The Value of Facility Siting Studies Updated November 2024 - Process industry history is sprinkled with catastrophic incidents that acted as drivers of regulatory change, such as the 1974 Flixborough explosion , the 1984 Bhopal toxic release disaster , and the 2005 Texas City Refinery flammable material release and explosion . Lack of process safety management, damage, and deaths were the commonalities among these incidents. The OSHA Process Safety Management (PSM) Standard and EPA Risk Management Plan (RMP) regulations were promulgated in response to these types of devastati ng accidents. These regulations were supplemented in the US by industry standards such as the American Petroleum Institute (API) Recommended Practices 752, 753, and 756, and with guidance developed by the Center for Chemical Process Safety (CCPS). These standards and guidance documents became the consensus industry practices for performing facility siting (FS) studies . Facility siting studies analyze potential toxic, fire, and explosion hazards to personnel from releases of hazardous chemicals. From a regulatory perspective, facility siting is required in the US by OSHA PSM and EPA RMP for facilities that meet the qualifying definition. A checklist is often utilized during Process Hazard Analyses (PHAs) to meet the regulatory requirements for facility siting; however, a facility siting study provides a more detailed analysis of specific facility siting concerns and should be referenced during PHA scenario development. Facility Siting | A Commitment to Your Team & Your Community Irrespective of regulation, it is best practice to conduct a facility siting study to understand the implications of a release of hazardous materials at your facility. While PHAs develop hazard scenarios that could potentially result in loss of containment, a FS study assumes a release has occurred and evaluates the outcomes accordingly. aeSolutions utilizes the following general approach to performing a facility siting study: Identify chemicals of concern Collect information on site-specific conditions (e.g., equipment and process data, building construction and occupancy data, equipment and building locations on the facility) Identify potential hazard event scenarios from a review of PHAs, incident investigation reports, discussions with experienced personnel, and other pertinent sources of information Identify and classify occupied buildings Perform the hazardous material release consequence analysis Perform the risk analysis if a risk-based approach is used Package the results in a way that the results can be understood and review the results with the client Discuss with the client options to reduce risk For the consequence analysis, software can be used to model the discharge, dispersion, and impacts of an accidental release of flammable or toxic material. Limiting the analysis to the consequence analysis, the facility siting study results are consequence-based , which provides a measure of the severity of the hazard. Taking the assessment, a further step, a Quantitative Risk Assessment (QRA) can apply release event frequencies and appropriate probabilities, such as probability of ignition and vulnerability of people to the various effects, to quantify the risk associated with a release scenario. A consequence-based facility siting study is simpler and requires less resources to perform, but the results of a consequence-based FS study may set a higher bar to address and necessitate additional action or protection at a facility. A risk-based QRA requires more expertise and resources to perform the study, but the benefit gained is that the study often finds that the event likelihood of many scenarios is so low that the hazard meets the company risk criteria and additional means of protection that a consequence-based study concludes is needed are not required after all (i.e., less resources spent on addressing facility siting study results). The Takeaway | Facility Siting Studies Conducting a facility siting with a practical approach to study methodology and risk mitigation can balance the cost and course of action to protect personnel and facility assets. This enables company leaders to better make reasonable decisions on how to protect their employees. For instance, relocating all personnel to blast resistant modules can become expensive and may not be necessary in all cases; an alternative combination of innovative solutions may accomplish the risk reduction. Protection can come in different forms, such as increasing airflow through a building for preventing flammable vapor or gas accumulation or utilizing shelter-in-place for toxic concerns. Facility siting requires a pragmatic evaluation of the nature and level of hazard and what would be best for personnel and the plant. Facility siting regulations and standards have improved significantly since the Flixborough, Bhopal, and Texas City Refinery catastrophic incidents and continue to evolve to ensure toxic, fire, and explosion hazards are appropriately mitigated in the future. Ultimately, a detailed facility siting study can help you understand the hazards of potential releases, how those hazards can impact occupied buildings, and most importantly, determine effective solutions to protect your valued workforce.

