BRIEF ASPECTS OF SAFETY ASSESSMENT CYCLE
K JAYAPRAKASH
Discipline Head – C & I
TATA Consulting Engineers Ltd

The safety of industrial process is becoming an increasing concern, While no single approach can ever fully exclude all accidents, the process industry consultants are striving to attach the highest safety level possible with current technology and functional safety solutions.

Most of the engineering consultants/contractors and users are well aware of this situation. Hence they need to use adequate protection and shutdown systems and ensure full compliance to the international standard like IEC 61508 standard and process oriented IEC 615111 standard to safe guard personnel and equipment.

These standards address the application of safety instrumented system in referred process industries. It requires conducting a process hazard study and risk assessment study so that its findings can be appropriated to enable the incorporation in the specification for safety instrumented system. The safety instrumented system shall include the components and sub-systems necessary to carry out safety instrumented function from field sensor to final control element.

Methods frequently applied are HAZID, HAZOP, Operability study and SIL studies which determine the Safety Integrity level of Instrumented Control functions.

International standard IEC 615111 has following concepts which are fundamental to its applications:

Safety life cycle, Safety integrity level
Safety is achieved by inherently safe process design. When necessary, this shall be combined with a protection system or systems to address any identified residual risk.

Safety Instrument System (SIS) forms a very important layer of protection against accidents and hazards in a process industry. Hence these warrants design and implementation of safety system for safety & good engineering practice.

SIS's safety performance criteria is defined by Safety Integrity Level (SIL). Determination of Safety Integrity Level shall help verification of SIS configuration and identifying whether the system meets or exceeds the required SIL and in turn reliability of the control system.

Design Engineering steps of SIL study are enumerated below

Step - 1
To prepare and collect information :
Process Flow Diagram, Block diagrams, Plant Layouts, Process & Instrumentation Diagrams (P & IDs), Details of Safety Interlocks , Operation and control philosophy, Cause and Effect Diagram, MSDS for all the raw material, Intermediate Products and Finished Products, Instrument Sequence Control Charts .

Step - 2
Process hazard & operability - HAZOP study


HAZOP Analysis i.e., safety requirements based on risk analysis of the equipment under control is a systematic approach of the process to identify all the possible hazards. It is done by HAZOP task force in team, wherein each member can brainstorm with each other and make most probable decisions. The output of HAZOP must be in report format in which all potential hazards and possible remedial measures are listed.

HAZOP is a proven method to examine and check that, what will go wrong in an installation and which deviations arise in process conditions e.g. excursions or loss of temperature, level, pressure, excess flow. Also special operation conditions are reviewed like startup, shut down, etc.

In HAZOP study, an installation is systematically examined by a expert team in accordance with defined nodes including the all pieces of equipment. The list of guide words assists to determine the causes for deviation. The consequences of deviation shall be investigated and checked, if sufficient safety measure have been taken to mitigate the possible impacts in installation.

After the HAZOP study is conducted by HAZOP team, the report consisting of following details shall be generated.
  • Review of the design and operation of process facility.
  • Safety and occupational health hazards to personnel
  • Damage to equipment/asset/environment
  • Operability/maintainability problems
  • Plant non-availability/limitation and lack of product quality
  • Environmental emissions
  • Construction and commission hazard
  • Critical examination of the process and engineer intentions to assess the hazard potential or mal-operation or malfunction of divided item of equipment and consequential effects and facility as a whole.
  • Compliance to statutory regulations like MOEF, CPCB.
Step - 3
SIL - Assessment (Identification and Verification)

What is SIL?
"Safety Integrity Level" - is defined as unit of measurement for quantity in risk reduction. Risk reductions are quantified using this concept of Safety Integrity Level (SIL).

Technical equipment’s usually pose a safety risk, it is dangerous so people should not be exposed to this equipment. So in such cases, relevant risks are reduced to meet the requirements for a safe operation. It is also possible to quantify risk reduction & implement them in order to satisfy the requirement. This is achieved using the SIL classification with SIL levels with range 1 to 4.

SIL - is a safety system performances measure in terms of probability of failure on demand. Since, it is easy to express probability in terms of failure, rather than in terms of performance. SIL level are listed, enumerated 1-4. High SIL level shall have high associated safety level and lower the probability of that system fails.

