Inspired by “Conducting an Effective Functional Safety Assessment” presented at the ISA Process Industry Conference. by Greg Hardin Much has been written about the functional safety assessment (FSA) stages, the makeup of the team, and the types of documents that should be reviewed. Yet what might go wrong with an FSA, and what might you do to ensure that an FSA runs smoothly? Would you rather learn from the mistakes of others, or make them all yourself? It’s easier and less painful learning from the mistakes of others. Here are just a few of the things that can go wrong. A consultant was criticized for not identifying a problem on a wiring diagram while performing a stage 1 FSA that was restricted to software. This indicates two misunderstandings of the scope of the FSA: 1) it was limited to software, not hardware; 2) it was a stage 1 FSA – hardwire design would normally not be considered until stage 2. When reviewing the results of a FSA make sure everyone involved understands the scope of the FSA. If certain documents are not available (e.g., hazard analysis, layer of protection analysis, safety requirements specification, etc.) do not get pressured into doing an FSA anyway. After all, you can’t review the completeness of documents that don’t even exist. The fact that anyone would even request such an analysis implies a significant misunderstanding of the overall process. Clause 5.2.6.1.4 of ISA/IEC 61511 now states, “A FSA team shall review the work carried out on all phases of the safety life cycle prior to the stage covered by the assessment that have not been already covered by previous FSAs.” Read that sentence again, and slowly. This is a new requirement and the interpretation and implication may not be clear to some. For example, if you’re asked to perform a stage 3 assessment, but stage 1 and 2 assessments have not been performed, you will essentially still need to complete those earlier assessments! That may catch many off guard and have a significant impact on the budget and schedule. Here are some suggestions for conducting an effective assessment: Make a plan for the FSA — the standard requires it — and stick to it. If you absolutely must deviate from the plan, make sure you identify the consequences and communicate them to all interested parties. Don’t be afraid to “kick over some rocks” during the FSA meeting(s). It’s an opportunity to generate useful discussion. Have a scribe for FSA meetings. If that’s not possible, make sure you take very good notes. Be on the lookout for scope creep. Do not agree to do work that isn’t budgeted. Part 1 :How About a Stage Zero Functional Safety Assessment (FSA)? #show #standard #process #ISA #industry #fsa #control #functional #Safety

Several years ago, aeSolutions started our fired equipment business. This business is focused on safeguarding burners and furnaces, heaters, boilers for example. And there really wasn't the on site expertise into what's really going on. And then what are the hazards associated for some of our clients, one of the most hazardous processes on their facility might be their boiler. There are a lot of, kind of common applications, you see a lot of fired equipment, whether it's an incinerator or a boiler. But within the chemical market, those typically tend to be much more complicated applications of a boiler. In many cases, they can't bring these systems down at a very high frequency. They need to run them for extended periods of time, which makes the design of protective systems for those applications, much more complex and nuanced. In the past, the marker has been, well, natural gas is so cheap where they don't care how efficient our system are.  But today with so much awareness of carbon capturing and carbon release burning these systems more efficiently, efficient use of fuel, getting more energy, more BTUs out of this fuel is really important. Learn more about our Fired Equipment services: https://www.aesolutions.com/fired-equipment

by Tom McGreevy, PE, PMP, CFSE Spend a Little to Reduce the Project Risk Your team has established and communicated a financial justification for your site’s control system replacement project. Now all eyes are on you to ensure that the project is executed in a timely manner and within a certain budget. As Benjamin Franklin said, if you fail to plan, then you plan to fail. This is the second installment in a series on industrial control system migrations: Front End Loading. Why Does Anyone do Front End Loading (FEL)? FEL is all about minimizing the risk: The cost risk, the schedule risk, and the scope risk for any capital undertaking.  Early in a project, the cost impact of changes is low, but it increases, often drastically, in later stages. Implementing a stage-gated process gives an owner/operator the opportunity to make strategic choices instead of falling victim to a haphazard outcome. FEL can be multiple stages: FEL 1, FEL 2, and FEL 3. Some owners opt to only do a single FEL. However, the key is to consider all factors and engage in a level of FEL that is reasonable. Regardless of the number of FEL phases performed, all business needs should be evaluated, and a complete business case should be identified to minimize cost/schedule/budget (scope risk). Wise owners recognize the value of FEL and are more willing to invest strategically up front. The highest return on value at the lowest amount of risk can be easily attained through proper preparation and planning. Key Deliverables of FEL: 1. Execution Strategy and Plan 2. Resource Plan 3. Risk Management Plan 4. Change Management Plan Rip and Replace vs Phased Approach? Two strategies for a control system migration would typically be to either “rip and replace”- that is replace the entire system all at once, or to carry out a phased replacement. Removing the current system entirely and replacing it in one fell swoop during a major turnaround is an option that can be considered. However, often, the business is unable to incur a lengthy outage or is unwilling to accept the risk of a delayed restart if things don’t work out as planned. In these cases, a phased approach can be carried out that uses any combination of the following strategies: Perform a piecemeal upgrade of the system by area. For example, a site has multiple controllers in the plant that are geographically dispersed across different plant areas. Perhaps one plant area can withstand a complete outage better than another area or perhaps one area of the plant is suffering more reliability issues due to the old control system. This would be a piecemeal approach or a “mini-rip and replace” over several phases. Replace the “top layer”, the servers and operator stations for the entire system. Consideration must be given to the compatibility of new computer hardware and operating systems to the controllers and other interfaces.  