Introduction | Control System Migrations | Part 3 October 2024 — by Tom McGreevy, PE, PMP, CFSE — If you’ve made it through justifying the cost for your control system migration project  and mitigating risks through front-end loading (FEL) , you are probably well aware that control system migrations are complex projects that require careful planning and strategic decision-making to ensure a successful outcome. Whether upgrading legacy systems or implementing new technology, organizations are faced with several choices throughout the migration process. From deciding whether to handle tasks internally or outsource them, to selecting the right vendor(s) and structuring procurement, each decision plays a vital role in the overall success of the project. In part three of our control system migration series , we take a look at procurement specification and vendor selection considerations such as the make-or-buy decision, specification development, comparing bids, managing purchase orders, and selecting between an OEM or systems integrator. This blog will help operators navigate the challenges of control system migrations and make informed decisions that align with their project goals, budget, and long-term operational needs. To Make or To Buy — That is the Question One of the biggest questions that operators must ask themselves during any control system migration project is whether to perform key tasks internally (" make ") or to outsource them to external engineering firms (" buy "). This decision impacts not only the project’s cost structure but also the timeline, resource allocation, and overall risk management. In-House Expertise vs. External Support The first question any organization must ask is whether they have the internal expertise to first develop the necessary procurement specifications, and later to perform critical tasks like hardware and software configuration, testing, construction or construction oversight, and finally commissioning and startup. If a company has a seasoned in-house team with experience in these areas, then it might make sense to handle much of the work internally. However, the reality for many organizations is that, while in the past they may have had this level of specialization in-house, years of corporate downsizing has resulted in a plant that is staffed to operate and maintain, but not to change or grow. This is where external partners can offer value. Developing Functional and Hardware Specifications Many clients seeking to replace or upgrade their control systems find that developing detailed functional specifications and hardware requirements is one of the most daunting challenges. It has become more common for organizations to partner with engineering firms like aeSolutions to provide these services, ensuring that the right foundation is set for successful vendor engagement and implementation. Whether you decide to develop specifications internally or bring in external help largely depends on your team’s capacity to handle such detail-oriented work in the time required to complete it. Project Scope and Complexity Projects that involve complex control system migrations, especially those operating in regulated or highly specialized industries, often benefit from third-party expertise to manage risk. The make-or-buy decision can also hinge on how familiar your internal team is with new technology or compliance requirements. Resource Allocation and Timeline Time is a critical factor. Even if you have the expertise to, for instance, develop the specifications internally, does your team have the bandwidth to dedicate to such a significant task? External vendors can accelerate this process, as they often have pre-existing frameworks, tools, and processes to expedite specification development, procurement planning, and system integration.   The decision to "make or buy" in a control system migration project is multifaceted, involving an assessment of internal capabilities, the scope of the project, and the available resources. Partnering with an external engineering firm can significantly help operators navigate these decisions by offering specialized services in functional specification development, hardware design, and project management. For companies without the necessary in-house resources, opting for external support can ensure that projects stay on time and within budget, while minimizing risk and ensuring compliance with industry standards.   The Importance of an Apples-to-Apples Comparison of Bids If you’ve decided to work with an external vendor for your control system migrations project, you’ll need to be prepared to solicit and compare bids. The process of comparing these bids can become complex if the requirements are not clearly defined or standardized across vendors. The key to a fair comparison is ensuring that the procurement specifications are well-documented, precise, and conveyed in a way that all bidders understand and respond to similarly. Establishing Clear and Consistent Requirements A well-defined procurement specification is essential to level the playing field for all potential vendors. The goal here is to outline your system’s requirements in enough detail so that bidders know exactly what you need. Even if every detail isn't fully defined at the outset, sharing a clear overview of the project's scope and expectations can prevent wide variations in vendor proposals. If the procurement specifications are vague or too open-ended, you may end up receiving a wide range of responses — from proposals that only cover the absolute bare minimum to others that offer high-end, premium solutions that far exceed the project’s actual needs. This spectrum of responses can make it challenging to make an apples-to-apples comparison of the bids and determine which one offers the best value for