Human Reliability practitioners utilize a variety of tools in their work that could improve the facilitation of PHA ‐ LOPA related to identifying and evaluating scenarios with a significant human factors component. These tools are derived from human factors engineering and cognitive psychology and include, (1) task analysis, (2) procedures and checklists, (3) human error rates, (4) systematic bias, and (5) Barrier effectiveness using Bow‐tie. Human error is not random, although the absent minded slips we all experience seem to come out of nowhere. Instead, human error is often predictable based on situations created external or internal to the mind. Human error is part of the human condition (part of being a human) and as such cannot be eliminated completely. For example, a task performed at high frequency (e.g., daily or weekly) develops a highly‐skilled operator with an expectation of a low error probability for that task. However, as the operator’ skill increases, their reliance on procedures decreases, leaving them open to memory lapses caused by internal or external distractions. The fact that a skilled operator becomes less dependent on procedures is not a conscious decision. It is part of the human condition. Forcing a skilled operator to read the procedure while performing the task they are skilled at, is like asking you to think about what your feet are doing as you walk down a flight of stairs. In both cases a loss of adroitness will occur. A large portion of this paper will be to describe with practical examples the five tools mentioned above. Task analysis is a talk‐through and walk‐through exercise of a task (typically focusing on one or two critical steps of a procedure) that is used to identify error likely situations (ELS). Quantitative human error rates can be attached to the ELS depending on if the error is associated with skill, rule, or knowledge (SRK) based performance. Systematic biases produced by Type 1 (fast) thinking cause judgment and diagnosis errors related to response to abnormal situations. Having a working knowledge of these five tools will improve a PHA‐LOPA facilitator’s awareness and ability to better evaluate human error related scenarios and Barrier failure. In addition the facilitator will feel confident about recommending the need for a more detailed follow‐up study such as an HRA (Human Reliability Analysis) . Click here to view the complete whitepaper Topics include: Human Factors, Human Error, PHA, LOPA, Facilitator, Task Analysis, Bias, Cognitive Psychology

by Brittany Lampson, PhD & aeSolutions Technical Team Implementing a Safety Instrumented Burner Management (SI‐BMS) can be challenging, costly, and time consuming. Simply identifying design shortfalls/gaps can be costly, and this does not include costs associated with the capital project to target the gap closure effort itself. Additionally, when one multiplies the costs by the total number of heaters at different sites, these total costs can escalate quickly. However, a “template” approach to implementing SI‐BMS in a brownfield environment can offer a very cost effective solution for end users. Creating standard “templates” for all deliverables associated with a SI‐BMS will allow each subsequent SI‐BMS to be implemented at a fraction of the cost of the first. This is because a template approach minimizes rework associated with creating a new SIBMS package. The ultimate goal is to standardize implementation of SI‐BMS in order to reduce engineering effort, create standard products, and ultimately reduce cost of ownership. Click here to view the complete whitepaper What is a BMS? What is Safety Instrumented Function (SIF) What is Function Safety?

by Ken O’Malley , P.E., aeSolutions founder This paper will discuss the issues, decisions, and challenges encountered when attempting to initially apply the concepts of the Safety Lifecycle per ANSI / ISA S84.01 to the design of a Life Safety System at a state of the art fiber optic manufacturing facility. More specifically, the methodology / procedures utilized for identification of Safety Instrumented Functions (SIF) and subsequent Safety Integrity Level (SIL) determination will be discussed in detail. In addition, industry specific issues associated with the design of Life Safety Systems and the use of mitigation versus prevention techniques (typically encountered in the process industry) will also be discussed. Topics include: ANSI / ISA S84.01, Safety Instrumented Systems, Safety Instrumented Functions, Safety Integrity Levels, Life Safety Systems IDENTIFYING REQUIRED SAFETY INSTRUMENTED FUNCTIONS FOR LIFE SAFETY SYSTEMS IN THE HIGH-TECH AND SEMICONDUCTOR MANUFACTURING INDUSTRIES Click here to view the complete whitepaper

Several Recognized and Generally Accepted Good Engineering Practices (RAGAGEPs) exist to help someone make their selection and placement of gas detectors (e.g. ISA-TR84.00.07, NFPA 72, UL-2075). However, there are no real consistent approaches widely used by companies. Historically, gas detection has been selected based on rules of thumb and largely dependent on experience. Over the last several years there has been a growing interest in determining not only the confidence but also the effectiveness of those gas detection systems. In fact, incorrect detector placement far outweighs the probability of failure on demand (of the individual system components) in limiting the effectiveness of the gas detection system. An effective gas detection system has three elements: 1. A comprehensive Gas Detection Philosophy 2. Appropriate Detector Technology Selection 3. Correct Detector Placement The Gas Detection Philosophy clearly specifies the chemicals of concern and the intended purposes, i.e. detection of toxic or combustible levels, voting requirements, alarm rationalization , and control actions. Appropriate Detector Technology Selection includes consideration of the target gas and the required detection concentration levels. The primary approaches for Detector Placement are geographic and scenario-based coverage. Geographic coverage places detectors on a uniform grid, and sometimes areas risk ranked to reduce the number of detectors required. Scenario-based coverage has a range of leak models and places gas detectors based on the dispersion modeling results. All three elements for effective gas detection (philosophy, technology, and placement) are interdependent but understanding their relationships is of paramount importance to design an effective gas detection system. The intention of this paper is to present the main considerations that design engineers and process safety professionals should address for each gas detection system element in order to obtain the best return on your investment when placing your gas detectors. Topics include: Instrumentation, Reduction of Risk, Risk Assessment, Protection, Detection System, Alarms and Operator Interventions, Detector, Gas Detection/Dispersion Prediction Click here to view the complete whitepaper

