by aeSolutions Technical Team ​ A two‐prong templatized approach to multiple brownfield burner management system upgrades can result in significant cost savings. The first step requires coming up with an equivalent design for the safety instrumented burner management system following the ISA 84 safety lifecycle , as allowed in current NFPA standards. The second step utilizes a templatization approach for multiple units with common functionality that will allow an organization to further maximize savings. Actual experience doing this on repeat BMS projects indicate the level of overall savings can be as high as 75% on the safety lifecycle, 70% on the control system design and integration, and 35% on the operation and maintenance activities. The combined overall savings are roughly 60%. Click here to view the complete whitepaper Drive risk out of the business and maximize availability of your fired equipment by engaging aeSolutions Burner Management System and Combustion Control System experts. Our experts are active on NFPA, API, IEC and ISA committees to ensure that code compliance is built into everything we deliver. Learn More

by aeSolutions Technical Team This paper will discuss how quantitative methods can be utilized to select the appropriate Safety Integrity Level associated with Burner Management Systems. Identifying the required amount of risk reduction is extremely important especially when evaluating existing legacy Burner Management Systems. Selection of an overly conservative Safety Integrity Level can have significant cost impacts. These costs will either be associated with increased Safety Instrumented System functional testing or complete removal / upgrade of the existing Burner Management System. In today’s highly competitive business environment, unnecessary costs of any kind cannot be tolerated. KEYWORDS: ISA/IEC 61511 , Safety Instrumented Systems, Burner Management Systems, Safety Integrity Level, Probability of Failure on Demand Click here to view the complete whitepaper BMS and Combustion Solutions Drive risk out of the business and maximize availability of your fired equipment by engaging aeSolutions Burner Management System and Combustion Control System experts. Our experts are active on NFPA, API, IEC and ISA committees to ensure that code compliance is built into everything we deliver. https://www.aesolutions.com/combustion

Have you ever had the problem of having a perfectly functional BPCS * interlock that you know is highly failure immune, yet when it comes time for the Hazard Analysis, you may only take one credit? Unfortunately, for facilities following the IEC 61511 safety lifecycle, any interlock not designed according to the standard is limited to one risk reduction credit. This can make meeting extremely low total mitigated event likelihood targets (such as 1x10-5 or 1x10-6) exceedingly difficult. ​ What can you do if you do not want to redesign your BPCS interlock to meet the IEC 61511 requirements? The only thing left is to seek out a deviation, though you better have good justification. This case study will examine the approach used for one client to justify two risk reduction credits on their robust BPCS interlock in two basic steps. The first step was to decide a reasonable probability of failure using a Failure Mode and Effects Analysis technique (FMEA) . All relevant failure modes including the ubiquitous human component were examined. Next, plant operating history was reviewed and applied in a Bayesian analysis to determine the upper credibility (confidence) limit. The overall FMEA and Bayesian analysis process, including the "why," "how," and results will be provided. ​ As a bonus, the methods used in this case study can be directly translated into a case for Prior Use Justification, data collection, and user-customized and maintained failure rate data. Click here to view the complete whitepaper

by Ken O’Malley , Founder, P.E. ABSTRACT A systematic database approach can be used to design, develop and test a Safety Instrumented System (SIS) using methodologies that are in compliance with the safety lifecycle management requirements specified in ANSI/ISA S84.01. This paper will demonstrate that through a database approach, the design deliverables and system configuration quality are improved and the implementation effort is reduced. Topics Include: ANSI/ISA S84.01 , Safety Instrumented Systems , Safety Instrumented Functions , Safety Integrity Levels, Safety Lifecycle Click here to view the complete whitepaper During the SIL Verification process, the type of equipment specified, voting architecture, diagnostics and testing parameters are verified by calculation, producing the Probability of Failure on Demand, and Spurious Trip Rate for each SIF. Additionally, we consider hardware fault tolerance (HFT) required. The SIL Verification calculation Reports are provided from all tools and calculations we perform. A Design Verification Report (DVR) details the calculation parameters, assumptions, limitations, and sources of data for SIL calculations performed. Recommendations for optimized SIF performance (taking into account both safety integrity and spurious trip evaluation), are also reported in this document. aeSolutions' SIS Engineers are trained and experienced in the fundamentals and the advanced parameters of SIL Verificat ion Calculations. Our engineers, many of which have CFSE, CFSP, and ISA84 Expert certifications, work with our clients to evaluate the SIS options for optimized investment.

