top of page

149 items found for ""

  • Control System Migrations | Part 4 | Managing Scope, Schedule, Budget

    Introduction | Control System Migration | Part 4 November 2024 — by Tom McGreevy, PE, PMP, CFSE — Give yourself a pat on the back, you’ve successfully navigated the tasks of providing procurement specification and selecting a vendor for your control system migration project . In part four of this series , we will be exploring scope, schedule, and budget. These elements form the “triple constraint” or what is sometimes referred to as the “three-headed monster” of control system migration project management — or any project, for that matter . The success of a migration project depends on balancing these constraints, with trade-offs required to meet objectives while addressing stakeholder needs, industry mandates, and operational realities. Phased Project Execution and Trade-offs Ideally, control system migrations follow a phased approach — starting with conceptual and preliminary design, moving through detailed design, and ending in execution. However, phases do not always flow sequentially, and overlapping activities are common, a phenomenon that makes a project more challenging. At the heart of control system projects lies the negotiation between scope, schedule, and budget. These three variables shape the project from inception to completion. Stakeholders, including project sponsors, operations teams, and users, bring different priorities to the table — requiring alignment to strike the right balance. For example, a project's scope must align with user requirements while staying within budget and schedule constraints. While many projects have some flexibility for scope, budget and schedule trade-offs, few projects are entirely unconstrained. Rare exceptions exist — such as the rapid construction of the Pentagon during World War II or the development of the atomic bomb — where scope and schedule were paramount, and budget was comparatively unlimited. However, most control system migrations are not afforded a constraint waiver, making the balancing act of scope, schedule, and budget a constant challenge. The Importance of Schedule and Outage Management In many control system migration initiatives, the project schedule is non-negotiable. Certain projects — such as those in the energy sector — are driven by government regulations (like Title V permitting ) or market demands, forcing strict adherence to timelines. Refinery turnarounds are a prime example: These large-scale maintenance events may only occur every 10 years, and once scheduled, the dates cannot shift. The high cost of shutting down operations for a refinery or chemical plant places immense pressure on teams to execute migrations efficiently within the set outage window. Outage durations and deadlines are major factors influencing both project scope and budget. Teams must prepare thoroughly to avoid overruns, as missing an outage window could result in costly delays. Planning and execution are equally critical during cutover phases when legacy systems are replaced with new ones, requiring seamless transitions within tight timeframes. Stakeholder Engagement and Balancing Constraints Engaging stakeholders early in the migration process is essential to align expectations around scope, schedule, and budget. By understanding their priorities — whether cost control, quality, or speed — project teams can manage trade-offs effectively. For example, a project may prioritize scope and quality, leaving budget as a secondary concern. However, as the old project management adage goes: “ You can have two of the three—scope, schedule, or budget—but the third must remain flexible .” A common question when setting priorities is whether quality fits within scope. In control system migrations, quality is considered a given. If the migration is poorly executed, operational issues will surface immediately, posing significant risks to production. Based on this, ensuring quality throughout the process is non-negotiable, even if it means adjusting schedule or budget constraints. Whether the new control system is ultimately a “Chevrolet”, or a “Cadillac” is a scope question, the answer to which depends on user requirements. However, whether a Chevy or a Caddy, the solution must be of high quality.    Scope — V-Model Systems Engineering The V-Model Systems Engineering approach is a widely recognized and robust framework, that is particularly valuable in managing project scope within control system migrations. Originating from the systems engineering discipline, the V-Model has been used extensively by industries such as process control and process safety and is a standard practice in high-stakes environments like the Department of Defense (DoD). The DoD has adopted the V-Model as a foundational approach for all acquisition systems, owing to its reliability and flexibility across various complex systems. The V-Model’s structured yet adaptable framework makes it an ideal tool for managing the many layers of control system migrations, where scope must be clearly defined and rigorously adhered to. The model is not only a theoretical construct but also integrated into practical standards like the IEC 61511 standard for Safety Instrumented Systems, demonstrating its alignment with the development and delivery of safety-critical industrial automation systems. Understanding the V-Model Structure   Image Source   The V-Model is visually represented as a “V” shape, with each side denoting specific phases of a project lifecycle. Starting from the upper left, the model begins with conceptualization and planning stages, where project requirements are established. These initial steps serve as the foundation for the entire project, ensuring clarity in objectives and design specifications. As the project progresses down the left side of the “V,” each phase deepens the project’s detail, moving through stages such as system architecture, preliminary design, and detailed design. At the bottom of the “V,” the project reaches the development and integration phase, where the designed systems are constructed and configured. The right side of the “V” begins with the validation and verification stages, where each element developed is thoroughly tested and validated against the original requirements set out in the project’s conceptual phase. This structured approach provides a clear pathway from inception to completion, ensuring that each component of the control system migration aligns with the initial scope and quality expectations. An important element of the “V” is that systems engineering does not end after system commissioning but should continue throughout the life of the asset to ensure upgrades and changes are also managed in a systematic manner. Benefits of the V-Model in Control System Migrations The V-Model’s stepwise progression is highly beneficial in control system migrations, where maintaining scope integrity is crucial. Each phase builds upon the last, allowing for consistent alignment with project objectives. The systematic approach helps minimize scope creep —  a common risk in complex migrations — and ensures that each requirement is tracked through development to final validation. One of the unique strengths of the V-Model is its emphasis on early-stage requirements. By investing time in clearly defining the project’s scope and requirements at the outset, teams can better manage expectations, budgets, and timelines. This is particularly valuable in environments where safety and reliability are critical, as any deviation from the intended design could result in costly or even hazardous outcomes. Scope — Requirements Document The Requirements Document is a foundational component in any control system migration, defining what the project must achieve and setting the framework for success. At the outset, the project team collaborates with stakeholders to clearly define the project’s objectives, specifications, and performance standards. This process ensures alignment around the key questions: What are we trying to accomplish?  and What are the essential requirements? In a control system migration, whether a Basic Process Control System (BPCS) or Safety Instrumented System  (SIS), a requirements document addresses the unique demands of replacing outdated and unsupported systems. As technology evolves, older systems eventually become unsupported, are difficult to maintain, lack operational reliability and flexibility, and no longer meet the organization’s needs. Establishing clear, detailed requirements is imperative in ensuring the new control system addresses these challenges effectively. Key Elements in Requirements Documentation The requirements document must integrate inputs from multiple entities involved in the control system’s operation and maintenance: Physical Environment Requirements :  This includes details about the physical assets the control system connects to, such as motors, pumps, compressors, tanks, and valves. Understanding the full scope of the machinery and processes the control system controls is crucial for designing a system that operates safely and effectively. User Requirements : Operators are on the front lines of system interaction, making user-friendly interfaces critical. The requirements document specifies Human-Machine Interface  (HMI) design, alarm management, and process visualization needs, ensuring that operators can navigate the system efficiently and without undue stress. Maintenance and Troubleshooting Requirements :  Maintenance teams need access to troubleshooting tools and systems capable of proactive fault detection. Requirements for system diagnostics, error reporting, and asset management tools (such as those using HART communication protocols ) are outlined to streamline ongoing maintenance. Advanced Control and Optimization :  For organizations aiming to optimize quality and profitability, the requirements document includes specifications for advanced applications and optimization tools. These capabilities allow for efficient control of complex processes and help meet business objectives. Cybersecurity and IT Requirements :  IT teams and cybersecurity stakeholders provide input on access control, remote troubleshooting capabilities, and integration with broader IT systems. This is especially important in cases where engineers or maintenance personnel may need secure, remote access to the control system. Business and Management Requirements :  Business leaders often have specific visibility requirements, allowing them to monitor production and other metrics from a management perspective. The requirements document captures these needs, balancing operational transparency with security concerns. The Systems Engineering V-Model for Requirements Documentation The Systems Engineering V-Model discussed earlier is also frequently applied to structuring the process of defining, refining, and verifying requirements documentation. During the initial FEL ( Front-End Loading ) phases, the project team identifies high-level requirements, involving potential vendors, systems integrators, and Original Equipment Manufacturers (OEMs) to validate early concepts. As the project progresses, requirements are broken down into more specific design elements, such as Piping and Instrumentation Diagrams (P&IDs), system architecture diagrams, and detailed hardware and software specifications. This phase culminates in a comprehensive set of design deliverables, including finalized drawings and specifications. As the project moves from design into implementation, the V-Model allows teams to check each aspect of the implementation against the original requirements, ensuring that the system meets expectations through validation and verification steps. Ongoing Maintenance and Adaptation Control system migrations do not end with commissioning. Modern control systems are increasingly software-dependent, relying on regular updates and security patches for sustained performance. As part of the requirements documentation, teams establish processes for managing updates and maintaining alignment with evolving cybersecurity standards. These “ living ” documents serve as references for future maintenance, ensuring the control system remains functional, secure, and aligned with operational needs well into the future.   