Often times when a person is blamed for “not thinking,” the reality is they were thinking, but were not aware of it. This is the theory of System 1 (i.e., Fast) versus System 2 (i.e., Slow) thinking that explains we are really two people: Our conscious aware selves (System 2 thinking), and a dominant “fast” subconscious making most of our decisions (System 1 thinking) without being consciously aware of it in the moment (to the point that some have argued there is no such thing as “free will”). The heuristics (i.e., mental short cuts) we use to think in System 1 are necessary to make it through a day (it is exhausting to maintain a continuous conscious stream of thought), and often lead to good outcomes. However, System 1 thinking can make us vulnerable to systematic biases (i.e., mental traps) that arise from the use of those heuristics. It is necessary to be aware of the traps System 1 thinking can create, because often times that is our only defense against them. In this respect, “fast thinking” represents one of the fundamental limits to achieving safe operation. In addition to awareness, there is a need where possible to design operator tasks and the interfaces they use to minimize the likelihood of systematic bias occurring when thinking in System 1. Lastly, it would be useful to provide designs that could increase the potential for the operator to engage System 2 thinking (consciousness) when required, which is less susceptible to biases. This paper proposes a combined approach of discussing the cognitive psychology behind System 1 and System 2 thinking, the types of heuristics we use, the biases that result, and operator task and interface design that can minimize the likelihood of systematic bias. The paper will incorporate the learnings from 5 years of safety critical Task Analysis performed for field and control room tasks. A practical operator response to abnormal situation model will be described that will link the heuristics used and potential biases that may occur, as well as design features to minimize the likelihood of those occurring. As presented at the 2020 AIChE Spring Meeting & 16th Global Congress on Process Safety. Click here to view the complete whitepaper Process Safety Services

By Emily Henry, PE(SC), CFSE & aeSolutions Technical Team When your facility is tasked with industry safety standard compliance, where do you start? What do all those SIS acronyms mean? For OSHA PSM-covered facilities, adherence to a functional safety lifecycle can be a critical step in overall SIS performance assurance. What is hiding under the radar of a plant SIS? Risk assessments define hazard consequences with assumed initiating event frequencies. How do we prevent these consequences? By verifying the reliability and availability assumptions of SIL Verification design parameters. Without understanding the design parameters your SIS is based upon, or without proper maintenance of your SIS equipment, your risk assessment gap closure may be incomplete. What factors into the assumptions of an SIS design? Are your safety devices replaced at their specified asset life, tested at the interval, and tested with the necessary rigor to uncover dangerous failures as specified in your calculations? What does following the Functional Safety Lifecycle entail? Does your facility have a Functional Safety Management Plan, perform Functional Safety Assessments on your SIS Design, and keep records of device failures to evaluate field performance against assumed reliability? This paper illustrates the real consequences of failing to uphold SIS design assumptions or follow the Functional Safety Lifecycle. Click here to view the complete whitepaper Prepared for Presentation at American Institute of Chemical Engineers 2024 Spring Meeting and 20th Global Congress on Process Safety New Orleans, LA March 24-28, 2024

by aeSolutions Technical Team This case study will discuss the application of the safety lifecycle as defined by ANSI/ISA 84.00.01‐2004 (IEC 61511 mod) to two single burner multiple fuel boilers. Each boiler is capable of firing natural gas, oil and/or waste gas, in order to supply the plant header with 1,365 psig steam at a maximum capacity of 310,000 lb/hr. The project team included the end client task force at the manufacturing facility, the engineering firm with design/procurement responsibility, the boiler OEM, the burner/gas train OEM, and the safety instrumented system consultant. This paper will cover: the development of a SIS front end loading package the project cost savings realized attributed to following the safety lifecycle the challenges encountered during the design process associated with the implementation of the safety lifecycle across a diverse project team Click here to view the complete whitepaper https://www.aesolutions.com/terms/burner-management-systems