by Keith Brumbaugh Is our industry stuck in the past? The current industry trend is to only look at random hardware failures in safety integrity level (SIL) probability of failure on demand (PFD) ca lculations. No one would appear to be updating assumptions as operating experience is gained. Hardware failure rates are generally fixed in time, assumed to be average point values (rather than distributions), and either generic in nature or specific to a certain set of hardware and/or conditions which the vendors determine by suitable tests or failure mode analysis. But are random hardware failures the only thing that cause a safety instrumented function (SIF) to fail? What if our assumptions are wrong? What if our installations do not match vendor assumptions? What else might we be missing? How are we addressing systematic failures? One obvious problem with incorporating systematic failures is their non-random nature. Many functional safety practitioners claim that systematic errors are addressed (i.e., minimized or eliminated) by following all the pro cedures in the ISA/IEC 61511 standard. Y et even if the standard were strictly adhered to, could anyone realistically claim a 0% chance of a SIF failing due to a human factor? Some will say that systematic errors cannot be predicted, much less modeled. But is that true? This paper will examine factors which tend to be ignored when performing hardware-based reliability calculations. Traditional PFD calculations are merely a starting point. This paper will examine how to incorporate systematic errors into a SIF’s real-world model. It will cover how to use Bayes theorem to capture data after a SIF has been installed — either through operating experience or industry incidents — and update the function’s predicted performance. This methodology can also be used to justify prior use of existing and non-certified equipment. Click here to view the complete whitepaper

by Jacob Lindler Effective Process Hazard Analysis (PHA) facilitators combine soft skills with technical knowledge to guide PHA teams through a thorough identification and analysis of process hazards. PHAs for complex processing units place a significant demand on the time of valuable engineering, design, and operations personnel, so conducting an efficient PHA is key to minimizing team fatigue and maximizing available resources. Inevitably, there are hazard scenarios at which the team’s discussion begins to swirl, circling around multiple consequence definitions or risk rankings without coming to agreement. Facilitators should consider the following examples of tools successfully used to stop the swirl by providing the PHA team with the right information at the right time. Click here to view the complete whitepaper PHA studies are the core of process safety and risk management programs. They help companies identify hazard scenarios that could lead to a release of highly hazardous chemicals that can cause negative impact on people, the environment, and property. PHA is required by OSHA's PSM (29 CFR 1910.119) and EPA's RMP (40 CFR 68) regulations in the US and process safety and risk management regulations around the world. Companies that handle or process highly hazardous chemicals have a responsibility to protect employees, the public and the environment from exposure to accidental releases. aeSolutions specializes in various PHA methodologies, such as Hazard and Operability Studies (HAZOP) , Control Hazard and Operability Studies (CHAZOP) , Hazard Identification (HAZID), What-If, Checklist, Bowtie, and Failure Modes and Effects Analysis (FMEA) to meet regulatory and client requirements. Our experienced, trained facilitators specialize in the process safety lifecycle to fully integrate assessment, design, and operation of the facility.

