Following on from the first four aeSolutions blogs on the subject of combustible dust concerns, this blog provides another deep dive into the topic. We previously addressed the basic concerns around combustible dusts, many of the standards that address dust hazard guidance, and the properties and testing for combustible dusts; potential ignition sources; and potential safeguards. This article will build on those topics to pull it all together and review a commonly used dust hazard analysis (DHA) method. by Judith Lesslie, CFSE, CSP The Challenges DHAs are an important method to assess the risk posed by ignition of combustible dusts. Companies handling highly hazardous chemicals (HHC) routinely conduct process hazard analyses (PHAs), but it is not common to encounter PHAs that thoroughly review combustible dust hazards or company internal standards that address combustible dust hazards. Many companies’ PHAs do not address combustible dust hazards in an organized manner or in a manner that complies with industry guidance on dust hazard analyses (DHA), if the dust hazards are reviewed at all. Why would you conduct a DHA for a combustible dust process? There are several good reasons, and the most obvious is to protect people, the environment, assets, and reputation from dust explosions and fires. Other reasons for a DHA include: The OSHA general duty clause requires that, in addition to compliance with hazard-specific standards, all employers provide a work environment "…free from recognized hazards that are causing or are likely to cause death or serious physical harm." A company may identify the need for a DHA on an existing combustible dust process internally due to this requirement. A dust explosion incident involving a dust with identical or similar properties to that in an existing process may occur. An industrial hygiene review of process dust or particulates may identify combustibility concerns. A PHA team may identify the need for a deeper dive into dust risks. A codes and standards review may identify NFPA 652 (Standard on the Fundamentals of Combustible Dust) as a needful standard for compliance. (NFPA 652 is considered to be a Recognized And Generally Accepted Good Engineering Practice (RAGAGEP)). An insurance company providing coverage for the facility may request it. A DHA is a focused method to improve facility safety by identifying combustible dust hazards and necessary safeguards associated with a process. There are variations across companies on how DHAs are conducted, similar to the many variations on PHAs that can be found in industry, but there are two basic approaches: a traditional approach based on an engineering analysis and standards compliance; and a risk based approach. Most companies opt for a risk-based approach and those basic steps are described here: Identify the relevant properties of a combustible dust (as described in part 2 of this series). Form a suitable team to perform the DHA, including a qualified facilitator. Determine which internal and industry standards apply to the DHA and educate team members on those standards. (There is a partial list of applicable industry standards in part 1 of this series.) Assemble or develop the process safety information that the DHA team will need, including equipment ratings, electrical area classification designations, dust data, safe operating ranges, operating procedures, housekeeping protocols, and current maintenance regimes, among other data. If there are existing mitigating safeguards (as described in part 4 of this series), data on those systems should also be readily available. With guidance from a qualified facilitator, the team develops the credible dust cloud and dust layer scenarios internal and external to the equipment. The team identifies the credible internal and external ignition sources for each scenario (as described in part 3 of this series). The team then assumes that an ignition occurs in each scenario and assesses and describes the potential unmitigated safety and environmental (and sometimes commercial and reputational) consequences. Guidance from a qualified facilitator is crucial at this step. The team then assesses the likelihood of occurrence of the credible ignition sources. Guidance from a qualified facilitator is also crucial at this step. Risk ranking results and acceptance criteria vary from company to company, but typically the team then uses the consequence and likelihood to develop an unmitigated risk rank for each scenario. The team then assesses existing preventive and mitigating safeguards for each scenario, using those factors to determine the existing mitigated risk rank for each. When the mitigated risk ranking does not meet the risk criteria set by the company, then the team typically develops recommendations for additional engineering and/or administrative safeguards. The team may also need to issue recommendations to ensure that safeguards have sufficient specificity, independence, dependability and auditability, similar to Layer of Protection Analysis (LOPA) independent protection layers, if that is a company expectation. Finally, the facility follows up on the DHA recommendations. If this process sounds a great deal like a HAZOP study to you, then you are right on target. It is also a common practice for companies to adapt their LOPA methods to be suitable for DHAs for the higher consequence scenarios. It is generally a feasible task to adapt or develop HAZOP and LOPA software templates to be suitable for DHAs. It can even be done in spreadsheets or word processing documents in case of need, though this type of documentation is a little more difficult to initially develop. An excellent reference for those who wish a deeper dive into DHA methods is Guidelines for Combustible Dust Hazard Analysis, 1st Edition, 2017, by Center for Chemical Process Safety, published by Wiley-AIChE available on-line from your favorite technical bookseller. The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood. Even