Scope — Work Breakdown Schedule (WBS) A Work Breakdown Structure (WBS) is fundamental to the scope definition process in control system migrations, as they establish a clear framework for planning, estimating, and executing the project. The WBS divides a project into smaller, manageable parts, facilitating clearer communication, better cost control, and improved resource allocation. At its core, a Work Breakdown Schedule helps the team “ eat the elephant one bite at a time ,” breaking down complex tasks into structured and measurable components. Developing the Work Breakdown Structure In a WBS, the project is defined at the highest level and progressively divided into subprojects, sub-phases, and tasks. The process typically starts with defining the overarching goal — whether that’s replacing outdated control systems, implementing new safety standards, or optimizing performance. From there, the WBS is broken down into manageable sections, with each phase building on the previous ones. The ultimate goal is to create small enough tasks that allow for accurate estimation and efficient management. A comprehensive WBS should be developed early in the control system migration project, ideally before the schedule is finalized. Breaking down the project into smaller components enables teams to estimate durations and resources for each element more accurately. This is especially valuable in complex control system migrations, where precise scheduling is a must-have to minimize operational disruptions. Owner-Level and Vendor/Contractor-Level WBS In many projects, including government and large-scale industrial migrations, the WBS is divided into two levels: Owner-Level WBS : The project owner (often the client or the entity funding the project) typically defines the first few levels of the WBS. This includes outlining the major phases, primary objectives, and key deliverables. For instance, in government contracts, the owner might specify the first two levels of the WBS, setting the foundational structure of the project without delving into granular details. Vendor/Contractor-Level WBS : Contractors or vendors are then responsible for developing the WBS beyond the initial levels specified by the owner. They add the finer details needed for execution, filling in tasks, subtasks, and resource assignments to meet the owner’s requirements. This approach empowers contractors to bring their expertise to the project, structuring their work to align with the project goals and optimizing resource allocation. This dual-level WBS structure allows owners to set clear expectations while giving vendors the flexibility to plan and execute in a way that leverages their strengths. It’s a common practice to help ensure a balanced approach where high-level objectives are set by the owner, and detailed planning is conducted by those executing the work. Benefits of a Well-Defined WBS A well-defined WBS simplifies schedule and budget development by enabling a “ bottom-up ” approach to project planning and execution. It provides a structured method for estimating time and resources, making it easier to assign costs accurately and avoid budget overruns. By breaking the project down into smaller parts, the WBS helps identify risks early, setting the stage for more effective project management. In the context of control system migrations, where tasks may vary in complexity and dependencies, a robust WBS can help mitigate scheduling challenges. Estimating timeframes for smaller tasks is inherently easier than for large, undefined tasks, leading to a more realistic and achievable schedule. Additionally, as the project progresses, the WBS serves as a roadmap, enabling the project team to track progress, adjust resources as needed, and ensure each phase aligns with the defined scope. For owners and contractors alike, a well-defined WBS not only clarifies project expectations but also enhances the likelihood of completing the migration on time and within budget.   Schedule — Resource-Loaded with Logic Creating a resource-loaded schedule with logic is a vital step in control system migrations, allowing project teams to allocate resources efficiently while ensuring all tasks follow a logical sequence. Once the scope is established, and the Work Breakdown Structure (WBS) is outlined, these elements provide the foundation for developing a detailed, executable schedule. By defining what needs to be done at a granular level, teams can move forward with estimating timelines and applying resources in a structured manner. Building the Schedule with Logical Sequencing A well-crafted schedule isn’t just a list of tasks — it is a sequence of events governed by logic. In this context, logic refers to the relationships and dependencies between tasks, dictating what must happen in a specific order and what can happen concurrently. This logical structure ensures that each activity aligns with the project's overall timeline, minimizing delays and optimizing efficiency. For example, certain tasks may need to finish before others can start, while some can proceed simultaneously, depending on resource availability and task dependencies. Using the WBS, each task in the schedule can be broken down into smaller sections, often organized in a Gantt chart format. The WBS sections align directly with the schedule, allowing for a smooth transition from scope definition to scheduling. As the project progresses from conceptual design (FEL 1) through preliminary (FEL 2) and detailed design stages (FEL 3), the schedule becomes increasingly specific. By the time the project reaches the execute stage, the schedule should be thoroughly developed, reflecting both the scope and WBS in a detailed, logical format. Resource Loading and Effort Estimation Resource loading is the process of assigning human resources, materials, and equipment to each task based on effort estimates. This step involves calculating the actual effort hours needed for each task, allowing the project manager to allocate the appropriate resources at the right times. Effort estimates are based on the complexity of the work, skill requirements, and task duration. A resource-loaded schedule helps ensure that project teams are neither overburdened nor underutilized, helping to keep the project on track and within budget. The resource-loaded schedule allows project managers to see where resources may be constrained or where adjustments might be needed. By integrating resource availability with task dependencies, the team can make informed decisions on scheduling adjustments, such as reallocating personnel or shifting task start dates. This level of planning is imperative in large-scale control system migrations, where resource constraints could lead to significant delays. The Value of Progressive Detailing The level of detail in the schedule should grow as the project advances. Early in the project, schedules are often high-level, with broader phases outlined in sequence. As the project reaches subsequent stages, each phase becomes more defined. By the time the project is ready for funding approval at the execute stage, the schedule should be highly detailed, providing a clear roadmap for completion. A well-detailed, resource-loaded schedule with logical sequencing is essential for obtaining project funding. Investors and stakeholders need confidence in the project’s timeline and feasibility, and a thoroughly prepared schedule demonstrates both preparedness and reliability. The more specific the schedule at this stage, the better equipped the team will be to manage the project’s complexities during execution.   Schedule — Critical Path The Critical Path is a fundamental concept in control system migration project scheduling. It represents the longest sequence of dependent tasks that must be completed for the project to reach its end date. In essence, the critical path is “ the longest pole in the tent ” — the chain of tasks that dictates the overall project duration. Identifying the Critical Path Identifying the critical path involves mapping out the sequence of tasks and understanding their dependencies. Each task on the critical path has no leeway for delay, as any delay in these tasks will directly impact the project’s completion date. Thus, accurately identifying this sequence early in the planning phase is essential, and a resource-loaded schedule can help visualize these dependencies and constraints. A resource-loaded schedule aligns resources with each task, allowing teams to see how resource availability impacts the critical path. By continuously managing to this path, project managers can ensure that resources are allocated to high-priority tasks, keeping the project on track. Managing the Critical Path Once identified, the critical path must be actively managed throughout the project. It’s common for the critical path to evolve as the project progresses — some tasks may be optimized, resources may be reallocated, or unforeseen issues may necessitate changes in task sequencing. For example, a task initially identified as critical “ subtask A ” might later be optimized, shifting the critical path to another task “ subtask D ”. This shifting nature requires a proactive approach to critical path management, with regular reviews to ensure the path remains accurate. Adjustments should be made as necessary to reflect any changes in the sequence or duration of tasks. By monitoring the critical path, teams can quickly adapt to changes and avoid potential delays. Ultimately, the critical path is the backbone of a control system migration project’s schedule. When managed well, the critical path provides a clear roadmap for prioritizing resources and activities to keep the project on track.   Schedule — Slip In any control system migration project, project managers should plan for schedule slip. Slip refers to the allowance for unexpected delays or setbacks that may impact the project timeline. Recognizing that projects are executed by human beings and subject to real-world unpredictability, building in a buffer for slip is a practical and necessary component of scheduling. Why Allow for Schedule Slip? Projects are seldom immune to delays. Factors such as natural disasters, world events, and unforeseen technical challenges can disrupt even the most meticulously planned schedules. By planning for possible delays, teams can set realistic expectations with stakeholders and avoid the need for crisis management when things don’t go as planned. A well-designed schedule with built-in slip is a reflection of common sense and practical risk management. This buffer provides the flexibility needed to adapt to changes without jeopardizing the overall project timeline. It allows project managers to respond to issues effectively, keeping the project on track while managing unforeseen obstacles. Managing Slip in Schedule Development Managing slip requires a careful balance between optimism and realism. Too little allowance for slip may result in unnecessary pressure on resources, increasing the risk of errors and burnout. Conversely, too much allowance may inflate the schedule, impacting cost and resource allocation. The goal is to include just enough flexibility to accommodate probable delays without compromising efficiency. In the context of control system migrations, schedule slip is especially important. These projects often involve complex integrations, interdependent systems, and critical operations. Allowing for slip in the schedule ensures that these complexities are managed without excessive risk of delay, helping the project team deliver a successful migration within a reasonable timeframe. A realistic approach to slip allows for smoother project execution, reducing the impact of setbacks and fostering a more resilient project plan.   