SIL assessment process consists of evaluation of piping and instrument diagram (P & ID) identification of Safety instrumented Systems and to identify scenarios that could lead to a loss of containment, or major equipment damage if the safety related system fails to operate when demanded .



Typical Safety Assessment Flow Chart Work

SIF: safety instrumented function with a specified SIL is a must & necessary to achieve functional safety and which shall be either a safety instrumented protection or a control function .Response time of SIF should always be less than 50% of the process safety time.

In HAZOP report potential hazards are identified. The next step is to determine the Safety Instrumental Functions (SIF) including their descriptions of function and consequences. Then risk reduction to each SIF has to be assigned. The classification methodology of SIL takes into account the consequences of the failure of SIF in relation - Risk Graph technique .

As per the requirements, methodology that will be employed for SIL assessment is a qualitative technique: Risk graph.

Risk Graphs are based on the following:
  • The Consequences of hazardous situation for Personnel Safety, Environment and loss of production and equipment/plant damage (parameters CI, EI and LI respectively),
  • Occupancy (parameter F), Probability of avoiding the hazardous situation(parameter P) & The Demand Rate (W).
Frequency of Hazardous event occurrence. High tolerable frequency lowers the resulting SIL by allocating to the SIF adopted as Independent protection layer and vice versa.

Various identified process deviations which could lead to potential human or environmental consequence or financial loss are analysed for the risk reduction that is required to be achieved by an instrumentation loop or a combination of instrumentation loops and the SIL corresponding to the same is generated. The SIL assessment will be done as per IEC 61508/ IEC 615111 .

Although any form of safety provisions may meet the same risk reduction requirements as that for a certain SIL, there is still an order of preference as to their use. Those most preferred are measures that make the process inherently safe

Step - 5
From the above reports, Safety Requirement Specifications (SRS) will be prepared for all SIF's. These shall contain all information like:
  • Assigned SIL, Trip setter, Safe stalk, Operator interfacing etc.
Step - 6
SIL VERIFICATION

Next stage in the project is to determine the SIL that installed systems shall achieve based on:
  • The equipment, (e.g. field sensor, control logic unit) used in the SIF
  • Appropriate reliability data & Specific proof testing intervals
Reliability data specific to the customer and plant/process shall be used for the assessment. If this is readily available or generic industry data or manufacturers' data will be used. Caution should be used in while applying manufacturers' data as they may only consider the element they provide and not the associated auxiliaries systems etc. Reference to industry data will always therefore be made to ensure that overtly optimistic data shall not be used. Where significant deviations from generic data are observed, this will be used after manufacturer provides sufficient justification.

SIL Classification A SIL target following a definition process shall be assigned to each SIF. Later SIL target will be assigned using a methodology which client agrees. This methodology will take into account both risk matrix approaches and Layers of Protection Analysis (LOPA) as appropriate.

The methodology shall be consistent with and will take into account risk matrix of existing client, the risks as quantified in existing QRAs and relevant client guidance. This classification methodology of SIL will take into account the consequences of SIL failure in relation to:

People safety, Asset damage, Environment, reputation of company & loss of production SIL target levels as defined in the methodology are:
SIL 0-Safety requirement not required for this function
SIL a-a risk reduction of < than a factor of 10 required from the function
SIL 1 - PFD between 10-1 and 10-2.
SIL 2 - PFD between 10-2 and 10-3.
SIL 3 - PFD between 10-3 and 10-4.
SIL 4 - PFD between 10-4 and 10-5.
Step 7
Safety validation.
As per standards, safety systems meet the overall safety requirement in terms of safety integrity and safety function requirements So, generally after installation and commissioning of the SIL/SIS systems, an overall validation must take place before plant startup. This validation has to be performed in accordance with overall validation plan by certified body. The purpose is to validate if the safety related systems meet the safety required specifications. This is done by inspection & testing commissioned safety instrumented systems as per safety requirement specification. These inspections also confirm that field sensors, control logic solvers & final control elements perform as defined in SRS.

References:
IEC 61508 1998.
By K .Jayaprakash DH (I & C)
Tata consulting engineers Bangalore