by Keith Brumbaugh P.E Many operating units have a common reliability factor which is being overlooked or ignored during the design, engineering, and operation of high integrity Safety Instrumented Functions (SIFs) . That is the Human Reliability Factor. In industry, there is an over focus on hardware reliability to the n’th decimal point when evaluating high integrity SIFs (such as SIL 3), all to the detriment of the human factors that could also affect the Independent Protection Layer (IPL) . Most major accident hazards arise from human failure, not failure of hardware. If all that were needed to prevent process safety incidents is to improve hardware reliability of IPLs to some threshold, the frequency of near miss and actual incidents should have tailed off long ago - but it hasn’t. Evaluating the human impact on a Safety Instrumented Function requires performing a Human Factors Analysis . Human performance does not conform to standard methods of statistical uncertainty, but Human Reliability as a science has established quantitative limits of human performance. How do these limits affect what we can reasonably achieve with our high integrity SIFs? What is the uncertainty impacts introduced to our IPLs if we ignore these realities? This paper will examine how we can incorporate quantitative Human Factors into a SIL analysis. Representative operating units at various stages of maturity in human factors analysis and the I EC/ ISA 61511 Safety Lifecycle will be examined. The authors will also share a checklist of the human factor considerations that should be taken into account when designing a SIF or writing a Functional Test Plan. Click here to view the complete whitepaper

by aeSolutions Technical Team ​ A two‐prong templatized approach to multiple brownfield burner management system upgrades can result in significant cost savings. The first step requires coming up with an equivalent design for the safety instrumented burner management system following the ISA 84 safety lifecycle , as allowed in current NFPA standards. The second step utilizes a templatization approach for multiple units with common functionality that will allow an organization to further maximize savings. Actual experience doing this on repeat BMS projects indicate the level of overall savings can be as high as 75% on the safety lifecycle, 70% on the control system design and integration, and 35% on the operation and maintenance activities. The combined overall savings are roughly 60%. Click here to view the complete whitepaper Drive risk out of the business and maximize availability of your fired equipment by engaging aeSolutions Burner Management System and Combustion Control System experts. Our experts are active on NFPA, API, IEC and ISA committees to ensure that code compliance is built into everything we deliver. Learn More

by aeSolutions Technical Team This paper will discuss how quantitative methods can be utilized to select the appropriate Safety Integrity Level associated with Burner Management Systems. Identifying the required amount of risk reduction is extremely important especially when evaluating existing legacy Burner Management Systems. Selection of an overly conservative Safety Integrity Level can have significant cost impacts. These costs will either be associated with increased Safety Instrumented System functional testing or complete removal / upgrade of the existing Burner Management System. In today’s highly competitive business environment, unnecessary costs of any kind cannot be tolerated. KEYWORDS: ISA/IEC 61511 , Safety Instrumented Systems, Burner Management Systems, Safety Integrity Level, Probability of Failure on Demand Click here to view the complete whitepaper BMS and Combustion Solutions Drive risk out of the business and maximize availability of your fired equipment by engaging aeSolutions Burner Management System and Combustion Control System experts. Our experts are active on NFPA, API, IEC and ISA committees to ensure that code compliance is built into everything we deliver. https://www.aesolutions.com/combustion

Have you ever had the problem of having a perfectly functional BPCS * interlock that you know is highly failure immune, yet when it comes time for the Hazard Analysis, you may only take one credit? Unfortunately, for facilities following the IEC 61511 safety lifecycle, any interlock not designed according to the standard is limited to one risk reduction credit. This can make meeting extremely low total mitigated event likelihood targets (such as 1x10-5 or 1x10-6) exceedingly difficult. ​ What can you do if you do not want to redesign your BPCS interlock to meet the IEC 61511 requirements? The only thing left is to seek out a deviation, though you better have good justification. This case study will examine the approach used for one client to justify two risk reduction credits on their robust BPCS interlock in two basic steps. The first step was to decide a reasonable probability of failure using a Failure Mode and Effects Analysis technique (FMEA) . All relevant failure modes including the ubiquitous human component were examined. Next, plant operating history was reviewed and applied in a Bayesian analysis to determine the upper credibility (confidence) limit. The overall FMEA and Bayesian analysis process, including the "why," "how," and results will be provided. ​ As a bonus, the methods used in this case study can be directly translated into a case for Prior Use Justification, data collection, and user-customized and maintained failure rate data. Click here to view the complete whitepaper

by Ken O’Malley , Founder, P.E. ABSTRACT A systematic database approach can be used to design, develop and test a Safety Instrumented System (SIS) using methodologies that are in compliance with the safety lifecycle management requirements specified in ANSI/ISA S84.01. This paper will demonstrate that through a database approach, the design deliverables and system configuration quality are improved and the implementation effort is reduced. Topics Include: ANSI/ISA S84.01 , Safety Instrumented Systems , Safety Instrumented Functions , Safety Integrity Levels, Safety Lifecycle Click here to view the complete whitepaper During the SIL Verification process, the type of equipment specified, voting architecture, diagnostics and testing parameters are verified by calculation, producing the Probability of Failure on Demand, and Spurious Trip Rate for each SIF. Additionally, we consider hardware fault tolerance (HFT) required. The SIL Verification calculation Reports are provided from all tools and calculations we perform. A Design Verification Report (DVR) details the calculation parameters, assumptions, limitations, and sources of data for SIL calculations performed. Recommendations for optimized SIF performance (taking into account both safety integrity and spurious trip evaluation), are also reported in this document. aeSolutions' SIS Engineers are trained and experienced in the fundamentals and the advanced parameters of SIL Verificat ion Calculations. Our engineers, many of which have CFSE, CFSP, and ISA84 Expert certifications, work with our clients to evaluate the SIS options for optimized investment.