Budget — Parametric, Analogous, & Bottom-Up Estimating As you might imagine, budget is an important component when planning a control system migration. Determining the funds required to complete the project is essential to ensure that resources are allocated effectively and that project stakeholders have realistic cost expectations. However, establishing an accurate budget can be challenging, particularly if cost estimates are provided too early in the process without sufficient data or analysis. The following budgeting techniques — Parametric Estimating, Analogous Estimating, and Bottom-Up Estimating — offer different methods to approach budgeting based on the project’s phase and the level of detail available.   Parametric Estimating Parametric estimating is commonly used in the early phases of project development when only high-level information is available. This technique relies on statistical relationships between historical data and other variables, allowing teams to estimate costs based on a unit of measure. For example, building a control system for a manufacturing plant might be estimated based on a cost per Input/Output (I/O) point or cost per square foot. Parametric estimates can vary significantly depending on the type of facility and the complexity of the control logic. For instance, while a widget manufacturing plant may have relatively simple I/O points, a chemical processing plant with advanced controls would require a more sophisticated (and thus more costly) system. Although parametric estimates are useful, they should be used cautiously, as variations in project scope or industry standards can impact the accuracy of these estimates. Unit cost estimating is a similar approach to parametric estimating, where costs are determined based on the cost per unit (e.g., per foot, per ton) of a particular item. This technique is often applied when more specific information about project components is available. In control system migrations, unit cost estimating might apply to components like stainless steel piping or wiring, providing a straightforward calculation for materials or parts with standard unit costs. Unit cost estimating is particularly useful for elements that have consistent pricing structures, allowing project teams to forecast material costs with a fair degree of accuracy. Like parametric estimating, this approach is more reliable when sufficient historical data exists, enabling comparisons across similar projects or components. Analogous Estimating Analogous estimating is another common technique used in the early stages of control system project budgeting. This method relies on historical data from similar past projects to estimate the costs of a new project. For instance, if a similar control system migration was completed five years ago, or if a nearly identical project was executed at another facility a year prior, those projects can serve as benchmarks for the current estimate. Analogous estimating allows teams to leverage known data, adjusting for differences in scope, inflation, or other variables, to create a rough cost estimate without extensive upfront details. While it may not provide the level of accuracy achieved through bottom-up estimating, analogous estimating is a practical tool for generating early budget figures and can be refined as more specific project information becomes available. Bottom-Up Estimating Bottom-up estimating is the most detailed and precise budgeting method, typically applied in the final design phases, such as the FEL 3. By this point, the project team has completed a detailed Work Breakdown Structure and can estimate costs for each subtask with higher accuracy. Bottom-up estimating involves calculating the cost of each component or task individually and then summing them to derive the total project cost. This technique requires a comprehensive understanding of the project’s scope, schedule, and resource requirements, making it best suited for later stages when detailed design and planning are complete. Although time-consuming, bottom-up estimating is highly accurate, as it accounts for specific project needs and is based on actual data from the project’s planning stages. Each of these budgeting techniques serves a unique purpose at different stages of project development. Parametric and Analogous estimating are effective tools in the early stages when only high-level information is available, while bottom-up estimating provides a more precise calculation as the project reaches maturity. By employing the appropriate technique at each stage, project teams can ensure that budget estimates evolve alongside the project, aligning with the increasing specificity of scope and design.   Budget — Analyzing the Quality of Your Budget Once a budget has been established for your control system migration, you’ll want to evaluate its quality. Analyzing the quality of a budget involves assessing whether the cost estimate is optimistic, pessimistic, or realistically positioned within the range of expected expenses. This process allows project managers to ensure that the budget is grounded in reality and aligned with project risks. Contingency and Reserve Planning One element of budget analysis is establishing a contingency amount. Contingency planning accounts for known risks that might affect costs, such as potential delays or changes in scope. Project teams can use various methods to determine contingency amounts, including expert opinion or quantitative approaches like Monte Carlo analysis . By calculating an appropriate contingency, the project team provides a buffer for foreseeable risks, adding a layer of resilience to the budget. In addition to contingency planning, projects should include a management reserve — a fund set aside at the discretion of the project manager to cover unforeseen issues. Unlike contingency, which addresses specific identified risks, the management reserve handles unexpected, “ unknown unknowns ” that may arise. This reserve allows project managers to navigate unanticipated challenges without immediately compromising the budget. Assessing Budget Confidence Analyzing budget quality also involves reflecting on the methodology used to develop cost estimates. Project teams should consider whether their cost elements are based on realistic assumptions and whether they have allocated resources prudently. By evaluating each component of the budget and ensuring it aligns with project goals and constraints, teams can increase their confidence in the budget’s accuracy. Before submitting the budget for final funding, it’s important to undergo this self-assessment. This evaluation helps in identifying any potential gaps and ensures that the budget reflects all known variables and has adequate provisions for managing uncertainty. Moving Forward with an Approved Budget Once the budget has been thoroughly analyzed and approved, the project is equipped with a solid financial plan. At this point, the project should also have a resource-loaded schedule, a clear critical path, built-in allowances for schedule slip, and structured reserve management. These elements together form a comprehensive project plan, ready for execution. As the project progresses, maintaining control over scope, schedule, and budget is crucial. Any project that begins with delays or budget overruns is challenging to recover, making it essential to start on solid ground. Proactively addressing risks early increases the chances of successful project completion and mitigates the impact of any adverse events that might arise.   Project Controls — In-House or Third-Party? Project controls are extremely important for the success of any control system migration. They provide the structure and oversight necessary to manage risks, monitor progress, and ensure that the project remains on schedule and within budget. The decision to handle project controls in-house or to engage a third-party firm depends on factors like organizational culture, project complexity, and available resources. In-House Project Controls Organizations with the necessary skills and resources may choose to manage project controls internally. This approach allows the project manager or other team members to oversee scheduling, estimation, and physical progress. An in-house team can solicit feedback directly from the design, procurement, and construction teams, collating data to update progress against the baseline. In-house project controls require a dedicated team with the ability to monitor percent completions, maintain schedules, and adjust resources as needed. However, many organizations today operate with lean staffing, focusing primarily on operational roles rather than project-specific capabilities. This limitation can impact their ability to execute comprehensive project controls effectively. Third-Party Project Controls When internal resources are insufficient, engaging a third-party project controls firm can be a strategic choice. Specialized firms focus solely on project controls, often bringing a high level of expertise and efficiency. Some third-party firms specialize in control systems, offering insights tailored to the needs of complex control system migrations. Larger engineering firms may also provide project controls services, supported by dedicated departments with robust processes and systems. Outsourcing project controls can offer a level of sophistication and objectivity that may be challenging to maintain in-house, especially for smaller organizations. These smaller facilities may lack the resources or expertise required for project controls and can benefit significantly from external support. Risk Management and Decision-Making Whether in-house or outsourced, project controls are fundamentally about risk management. They provide a framework to assess if the project is on track, identify potential delays, and highlight budget overruns. Having accurate and timely project controls data allows organizations to address issues proactively, minimizing disruptions and maintaining project momentum. Project controls serve as an early warning system, enabling project managers to intervene before small issues become major setbacks. They answer the key questions: Are we ahead or behind schedule? Are we within budget? Are we meeting quality standards?  This transparency is invaluable in ensuring that the project stays aligned with organizational goals. Project Controls in Procurement and Vendor Management When selecting vendors, systems integrators, or OEMs for a control system migration, it’s important to consider their project controls capabilities. Any vendor contributing to the project’s scope should be able to demonstrate project controls skills, providing regular reports on progress, costs, and quality metrics. This requirement applies even to subcontractors like electrical contractors, who may manage specific project segments but still impact overall timelines and budget. In larger companies, project controls are often standardized across departments, ensuring consistency in execution. Smaller organizations, however, may need to assess whether outsourcing these skills can provide the necessary structure to keep projects on track. Regardless of the approach, project controls are indispensable for managing scope, schedule, and budget in control system migrations, providing the transparency needed to ensure a successful outcome.   The Takeaway Control system migrations are complex projects that require a careful balancing of scope, schedule, and budget — the three primary constraints that govern project success. This fourth installment in our series has explored the essential frameworks, methodologies, and tools that can help manage these constraints effectively, from defining scope using the V-Model Systems Engineering approach to managing project controls in-house or through a third-party provider. Moving Forward with Confidence Control system migrations demand precision, foresight, and flexibility. By embracing the methods discussed in this series — from structured planning to diligent budgeting and project controls — organizations can enhance their capacity to deliver successful migrations that meet performance, safety, and financial objectives. Be sure to keep an eye out for the fifth installment in our control system migrations series, where we will explore best practices when planning and implementing training after a system migration. More information about aeSolutions' comprehensive DCS/PLC migrations and upgrades capabilities and services.