your organization. Balancing Price and Value Without precise specifications, vendors may interpret your project needs differently, leading to bids that range from cost-effective solutions to more feature-rich —  and more expensive  — options. For instance, one bidder might propose the minimum viable solution to meet basic operational requirements, while another might propose an advanced system that exceeds your actual needs. The challenge lies in striking a balance between affordability and value. While the lowest bid may seem attractive from a budgetary perspective, it may not meet all the functional requirements. Conversely, the highest bid may offer unnecessary features that inflate the overall cost. By defining the requirements clearly from the start, you can ensure that all vendors are bidding on the same or a very similar scope, which in turn allows you to make a fair comparison. The process of comparing bids is more than just identifying the lowest price — it's about ensuring that the bids align with the project's requirements and offer the best value. By taking the time to develop a detailed procurement specification, you can help ensure that all vendors are bidding on the same scope, enabling a fair and effective comparison. This ultimately helps reduce the risk of selecting a solution that either underperforms or overextends your budget without adding proportional value.   One Purchase Order or Several? When planning a control system migration, contracting strategy is an area that can significantly impact project execution, specifically, whether to issue one purchase order covering all aspects of the project or to break it down into several purchase orders, each targeting specific phases or services. This decision is largely influenced by how much control an organization wants over individual project elements and the resources available for managing multiple contractors or vendors. In recent years, it has become more common for clients to solicit bids that cover the entire project scope — functional specification, configuration, construction, and testing  — under one proposal. This trend is driven by a desire to reduce management complexity and place responsibility on a single contractor, who may either perform all the work or manage subcontractors on behalf of the client. Choosing to issue a single purchase order means entrusting a single entity with managing the entire project, from developing the functional requirements specification to system configuration, construction, and even system testing. This centralized approach can streamline communication and coordination, as one vendor takes responsibility for delivering the full scope of the project. This option can reduce the burden on the operator/project manager(s), who won't need to oversee multiple contractors or manage complex interdependencies between different service providers. It is likely that most bidders responding to a “one purchase order” solicitation will themselves have to partner with others to bring the full set of skills needed. For instance, it is a rare systems integrator who is also a fully qualified electrical contractor and has its own craft labor, so the SI may have to sub-contract the construction and perform a construction management role. In these circumstances, the ability of the bidding “prime” contactor to manage sub-contractors should be fully investigated. Alternatively, opting for several purchase orders allows the client to maintain more direct control over each phase of the project. For example, one organization might handle the functional specification, another would take care of configuration, a separate electrical contractor could be hired for construction, and yet another vendor could handle system fabrication and testing. By compartmentalizing the work across multiple vendors, the client can select specialists for each task, potentially increasing the quality of each deliverable. However, this approach demands more from the client in terms of project management and coordination, as they will need to ensure seamless handoffs between each contractor and resolve any issues that arise between different teams. Benefits of a Single Purchase Order Streamlined Communication and Management : With a single PO, there’s one main point of contact and fewer layers of coordination, making it easier to maintain clarity and avoid misunderstandings. Reduced Administrative Overhead : Managing multiple POs can create administrative challenges, from contract negotiation to handling project milestones and payments. A single contract reduces the complexity. Accountability : A single vendor is accountable for the entire project, meaning they are responsible for both the high-level planning and the detailed execution. This can lead to better overall project alignment and fewer disputes over scope or responsibility. With a well-developed scope, you likely will have structured your commercial terms to be mostly “fixed fee”, with some exceptions (typically commissioning and startup support are performed on a “time and expense” basis). This transfers risk to the seller, but you are likely to pay marginally more for that risk reduction than you would otherwise by managing several vendors through multiple purchase orders. Benefits of Multiple Purchase Orders Specialization and Expertise : By issuing separate POs for functional specification, configuration, construction, and fabrication, clients can hire specialized organizations with the expertise to excel in each area. This can lead to higher-quality