on the night shifts at all?!)
e) Apparently the hazardous area classification which may have been done during the initial stages, may not have considered wind directions. The entire vapor cloud was carried across the road from the tank farm to an emergency generator building,about 100 meters away, where it is thought to have been ignited. The building apparently was not a classified (hazardous) location.
No doubt this entire catastrophic incident and the consequent investigations will have a major impact on how instruments and controls are designed and maintained in petrochemical/hydrocarbon processing plants, how operator alertness and awareness is important and so on.
More details are available at the Buncefield investigation site.
Note: All images have been sourced from the Buncefield investigation site and all copyrights belong to that site.
Are integrated SIS/DCS systems better than standalone SIS DCS systems?
Lately, there have been many launches of new “integrated” control systems, that have both DCS and SIS systems in the same package. For those of you are not familiar with these terms, an SIS is short for “Safety Instrumented System“, which is a special kind of control system that is used for the safety critical parts of process plants, turbomachinery, boilers and so on. Emergency Shutdown Systems (ESD for short), can be considered a subset of the SIS category of control systems.
On the other hand DCS (Distributed Control Systems) are those control systems that are used for normal control and monitoring operations of process plants, oil refineries, oil & gas production platforms, power plants and so on. The DCS is the main system that measures, monitors and controls various process parameters like flow, temperature, pressure and so on.
———————————-Advt——————————————————
For a really comprehensive, cost effective and easy way to learn about Safety Instrumented Systems, click here. Free trial available for download.
———————————————————————————————–
In the view of the standards bodies (like IEC and ISA), these two systems have to be separate, as the safety systems have to be dedicated to only the safety critical parts of the plant and the garden-variety DCS cannot be said to be robust, fail-safe and sure to operate the safety critical instruments at all times. This distinction between the DCS and SIS, led to separate markets for both types of systems with separate suppliers for both, initially. Thus suppliers like HIMA, ICS Triplex, Triconex, PILZ and so on were the suppliers of these Safety Instrumented Systems, whereas the DCS market belonged to the companies like Emerson, ABB, Honeywell, Yokogawa and so on.
This obviously, meant that now, if a plant had safety critical instruments and controls, it necessarily required a separate SIS, the DCS would not do. This now, one control room had two control systems, totally different as chalk and cheese. The SIS had separate power supplies, panels, monitoring stations, separate programming software and of course totally separate hardware. The same Instrument engineer who got allotted to the process plant, had to be adept at both systems simultaneously to do his job well. Plant modifications and changes were a nightmare as any change had to be implemented in both systems.
Making the two systems communicate to each other also proved not so simple.
Hence, all these instrument engineers started wishing for a new deal, whereby both systems could talk to each other seamlessly (even while remaining separate to conform to the standards) and what if they could share a common engineering /programming platform as well? That would be great!
The DCS vendors sensed this fervent desire and many of them came out with “integrated” systems, where the DCS and SIS controllers are different but part of the same overall system. Some examples are Emerson’s Delta V with SIS and Siemens Safety Integrated.
What does this mean for the traditional SIS-only vendors like HIMA and Triconex? Have users started switching over to the new integrated systems? Or is it a passing fad? As a system designer, safety manager, instrument engineer or plant manager, which option is better? Separate or integrated? Your comments on this will be welcome.