  • Is That Really Why Control Systems Go Wrong? - Video Presentation

    Presented by Greg Hardin - Senior Principal Specialist, aeSolutions Why Do Control Systems Go Wrong? The British HSE publication “Out of control - Why control systems go wrong and how to prevent failure” (HSE238) reports the primary cause by phase (specification, design and implementation, installation and commissioning, operation and maintenance, changes after commissioning) of failures of 34 safety systems in different industries. This document is frequently referred to in functional safety activities in the process industries. This presentation will consider just how applicable are the quantitative results presented in HSE238 to the process industries. Keywords: automation, systems integration, upgrade, process safety, process control network, pcn, safety instrumented systems, SIS, systematic failure Auto Generated Transcript: Is that really why control systems go wrong? OK. Out of control, why control systems go wrong and how to prevent failure? That's a publication of the United Kingdom's Health and Safety executive. It is, you know, very well down in the functional safety. Business and I have used this chart. In multiple presentations over the years and what it represents is the percent of particular phase of the lifecycle where things went wrong that resulted in eventually in a serious incident. 6% installation and commissioning 20% modifications after commissioning. 15% operation and maintenance. 15% design and implementation and this is the biggie. That was a surprise to a lot of people when it was published. That the idea that where we were going wrong with. Process safety in related to instrumented protective functions was in specification. So if you take that pie chart, you can do the same thing against. Their safety lifecycle. Specification design and implementation. And then you can break it down a little bit more to show the areas that we're interested in. You know hazard and risk analysis, then sift selection safety instrumented function and safety integrity level determination. Thus Isfel is what we. Used to and still do called the calls. Call the group that I am in. And then device selection safety, integrity, integrity level calculation again. That's assist file function. And then not to cut off half the life cycle. Installation and commissioning. Operation and maintenance modification. I think if you had taken a survey of people before the HSE publication came out, this is where people would have said most of the. Incidents were caused and I'll have a little bit more about that to say about that later in the talk. What really prompted me to want to do the some of the research that led to this talk was what is known as the streetlight of effect. You may be familiar with this little story of someone on their hands and knees. Obviously looking for something along comes a police officer. Ask the person what are they doing and they say they're looking for the car keys that they drop well. The officer wants to help, so he asks where were you standing exactly when you dropped them? And the person replies back up the street. Then why are you looking here? Because the light is better. Are we looking at just at the specification to the exclude, not to the exclusion, but, More giving it more effort than we should, because that's, you know, that's our business. That's what's right, and at least you know my part of the business. That's right, what's right in front of me on my desk or on my computer screen? Is the the sisvel portions of the safety lifecycle that I did just identified? So that's the street light effect? When I was putting this talk together, I said, well, I'm familiar with the Identification of the different incidents in the report. Where they identified that specification is where they went wrong. But I said, well, I probably ought to go ahead and really read the report. And if I read the report. The report is not as exclusive. To the analysis of the various phases as. I was assuming they do say that. Poor hazard analysis of the equipment under control. Inadequate assessment. Systematic approach not used. These are all portions of the specification phase. That when you lump everything together as specification, that's where I started to get worried. If we were. If we were looking where the light was better. So this is the table from that report and. Where they picked up 44 of the incidents that they reviewed were 44% were due to inadequate specification and they said of those twelve were inadequate functional requirements. Specification in and 32 were, 32% were. Inadequate safety integrity requirements specification. Well, if you look at all of the incidents in the report, only one third of the total number of incidents. Which was 15 of the incidents in this case total number only one third of those, or approximately 5 are related to incidents in the chemical or refinery industries. So do the causes of incidents in the process industries follow the distribution given in out of control? That was my promise in starting this. There are lots of Compilations of incidents in the process industries. And there's I will give a list of references at the end of this presentation. But. The granularity of the causes in these compilations is somewhat limited, in other words. Just because a significant incident happened very few cases do the reports, particularly the summary reports that you can find on multiple incidents. Rarely do they give you the detail that you would new need to say. Was this specification related or not? Most of the major incidents, involve a sequence of events they have multiple causes related to organizations and other things and. You know they generate these large reports and again you may find something that says, well, specification of this control or safety function was inadequate. That's almost never the entire story. So I did go through and this is, you know, several of the reference lists, and I did look at 50 incidents in a particular period of time out of this out of loss prevention and the process industries, which is a commonly cited book and I was only able to identify five that were in the least bit instrument related. Based on the description that was given and again. You know, can you say from this was these were these specification related? Possibly there just not enough detail to to tell, so my initial premise that I could. Review the incidents and Compare the results that I could get to the same distribution of incidence of causes in the HSE publication. Turned out to not be very practical, but what can we talk about? Well, here are some of the better known major incidents. I think everybody's probably heard most about most of these, of course, Pasadena in 1989 was the explosion at the Phillips 66 facility here in the Houston area that resulted in the death of Mary Kay O'Connor and eventually the founding of the Mary Kay O'Connor Process Safety Center. The one incident of all of these where you could say that Specifications sure sounds like specification was a good portion of the problem. Was bunch field, but essentially it was a tank overflowed in a fuel depot outside of London and generated and explode a vapor cloud that eventually exploded. And reading the reports on the incident, if you look at it, it's like boy. If this was the consequence Well, did they not recognize the potential consequences of overfilling a tank? Would it have not made sense to have multiple, independent, diverse technology level instruments and communication to the remote Control Center? You know, so I would have to say of the major incidents. That most people are familiar with Bunch Field becomes the closest to being specification related. So where can things go wrong in specifications? Well, you know. Obviously in the hazards assessment. If you don't identify a hazard if you don't identify an initiating event, if you don't accurately. Predict the potential consequences if you give too much credit for your existing safeguards. Well then you regarding ill then you have missed something that will not be addressed in the rest of your project. Risk assessment. People tend to overestimate or underestimate initiating event frequency. We happen to be of all involved in a a project right now. I did some checking on just the other day where we're actually doing some failure mode and effect analysis. Trying to apply some Bayesian statistics to help a client identify the closer. Initiating event frequency to the true value than what you can get just out of looking at the reference books. Obviously you can over under May underestimate the consequence, severity, conditional modifiers and enabling conditions of inappropriately applied to reduce the potential frequency. I've borrowed this chart from the presentation I did a while back on functional safety assessments and this is just. You know, I put this together, it's it's not really a serious analysis. But one thing we run and run into frequently when people ask us to help them do. Safety, integrity level, determination of safety functions related to fired equipment is that they start out assuming that if the slightest bit of uncombusted fuel makes its way into the fire box, then you have a violent explosion that results in a fatality. And if you look at it, it's. Yeah, that makes an awful lot of assumptions, so this just happens to be a specific instance that I've seen several times and people come up with outrageous what seems unnecessarily high. Safety, integrity level requirements beyond that required by the standards. To address this, when if they took a, a more hardheaded look at it, it would not necessarily occur with the frequency or the consequence that they assume. In the safety requirements specification. Systematic errors or your field device is going to be certified to E. C, Six, 1508 or based on prior use. The standard is more forgiving of you if you base them on prior use. However, this is also some place where you can go wrong or go astray, I should say. Because the latest version of ANSI ISA 615 eleven allows you to have a safety integrity level, two function with zero hardware fault tolerance. In other words, no redundancy. Well, that is based on the fact that the failure rates you're using to calculate the safety integrity level are based on prior use, but the standard doesn't stay that very clearly an you know. That's an unfortunate. Weakness I think in the standard, but it's a place where you have to be careful. It makes a difference in how you evaluate hardware, fault tolerance, architectural constraints. Whether you're basing your failure rates. Are they certified devices or are they based on prior use? Is your failure rate data reasonable? Boy, that's something that we deal with very frequently. Clients will come to us sometimes with a manufacturer certificate that has a. Dangerous undetected failure rate for a device that's one or two orders of magnitude lower than what we're used to seeing even for certified devices. And sometimes it can be difficult to get the client to recognize the risk that they're taking in the past. Sometimes I have performed the calculation with their data and then with more reasonable data and showed them the difference. And like I say, you're trying to identify the risk. That the client is assuming by using this potentially unreasonable failure rate that the device can't really maintain in the field. Test intervals. Are people really thought through? You know, that's one of the knobs that they want us to change. Is test intervals? Well, yeah, I can't see you know. Well, let's make this the test interval shorter and we'll get the safety integrity level down. Well yeah, that's true. Or mean up increases. Excuse me, but is that really? You know, if you've got a five year turn around frequency and that's the only time that you can test some of your safety functions well. D. I'll just changing the number. Doesn't really do you anything if you can't actually operate that way. Test coverage is. That's another place where people want to say oh, our test coverage. We're night. We cover 99% of the potential failures. Well, if you look at the possible, hopefully the manufacturers safety manual, that's possibly not. Reasonable, we had a good presentation to spend some time ago about vendor talking about the work that has been done in the nuclear industry about what it takes to obtain test, you know, proof test coverage for shut off valves, and they're not even to get to the highest. Proof test coverage takes an awful lot of work and an awful lot of resources. Hardware resources. Process safety time. Is it accurate digit? Is it considered in the design to the valves really closed fast enough? All process operating modes consider. Do you consider startup and shutdown? Are there times when one piece of equipment is out of service but not another will tripping this safety function at that time? Create a hazard you hadn't anticipated. So in summary. Are 44% of the incidents in the process industries do just to a specification error of a safety function? Doubtful. Most have complex causes noticed. I'm saying serious incidents. Out of control, focused attention on the specification portion of the safety lifecycle, and that was a good thing because before that I think most people would have said that operation and maintenance and problems with management of change where where the main causes of serious incidents were happening and when reason for that is. Well, you know things don't blow up during the Specification's age. They have to be operating and being maintained before you have a serious incident, and so that's tends to be where the focus is. That doesn't mean that the chain that led to the incident did not start back in the specification phase. So out of control, I still consider it a valuable reference.

  • PSM and RMP Audit Themes Across Industry | Part 2

    Updated November 2024 — Written by Judith Lesslie, CFSE, CSP — Those who work in high hazard industries are familiar with the OSHA Process Safety Management (PSM) and EPA Risk Management Plan (RMP) requirements for routine audits to assess and verify compliance with these regulations. In Part 1 blog, we reviewed specific types of concerns that have been identified at many manufacturing sites for several of the PSM/RMP elements. In Part 2 we review the following elements: MOC/PSSR, Process Safety Information, Operating Procedures, Mechanical Integrity, Process Hazard Analysis, and Training. This blog is Part 2 of a series. If you missed part 1, you can find it here.   Reviewing Key PSM/RMP Elements for Compliance: MOC/PSSR, Process Safety Information, and More Management of Change (MOC) and Pre-Startup Safety Review (PSSR) Management of Change (MOC)  and Pre-Startup Safety Review (PSSR) are two elements that are joined at the hip. Almost all sites have occasional one-off failings in their MOC and PSSR systems, but very common program-level failures occur around failure to conduct adequate PSSRs prior to approval for startup; failure to follow-up or document punch list items from PSSRs; and failure to conduct or document adequate training or informing of affected personnel prior to startup. While organizational changes are not specifically required to be included in a site’s MOC system, organizational change management is considered RAGAGEP for PSM facilities, so it behooves covered sites to ensure that changes to personnel and changes to the organizational structure are managed appropriately. Process Safety Information (PSI) Like MOC and PSSR, most sites have occasional failings in the Process Safety Information (PSI) element, which describes information pertaining to the HHC that is required to be available. Larger gaps of PSI are present more often than you might think, including such areas as a clear electrical area classification map, basic process control system alarm documentation (including those identified in process hazard analyses), poor instrumentation documentation, failure to identify safety upper and lower operating limits and the consequences of deviations from those limits, failure to ensure that the process safety time available for Operator response to alarm safeguards (as identified in PHAs) is adequate. Ventilation system design information is another area where documentation is frequently lacking as well. Operating Procedure Operating Procedure element failures often echo the PSI failures mentioned above, most particularly in the areas of identification of safety upper and lower operating limits, the consequences of deviations from those limits, and the steps required to correct or avoid deviations. In a similar vein, safety systems and their functions are sometimes not well-covered in operating procedures. It is also relatively common to identify procedures that do not explicitly cover operating phases, such as startup, shutdown, temporary or emergency operations. Finally, a surprising number of facilities fail to annually certify that operating procedures are current and accurate. Mechanical Integrity Mechanical Integrity (MI) is a huge element, covering vessels, tanks, piping systems, relief devices, emergency shutdown systems, controls, and rotating equipment. While MI programs for mechanical equipment are typically better developed than those for instrumentation and control systems, there are still relatively common concerns identified for mechanical equipment. These include non-code-compliant inspection reports, failure to use appropriately certified inspection personnel, and failure to include components such as hoses, expansion joints, check valves, or other less common mechanical components in the program when they are critical to covered processes. Mechanical Integrity program concerns with controls (including monitoring devices and sensors, alarms, and interlocks) and emergency stop functions are even more common. These include failures to categorize criticality, failure to test or inspect (including very serious failures to test process safety e-stops, instruments, and interlocks), and failure to align process hazard analysis (PHA) safeguards with the equipment included in the Mechanical Integrity program. Process Hazard Analysis A Process Hazard Analysis an area where quality varies widely across facilities. While most sites do have PHA reports, it is far too common to find covered process PHAs that are of poor quality, that use non-standard practices, and that are neglected once completed. PHAs are overdue more frequently than you might anticipate as well. There are many sources of good PHA practices and initiating cause data. It behooves facilities to ensure that the personnel responsible for executing the PHA program are well-trained in current industry practices and have good software tools for executing PHAs. It is also important that PHA recommendations and actions to ensure the integrity of identified safeguards are a part of the program expectations. Related to this, PHA recommendations should receive a high level of management attention to ensure they are completed to expectations in a timely manner. Training The Training element is one of those typically in pretty good shape at many facilities. However, it is not uncommon to find that employees involved in operating the process are not involved in determining the appropriate frequency for refresher training. The Stakes The PSM and RMP regulations have proven over time that they are excellent practices to drive the reduction of serious process safety incidents. It is far better for a company and sites to find and correct their own PSM and RMP system deficiencies than for a serious incident to occur or for a regulatory agency to identify it. Are you positive that the commonly found concerns reviewed above are not present at your facility? Leveraging Expert Support for Comprehensive PSM/RMP Compliance Assessments If you have not previously taken a deep dive into the assessment of the topics above at your site, now would be a good time to do so. If you do not have the right expertise in your staff to assess PSM and RMP compliance in these areas, consider selecting a process safety consultancy with deep experience and expertise to assist you . Their range of experience enables external auditors to share the general methods proven to drive good PSM and RMP compliance across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards.