by Sarah Manelick ‘Evergreen’ and ‘lifecycle’ have become two common buzz words in our industry. They are thrown around in a variety of topics, processes, and philosophies as descriptions of how management plans should be set up. But what does it really mean to have an evergreen process? How does one keep a lifecycle alive? This is especially relevant when it comes to topics such as alarm management, where it is commonly touted that once a plant rationalizes their entire system, they have completed alarm management. This paper will deconstruct the alarm management lifecycle and pinpoint key aspects that can be integrated into process safety management systems and work processes that already exist. Tying the alarm management lifecycle to what is already being done as part of process safety and good engineering practice will help to ensure it remains ‘evergreen’ and delivers the intended benefits. Click here to view the complete whitepaper aeSolutions offers services and systems to bring the client’s alarm management practices into compliance with the current ISA 18.2 standard s. Our services are designed to support our clients’ desires to encourage a culture of sustainable alarm management as an important component to their overall process safety strategy. Learn more here.

by Ron Nichols Abstract: This paper discusses the identification, selection, implementation and management of Non-SIF IPLs through the process lifecycle . 1. Layer of Protection Analysis Layers of Protection Analysis (LOPA) in conjunction with the Process Hazard Analysis (PHA) is now a key tool used by the chemical, oil and gas industries to assist companies in identifying, implementing and managing the critical safeguards needed to achieve their risk tolerance targets. The LOPA is used to identify the number of Independent Protection Layers (IPLs) and their integrity needed to reduce the likelihood to an acceptably low frequency that an initiating cause will progress to an undesired consequence. 2. Lifecycle Management of IPLs Since the acceptance of ISA 84.00.01 / ISA/IEC 61511, the life cycle management of safety instrumented systems is now being implemented throughout industry. The required safety integrity level (dependability) for the safety instrumented functions (SIFs) are obtained by closing the LOPA gaps between the existing mitigated event likelihood (MEL) and the company’s target mitigated event likelihood (TMEL). Often a SIF is combined with non-SIF IPLs to achieve the risk reduction gap closure, reducing the SIL requirement assigned to that SIF. To maintain acceptable risk targets, all IPLs, not just SIFs, must be managed through the lifecycle of the process. This is because many LOPA gaps are closed by only non-SIF IPLs the SIL assignment for many SIFs depend on the use of non-SIF IPLs used in that LOPA. Click here to view the complete whitepaper

by Richard E. Hanner & Tab Vestal ​ The history of high consequence incidents in industry reveals that most accidents were the result of systematic failures, not hardware failures. However, a higher degree of focus in engineering is often on the quantifiable failures of hardware. Process Safety risk gaps are often closed or reduced by several types of Independent Protective Layers (IPLs). Two common types are Safety Instrumented Functions (SIFs) and Basic Process Control System (BPCS) functions. The SIFs typically reside within a SIL-rated programmable logic controller, and their achieved quantitative performance is calculated based on random hardware failures of the SIF hardware components. Conversely, BPCS protective layers are assigned generic industry-accepted probability of failure credits. The BPCS generic industry-accepted probabilities of failure are conservatively assigned and consider unquantifiable human-induced systematic failures. In either case, the likelihood of systematic failures can be reduced by recognizing design, specification, maintenance, and operations activities that are potential sources, and applying measures to prevent or reduce them. By reducing systematic failures, you reduce the risk in the industrial process and increase confidence in meeting the intended integrity requirements. This technical paper will discuss the common sources of systematic failures and preventative or mitigative measures to prevent their occurrence. Topics Included in Whitepaper: Systematic failure , random hardware failure , Independent Protective Layer, IPL, SIF, SIS, BPCS , common cause, Human Factor Analysis , SIL Verification Click here to view the complete whitepaper