if you have a good-quality PHA, it may not delve deeply enough into the combustible dust topic in accordance with NFPA 652. NFPA 652 states that existing processes and compartments (e.g., building compartments) shall have a completed DHA by September 7, 2020 (¶ 7.1.1.2) and that the DHA shall be reviewed and updated at least every five years (¶ 7.1.4). Are you in compliance? Are you positive your site is managing its combustible dust risks in all phases of operation well enough to prevent a serious explosion? So What? If you have not previously taken a deep dive into the combustibility properties of your particular dust(s) and completed a DHA at your site, now would be a good time to do so. If you do not have the right expertise in your staff to assess dust hazards, consider engaging a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful analysis with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Upcoming AIChE Webinar: Combustible Dusts and Dust Hazard Analysis: Assess Your Risk June 15, 2023 - 2:00 pm EDT presented by Judith Lesslie - Senior Principal Specialist - aeSolutions

In the machinery industry, a safety function is a control function that reduces the risk of injury, exposure to hazards, or harm to the operator. To classify a safeguard identified in the risk assessment as a safety function, refer to the aeSolutions blog post "Machinery Safety – Is it a Safety Function?". Functional safety is a methodology used to design, specify, implement, validate, and maintain safety functions. Conformity to functional safety standards helps analyze safety function failure rates and provides assurance that the design and integration of safety functions are reliable and effective for the life of the safety function. The two most commonly used standards in the machinery safety realm of functional safety are ISO 13849-1 and -2, which are a sector-specific versions of the broader functional safety standard IEC 61511. ISO 13849-1 describes Performance Levels (PLs) that are analogous to Safety Integrity Levels (SIL) in process safety. Each safety function identified in the risk assessment and the Safety Related Parts of the Control System (SRP/CS) is assigned a required PL depending on the risk assessment and risk ranking structure. PLs use discrete levels to represent the range of the Probability of Dangerous Failure per Hour (PFHd) of the safety function. In practical terms, the PL signifies the reliability of the function and probability that a safety function will fail (i.e., not perform when needed). There are five (5) performance levels (a, b, c, d, e). PLa is assigned to safety functions required for low-risk hazards and has the least stringent design requirements, whereas PLe is assigned for high-risk hazards and requires a high performance level of the safety function. PLs are dependent on the hardware and structure of the circuit, and the circuit components are characterized by the circuit categories (B, 1, 2, 3, 4) and failure data such as the Mean Time to Dangerous Failure (MTTFd), Diagnostic Coverage (DC), and Common Cause Failure (CCF). The chart below from the ISO 13849-1 standard illustrates the relationships between these factors. Each circuit category requirement (x-axis on chart) is associated with specific performance level(s) (y-axis on chart). Category B is the most basic circuit category, with a single channel, low and medium MTTFd, and non-applicable DC. The resulting PL is either a PLa or PLb. Category 1 achieves higher reliability than Category B, and each circuit category progressively increases its requirements. Category 4 corresponds to a PLe and has the most safety function requirements, as it is a dual-channel circuit with high MTTFd and high DC. Once the actual PL of the designed safety function has been determined, it needs to be verified that it meets the required PL per the risk assessment. There are also software tools available that assist in PL calculation. If a gap exists between the safety function PL and required PL, the design needs to be reiterated to increase the PL, such as increasing diagnostic coverage or re-evaluating the circuit categories. Design factors, including process, operating stress, environmental conditions, and operating procedures, should also be considered. The next step is the most common mistake made in machinery functional safety – skipping the validation. Validation occurs after the safety function is designed, verified, installed, and programmed. A validation procedure analyzes and tests the safety function and can include a simulation of faults and verification that the safety function responds as expected under all scenarios. It is critical for those responsible for functional safety to validate that the function is acting as intended, as there is still potential for error at the end. The second part of the standard, ISO 13849-2, provides guidance on the validation procedure to ensure the category and performance level is achieved by the SRP/CS in accordance with the function’s design criteria established in ISO 13849-1. Following validation, maintaining these systems and applying regular preventative and corrective maintenance plans is also very important to keep the safety functions working in a safe and effective manner. Functional safety is necessary in the manufacturing and machinery industry to have assurance that the design and integration of safety functions are reliable and effective when called upon to reduce the risk of human injury or risk of exposure to hazards. PLs are a benchmark for performance that the safety function is required to meet; without benchmarks, it would be challenging to understand whether safety functions are achieving their purpose. The ISO 13849-1 and -2 standards must be applied to ensure that a safety function is both designed properly and validated to test that its intended performance is being achieved (do not make the mistake of skipping this step!) and maintained throughout its life.