  • Independent Protection Layers…Will They Work When Needed?

    Updated November 2024 — Layer of Protection Analysis (LOPA) has become an i mportant tool used in industry, often in conjunction with a Process Hazard Analysis (PHA) . It is used to evaluate high severity or high risk consequences with additional rigor of review to assess that safeguards and systems are adequately in place to meet the company’s risk tolerance requirements. During a LOPA, safeguards are identified to interrupt an initiating event from progressing to an undesired consequence. These safeguards must meet the following five core attributes to be credited in a LOPA for risk reduction and classified as Independent Protection Layers (IPLs). Independence Independence is used to assure the effects of the initiating event, or of other IPLs, do not interact with a specific IPL and thereby degrade its ability to perform its function. Independence requires that an IPL’s effectiveness is independent of; The occurrence, or consequences, of the initiating event; and The failure of any component of an IPL already credited for the same scenario. Dependability Dependability is used to assure the IPL is available when needed to prevent the hazard scenario from occurring. Protection provided by the IPL shall reduce the identified risk by at least ten-fold. Specificity Specificity is used to verify the IPL can prevent the cause from progressing to the undesired consequence. Auditability Auditability is used to verify the IPL is routinely tested/inspected at an adequate frequency through the process lifecycle to maintain its dependability. An IPL component, system or action shall be auditable to demonstrate that it meets the risk mitigation requirements of a LOPA IPL. The auditing process shall confirm effectiveness of the IPL through review of the design, installation, functional testing, and maintenance systems of the IPL. Security Security is used to verify the IPL has controls in place that prevent unauthorized changes. The IPL shall be managed by design or by administrative procedure to ensure unauthorized changes are not made that affect the integrity of the IPL, its availability, or any of its properties. Typically during a LOPA, the team does not have the time or resources to assess each IPL to verify they meet these requirements. IPL validation is a process to examine the key elements that qualifies a safeguard as an IPL to ensure they will function when needed and prevent propagation of a hazardous scenario. Good industry practice is to manage, test, and document IPLs through the lifecycle of the process. IPL validation is based on guidelines established under the International Society of Automation ISA-84.91.01 and OSHA Process Safety Management , 29 CFR 1910.119. It is important to note that validation of Safety Instrumented Function (SIF) IPLs are specifically managed under requirements for ISA 84.00.01 and not part of this validation. IPL validation typically uses a set of questions to evaluate if a safeguard meets the five core attributes of an IPL. At aeSolutions, we approach IPL validation using checklists with specific questions for each type of IPL (e.g. alarm, check valve, dike, procedure, etc.). Our associates work closely with each site to gather and review the necessary data to complete the checklists. If an affirmative answer to a question cannot be proven with site documentation, the item is listed as a gap and recommendations are generated. The recommendations are communicated to the facility for further action. Through our work on various IPL validation projects, it has often surprised facilities to discover the areas IPLs do not meet validation criteria. LOPA Teams make every effort to use up-to-date process safety information. They use P&IDs to identify available safeguards, such as relief or indicating devices, however during the IPL validation process discover that the device has been removed, modified or is not functioning properly. Further investigation would be recommended to resolve the risk and evaluate the potential gaps in process safety information, the management of change process, etc. Another example is when a BPCS related IPL (alarm or software action) is identified as being on the same Input/output (I/O) card as another credited IPL or the initiating event device. Typically, the LOPA team does not have the ability, due to time or resource constraints, to review automation logic diagrams during their meeting. So unless a LOPA team member is reviewing the automation logic diagrams this common cause would never be found. The team would feel confident the risk of the hazard scenario is sufficiently mitigated, when in actuality it is not. However, during the IPL validation, review of the I/O card would reveal the lack of independence and require either the selection of a new IPL or a modification to the I/O card arrangement. These examples show that while the LOPA team may identify IPLs to sufficiently manage the risk of the hazard, more evaluation is needed to verify these IPLs as existing or to identify deficiencies. Corrective actions from IPL validation can range from adding IPLs to the site’s mechanical integrity program to revisiting the LOPA and selecting a more reliable IPL. IPL validation is a good industry practice to verify that your IPLs are properly managed, tested, and documented. The IPL validation checklists are also a great reference for future PHA and LOPA studies. #ISA #LOPA #pha #SafetyInstrumentedFunction Learn More About aeSolutions Process Safety

  • The Use of Bayesian Networks in Functional Safety

    Functional Safety & Bayesian Networks Functional safety engineers fol low the ISA/IEC 61511 standard & perform calculations based on random hardware failures. These result in low failure probabilities, which are then combined with similarly low failure probabilities for other safety layers, to show that the overall probability of an accident is extremely low (e.g., 1E-5/yr). Unfortunately, such numbers are based on frequentist assumptions and cannot be proven. Looking at actual accidents caused by control and safety system failures shows that accidents are not caused by random hardware failures. Accidents are typically the result of steady and slow normalization of deviation (a.k.a. drift). It’s up to management to control these factors. However, Bayes theorem can be used to update our prior belief (the initial calculated failure probability) based on observing other evidence (e.g., the effectiveness of the facility’s process safety management process). The results can be dramatic. For example, ass uming a safety instrumented function w ith a risk reduction factor of 5,000 (i.e., SIL 3 performance), and a process safety management program with a 99% effectiveness, results in the function actually having a risk reduction factor of just 98 (i.e., essentially the borderline between SIL1 and SIL 2). The key takeaway is that the focus of functional safety should be on effectively following all the steps in the ISA/IEC 61511 safety lifecycle and the requirements of the OSHA PSM regulation, not the math or certification of devices. Both documents were essentially written in blood through lessons learned the hard way by many organizations. To learn more about the use of Bayesian networks in functional safety , read the full paper here.

  • The use of Bayesian Networks in Functional Safety - Whitepaper

    Functional safety engineers follow the ISA/IEC 61511 standard and perform calculations based on random hardware failures. These result in very low failure probabilities, which are then combined with similarly low failure probabilities for other safety layers, to show that the overall probability of an accident is extremely low (e.g., 1E-5/yr). Unfortunately, such numbers are based on frequentist assumptions and cannot be proven. Looking at actual accidents caused by control and safety system failures shows that accidents are not caused by random hardware failures. Accidents are typically the result of steady and slow normalization of deviation (a.k.a. drift). It’s up to management to control these factors. However, Bayes theorem can be used to update our prior belief (the initial calculated failure probability) based on observing other evidence (e.g., the effectiveness of the facility’s process safety management process). The results can be dramatic. Unlock this download by completing the following form:

  • Strategy for Consistency in Design of Burner Management Systems

    Everyone wants to provide a safe atmosphere for workers, facilities and the surrounding environment. The greatest risk in many process facilities comes from fired equipment. Burner management systems (BMSs) are the safety instrumented systems specific to fired equipment. The greatest challenge many asset owners face while evaluating the adequacy of their existing BMS designs comes from the inconsistency of results from one type of fired device to another of the same type (e.g., a heater or boiler) when using a risk assessment technique such as hazard and operability study (HAZOP ) or layer of protection analysis (LOPA) . Findings an d recommendations should be similar for similar installations. The largest contributors of inconsistency are the qualitative nature of the techniques and the strong opinions of the team members. This is even more of a challenge when different teams are used in different risk assessments. However, there are ways to introduce consistency to the studies without turning them into detailed and expensive quantitative risk assessments. The Environmental Protection Agency has developed simplified protocols for risk management planning to help with this. These protocols utilize equivalent TNT methodologies as contained in the Federal Emergency Management Agency “Handbook of Chemical Analysis Procedures”. Use of this resource can provide the empirical basis needed to drive consistency in the assessment of fired equipment from one asset to another, one facility to another, and one risk assessment team to another. This technique can be simplified in a seven-step method to yield consistent results for fired equipment. These can be summarized as: Step 1: Calculate the vapor cloud explosion effect zone of the fired equipment. Step 2: Calculate the physical explosion and deflagration effect zone. Step 3: Calculate the pool fire effect zone (for liquid fuels only). Step 4: Calculate the personnel density in the effect zone and determine extent of impact. Step 5: Perform a LOPA to determine the frequency for each hazardous event. Step 6: Determine the required probability of failure on demand (PFD) for each safety instrumented function (SIF). Step 7: Determine the required safety integrity level (SIL) for each SIF. Any SIL selection method adopted by a company needs to be easy to use and yield quick results. To make the seven-step method described above easier to utilize, it is recommended that companies develop the following set of tools and procedures: A spreadsheet application for each type of the most common types of fuels the company utilizes in their fired equipment to calculate each of the three effect zones A supporting procedure on calculation of personnel densities A spreadsheet application that provides a framework for LOPA for each of the standard SIFs in BMSs A supporting procedure to include guidance on how to perform LOPA A cost / benefit analysis spreadsheet to support project justification Adopting this methodology will allow a company to quickly, efficiently and consistently evaluate their BMSs and make the most cost-effective business decisions. For more details on how to make the right selections, read the paper “ Burner Management System Safety Integrity Level Selection .”