outputs for each phase of the project. Greater Control : Multiple POs give the client more control over the contracting process and each project's stage. For organizations that want tight oversight or are managing a particularly complex or high-risk control system migration, this level of control can help mitigate potential risks. If your organization has the skills and bandwidth to manage multiple vendors, and with a well-defined scope, you may save money by assuming the coordination efforts and associated project risk. Flexibility in Vendor Selection : When using several purchase orders, the client can select different vendors based on their strengths and price points for specific tasks. Deciding What’s Right for Your Control System Migration Project The decision between one purchase order or several is often determined by the company’s internal resources and its desired level of control. Some companies prefer the simplicity and efficiency of a single purchase order, especially if they have limited resources for managing multiple vendors. Others, particularly those with more complex projects or specific performance requirements, may prefer to split the project into smaller parts, ensuring they have direct control over each critical phase.   Think Through Getting Keys to Your New System When planning a control system migration, it is natural for an organization to focus on the design, configuration, and installation phases. However, it’s equally important to think through what happens when the project is complete and the “ keys ” to the new system are handed over. This handoff represents not only the culmination of the technical work but also the point where the organization takes full responsibility for operating and maintaining the system or has appropriately arranged for contracted maintenance support. Beyond Design and Configuration The process of " getting the keys " involves much more than simply having a control system delivered and installed. Organizations must consider the resources needed for successful cutover, site testing, startup, and ongoing support once the project is complete. It’s not enough to just focus on the technical aspects leading up to the handover. Teams must think ahead about the operational and maintenance requirements once the vendor steps back. In many cases, a company might not have the internal resources or expertise to fully support the new system, especially if it's significantly different from what was in place before. This lack of resources has become more common, which makes planning for post-handover support essential. Planning for Post-Commissioning Support One important consideration is whether your organization will need follow-on support contracts. Although the system may be handed over in a fully operational state, it’s important to have a plan in place for ongoing maintenance and troubleshooting. For many organizations, this means working with the vendor to establish a support contract that extends beyond the handover period. In some cases, the first year of support can be capitalized as part of the control system migration project itself. This can be a significant advantage, as capitalizing the support allows organizations to fund it through the project’s capital budget rather than requiring additional operating expenses after the project is complete. However, it’s important to consider this early in the planning process. If your organization decides that a support contract is needed, this needs to be factored into the overall project budget and submitted for capital approval before the project begins. Early involvement by your company’s accounting department may prevent difficult discussions later regarding capitalizing or expensing support contracts.  Whether it's planning for site testing, securing support contracts, or ensuring proper training, the handoff should be seen as the start of ownership rather than the end of the project. This proactive approach will set the stage for sustained success well beyond the initial migration.   Defining System Specification and Functional Specification With any control system migration project, there are two subsets of the overall procurement specification — the system specification and the functional specification. These two areas serve distinct purposes and must be clearly defined to ensure a successful control system migration. The terms for these project documents vary in name and format, but the content is critically important. System Specification: Defining the Hardware and Software Requirements The system specification, sometimes referred to as the hardware specification, focuses on the technical aspects of the control system — specifically, what hardware and software are required to meet the control system migration project’s goals. This specification details the necessary components, such as controllers, servers, communication networks, and software platforms, ensuring that the system will meet the operational and performance requirements laid out by the client. The development of the system specification is usually a more straightforward process compared to the functional specification. Owners can rely heavily on the expertise of their chosen OEMs or systems integrators, as they are familiar with the capabilities of the control platforms they work with. Although not as necessary as with the functional specification aspect, it is still beneficial for a client to work with the vendor to ensure that the specification aligns with the project’s overall objectives and operational