by Warren Johnson, PE, PMP ​ In 2005, aeSolutions recognized an industry need for Fire and Gas panels based on a SIL capable PLC safety control platform. Large industrial clients were looking for a system capable of monitoring and controlling Fire system 1/0, combustible gas, toxic gas, and oxygen depletion detectors, initiating suppression release, controlling HV AC, and performing process safety shutdowns. To develop the Fire and Gas system requirements needed by industry, we first needed to understand the regulatory requirements, applicable industry standards, and the types of fire and gas systems currently in use .. Here are some of the key regulatory requirements mandated by OSHA. - OSHA 1910.155 Fire Detection- 3rd party approval by Nationally recognized laboratory - OSHA 1910.164 Fire Detection Systems - Circuit Supervision - OSHA 1910.165 Employee Alarm Systems - Circuit supervision - Power Supply Monitoring Other key drivers are determining which industry standards are applicable. Are the standards mandatory? Many local and state codes reference the International building code. This code requires the use of NFPA 72 for fire alarm signaling systems. The authority having jurisdiction (AHJ) in each jurisdiction has the final authority in determining the applicable standards that the fire alarm system must meet. Click here to view the complete whitepaper

by Keith A. Brumbaugh, PE During a Safety Instrumented System (SIS) implementation project at a plant site new to the ANSI/ ISA 84 process safety lifecycle world, we discovered the importance of utilizing graphic diagrams in the development of SIS ‐related documentation to support the on‐site team meetings and document decisions. In a room full of plant operators and engineers accustomed to working “hands on” in the field, it was often far easier to keep the team on track when they were provided with a drawing to discuss, as opposed to having the team look at a screen full of text. The graphic diagrams also provided the design team with equal benefits as we received greater focused team member feedback, allowing for more efficient and thorough updates to documentation. This method of capturing team member input also enabled concise integration of the team input into various SIS‐related documents during and after the meetings. Examples of these graphic diagrams included the following: ​​ - A logic solver block diagram ‐ used to quickly identify which Logic Solver Safety PLCs, Independent Protection Layers (IPLs), Logic Narratives, and Equipment were related to each other. - Logic flow diagrams for heaters and boilers ‐ used to visualize the order in which light off permissive would be met, which statuses would cause a partial or complete trip, and related IPLs. - SIF Diagrams ‐ used to depict complex SIF architecture to keep track of how a SIF would function. The author will present examples of the different types of graphic diagrams, methods in which the diagrams were utilized, and the benefits that each provided in the implementation of certain phases of an ANSI/ ISA 84 SIS lifecycle project. These diagrams were considered to be valuable process safety information and part of the final SIS Front End Loading design. Click here to view the complete whitepaper

Is our industry addressing the problems facing it today? We idealize infinitesimally small event rates for highly catastrophic hazards, yet are we any safer? Have we solved the world’s problems? Layers of protection analysis (LOPA) drives hazardous event rates to 10-4 per year or less, yet industry is still experiencing several disastrous events per year. If one estimates 3,000 operating units worldwide and industry experiences approximately 3 major incidents per year, the true industry accident rate is a staggering 3 / 3,000 per year (i.e. 10-3). All the while our LOPA calculations are assuring us we have achieved an event rate of 10-6. Something is not adding up! Rather than fussing over an unobtainable numbers game; wouldn’t it be wiser to address protection layers which are operating below requirements? We are (hopefully) performing audits and assessments on our protection layers and generating findings. Why are we not focusing our efforts on the results of these findings? Instead we demand more bandages (protect layers) for amputated limbs (LOPA scenarios) instead of upgrading those bandages to tourniquets. Perhaps the dilemma is we cannot effectively prioritize our corrective actions based on findings. Likely we have too much information and the real problems are lost in the chaos. What if there was a way to decipher the information overload and visualize the impact of our short comings? Enter Bayes rule to provide a means to visualize findings through a protection layer health meter approach; to prioritize action items and staunch the bleeding. by Keith Brumbaugh Topics include: Bayes, Bayes rule, Bayes theory, LOPA, IPL, SIS, SIF, SIL Calculations, systematic failure, human factors, human reliability, operations, maintenance, IEC 61511, ANSI/ISA 61511, hardware reliability, proven in use, confidence interval, credible range, safety lifecycle , functional safety assessment , FSA stage 4, health meter. Click here to view the complete whitepaper