  • 5 Facets of an Efficient Process Hazard Analysis (PHA)

    Updated November 2024 — Authored by Carolyn Bott — A Process Hazard Analysis (PHA) will prove to be the cornerstone of Process Safety Management (PSM) at any operating facility with the correct tools and the right leaders. Although there are many variables concerning PHAs, the process can be simplified and impactful results can be attained. In this blog, we delve into the 5 facets of an efficient process hazard analysis (PHA). Process Hazard Analysis Scope A well-defined scope for a Process Hazard Analysis is critical to identify potential safety and environmental hazards in a facility. Having a clear and defined Process Hazard Analysis scope does the following: Sets the boundaries of the analysis - This assures all necessary elements are included and relevant risks are identified and assessed Enables the Process Hazard Analysis team to focus on specific areas of concern and analyze them in detail - This reduces the potential for error and minimizes both the time and resources needed Ensures that all stakeholders are aware of the objectives and outcomes of the PHA Standard for Approaching a Process Hazard Analysis Different companies may have their own specific Process Hazard Analysis standards, specific to their operations and the risks involved. These standards typically outline essential measures to perform a thorough PHA, including: Qualifications and training required for team members Selection of appropriate methodologies Level of detail required in the analysis Documentation requirements for the study Frequency of review Ongoing monitoring requirements ensuring the safety and efficiency of operating processes Adherence to these standards is typically required by regulatory bodies and industry best practices. A standard can ensure all relevant factors are considered and a thorough analysis is conducted. Following a standard also facilitates communication and collaboration among stakeholders, enhances consistent decision-making across sites, and promotes continuous improvement in a site’s process safety. Process Hazard Analysis Team An effective Process Hazard Analysis team is composed of individuals with diverse expertise, including engineers, operators, maintenance personnel, and safety professionals. The team: Shall have expertise in engineering and process operations Shall include at least one employee who has experience and knowledge specific to the process being evaluated One member of the team must be knowledgeable in the specific process hazard analysis methodology being used Must be able to work collaboratively to identify hazards, evaluate risks, and develop appropriate risk management strategies Effective communication and teamwork are vital for a successful and efficient PHA. The proficiency of the PHA leader or facilitator has a substantial impact on the team and the outcome of the PHA. A facilitator leans on their own risk management experience and is responsible for guiding the team through the identification and evaluation of all credible process hazards. The leader continuously assesses the team’s dynamic and intervenes when necessary to ensure the group remains on task to complete the PHA efficiently with impactful results. A company can utilize in house experts or hire a third-party to shepherd their Process Hazard Analysis needs – Process Safety Consulting Process Hazard Analysis Techniques & Tools Methodologies The methodology selected must be appropriate to the complexity of the process and site standards. One or more of the following methods, as appropriate, may be used to determine and evaluate the hazards of the process being analyzed: What-if Checklist What-if Checklist Hazard and operability study (HAZOP) Failure mode and effects analysis (FMEA) Fault tree analysis An appropriate equivalent methodology For more info on choosing a risk assessment methodology, check out our webinar that examines the advantages and limitations of various methodologies: Choosing a Risk Assessment Methodology Tools Computer-based systems are used to document Process Hazard Analysis discussions in an organized manner and provide consistency throughout the analysis. Examples of PHA documenting software include: Sphera® PHA-Pro® PrimaTech PHAWORKS RA® aeShield® aeFacilitator® Using appropriate software eases the execution of risk studies. Process Hazard Analysis Review Cycle All Process Hazard Analyses must be updated and revalidated every five years. The periodic review should reflect any changes in the process or surrounding environment that may impact safety. An alternate approach to managing PHA updates is to incorporate them into the study file as changes occur. This method is often called an Evergreen PHA or Continuous PHA Revalidation. An efficient and effective PHA can enhance the safety of processes, reduce the risk of accidents and incidents, improve compliance with regulations and standards, and ultimately support the organization's goals and objectives. Ensuring these five (5) components are in place can help companies have an efficient PHA to identify and mitigate risks before they become safety incidents. The Takeaway | 5 Facets of an Efficient Process Hazard Analysis Summarized Clear and well-defined scope that is relevant to the system being analyzed Systematic and structured approach Multi-disciplinary team of subject matter experts who can identify and evaluate potential hazards from different perspectives Use of appropriate techniques and tools to evaluate and prioritize risks Periodic reviews and updates If you need more guidance for your Process Hazard Analysis, please feel free to reach out to aeSolutions to speak with one of our PHA experts about our capabilities.

  • ISS Source - Functional Safety Assessment Stage 1 Can Discover Critical Flaws Early

    October 2024 - Imagine discovering a critical flaw in your safety system design before your plant goes operational. This scenario, while nerve-wracking, underscores the importance of early intervention in the design phase. This article explores the following topics: How FSA Stage 1 can discover critical flaws early How FSA Stage 1 can reduce incidents The process steps for FSA Stage 1 How FSA Stage 1 can help prevent costly fixes How FSA Stage 1 can help prevent unknown renewable energy risks by Chris Powell, PE, CFSE , SIS Group Manager at aeSolutions . Read the full article here: Functional Safety Assessment Stage 1 can Discover Critical Flaws Early (ISSSource.com)

  • Protecting Personnel and Plant with Facility Siting

    The Value of Facility Siting Studies Updated November 2024 - Process industry history is sprinkled with catastrophic incidents that acted as drivers of regulatory change, such as the 1974 Flixborough explosion , the 1984 Bhopal toxic release disaster , and the 2005 Texas City Refinery flammable material release and explosion . Lack of process safety management, damage, and deaths were the commonalities among these incidents. The OSHA Process Safety Management (PSM) Standard and EPA Risk Management Plan (RMP) regulations were promulgated in response to these types of devastati ng accidents. These regulations were supplemented in the US by industry standards such as the American Petroleum Institute (API) Recommended Practices 752, 753, and 756, and with guidance developed by the Center for Chemical Process Safety (CCPS). These standards and guidance documents became the consensus industry practices for performing facility siting (FS) studies . Facility siting studies analyze potential toxic, fire, and explosion hazards to personnel from releases of hazardous chemicals. From a regulatory perspective, facility siting is required in the US by OSHA PSM and EPA RMP for facilities that meet the qualifying definition. A checklist is often utilized during Process Hazard Analyses (PHAs) to meet the regulatory requirements for facility siting; however, a facility siting study provides a more detailed analysis of specific facility siting concerns and should be referenced during PHA scenario development. Facility Siting | A Commitment to Your Team & Your Community Irrespective of regulation, it is best practice to conduct a facility siting study to understand the implications of a release of hazardous materials at your facility. While PHAs develop hazard scenarios that could potentially result in loss of containment, a FS study assumes a release has occurred and evaluates the outcomes accordingly. aeSolutions utilizes the following general approach to performing a facility siting study: Identify chemicals of concern Collect information on site-specific conditions (e.g., equipment and process data, building construction and occupancy data, equipment and building locations on the facility) Identify potential hazard event scenarios from a review of PHAs, incident investigation reports, discussions with experienced personnel, and other pertinent sources of information Identify and classify occupied buildings Perform the hazardous material release consequence analysis Perform the risk analysis if a risk-based approach is used Package the results in a way that the results can be understood and review the results with the client Discuss with the client options to reduce risk For the consequence analysis, software can be used to model the discharge, dispersion, and impacts of an accidental release of flammable or toxic material. Limiting the analysis to the consequence analysis, the facility siting study results are consequence-based , which provides a measure of the severity of the hazard. Taking the assessment, a further step, a Quantitative Risk Assessment (QRA) can apply release event frequencies and appropriate probabilities, such as probability of ignition and vulnerability of people to the various effects, to quantify the risk associated with a release scenario. A consequence-based facility siting study is simpler and requires less resources to perform, but the results of a consequence-based FS study may set a higher bar to address and necessitate additional action or protection at a facility. A risk-based QRA requires more expertise and resources to perform the study, but the benefit gained is that the study often finds that the event likelihood of many scenarios is so low that the hazard meets the company risk criteria and additional means of protection that a consequence-based study concludes is needed are not required after all (i.e., less resources spent on addressing facility siting study results). The Takeaway | Facility Siting Studies Conducting a facility siting with a practical approach to study methodology and risk mitigation can balance the cost and course of action to protect personnel and facility assets. This enables company leaders to better make reasonable decisions on how to protect their employees. For instance, relocating all personnel to blast resistant modules can become expensive and may not be necessary in all cases; an alternative combination of innovative solutions may accomplish the risk reduction. Protection can come in different forms, such as increasing airflow through a building for preventing flammable vapor or gas accumulation or utilizing shelter-in-place for toxic concerns. Facility siting requires a pragmatic evaluation of the nature and level of hazard and what would be best for personnel and the plant. Facility siting regulations and standards have improved significantly since the Flixborough, Bhopal, and Texas City Refinery catastrophic incidents and continue to evolve to ensure toxic, fire, and explosion hazards are appropriately mitigated in the future. Ultimately, a detailed facility siting study can help you understand the hazards of potential releases, how those hazards can impact occupied buildings, and most importantly, determine effective solutions to protect your valued workforce.