Virtualization of the new top layer should be given strong consideration, as this topology is certainly the trend not just in industrial control but throughout the IT industry.  Then, in a subsequent phase, the controllers and I/O can be replaced by plant area. Note that sometimes old controllers are be replaced but the old I/O is kept in place. The reasons for this may be to reduce the field construction labor and the risk of cutting over the field device wiring during the turnaround. This approach should be very carefully considered as the plant could be left with long-term reliability issues associated with the old I/O. Another approach to keeping some of the legacy I/O sub-system something I refer to as “The alien approach.” Many may recall a scene from the movie Alien where the creature has its tentacles around a character's face. Similarly, in the alien approach, an adapter and harness are installed on top of old infrastructure, typically at the I/O rack, with the intent to significantly reduce the cutover time of an upgrade. Often such strategies retain a “Marshaling Terminal Assembly” or “Field Terminal Assembly”, which themselves have electronic components that can fail.  Thus, the trade-off is living with a portion of the old hardware and an old interface, and the adapter/harness strategy can also limit access to important troubleshooting points. A Living Functional Specification is a Rare Beast How well a system is documented over its lifetime is a major factor for any migration. Some owners do an outstanding job of keeping up not only their hardware documentation and wiring diagrams, but also the documentation for how the process is controlled. Unfortunately, a living functional specification is actually a rare beast. In any case, functional specification has to be thought through during FEL. Is it sufficient to guide the migration of the existing controller logic to the new controller? Will the project be upgrading the control platform with a system of the same OEM, and does the OEM provide migration tools? Regardless, the automation engineers will need adequate documentation to guide the migration. It is imperative to discuss the owner’s expectations and the programmer’s capabilities to reach an agreement during FEL that determines responsibility for developing the functional specification. Identifying accountability during the FEL phase, prior to the detailed execution phase will mitigate stressors when time is short and pressure is up. Ideally, the functional specification would either be developed, or at least well-outlined, in FEL. At a minimum, the functional specification should be developed as a very early-stage activity during the execution phase. Managing Expectations When we say migration, exactly what do we mean? Where will it start? How far will it go? Will we reuse marshaling terminals? What is our cutover plan?  Determining owner/operator expectations is imperative for success in any project but it is especially so for a controls migration project. The owner’s objectives guide the end-goal and the path taken, ultimately playing into the level of effort, configuration, testing plan, commissioning plan, commissioning duration, etc. Unfortunately, too often clients have not thought through their objectives for a migration project. As one simple example, an owner may say that they would like to roll out the new software but retain the look and feel of the old graphics. Accomplishing this can require a considerable amount of effort and cost, if it’s even possible at all. In addition, this strategy can miss a great opportunity to improve the operator interface experience, which can yield benefits in productivity, safety, and even operator stress levels. Another example involves the control logic itself. Does the owner want to replicate the existing logic in the new control system, or are they open to enhancements that optimize control or provide more operational flexibility? New and powerful control capabilities and features are available in today’s modern control systems. It may be short-sighted to implement a brand new, powerful control system while leaving the basic, 35-year-old control in place because that option appears to be easiest and cheapest. There is extraordinary benefit in exploring the capabilities of modern control systems, but this too should be done in an FEL phase. Some sites have been tempted to move forward with their migration and keep their same control logic and graphics, with the intent of making improvements after the new system is up and running. Perhaps that will be the outcome, but it is unlikely that there will be a compelling event in the future that will trigger additional spending to replace adequately working logic with something new. If the window is missed to optimize the controls during the upgrade, it will be difficult to justify doing so later. Conclusion Achieving the desired objectives in a control system migration requires a holistic, principled approach that combines thorough planning, effective communication, and proactive problem-solving.  Strategic decision-making and meticulous planning are key to any control system migration, upgrade, or replacement.  The Front-End Loading (FEL) phase is a pivotal element in minimizing risks associated with cost, schedule, and scope. Additionally, this process involves managing expectations and clearly communicating on objectives and priorities.