Following on from the first three aeSolutions blogs on the subject of combustible dust concerns, this blog provides another deep dive into the topic. We previously addressed the basic concerns around combustible dusts, many of the standards that address dust hazard guidance, and the properties and testing for combustible dusts; and potential ignition sources. Pt1. ​Do You Know the Basics? Pt2. Dust Properties and Dust Hazard Signs Pt3. Dust Ignition Sources This article will build on those topics to address potential safeguards for dust fires and explosions for both internal and external dust clouds or layers. A later blog in this series will pull it all together and review commonly used dust hazard assessment (DHA) methods. Dust Handling Safeguards As previously described in this series, dust flash fires and explosions can have extremely serious safety, environmental, financial and reputational consequences. As you would expect for any potentially serious process safety consequences, there is a range of possible safeguards including both administrative and engineering controls. Control of ignition sources is the first and most obvious family of safeguards and it includes both administrative and engineering techniques: Proper grounding and bonding of equipment using both the NEC and NFPA 77 (Recommended Practice on Static Electricity) is a fundamental requirement. To provide assurance that the grounding and bonding system remains in good order, a routine ground inspection / assurance program, e.g., grounding system and piping/ducting strap inspection program, should be implemented in accordance with NFPA 654. Temporary grounding arrangements for loading or unloading of dusts require special attention to make sure of the integrity of frequently operated clamps and the operational discipline to use them every single time. For some dusts with low minimum ignition energy, use of personnel grounding may be considered (e.g., static-dissipating shoes and special conductive flooring). Continuing with the engineering controls, proper electrical area classification using the guidance in NFPA 499 (RP for Classification of Combustible Dusts and of Hazardous Locations for Electrical Installations). Proper area classification is important to minimize potential for sparks and to keep equipment surface temperatures below the ignition temperatures for a given dust. One of the most critical aspects of establishing Class II areas for dusts is selection of the temperature class for equipment. It is very important to have firm knowledge of the dust’s minimum auto-ignition temperature (MAIT), layer ignition temperature (LIT), and maximum rate reaction initiation temperature (if applicable) to correctly establish the required temperature class. Minimizing the possibility for equipment to produce sparks due to mechanical malfunctions is another important aspect of ignition control. Mechanical spark sources include equipment parts rubbing together creating friction heat or sparks, bearing failures, lack of lubrication and similar issues. A strong mechanical integrity program in accordance with manufacturer recommendations is important. This includes routine tasks such as a routine lubrication program, power and/or vibration monitoring, and temperature monitoring in some cases. A written program is an important tool to initiate and maintain a strong mechanical integrity program. Keeping stray metal (often called “tramp metal”) out of processing equipment is important due to the potential for mechanical sparking and frictional heating; exclusion of tramp metal may require a combination of administrative and engineering measures. Whenever equipment is opened, there should be a visual inspection just prior to closing to ensure no metal items, such as tools, filings, nuts, etc., are left behind. In some cases, where incursion of metal from upstream sources is credible, filtering prior to during steps is advisable. Control of hot work is a very important administrative tool to minimize the potential for hot work to generate sparks or open flames when dust may be present. NFPA 51B Standard for Fire Prevention During Welding, Cutting, and Other Hot Work is a good resource for hot work program development. An inherently safer method for dust explosion potential is to provide equipment designed for the maximum explosion overpressure (Pmax). Pmax is typically 8-9 times the initial absolute process pressure, so this can be a good solution for cases where the normal process pressure is near atmospheric. Care needs to be taken in consideration of “pressure piling” at interconnected ducting and equipment, since those pressures can be substantial, and it may be impractical to design