  • Control System Migrations | Procurement Specification & Vendor Selection

    Introduction | Control System Migrations | Part 3 October 2024 — by Tom McGreevy, PE, PMP, CFSE — If you’ve made it through justifying the cost for your control system migration project  and mitigating risks through front-end loading (FEL) , you are probably well aware that control system migrations are complex projects that require careful planning and strategic decision-making to ensure a successful outcome. Whether upgrading legacy systems or implementing new technology, organizations are faced with several choices throughout the migration process. From deciding whether to handle tasks internally or outsource them, to selecting the right vendor(s) and structuring procurement, each decision plays a vital role in the overall success of the project. In part three of our control system migration series , we take a look at procurement specification and vendor selection considerations such as the make-or-buy decision, specification development, comparing bids, managing purchase orders, and selecting between an OEM or systems integrator. This blog will help operators navigate the challenges of control system migrations and make informed decisions that align with their project goals, budget, and long-term operational needs. To Make or To Buy — That is the Question One of the biggest questions that operators must ask themselves during any control system migration project is whether to perform key tasks internally (" make ") or to outsource them to external engineering firms (" buy "). This decision impacts not only the project’s cost structure but also the timeline, resource allocation, and overall risk management. In-House Expertise vs. External Support The first question any organization must ask is whether they have the internal expertise to first develop the necessary procurement specifications, and later to perform critical tasks like hardware and software configuration, testing, construction or construction oversight, and finally commissioning and startup. If a company has a seasoned in-house team with experience in these areas, then it might make sense to handle much of the work internally. However, the reality for many organizations is that, while in the past they may have had this level of specialization in-house, years of corporate downsizing has resulted in a plant that is staffed to operate and maintain, but not to change or grow. This is where external partners can offer value. Developing Functional and Hardware Specifications Many clients seeking to replace or upgrade their control systems find that developing detailed functional specifications and hardware requirements is one of the most daunting challenges. It has become more common for organizations to partner with engineering firms like aeSolutions to provide these services, ensuring that the right foundation is set for successful vendor engagement and implementation. Whether you decide to develop specifications internally or bring in external help largely depends on your team’s capacity to handle such detail-oriented work in the time required to complete it. Project Scope and Complexity Projects that involve complex control system migrations, especially those operating in regulated or highly specialized industries, often benefit from third-party expertise to manage risk. The make-or-buy decision can also hinge on how familiar your internal team is with new technology or compliance requirements. Resource Allocation and Timeline Time is a critical factor. Even if you have the expertise to, for instance, develop the specifications internally, does your team have the bandwidth to dedicate to such a significant task? External vendors can accelerate this process, as they often have pre-existing frameworks, tools, and processes to expedite specification development, procurement planning, and system integration.   The decision to "make or buy" in a control system migration project is multifaceted, involving an assessment of internal capabilities, the scope of the project, and the available resources. Partnering with an external engineering firm can significantly help operators navigate these decisions by offering specialized services in functional specification development, hardware design, and project management. For companies without the necessary in-house resources, opting for external support can ensure that projects stay on time and within budget, while minimizing risk and ensuring compliance with industry standards.   The Importance of an Apples-to-Apples Comparison of Bids If you’ve decided to work with an external vendor for your control system migrations project, you’ll need to be prepared to solicit and compare bids. The process of comparing these bids can become complex if the requirements are not clearly defined or standardized across vendors. The key to a fair comparison is ensuring that the procurement specifications are well-documented, precise, and conveyed in a way that all bidders understand and respond to similarly. Establishing Clear and Consistent Requirements A well-defined procurement specification is essential to level the playing field for all potential vendors. The goal here is to outline your system’s requirements in enough detail so that bidders know exactly what you need. Even if every detail isn't fully defined at the outset, sharing a clear overview of the project's scope and expectations can prevent wide variations in vendor proposals. If the procurement specifications are vague or too open-ended, you may end up receiving a wide range of responses — from proposals that only cover the absolute bare minimum to others that offer high-end, premium solutions that far exceed the project’s actual needs. This spectrum of responses can make it challenging to make an apples-to-apples comparison of the bids and determine which one offers the best value for your organization. Balancing Price and Value Without precise specifications, vendors may interpret your project needs differently, leading to bids that range from cost-effective solutions to more feature-rich —  and more expensive  — options. For instance, one bidder might propose the minimum viable solution to meet basic operational requirements, while another might propose an advanced system that exceeds your actual needs. The challenge lies in striking a balance between affordability and value. While the lowest bid may seem attractive from a budgetary perspective, it may not meet all the functional requirements. Conversely, the highest bid may offer unnecessary features that inflate the overall cost. By defining the requirements clearly from the start, you can ensure that all vendors are bidding on the same or a very similar scope, which in turn allows you to make a fair comparison. The process of comparing bids is more than just identifying the lowest price — it's about ensuring that the bids align with the project's requirements and offer the best value. By taking the time to develop a detailed procurement specification, you can help ensure that all vendors are bidding on the same scope, enabling a fair and effective comparison. This ultimately helps reduce the risk of selecting a solution that either underperforms or overextends your budget without adding proportional value.   One Purchase Order or Several? When planning a control system migration, contracting strategy is an area that can significantly impact project execution, specifically, whether to issue one purchase order covering all aspects of the project or to break it down into several purchase orders, each targeting specific phases or services. This decision is largely influenced by how much control an organization wants over individual project elements and the resources available for managing multiple contractors or vendors. In recent years, it has become more common for clients to solicit bids that cover the entire project scope — functional specification, configuration, construction, and testing  — under one proposal. This trend is driven by a desire to reduce management complexity and place responsibility on a single contractor, who may either perform all the work or manage subcontractors on behalf of the client. Choosing to issue a single purchase order means entrusting a single entity with managing the entire project, from developing the functional requirements specification to system configuration, construction, and even system testing. This centralized approach can streamline communication and coordination, as one vendor takes responsibility for delivering the full scope of the project. This option can reduce the burden on the operator/project manager(s), who won't need to oversee multiple contractors or manage complex interdependencies between different service providers. It is likely that most bidders responding to a “one purchase order” solicitation will themselves have to partner with others to bring the full set of skills needed. For instance, it is a rare systems integrator who is also a fully qualified electrical contractor and has its own craft labor, so the SI may have to sub-contract the construction and perform a construction management role. In these circumstances, the ability of the bidding “prime” contactor to manage sub-contractors should be fully investigated. Alternatively, opting for several purchase orders allows the client to maintain more direct control over each phase of the project. For example, one organization might handle the functional specification, another would take care of configuration, a separate electrical contractor could be hired for construction, and yet another vendor could handle system fabrication and testing. By compartmentalizing the work across multiple vendors, the client can select specialists for each task, potentially increasing the quality of each deliverable. However, this approach demands more from the client in terms of project management and coordination, as they will need to ensure seamless handoffs between each contractor and resolve any issues that arise between different teams. Benefits of a Single Purchase Order Streamlined Communication and Management : With a single PO, there’s one main point of contact and fewer layers of coordination, making it easier to maintain clarity and avoid misunderstandings. Reduced Administrative Overhead : Managing multiple POs can create administrative challenges, from contract negotiation to handling project milestones and payments. A single contract reduces the complexity. Accountability : A single vendor is accountable for the entire project, meaning they are responsible for both the high-level planning and the detailed execution. This can lead to better overall project alignment and fewer disputes over scope or responsibility. With a well-developed scope, you likely will have structured your commercial terms to be mostly “fixed fee”, with some exceptions (typically commissioning and startup support are performed on a “time and expense” basis). This transfers risk to the seller, but you are likely to pay marginally more for that risk reduction than you would otherwise by managing several vendors through multiple purchase orders. Benefits of Multiple Purchase Orders Specialization and Expertise : By issuing separate POs for functional specification, configuration, construction, and fabrication, clients can hire specialized organizations with the expertise to excel in each area. This can lead to higher-quality outputs for each phase of the project. Greater Control : Multiple POs give the client more control over the contracting process and each project's stage. For organizations that want tight oversight or are managing a particularly complex or high-risk control system migration, this level of control can help mitigate potential risks. If your organization has the skills and bandwidth to manage multiple vendors, and with a well-defined scope, you may save money by assuming the coordination efforts and associated project risk. Flexibility in Vendor Selection : When using several purchase orders, the client can select different vendors based on their strengths and price points for specific tasks. Deciding What’s Right for Your Control System Migration Project The decision between one purchase order or several is often determined by the company’s internal resources and its desired level of control. Some companies prefer the simplicity and efficiency of a single purchase order, especially if they have limited resources for managing multiple vendors. Others, particularly those with more complex projects or specific performance requirements, may prefer to split the project into smaller parts, ensuring they have direct control over each critical phase.   Think Through Getting Keys to Your New System When planning a control system migration, it is natural for an organization to focus on the design, configuration, and installation phases. However, it’s equally important to think through what happens when the project is complete and the “ keys ” to the new system are handed over. This handoff represents not only the culmination of the technical work but also the point where the organization takes full responsibility for operating and maintaining the system or has appropriately arranged for contracted maintenance support. Beyond Design and Configuration The process of " getting the keys " involves much more than simply having a control system delivered and installed. Organizations must consider the resources needed for successful cutover, site testing, startup, and ongoing support once the project is complete. It’s not enough to just focus on the technical aspects leading up to the handover. Teams must think ahead about the operational and maintenance requirements once the vendor steps back. In many cases, a company might not have the internal resources or expertise to fully support the new system, especially if it's significantly different from what was in place before. This lack of resources has become more common, which makes planning for post-handover support essential. Planning for Post-Commissioning Support One important consideration is whether your organization will need follow-on support contracts. Although the system may be handed over in a fully operational state, it’s important to have a plan in place for ongoing maintenance and troubleshooting. For many organizations, this means working with the vendor to establish a support contract that extends beyond the handover period. In some cases, the first year of support can be capitalized as part of the control system migration project itself. This can be a significant advantage, as capitalizing the support allows organizations to fund it through the project’s capital budget rather than requiring additional operating expenses after the project is complete. However, it’s important to consider this early in the planning process. If your organization decides that a support contract is needed, this needs to be factored into the overall project budget and submitted for capital approval before the project begins. Early involvement by your company’s accounting department may prevent difficult discussions later regarding capitalizing or expensing support contracts.  