constraints. Functional Specification: Defining What the System Needs to Do The functional specification, on the other hand, focuses on the operational requirements of the system — what it must do to meet the company’s needs . A functional specification document answers critical questions about how the system should behave, how processes will be controlled, and how new or existing functionalities will be managed within the system. For example, if the project involves a legacy system upgrade, the functional specification must outline what the system currently does and any additional functionalities that the new system needs to perform. To a greater extent than the system specification, the development of the functional specification requires collaboration between the owner and the vendor. It should be noted however, that vendors and systems integrators, while experts in control systems and platforms, are not typically process experts. They may have extensive knowledge of the systems they engineer, but they may not have the same depth of understanding about the specific chemical or mechanical processes that the system must control. This is why functional specification development requires input from both parties. The client, who has a thorough understanding of the processes involved, must work closely with the vendor to ensure that the control narratives and operational requirements are fully captured. This collaboration is critical to avoid misunderstandings or gaps in the system’s functionality, which could lead to delays or operational issues during startup. Exceptions do exist, so you may find an OEM or a systems integrator with deep process knowledge of your industry. If so, consider yourself fortunate, as functional specification development is often an area where a dearth of owner resources or expertise can bog down the progress and result in schedule delays, or worse, improperly specified functional requirements.  System and functional specifications are fundamental to the success of a control system migration project. While the system specification focuses on the hardware and software requirements, the functional specification defines how the system will operate and meet the owner's needs. Developing these specifications requires a balance between technical expertise and process knowledge, with close collaboration between the owner and vendor. By selecting a vendor that understands both the platforms and the importance of collaboration, owners can ensure a smoother, successful migration process.   Understanding the “As-Is” State of a System One of the more challenging elements of a control system migration is documenting the current, or “ as-is ” state of the system — both the physical and the logical (the programming) . The accuracy of the existing system’s documentation impacts the success of the migration process, particularly during detail design and implementation. Unfortunately, for systems that have been in place for decades, such documentation may be incomplete, outdated, or exist only in the form of internal team knowledge passed down informally within the organization. Project teams and vendors should have a clear understanding of the physical layout, wiring, and system configuration before beginning any detailed design work. This includes capturing details such as I/O points, control panels, network architecture, and wiring diagrams. In some cases, the hardware may have undergone ad-hoc modifications over the years that were never formally documented, further complicating the process. The configuration (programming) of the system must also be documented, so that all parties can understand how the process is currently controlled, even if significant changes are planned. For these reasons, documenting the as-is state of the hardware and software must happen during the Front-End Loading  (FEL) phase. Doing so helps ensure that the team has a solid foundation to work from when transitioning to the new system. The risk of skipping this step, or relying on incomplete documentation, is that errors will arise during cutover — especially during time-critical turnarounds  — which can lead to expensive delays or operational disruptions. Options for Capturing the As-Is State Companies must make a decision early in the project about how to approach capturing the as-is state. If the system documentation is poorly maintained, as is often the case with older systems, the owner needs to assess whether they have the internal resources and expertise to update and complete the documentation themselves. This effort can be time-consuming and requires a deep understanding of both the process and the control system architecture. Alternatively, the owner may choose to outsource this work to third-party vendors who specialize in control system migrations.   