for the higher pressures that may be expected at interconnected equipment. NFPA 69 Standard on Explosion Prevention Systems includes design information on this topic. A concept called deflagration isolation is sometimes used to prevent propagation of an explosion and the pressure piling at connected equipment that may go with it. Deflagration isolation systems may include rotary valves, flame arrestors, fast acting automatic valves which close on a rapid pressure increase, and others. Reducing the oxygen concentration internal to dust-handling equipment to below the limiting oxygen concentration (LOC) for the dust is a great method to prevent ignition if it is feasible for your system. Many facilities use nitrogen for this purpose and manage the system as safety-critical. If selected, the oxygen concentration of the conveying gas should be specified at a safe margin below the LOC. Somewhat related to control of oxygen content, the concentration of dust may at times also be controlled to significantly below the minimum explosible concentration (MEC) for the dust. Concentration control may not always be practical from a commercial standpoint as it may limit production rates. In cases where the conveying gas is not below the LOC, a mitigating safeguard to quench explosions in progress is sometimes specified. Nitrogen suppression systems will open very quickly based on fast-acting change of pressure switches. A rapid inflow of nitrogen may quench an imminent explosion internal to equipment. Proper sizing, numbers, and locations of the nitrogen cannisters is of crucial importance. The suppression system also has to act faster than the time for the development of the explosion. Specialist personnel should be engaged to handle the detailed design of suppression systems. Deflagration vents are another potential mitigating system which act to reduce the explosion pressure by venting it, similar to a rupture disc. Deflagration vents may be installed on equipment and on buildings where the potential for dust explosions is present. Deflagration vents can be quite large, depending on the application and should be vented to a safe location. NFPA 68 Explosion Protection by Deflagration Venting includes design information on this topic. A buildup of dust layers internal to equipment is a concern due to the potential for high surface temperature or a maximum rate reaction to ignite the layer. The primary control for this concern is an effective manual or automatic cleaning regime in place for equipment subject to internal layer buildup, including routine inspections to verify adequate cleaning. Supervisory signoffs and audits of this activity are also a good practice. External leakage of dust is a concern that needs to be addressed, as it may result in either dust explosions (if leakage is above the minimum explosive concentration (MEC) or dust fires in the case of layer buildups. There is a two-pronged safeguarding approach to address leakage. First is a strong mechanical integrity program which addresses typical leakage points proactively. Second is a strong housekeeping program in which incipient leaks are rapidly addressed, which should be supplemented by a strong routine housecleaning culture which allows for prompt cleanup of leaked dust. Similar to the internal dust layer concern, Supervisory signoffs and audits of housekeeping are also a good practice. The routine review should include all flat surfaces in the facility, including those which may not be perfectly visible, e.g., tops of equipment and tops of structural members. Building fire suppression systems are a sensible precaution to mitigate dust explosion consequences but as they are a post-explosion mitigating system, they are not typically regarded as a strong protection in these cases. The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood, and no company wants to learn of dust explosion hazards the hard way. How do you know if you have sufficient safeguards present for combustible dust hazards at your facility? A Dust Hazard Analysis (DHA) and careful review of the engineering and administrative safeguards in place is the clear answer. So What? If you have not previously taken a deep dive into the safeguards in place for your particular dust(s) ignition sources at your site, now would be a good time to do so. If you do not have the right technical expertise in your company to assess dust hazards, ignition sources and safeguards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to recommend reputable testing labs and to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Stay tuned for more. A later blog in this series will address commonly used dust hazard assessment (DHA) methods.