Whether it's planning for site testing, securing support contracts, or ensuring proper training, the handoff should be seen as the start of ownership rather than the end of the project. This proactive approach will set the stage for sustained success well beyond the initial migration.   Defining System Specification and Functional Specification With any control system migration project, there are two subsets of the overall procurement specification — the system specification and the functional specification. These two areas serve distinct purposes and must be clearly defined to ensure a successful control system migration. The terms for these project documents vary in name and format, but the content is critically important. System Specification: Defining the Hardware and Software Requirements The system specification, sometimes referred to as the hardware specification, focuses on the technical aspects of the control system — specifically, what hardware and software are required to meet the control system migration project’s goals. This specification details the necessary components, such as controllers, servers, communication networks, and software platforms, ensuring that the system will meet the operational and performance requirements laid out by the client. The development of the system specification is usually a more straightforward process compared to the functional specification. Owners can rely heavily on the expertise of their chosen OEMs or systems integrators, as they are familiar with the capabilities of the control platforms they work with. Although not as necessary as with the functional specification aspect, it is still beneficial for a client to work with the vendor to ensure that the specification aligns with the project’s overall objectives and operational constraints. Functional Specification: Defining What the System Needs to Do The functional specification, on the other hand, focuses on the operational requirements of the system — what it must do to meet the company’s needs . A functional specification document answers critical questions about how the system should behave, how processes will be controlled, and how new or existing functionalities will be managed within the system. For example, if the project involves a legacy system upgrade, the functional specification must outline what the system currently does and any additional functionalities that the new system needs to perform. To a greater extent than the system specification, the development of the functional specification requires collaboration between the owner and the vendor. It should be noted however, that vendors and systems integrators, while experts in control systems and platforms, are not typically process experts. They may have extensive knowledge of the systems they engineer, but they may not have the same depth of understanding about the specific chemical or mechanical processes that the system must control. This is why functional specification development requires input from both parties. The client, who has a thorough understanding of the processes involved, must work closely with the vendor to ensure that the control narratives and operational requirements are fully captured. This collaboration is critical to avoid misunderstandings or gaps in the system’s functionality, which could lead to delays or operational issues during startup. Exceptions do exist, so you may find an OEM or a systems integrator with deep process knowledge of your industry. If so, consider yourself fortunate, as functional specification development is often an area where a dearth of owner resources or expertise can bog down the progress and result in schedule delays, or worse, improperly specified functional requirements.  System and functional specifications are fundamental to the success of a control system migration project. While the system specification focuses on the hardware and software requirements, the functional specification defines how the system will operate and meet the owner's needs. Developing these specifications requires a balance between technical expertise and process knowledge, with close collaboration between the owner and vendor. By selecting a vendor that understands both the platforms and the importance of collaboration, owners can ensure a smoother, successful migration process.   Understanding the “As-Is” State of a System One of the more challenging elements of a control system migration is documenting the current, or “ as-is ” state of the system — both the physical and the logical (the programming) . The accuracy of the existing system’s documentation impacts the success of the migration process, particularly during detail design and implementation. Unfortunately, for systems that have been in place for decades, such documentation may be incomplete, outdated, or exist only in the form of internal team knowledge passed down informally within the organization. Project teams and vendors should have a clear understanding of the physical layout, wiring, and system configuration before beginning any detailed design work. This includes capturing details such as I/O points, control panels, network architecture, and wiring diagrams. In some cases, the hardware may have undergone ad-hoc modifications over the years that were never formally documented, further complicating the process. The configuration (programming) of the system must also be documented, so that all parties can understand how the process is currently controlled, even if significant changes are planned. For these reasons, documenting the as-is state of the hardware and software must happen during the Front-End Loading  (FEL) phase. Doing so helps ensure that the team has a solid foundation to work from when transitioning to the new system. The risk of skipping this step, or relying on incomplete documentation, is that errors will arise during cutover — especially during time-critical turnarounds  — which can lead to expensive delays or operational disruptions. Options for Capturing the As-Is State Companies must make a decision early in the project about how to approach capturing the as-is state. If the system documentation is poorly maintained, as is often the case with older systems, the owner needs to assess whether they have the internal resources and expertise to update and complete the documentation themselves. This effort can be time-consuming and requires a deep understanding of both the process and the control system architecture. Alternatively, the owner may choose to outsource this work to third-party vendors who specialize in control system migrations.   Vendor Migration Options The process of evaluating vendor migration options involves not only selecting the right platform (a vendor may offer several variations), but also defining the stages of migration and determining how much flexibility or structure you want to allow in the vendor proposals. The goal is to ensure that vendors understand the scope of the project and are equipped to meet both your technical and operational needs. Platform Choices: Balancing Cost and Capability The choice of platform for your control system migration is one that will impact the cost, capability, and future flexibility of the system. There is a wide range of options, from more affordable, bare-bones platforms to premium, highly capable systems with extensive features and flexibility. By clearly defining your platform requirements, you can guide vendors to propose solutions that meet both your budgetary and operational needs. However, it’s important to strike a balance — although low-cost solutions may be attractive, they may not offer the long-term benefits or reliability needed for your specific industry. Staging the Migration Process Another important consideration is determining the stages of the migration process. Operators should define an execution strategy that outlines the sequence of steps: which parts of the system will be migrated first, second, third, and so on. This approach allows you to ensure a smooth transition and minimize disruptions during the migration. If vendors aren’t provided with enough detail about how the migration will unfold, they may make assumptions that lead to misaligned or faulty bids that may not be executable if the migration stages and sequence aren’t properly communicated.  Providing Flexibility for Vendors While some companies may know exactly what they need and dictate a rigid scope, others may want to give vendors the flexibility to propose creative solutions or cost-saving ideas. In these cases, it’s important to structure the procurement specifications to allow for both a base bid and optional upgrades or alternative strategies. For example, the base bid would cover the minimum requirements, while vendors could offer additional features or enhancements as options. This approach ensures that vendors meet the project’s essential needs but also allows room for innovation, enabling the owner to consider creative or cost-effective solutions that may not have been previously identified. Choosing the right vendor migration options involves a balance between defining project requirements, an execution sequence that aligns with business needs, and allowing vendors the flexibility to propose creative solutions. Owners need to determine the most appropriate platform based on budget, capability, operational constraints (allowed downtime for migration activities), and future needs, while also structuring the procurement specifications to allow for both base bids and optional enhancements. By clearly defining the stages of migration and establishing guidelines for vendor proposals, owners can avoid the pitfalls of inconsistent or inexecutable bids and ensure a smoother, more predictable migration process.   OEM vs. Systems Integrator Another decision companies face with any control system migration project where a “buy” decision has been made is whether to partner with an Original Equipment Manufacturer (OEM) or a systems integrator (SI) to perform the implementation. This decision depends on several factors, including the size and complexity of the project, budget constraints, and the need for local versus global availability. Working with an OEM OEMs are the original providers of the hardware and software platforms running the vast majority of the world’s automated control systems. These companies have deep knowledge of their products and can provide comprehensive support for implementing and configuring their systems. However, partnering with an OEM often comes with higher costs. Large OEMs typically have higher hourly labor rates, and their teams may not be located locally, which can add travel expenses to the project. Additionally, OEMs are sometimes more focused on larger, high-value projects, and they may not find smaller migration projects as attractive. This means that for smaller projects, you might not receive the same level of attention or priority from the OEM. Despite these potential downsides, the advantage of working with an OEM is the assurance that you’re working with the team that knows the platform inside and out. They can often provide direct access to new features, updates, and the highest levels of technical support, which can be critical for highly complex or high-risk projects. Additionally, if your company is taking on migrations as a strategic business initiative at multiple sites concurrently, an OEM partnership, with its deep resources, may make the most sense.  Working with a Systems Integrator Alternatively, many organizations choose to partner with a systems integrator (SI) for their control system migration projects. SIs are typically smaller, more localized or regional firms that specialize in implementing and integrating control system platforms, often in partnership with one or more OEMs. They can provide a more cost-effective option, particularly for small to mid-sized projects, as their labor rates tend to be lower than those of the large OEMs. One key benefit of working with a systems integrator is their proximity. A local or regional SI can offer more hands-on, timely support throughout the migration process. They are also likely to be more flexible and responsive to smaller projects, which might not be a priority for the OEM. Additionally, because they maintain relationships with the OEM, they can often provide the necessary expertise while still offering a more personalized and cost-effective service. It’s also important to consider the relationship that an SI has with the OEM. Many SIs have deep experience with specific platforms and work closely with the OEMs to ensure they are up to date on the latest technologies and standards. This allows them to act as an extension of the OEM’s expertise, but with the added benefit of being more focused on your specific needs.   The Takeaway | Control System Migration Procurement Specification & Vendor Selection Control system migrations are complex, multifaceted projects that require careful planning, strategic decision-making, and collaboration with the right partners. From deciding whether to manage tasks in-house or outsource to engineering experts, to developing well-written procurement specifications, choosing between single or multiple purchase orders, and selecting the right vendor migration options, every decision impacts the project’s chances of success. Organizations must carefully consider their internal resources, the complexity of the system, and their long-term operational needs to determine the best approach. By taking the time to document the "as-is" state, clearly define system and functional specifications, and engage the right vendors — whether OEMs or systems integrators — companies can navigate the challenges of control system migrations effectively. The key to success lies in thorough preparation, informed vendor selection, and strategic execution to ensure a smooth transition and sustainable outcomes.

  • Leverage Unplanned Shutdowns to Enhance Safety Testing | ChemicalProcessing.com

    October 2024 - Discover how to leverage unplanned shutdowns to facilitate proof testing of safety instrumented functions, improving safety protocols and minimizing downtime. This article explores the following topics: Utilizing unplanned shutdowns for safety instrumented function (SIF) proof testing Reducing maintenance frequency by leveraging these events as safety tests Ensuring regulatory compliance through proper documentation and test validation Applying software tools and data analytics to optimize safety testing Exploring future trends like AI and automation in safety management by Chris Powell, PE, CFSE , SIS Group Manager at aeSolutions . Read the full article here: Leverage Unplanned Shutdowns to Enhance Safety Testing - ChemicalProcessing.com

bottom of page