Engineers Week was established in 1951 as a way to promote a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers. Each year, aeSolutions celebrates Engineers Week by hosting fun activities for our employees and by sharing resources and stories that highlight how engineers – and engineering companies – make a difference in our world. This year we asked our employees a series of questions related to engineering and engineering companies as a career choice. We’ll be sharing some of their answers over the course of Engineers Week, which runs from February 18-23. Today’s question focuses on what technologies our team members foresee impacting the engineering field. What new (recent or upcoming) technology do you believe will have the biggest impact on the engineering field? I wouldn't say it is new technology but the improvement in the abilities and use of "smart" devices and handhelds for asset testing/inspection has resulted in better documentation and assessment of equipment condition. Reliability engineers have more tools to monitor trends in equipment performance than even just a few years ago. – Melissa L. While it isn't a technology, emphasizing standardization and reuse will be critical. Rather than celebrating the brilliance of a unique one-off solution, celebrate the reuse of established standards and the work of others. This reduces risk and cost and increases quality and client satisfaction. – Ken O. Communications.  The methods have changed over my career, but the basics are still the same. – Andy G. I'm not entirely sure of the exact name (I think that it called the holo-mat?) It is an interesting technology that was designed for moving props for movies and productions. However, with a little bit of outside the box thinking, I wonder if that same technology could be used in engineering to make devices function more efficiently. – Wyatt S. AI, and perhaps superconductors that "superconduct" at room temperatures. – Tom M. Artificial intelligence will change our world.  While I see benefits, I also have concerns about all impacts (nothing is all good or all bad).  – Kelly J. AI is going to have a huge impact on the engineering world. AI will be able to develop hazard scenarios and analyze the consequences much faster than a human. – Carolyn B. AI - although I don't have the most positive outlook on it! – Ethan W. AI. – Mark S. I bet I'm in the majority here, but I believe A.I. will have the biggest impact on the engineering field. – Joel R.

Ken O'Malley, Founder & President of aeSolutions, reflects on 25 years of growth and connecting technical engineering expertise with people-focused leadership: Ken & Chery O'Malley recently sat down to talk about their 25 years with the company. Look for more content from that interview in the future.

