How to achieve effective process safety
Automation systems and people can work together with a corporate safety culture in place that emphasizes zero-risk tolerance and proper understanding of engineering principles such as using proper alarm management strategies and systems, regulatory procedures and industry best practices
By Scott Hayes, MAVERICK Technologies
In industrial environments, a safety risk can happen at anytime, anywhere, due to a combination of factors. Process upsets can be triggered unexpectedly by equipment malfunctions or other issues. If equipment fails and alarms go unnoticed or warning signs aren’t heeded, the potential for risk can be huge. A facility unable to maintain steady-state control automatically during normal operation is an accident waiting to happen.
Preventing safety risks depends on effective process control and the people running the operations. Both must seamlessly work together for facilities to safely operate. For industrial personnel, it starts with a safety mindset ingrained in the corporate culture.
Building a safety culture
A safety-conscious culture requires taking advantage of every opportunity to emphasize and reinforce a safety mindset— an attitude of zero-risk tolerance where complacency is not an option. No one wants to see someone get hurt—or worse, or the negative impact on production, the environment or a facility’s assets and reputation.
The top priority is placed on keeping people and surrounding communities safe. Industrial safety begins at the corporate level and cascades down to all employees. The following should be part of every company’s safety culture:
• Communicate internal policies and implement process control safeguards and action plans.
• Invest in training, equipment repair and replacement.
• Follow applicable laws and regulatory compliance.
• Leverage industry standards and guidelines (e.g., IEC 61508 and IEC/ISA 61511).
Taking the safety culture further, companies should incorporate upfront safety assessments and risk analysis of existing automation systems and processes to determine the tolerable and intolerable risks. “Tolerable risk” is the benchmark that facilities use to determine their relative safety strategy. This is an important discipline to reduce the risk of liability. It’s also a great opportunity to review key areas to see whether the facility’s automation, safety systems and personnel work together to ensure safe and secure operations.
Automated safety layers
An effective basic process control system (BPCS) is the most critical layer of protection (see Figure 1). It has automated safety layers designed to prevent accidents. A BPCS runs the process, identifies abnormal situations and sets off an alarm or takes other actions. It should be able to compensate for most abnormal situations.
Another common safeguard is a safety instrumented system (SIS), which must intervene if a process goes beyond safe control limits. If a BPCS ages or lacks regular maintenance, incidents start to frequently escalate, and the importance of an SIS becomes even greater. When personnel often depend on the SIS to handle routine upsets and frequent SIS trips become increasingly noticeable, it’s time to take a hard look at the BPCS.
For a review of a safety system, a process hazard analysis (PHA)/hazard and operability (HAZOP) study or other audit is performed to determine any remaining safety-
PROCESS SAFETY
Applied Automation August 2021 • A3
A safety-conscious culture requires taking advantage of every opportunity to emphasize and reinforce a safety mindset—an attitude of zero-risk tolerance where complacency is not an option.
related issues or to identify those situations or other potential system failures that could cause an accident or issue. The SIS layer is designed to minimize risks identified as unacceptable through the HAZOP study. It is comprised of independently-operating safety instrumented functions (SIFs).
As the BPCS is considered the first layer of protection in a welldesigned and maintained facility, most SIFs are specifically designed to be low demand (i.e., called upon no more than once per year), with frequent use to be avoided. For example, if an SIF is handling situations every day versus once a year as it was initially designed, the BPCS needs attention.
Relying on the SIS as the last line of defense is not a sound strategy as machines and alarms can only take on so much of the risk. At some point, an operator may have to take over and it should be very clear what they should do and when.
In addition to the BPCS and SIS, there is an additional line of defense: the operator. If the operator is notified by
Figure 1: An effective basic process control system (BPCS) is the most critical layer of protection. It has automated safety layers designed to prevent accidents. Courtesy: MAVERICK Technologies
an alarm, has consistent instructions on what to do and enough time to do it, an operator response to an alarm (OPR) can be credited as a protection.
To minimize risk in these instances, operators must have a full understanding and knowledge of companywide safety policies, strategies and initiatives, along with proper alarm and system training. Trained operators are the key to maintaining the integrity of the BPCS and the SIS’s automated safety functions.
If a BPCS or SIS is giving off a warning signal and it’s ignored, or the operator is not properly trained to identify its warning signs, it defeats the purpose of having system safeguards.
Operators, alarms and HMIs
A proper alarm management system and training is critical to ensure operators accurately respond to incidents. Improper alarm management leads to unplanned downtime, contributing to billions of dollars in lost production every year, and the potential for a major industrial incident.
PROCESS SAFETY A4 • August 2021 Applied Automation
Relying on the SIS as the last line of defense is not a sound strategy as machines and alarms can only take on so much of the risk.
An alarm system tells operators about disruptions the BPCS cannot adequately handle automatically (see Figure 2). An operator response is then required to fix or mitigate the problem. Every alarm is defined upfront and has an associated operator response, and the operator needs to know the appropriate action.
A common problem for operators is having too many alarms annunciated during a facility upset, known as an “alarm flood.” Alarm floods, chattering or an excessive number of active alarms reduces the chance the OPR alarm will receive the attention needed. Alarm response procedures should be clear and easily accessible—ideally in the human-machine interface (HMI)—so operators can respond quickly and effectively.
Today’s high-performance HMI (HP-HMI) graphics help operators identify alarms using grayscale screens with consistent colors or shapes. Operators, however, should still be trained on critical alarm elements and other piping and instrumentation diagram (P&ID) symbols and be able to recognize and respond to abnormal situations. They also should have a clear understanding of what’s happening with the facility’s systems and processes.