Improving industry by guiding our clients to increasingly resilient operations and safer communities. Our Story How We Can Help Our Story Integrating Process Safety, Automation & Fired Equipment Success Stories +25 Years Strong +40 Certified Experts +2000 Clients Served +600 Projects per Year Our Services Alarm Management Machinery Safety Migrations and Upgrades Process Safety Fired Equipment Project Management Combustible & Toxic Gas SIS Engineering Feature Stories Dust Hazards Pt.5 - Dust Hazard Analysis Top Mistake to Avoid in Machinery Functional Safety Dust Hazards Pt. 4 – Dust Handling Safeguards Machinery Safety – Is it a Safety Function? Project Life Cycle Process Safety Reviews Dust Hazards Pt. 3 – Dust Ignition Sources Client Success Built With Trusted Expertise aeSolutions is an engineering consulting and systems integration company that provides industrial process safety and automation products and services. We specialize in helping industrial clients achieve their site’s risk management and operational excellence goals. Process Safety As a supplier of complete process safety management (PSM) solutions, we pride ourselves on providing engineers from industry with design, maintenance, operating, and process safety backgrounds. Our specialists understand how plants operate because they have actually worked in covered processes and facilities. Alarm Managem ent Our clients recognize the relationship between the process safety performance of their facilities and the implementation of effective alarm management techniques and alarm philosophy. Our alarm management services help clients improve the performance of their alarm systems and increase the situational awareness of their operators. Machinery Safety Clients who operate and maintain machinery and robotics list safety is a top priority. We help manufacturing facilities achieve safe machine operation through risk assessments, application of the hierarchy of control, and sensible safeguard design. Our scalable programs address client’s specific needs and the machinery lifecycle to provide tailored solutions aligned with international and United States’ standards. DCS/PLC Migrations and Upgrades aeSolutions can provide the system integration methodology, technical services, and resources to accomplish the objectives of your automation project. We work with you from project inception to final commissioning through a proven project delivery model integrating diverse hardware, software, and services from multiple vendors and stakeholders into a unified, integrated system. Safety Instrumen ted Systems aeSolutions has a unique process to design and implement ISA84/IEC 61511-compliant safety instrumented systems (SIS). We integrate our knowledge and experience in PHA/LOPA along with control system hardware and field instrumentation to ensure that Safety Instrumented Functions (SIFs) are clearly defined. We define, design, and document the safety functions to meet your safety and online reliability requirements for 61511 and regulatory compliance. Fired Equipment From up-front engineering to end-user compliance testing, aeSolutions has helped clients create and maintain safe, efficient fired equipment and associated processes. With our extensive engineering knowledge of the National Fire Protection Agency (NFPA) and other regulations, aeSolutions is uniquely qualified to advise on virtually all combustion-related codes and other hazard assessments. Combustible & Toxic Gas The aeSolutions Fire and Combustible & Toxic Gas Detection team deliver a unique blend of experience in philosophy, technology selection, and geographic/scenario-based modeling. Beginning with a Gas Detection Philosophy development or review and update, we design a system that is fit for purpose, cost-effective, and has a defined basis that can be updated as the plant evolves.