Engineers Week was established in 1951 as a way to promote a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers. Each year, aeSolutions celebrates Engineers Week by hosting fun activities for our employees and by sharing resources and stories that highlight how engineers – and engineering companies – make a difference in our world. This year we asked our employees a series of questions related to engineering and engineering companies as a career choice. We’ll be sharing some of their answers over the course of Engineers Week, which runs from February 18-23. Today’s question focuses on what it’s like to work at an engineering firm. What is your favorite thing about being an engineer or working at an engineering firm? Building things, making things work, solving problems, making society a better place. – Tom M. I think that my favorite thing about working in an engineering firm is the amount of learning that I can accomplish. Whether it's the accounting department, human resources, or the engineers themselves, I am able to learn something new every day. ­– Wyatt S. One of the more satisfying things about this work is seeing a project go from concept to design to implementation.  – Andy G. Problem-solving is my favorite thing.  As a single-parent for 12 years, I honed this skill/gift well. Being a process safety consultant enables me to help industry prevent unplanned incidents that have the potential to harm people, our communities, and environment. – Kelly J. I get to work with high-performing professionals. They are smart and self-motivated. Though they are opinionated I have found them mostly willing to listen to ideas different from their own as long as they are approached in an inclusive way, deliberately looking for common ground. – Ken O. I love working with other highly talented Engineers, the depth of knowledge and technical skills around me is fascinating, there's always something or someone to learn from. – Carolyn B. Engineering is always interesting and is never the same on a day-to-day basis, so I am never bored with my job. Plus, as a consultant, I have worked with so many different clients across a wide variety of industries.  Another positive has been the opportunity to visit many places I might never have otherwise traveled to, such as Guam, Australia, Alaska, Augsburg, Germany, Guadalajara, Mexico, Dublin, and a variety of Canadian cities. – Melissa L. I enjoy solving problems and coming up with solutions that are out-of-the-box. – Kelvin S. I love getting to work with people who are driven and have similar thinking to myself in many ways. I appreciate that engineers at my job are also personable and have good people skills, which is not a given with engineers. – Ethan W. I am able to work on various projects and learn about new technologies. – Mark S. My favorite thing about working at an engineering firm is feeling like my work actually does a difference. – Joel R. How do you describe what you do to your family? I help chemical plant and refinery customers not blow themselves up. – Tom M. My usual line to people that are not in engineering or technical fields, we help to avert disasters.  If it were not for lessons learned, codes implemented and adhered to, half the world would be on fire at any given moment. – Andy G. I make it possible for companies to do things in their facilities while also enabling workers to return home after work without harm. – Kelly J. My kids are 3 and 5, they think I teach people how to be safe around chemicals. Everyday at dinner they ask me what chemicals I learned about and if you need gloves, a mask or a suit to be around that particular chemical. It's quite sweet. – Carolyn B. I tell them that we help facilities to keep their chemicals in the pipe and not have releases that could cause fire/explosions/injuries.  – Melissa L. I make the plants I do work for a better and safer environment for the workers and the communities around them. – Kelvin S. I describe what I do as "making sure all the processes in various factories and companies around the US run safely so the workers can go back to their families at night". – Joel R.

The high-level goal of the numerous machinery safety standards is to reduce injuries associated with machinery interaction. An additional advantage of applying these standards is the effective identification of hazards and analysis of risk, which can have far-reaching impacts and extensive benefits. What Are They Machinery safety standards are industry consensus standards published by standard development organizations both internationally and within the United States. There is a vast volume of published content for Original Equipment Manufacturers (OEMs), machinery users, and integrators to follow when designing, integrating, or using machinery. The prominent machinery safety standard development organization in the U.S. is the American National Standards Institute (ANSI) B11. The ANSI B11 series consists of approximately thirty documents that focus on machinery and machine tool safety, defining safety requirements for machine manufacturers (suppliers), integrators, and users. The ANSI B11 documents mirror the ISO “type A-B-C” established in ANSI/ISO 12100:2012 (Safety Of Machinery - General Principles For Design - Risk Assessment And Risk Reduction), which categorize the standards into three types: Type A – basic safety standards, providing foundational concepts and design principles applicable to a broad spectrum of machinery; Type B – generic safety standards, expounding upon key requirements for the implementation of safety devices and safeguards applicable across a