For regulatory compliance purposes, the ISA-18.2 standard requires facilities to perform an audit and create a comprehensive assessment that defines the criteria for rating an alarm’s severity and urgency. The assessment evaluates the alarm system performance and work practices used to administer the alarm system. Periodic reviews of how frequently OPR alarms have been triggered along with the timing and accuracy of the associated operator response reveals gaps not apparent from routine monitoring and allows personnel to identify necessary improvements.
With an alarm philosophy (i.e., basically a set of guidelines) in place, facilities can follow the set of criteria to
Figure 2: An alarm system tells operators about disruptions the BPCS cannot adequately handle automatically. Courtesy: MAVERICK Technologies
design, develop, implement, modify, manage and continuously improve and maintain alarms. Alarm response procedures also can be developed and specific information on each alarm can be embedded within an HMI to help operators respond quickly and safely mitigate abnormal situations.
Using alarms as safeguards for process control safety risks increases their importance and adds another dimension of importance for performing proper alarm management. Alarm management should be part of a facility’s continuous improvement program and incorporated into any equipment updates or legacy system migration projects. Proper alarm management becomes more imperative than ever.
Seamless automation
To ensure the safety to all in a facility and the surrounding communities, it is best to look at the larger automation picture from a holistic perspective and perform an analysis of systems and processes that are in place. The process is a huge undertaking and may require help from a third-party automation solutions provider who can combine process and automation knowledge with upfront SIS analysis and improvements, along with alarm management expertise. External help also comes in handy when operators need to be trained in understanding the larger safety picture and tolerated risk levels.
Automation systems and people can work together with a corporate safety culture in place that emphasizes zerorisk tolerance and proper understanding of engineering principles such as using proper alarm management strategies and systems, regulatory procedures and industry best practices. When all these are combined, companies can control identified safety risks and hazards and achieve effective process control.
Scott Hayes (scott.hayes@mavtechglobal.com) is a program manager at MAVERICK Technologies. He has more than 20 years of experience in process control. He is a licensed control system engineer and a TÜV certified function safety engineer.
Applied Automation August 2021 • A5
Want to learn about engineering topics pertaining to gearmotors? We have the information at your fingertips!
Tired of looking up multiple sources for answers to common engineering questions about gear units or gearmotors? We have the solution.
SEW-EURODRIVE’s online Technical Notes can be a real life-saver when you need answers. Technical Notes provide quick access to many engineering topics such as how to properly mount a torque arm, how to determine and design for inertia, or how to properly design your machine to use a hollow shaft gear unit.
Need answers on how the speed, mounting position, environment, and duty cycle can affect the thermal rating of a gear unit and how to protect against too much heat? That’s one of many in-depth documents you can find by visiting www.seweurodrive.com and clicking Technical Notes.
Whitepaper
Our technical white paper, Maximizing Gearmotor Speed Range shows you how to operate VFDs above 60Hz to widen speed range, improve stability and reduce cost.
In this white paper, you’ll learn why it can be a good idea to operate gearmotors above 60Hz. Through a common example, we will show you how to select the proper gearmotor that will significantly enhance performance in the following ways:
• Increase stability by reducing inertia mismatch
• Widen the available speed range
• Eliminate a costly ventilator fan at low speed
• Eliminate motor overheating at low speed
• Enable the use of a smaller motor
Visit www.sewwhitepapers.com/vfd to download the PDF. mktg@seweurodrive.com 864-439-7537 www.seweurodrive.com
Ultra long-life lithium batteries power remote wireless devices for up to 40 years
Industrial automation and IIoT applications are expanding into remote locations that require the use of long-life lithium batteries to reduce the long-term cost of ownership.
Wireless devices that draw small amounts of average current are predominantly powered by bobbin-type lithium thionyl chloride (LiSOCl 2 ) batteries. These cells deliver very high energy density, high capacity, and an exceptionally wide temperature range. Bobbin-type LiSOCl 2 batteries also feature an exceptionally low annual self-discharge rate, enabling certain low power devices to operate maintenancefree for up to 40 years.
How a bobbin-type LiSOCl 2 cell is manufactured significantly impacts its self-discharge rate. A superior quality bobbin-type LiSOCl 2 cell can feature a self-discharge rate of 0.7% per year, retaining nearly 70% of its original capacity after 40 years. By contrast, a lower quality bobbin-type LiSOCl 2 cell can have a self-discharge rate as high as 3% per year, exhausting 30% of its capacity every 10 years, which makes 40-year battery life impossible.
If periodic high pulses are required to power two-way wireless communications, PulsesPlus™ batteries are available that
PulsesPlus
combine a standard bobbin-type LiSOCl 2 cell with a patented hybrid layer capacitor (HLC) that works like a rechargeable battery to store energy and generate high pulses. Supercapacitors perform a similar function in consumer electronics but are generally unsuited for industrial applications.
Bobbin-type LiSOCl 2 batteries are not created equal, but the performance differences may not become apparent for years. Careful due diligence is required when specifying batteries for long-term deployments in remote areas and extreme environments.
Engineers must look beyond theoretical data to demand fully documented long-term test results, customer testimonials, and in-field performance data from equivalent applications operating under similar loads and environmental conditions.
™ batteries deliver the high pulses required to power two-way wireless communications. 1-800-537-1368 • sales@tadiranbat.com www.tadiranbat.com