Services We Offer Automation Conceptual & Preliminary Engineering (FEL/FEED) FD/P&ID Development Control System Platform Evaluation Continuous and Batch Design TIC Estimate Development Instrument and Electrical Design (l&E) ​ Instrument Index, Specs & Installation Details Plan Drawings Controls Electrical - Field Wiring {Loop Sheets, Elementaries, etc.) MCC Specification & Design Cable Schedules Construction SOWs Systems Integration Control Hardware Design Control System Server Virtualization Network Architecture Layout/ Design PLC, DCS, SIS, SCADA Configuration Control Panel Fabrication & Testing Construction Oversight Commissioning/Startup Support Learn More SIS Engineering ISA 61511 Safety Lifecycle Planning Design and Verification Safety Requirement Specification (SRS) Protection Layer Requirements Specification Cause & Effect Diagrams Functional Test Plans Lifecycle Cost Analysis Safety Integrity Level (SIL) Calculations Functional Safety Assessment (FSA) Fault Tree Analysis Event Tree Analysis Reliability Data Analysis Learn More Alarm Management Alarm Philosophy Development Consulting and Facilitation for ISA 18.2: Philosophy Rationalization Operations (Training) Audits Learn More Machinery Safety Compliance with Safety Standards at Manufacturing Sites (OSHA, ANSI, ISO) Risk Assessment State of Conformity Safeguard Specifications Training Learn More Combustion Combustion Control Solutions (CCS) ​ Fuel & Waste Optimization Combustion Optimization Availability/ Reliability Assessments Burner Management Systems (BMS) NFPA/API Code Compliance Screening Surveys Gap Assessments Gap Closur e Options/ Scoping PSM and SIL Rated BMS Risk-Based {PHA/LOPA) Assessments Code Equivalent Design Alternative Design of BMS/CCS AHJ Approval Consulting SIS Engineering Multidiscipline Project Execution Front End Loading "Outside the Box" System Design {l&E) Systems Integration {BMS, CCS) Fuel Trains Construction Scoping/ Management Commissioning/ Startup Support Annual Testing Learn More Process Safety Process Safety Management (PSM) Risk Management Program (RMP) PSM/RMP/RBPS Auditing PHA/HAZOP/LOPA/QRA/CHAZOP Procedural/Extreme Weather/ Abnormal Event PHAs Facility Siting PHAST/CFD Modeling Gas Dispersion Modeling Gas Sensor Mapping Human Reliability Analysis (HRA) Training ​ Process Safety Overview PSM/RMP Auditor PHA/LOPA Facilitator Independent Protection Layer Verification Mechanical Integrity Programs Electrical Area Classification Combustible Dust Hazard Assessments Learn More Fire & Gas NFPA 72 and Life Safety Code Compliance Fire and Gas Panel Design FM Listed Systems FM Approved Large Battery Backup Systems FGS System Construction Package CFO, Dispersion, Gas & Flame Detector Coverage Modeling Gas Detection Philosophy Detector Placement Startup and Commissioning Fire Marshall Package Learn More Why aeSolutions? Trusted Go-To Partner for Our Cli ents' Tough Challenges Innovative, Sustainable Solutions to Create Client Value Professional Project Management to Drive Client Business Results Consistent Performance and Delivery on Our Commitments ​ Recognized Extensively Credentialed Professionals (PE, CFSE, PMP) Active in Leadership of Professional Organizations (ISA, AIChE, CSIA) Involved in Development of International Standards & Industry Best Practices Deep Technical Acumen, Thought Leadership ​ How can we help you?

Plant Protection Systems Combustibl e & Toxic Gas | Fired Equipment | Safety Instrumented Sy stems ↵ SIS Engineering Reducing systematic failures reduces risk Our full understanding of the lifecycle prevents rework, saves time, and produces a more effective safety system. Critical decisions made in the analysis phase reduce the risk of late discoveries on your capital projects. ​ A successful Safety Instrumented System (SIS) project is one that meets its intended safety performance requirements while also achieving all other project objectives. aeSolutions will define, design, and document the safety functions to meet ISA/IEC 61511 lifecycle requirements of a process safety project with expertise and attention to detail f rom study through start up. Clients trust aeSolutions to ensure that they get the best return on their capital expenditures. ​ ANSI/ISA-61511 Lifecycle Servic es Allocations of Safety Functions to Protection Layers ​ Independent Protection Layer (IPL) Validation of Credits ​ BPCS/SIS Independence Assessment Design and Engineering of Safety ​ ​Safety Instrumented Function (SIF) Design, Optimization, and Safety Integrity Level (SIL) Verification Cause & Effect Diagrams (C&Es) Quantitative Risk Assessment SIS/SIF Equipment Specifications Logic Narratives and Diagrams Application Program Requirement Specification Development Factory Acceptance Test (FAT) & Site Acceptance Test (SAT) Plan Development Management of Functional Safety, Lifecycle Planning ​ Corporate SIS Project Standards Development ​ Functional Safety Management Planning (FSMP) ​ Functional Safety Assessments (FSAs) ​ Lifecycle Cost Analysis ​ Training Safety Requirement Specifications ​ ​ Safety Requirements Specification (SRS) Installation, Commissioning, and Validation Proof Test Philosophy & Design aeShield Software Operations and Maintenance ​ ​ Stage 4 Functional Safety Assessment (FSA) Tracking Proof Tests and SIF Performance Modification ​ Stage 5 Functional Safety Assessment (FSA) Update SIS Related Documents After a Modification Operational / Safety Improvements Verify New SIS System Assess Intended SIS Design Develop Options for Modification to Meet Objectives Select Preferred Options Assess Current Operations Develop Options for Modification to Meet Objectives Select Preferred Options Assess Concept SIS Design Develop Options for Modification to Meet Objectives Select Preferred Options During the hazard and risk analysis phase of the safety lifecycle Independent Protection Layers (IPLs) are identified. Claiming credit for one or more IPLs that do not provide the protection claimed will result in under-designed SIFs, increasing risk to the facility. Claiming less credit for IPLs than is actually provided will result in over-designed SIFs, increasing capital cost. aeSolutions has the expertise and experience to help you perform this critical task most effectively. BPCS/SIS Independence Assessment During hazard reviews protection layers implemented in both the BPCS (e.g. the DCS) and SIS are identified. Determining if different protection layers are truly independent so that they are credited properly in the risk analysis can be complex. With our experience in process automation and functional safety we can ensure this analysis is done correctly. Safety Requirements Specification (SRS) The SRS (clause 10 of ISA/IEC 61511) takes the results of the hazard and risk assessments and defines the requirements that the individual SIFs must meet. The SRS is an input to the SIS design process but not all of the required information is available when design starts. Our SIS Specialists have configuration, instrumentation, and operations experience, allowing them specify feasible solutions to complex SIF implementation problems. ​ The hazard and risk assessments identify the need for Independent Protection Layers (IPLs) to bring the risks associated with the various hazard scenarios in line with corporate risk tolerance guidelines. Where one or more IPLs are determined to be SIFs aeSolutions has the experience and expertise to: Confirm the SIL required for the SIF to avoid overdesign Create a preliminary design for the SIF that conforms to ISA/IEC 61511 Identify the failure rates and parameters needed to calculate the Probability of Failure on Demand (PFD) of the SIF We use the most appropriate tool for calculating PFDs (or use the tool the client requires); for complex SIFs we can use Fault Tree Analysis for the calculations Optimize the SIF to meet the desired proof test interval and spurious trip frequency Recommend specific field devices for the SIF Document the calculations including the data and parameters used C&E diagrams are frequently the input to developing the software to be implemented on a SIS logic solver (sometimes together with a narrative). As such they are of critical importance to successful implementation of the SIFs in any functional safety project. Our C&E templates have been developed from many years of experience to optimize ease-of-use for configuration, testing, operator training and turnover effectiveness. In cases where the functional complexity exceeds the capacity of C&Es, our staff is capable of selecting the most efficient alternate format. Quantitative Risk Assessment (QRA) is a risk assessment methodology that allows for numerical estimates of the level of risk associated with a certain activity or series of activities to be estimated and then assessed. Risk is a function of consequence and likelihood and aeSolutions has the experience and tools to evaluate both for a QRA. For example we can use the PHAST software to model chemical releases in evaluating consequences of an incident. QRA can be a valuable decision support tool when evaluating complex hazard scenarios. Logic narratives are sometimes required in addition to cause and effect diagrams to explain the functioning of a SIS, particularly when there are field devices shared among SIFs or there are other types of interdependencies. Sequential Function Charts (SFCs) are an example of logic diagrams that can be used to illustrate the functioning of a SIS. SFCs are frequently used to document the various operating modes of fired equipment. The aeSolutions staff is capable of selecting the best format, or combination of formats, to best meet the requirements of our clients. The Application Program Requirement Specification (APRS) is an extension of the SRS, and includes requirements for software applications used in a SIS. aeSolutions can assist you in developing an APRS so that the resulting application meets the requirements of ISA/IEC 61511 