range of machinery; Type C – machine safety standards, defining detailed safety requirements for specific types of machinery A facility looking to be compliant would first start by applying the Type A standard – ANSI B11.0 and ISO 12100 in the U.S. and internationally, respectively. These comprehensive standards provide a method for risk assessment to quantify the unmitigated risk level for the hazardous scenarios associated with the machine. The Type B standard next establishes appropriate safeguards (e.g., interlocks, area scanners, light curtains, etc.) to effectively achieve an acceptable level of risk for all hazardous scenarios. Lastly, a Type C standard needs to be applied based on the specific type of machinery the organization is manufacturing or operating, in order to meet safety benchmarks that have been developed categorically. Although multiple standards may apply to each specific application and may vary based on operational locations across the world, users can likely find a relevant industry consensus standard to provide a framework for machinery safety due to the large availability of standards developed by the many standards development organizations. OSHA Compliance Machine manufacturers in the U.S. are required to comply with the Occupational Safety and Health Administration, OSHA, health and safety laws. Industry consensus machinery safety standards are a recognition of common safety benchmarks and can be used to demonstrate compliance with the OSHA machinery safety requirements of 29 CFR 1910.212 and the General Duty Clause. OSHA’s General Duty Clause requires an employer to furnish to its employees "employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees.” Since machine hazards are “recognized” in industry consensus standards, OSHA expects facilities to conform to machinery safety standards to keep their place of employment free from “recognized hazards” and demonstrate compliance with OSHA requirements. This holds true as long as the industry consensus standard is as strict or stricter than the regulation, which is often the case. Specifically, OSHA has promulgated standards within 1910 Subpart O - Machinery and Machine Guarding, which includes sundry standards applicable to specific types of machinery. ANSI and ASME standards are referenced in addition to numerous other published resources to assist the OEM or machinery user in providing a workplace free from recognized hazards that could potentially cause death or serious physical harm to employees. Compliance with the machinery safety standards is not the only method to comply with OSHA requirements, yet it is both a recognized and approachable method that conforms with OSHA expectations. The machinery safety standards were written by experienced individuals from diverse professional backgrounds to make compliance with OSHA regulations more approachable for manufacturers. Benefits of Applying Machinery Safety Standards The most important benefit of applying machinery safety standards is a reduction of injuries. The standards provide an actionable framework for machine users and manufacturers to reduce the risk of injury through the implementation of safeguards and safe machine design. The standards development organizations publish knowledge at the forefront of safety design and technology, which helps to realize value specific to a wide range of applications. Thanks to this, machinery designers, integrators, and users do not need to reinvent the wheel, saving time and demonstrating business justification while achieving an acceptable level of risk. Applying machinery safety standards is also an opportunity to recognize value apart from safety. If the risk assessment process is conducted early in the design phase, it can be leveraged to integrate controls, automation, and interlocked safeguards into the machinery at an early stage. In general, an opportunity is posed to make cost-effective modifications and implement safe design with a tremendous potential to drive innovation. Furthermore, efficiencies are realized through the implementation of the machinery safety standards such as minimizing downtime and increasing reliability. The standards prescribe safeguarded access for maintenance and inspection activities that significantly decrease machine downtime since the entire machine does not need to be taken offline to interact with it. Work tasks can be safely performed in a protected space while saving time from lockout/tagout activity. An efficient maintenance and inspection ability also maximizes machinery reliability by increasing the preventative maintenance frequency due to the ease of accessing machinery during operation. Plant downtime due to employee injury and/or investigation may further be avoided, along with the associated liability expenses and burdens. There are also softer benefits such as improvements in employee engagement and productivity associated with employment with minimal injuries. When employees feel valued and protected in their workplace, they become more productive, leading to a better workplace and improved safety culture. Minimizing injuries can have cascading effects such as reduced stress, increased creativity, increased employee retention, and greater morale. Conformity with machinery safety standards has tremendous benefits such as reducing injury and liability, leveraging early key design changes, minimizing downtime, increasing machinery reliability, quality, and improving productivity. The machinery safety standards positively recompense designers, integrators and users along with providing a framework for achieving OSHA compliance.