and correctly implements the different SIFs. The ISA/IEC 61511 standard (Clause 13) requires that the need for a FAT should be identified during safety planning for a project, and also provides guidance on how a FAT should be planned and conducted. Clause 15, SIS Safety Validation (also know as a SAT), provides similar guidance. aeSolutions SIS engineers have the experience to develop these plans, oversee their execution as an independent 3rd party, or execute these tests. The goal of a proof test of a SIF is to reveal previously undiagnosed dangerous hardware failures (those failures that would prevent the SIF from reacting to a hazard). Proof test coverage (the fraction of these failures a given proof can reveal) and the interval at which proof tests are conducted are important inputs into determining if a SIF meets its required SIL. Developing a proof test philosophy can provide for consistency in proof test procedures and how they are conducted. aeSolutions' experts have the field experience to discuss the testing requirements, site practices and available technologies to determine and document a comprehensive testing philosophy. We also have a library of proven proof test procedures to choose from when assembling a testing package, and we have the expertise to work with clients to implement effective testing, failure classification, and feedback mechanisms to validate reliability data claimed in Risk Analysis and SIL Verification. Corporate SIS Project Standards Development aeSolutions can help create or update the practices and procedures you need for compliance with the ISA/IEC 61511 standard. For example: Risk Assessment Standards​ SIL Selection Standards​ Functional Safety Assessment Templates​ SIS Design and Implementation Standards ​ Functional Safety Management Planning (FSMP) The ISA/IEC 61511 standard identifies the management activities that are necessary to ensure that functional safety objectives are met: + Organization and resources + Risk evaluation and risk management + Safety Planning + Assessment, auditing and revisions + SIS configuration management ​ aeSolutions can assist you in developing a management plan to accomplish what the standard requires but tailored to your specific circumstances and resources. Training The design and operation of Safety Instrumented Systems (SIS) requires an understanding of instrumentation failure characteristics, the Safety Lifecycle, probability mechanics, and the relevant international standards. ​ We offer training in the following areas, and we also offer training customized to your specific needs: - Safety Requirements Specification (SRS) - Calculations of the Probability of Failure on Demand (PFD) - Fault Tree Analysis - Determination of Architectural Constraints - Identifying and Modeling for Common Causes of Failure - Degraded Voting - Failure Rate Estimation Management of Functional Safety, Lifecycle Planning Operations and Maintenance Services Stage 4 Functional Safety Assessment (FSA) Tracking Proof Tests and SIF Performance ​ Modifications Stage 5 Functional Safety Assessment (FSA) Update SIS Related Documents After a Modification Management of Functional Safety, Lifecycle Planning Corporate SIS Project Standards Development​ Functional Safety Management Planning (FSMP) Functional Safety Assessments (FSAs) Lifecycle Cost Analysis​ Training Concept through Start Up Allocations of Safety Functions to Protection Layers Independent Protection Layer (IPL) Validation of Credits ​ BPCS/SIS Independence Assessment ​ Safety Requirement Specifications Safety Requirements Specification (SRS) ​ Design and Engineering of Safety Instrumented Systems (SRS) Safety Instrumented Function (SIF) Design, Optimization, and Safety Integrity Level (SIL) Verification Cause & Effect Diagrams (C&Es) Quantitative Risk Assessment SIS/SIF Equipment Specifications Logic Narratives and Diagrams Application Program Requirement Specification Development Factory Acceptance Test (FAT) & Site Acceptance Test (SAT) Plan Development ​ Installation, Commissioning, and Validation Proof Test Philosophy & Design aeShield Software Featured Stories Key Considerations Establishing Site or Corporate SIS Guidelines Key considerations to developing SIS guidelines, with the SIS lifecycle generalized into three main sections: Concept Through Startup, Opera HIPPS Justification - High Integrity Pressure Protection System What’s a HIPPS and where are they used? There are two common applications for a High Integrity Pressure Protection System (HIPPS). First,... Is That Really Why Control Systems Go Wrong? - Video Presentation Presented by Greg Hardin - Senior Principal Specialist, aeSolutions The British HSE publication “Out of control - Why control systems go... Functional Safety Specialists May be Stuck in the Past – Do our SIL calculations Reflect Reality? Functional safety specialists may be stuck in the past and doing industry a disservice. The current industry trend is to only consider rando