In machine control system design, the question of when to use safety-rated equipment is commonly asked; but this is often the wrong question. The defining question should be whether the specific machine control function is a safety function. Determining this is not always straightforward and requires a hazard assessment to identify safety functions (e.g., equipment, devices, or circuits) and the required performance level of the system's safety-related components. Without a thorough risk assessment, there simply is not sufficient information for a blanket answer on whether it is a safety function or not, and therefore it is not possible to dictate whether or not safety-rated equipment is required. In general, a safety function protects from hazardous scenarios, reduces the risk of personnel exposure to a hazard, and/or maintains a safe state. Some obvious safety functions are emergency stops (e-stops), resets, and protective device integration such as light curtains or area scanners. However, to fully understand the purpose of a circuit or the function that it is performing, personnel involved must have an intimate knowledge of the facility and environment, as well as the specific machines integrated with upstream and downstream systems. The risk assessment is the starting point to characterize tasks, hazards, and operational and control scenarios. It identifies the safety function requirements for the machinery and dictates the required performance level of the safety circuit. Lower performance levels are more commonly achieved with standard equipment, while higher performance levels commonly require safety-rated equipment. For high performance levels, the components involved in the control circuit need to be safety-rated (such as a safety relay or a safety-rated position switch), wired into a safety I/O, and programmed in the safety PLC. However, the use of safety-rated components or a safety PLC does not automatically produce a safe state – the Safety Requirements Specification (SRS) must be adhered to in its entirety to ensure the outcome of the operation being performed will actually reach a safe state. The risk assessment cannot be skipped since it is the critical building block for the SRS and required performance level of the safety functions. An example that demonstrates these concepts is a stop control circuit that has an effect of removing power to a drive. It may be tempting to assume that this is a safety function, but without a risk assessment, there is not enough information to make that determination. For instance, if the drive is a cleaning spray injection blower with a very gentle solution of soap and water and the operator exposure is low, then the resulting risk is very low. This may meet the organization's risk tolerance criteria, and no further action is required. Alternatively, if an acceptable level of risk is not achieved, the risk assessment may determine that the required performance level of the function is a PLa or PLb, which can be achieved with standard control equipment. In summary, safety functions are not always obvious, and a thorough risk assessment is critical to determining whether standard control equipment or safety equipment is needed. Alarms, warning systems, holding brakes, and starting up a backup generator are all examples of safety functions. Understanding the risks associated with a particular scenario and determining the required performance level of the safety functions is necessary to ensure the safety of personnel and maintain a safe work environment. More on Function Safety in Machinery Safety: S1E09: Functional Safety & A top thing to avoid: The term functional safety gets thrown around a lot, but what does it mean? In this episode, the term functional safety is unpacked to understand what functional safety is, what is tells us, and why it is important. Furthermore, the number one mistake to avoid if you are responsible for conformity with functional safety standards is explored.

by aeSolutions' Judith Lesslie Improperly selected and validated IPLs can result in high hazard scenarios that have far less risk reduction in place than you think you have. Implementing a systematic process to properly vet your IPL candidates for the core attributes is recommended. Engaging experienced PHA/LOPA facilitators and having the right team during the meeting is the first step in proper IPL selection. Further validation of IPLs to confirm they meet the defined criteria can be time consuming but also goes a long way toward increasing your confidence in your most important safeguards for higher consequence scenarios in highly hazardous chemical processes. Read the entire article: How to Avoid Independent Protection Layer Selection Errors - ISSSource

“In earning this second certification, maintaining its status of Siemens Process Safety Specialist and continuing to execute successful projects, aeSolutions has demonstrated that they have the engineering and quality practices to implement PCS 7 Failsafe systems correctly the first time utilizing best practices,” said Rich Chmielewski, Siemens USA DCS Solution Partner Program Manager. Read entire story at https://isssource.com/aesolutions-earns-safety-certification/ aeSolutions receives software licensing and training on the newest technologies and best practices as a Siemens certified solution partner, ensuring future-proof solutions. Engineers from aeSolutions took part in an expert workshop to reaffirm best practices as part of their training. aeSolutions will also receive priority hotline support, as well as consulting time with Siemens senior product management, application engineers, and enhanced proposal tools, through Siemens webinars and Partner Portal for existing and new innovations. Siemens facilitates a rigorous, multi-faceted procedure for solution partners to become accredited. Multiple aeSolutions safety projects were reviewed by a Siemens senior consulting engineer from Karlsruhe, Germany, to confirm that project configuration workflow processes met Siemens-documented best practices and international standards. Learn more about our over 20 year partnership: https://www.aesolutions.com/siemens-solution-partner

The analysis of existing gas detection systems has shown that the primary limiting factor in the effectiveness of a system is incorrect detector placement. This factor alone outweighs the probability of failure on demand of the individual system components (sensors, logic solvers, and final elements). Incorrect detector placement can be so detrimental that the system cannot even be credited as an effective independent protection layer. Gas detector location has historically been selected based on rules of thumb and experience. Common rules have been to place detectors: at breathing height for toxic gases one to two feet above ground for gases heavier than air above the leak source, or as high as possible, for gases lighter than air near the ground for cryogenic conditions near air ductwork intakes, or room outlets in areas accessible for maintenance away from locations that can be damaged by general maintenance where to place gas detector The optimal detector location will vary from plant to plant. What is appropriate for a congested offshore platform will be different than for a batch chemical plant with multiple recipes, or a refinery, or a sour production well. Inconsistent approaches have often been found. Existing facilities that have been analyzed have been found to have significant gaps in detector coverage. There has been a growing interest in determining the effectiveness of gas detection systems in a quantitative manner. Our understanding of gas dispersion, and the ability to model and predict the release behavior, has grown significantly. Two approaches have been developed for detector placement; geographic coverage, and scenario-based coverage. Geographic coverage places detectors on a uniform grid. Geographic methods can result in more detectors than are necessary. In addition, geographic methods are based on low or medium reactive materials such as methane or propane. Geographic methods are not suited for high reactivity materials which can achieve a detonation. Furthermore, geographic placements can lead to higher installation and operating expenses. As a result, many companies prefer to use scenario-based coverage over geographic methods. Scenario-based coverage places gas detectors based on computer dispersion modeling. Scenario model selection involves identifying a variety of leak points, hole sizes, and leak directions. The optimal number of detectors can then be placed in the optimal locations. There are limitations of what a gas detection system can reasonably be expected to do, beyond having a highly effective detector coverage. Beyond having a highly effective detector coverage, there are limitations of what a gas detection system can reasonably be expected to do. What is the effectiveness of the mitigation system? To achieve an overall performance of SIL (safety integrity level) 1 or higher, a system would require detector coverage over 90%, and mitigation effectiveness over 90%. To achieve SIL 2 would require both numbers be greater than 99%. This would be over specifying potential performance. ISA-TR84.00.07 advises that a system not be considered an independent protection layer if either value is less than 90%, as SIL 1 will not be possible in such a case. 3D modeling incorporating wake effects from buildings can show a gas plume reaching areas that may not be immediately intuitive, such as air handlers on the back side of a building. Room ventilation patterns may also cause non-intuitive gas behaviors. Using scenario-based coverage dispersion modeling may increase the initial project cost, but it has been shown to offer a lower overall project cost due to reduced detector quantities and reduced maintenance. It also provides a quantitative basis for documenting the rationale behind detector placement decisions. Benefits include reducing life cycle costs, reducing risk to onsite plant personnel, and reducing risk to offsite public receptors. To learn more about this topic, read the full paper “How Can I Effectively Place My Gas Detectors” by clicking here. Learn More about our Gas Detection Services

Inspired by “Conducting an Effective Functional Safety Assessment” presented at 2019 ISA PIC 2019—Process Industry Conference. by Greg Hardin The ISA/IEC 61511 standard defines a functional safety assessment as [an] “investigation, based on evidence, to judge the functional safety achieved by one or more safety instrumented systems and/or other protection layers.” The standard describes five stages where functional safety assessments may be performed: After the hazard and risk assessment has been carried out, the required protection layers have been identified and the safety requirements specification has been developed. After the safety instrumented system has been designed. After the installation, pre-commissioning and final validation of the safety instrumented system has been completed and operation and maintenance procedures have been developed. After gaining experience in operating and maintenance. After modification and prior to decommissioning of a safety instrumented system. The earlier the assessments are done, the sooner potential problems may be identified, and the quicker, easier, and cheaper it will be to implement any potential changes. After all, it’s easier and cheaper to fix things on paper rather than after the system is built. The first edition of the standard mandated an assessment only at stage 3. That’s simply too late to achieve any real benefit. The second edition also mandated stage 4. Stage 4 was added to ensure that assumptions made in the design phase were not unrealistic (as experience has shown they often have been). This also misses the potential benefits that could be achieved in performing stage 1 and/or 2 assessments. But what about a stage 0 assessment? While not covered in the standard, a stage 0 assessment could be used to identify problems even earlier. Stage 0 would be after clause 9 “allocation of safety functions to protection layers”. This would be after safety functions have been identified and SIL targets have been set, yet before detailed specification and design begins. A stage 0 assessment could identify where frequency and/or severity assignments may have been too conservative resulting in the over-specification of safety instrumented functions. One example would be the specification of unusually high safety integrity level (e.g., SIL 3) burner management system purge functions. Similarly, if too much credit were taken for non-instrumented protection layers, the performance of the associated instrumented functions may be understated. A stage 0 assessment could prevent people from avoiding even entering the proverbial rabbit-hole (i.e., starting with an incorrect design) altogether!