Vendor Migration Options The process of evaluating vendor migration options involves not only selecting the right platform (a vendor may offer several variations), but also defining the stages of migration and determining how much flexibility or structure you want to allow in the vendor proposals. The goal is to ensure that vendors understand the scope of the project and are equipped to meet both your technical and operational needs. Platform Choices: Balancing Cost and Capability The choice of platform for your control system migration is one that will impact the cost, capability, and future flexibility of the system. There is a wide range of options, from more affordable, bare-bones platforms to premium, highly capable systems with extensive features and flexibility. By clearly defining your platform requirements, you can guide vendors to propose solutions that meet both your budgetary and operational needs. However, it’s important to strike a balance — although low-cost solutions may be attractive, they may not offer the long-term benefits or reliability needed for your specific industry. Staging the Migration Process Another important consideration is determining the stages of the migration process. Operators should define an execution strategy that outlines the sequence of steps: which parts of the system will be migrated first, second, third, and so on. This approach allows you to ensure a smooth transition and minimize disruptions during the migration. If vendors aren’t provided with enough detail about how the migration will unfold, they may make assumptions that lead to misaligned or faulty bids that may not be executable if the migration stages and sequence aren’t properly communicated.  Providing Flexibility for Vendors While some companies may know exactly what they need and dictate a rigid scope, others may want to give vendors the flexibility to propose creative solutions or cost-saving ideas. In these cases, it’s important to structure the procurement specifications to allow for both a base bid and optional upgrades or alternative strategies. For example, the base bid would cover the minimum requirements, while vendors could offer additional features or enhancements as options. This approach ensures that vendors meet the project’s essential needs but also allows room for innovation, enabling the owner to consider creative or cost-effective solutions that may not have been previously identified. Choosing the right vendor migration options involves a balance between defining project requirements, an execution sequence that aligns with business needs, and allowing vendors the flexibility to propose creative solutions. Owners need to determine the most appropriate platform based on budget, capability, operational constraints (allowed downtime for migration activities), and future needs, while also structuring the procurement specifications to allow for both base bids and optional enhancements. By clearly defining the stages of migration and establishing guidelines for vendor proposals, owners can avoid the pitfalls of inconsistent or inexecutable bids and ensure a smoother, more predictable migration process.   OEM vs. Systems Integrator Another decision companies face with any control system migration project where a “buy” decision has been made is whether to partner with an Original Equipment Manufacturer (OEM) or a systems integrator (SI) to perform the implementation. This decision depends on several factors, including the size and complexity of the project, budget constraints, and the need for local versus global availability. Working with an OEM OEMs are the original providers of the hardware and software platforms running the vast majority of the world’s automated control systems. These companies have deep knowledge of their products and can provide comprehensive support for implementing and configuring their systems. However, partnering with an OEM often comes with higher costs. Large OEMs typically have higher hourly labor rates, and their teams may not be located locally, which can add travel expenses to the project. Additionally, OEMs are sometimes more focused on larger, high-value projects, and they may not find smaller migration projects as attractive. This means that for smaller projects, you might not receive the same level of attention or priority from the OEM. Despite these potential downsides, the advantage of working with an OEM is the assurance that you’re working with the team that knows the platform inside and out. They can often provide direct access to new features, updates, and the highest levels of technical support, which can be critical for highly complex or high-risk projects. Additionally, if your company is taking on migrations as a strategic business initiative at multiple sites concurrently, an OEM partnership, with its deep resources, may make the most sense.  Working with a Systems Integrator Alternatively, many organizations choose to partner with a systems integrator (SI) for their control system migration projects. SIs are typically smaller, more localized or regional firms that specialize in implementing and integrating control system platforms, often in partnership with one or more OEMs. They can provide a more cost-effective option, particularly for small to mid-sized projects, as their labor rates tend to be lower than those of the large OEMs. One key benefit of working with a systems integrator is their proximity. A local or regional SI can offer more hands-on, timely support throughout the migration process. They are also likely to be more flexible and responsive to smaller projects, which might not be a priority for the OEM. Additionally, because they maintain relationships with the OEM, they can often provide the necessary expertise while still offering a more personalized and cost-effective service. It’s also important to consider the relationship that an SI has with the OEM. Many SIs have deep experience with specific platforms and work closely with the OEMs to ensure they are up to date on the latest technologies and standards. This allows them to act as an extension of the OEM’s expertise, but with the added benefit of being more focused on your specific needs.   The Takeaway | Control System Migration Procurement Specification & Vendor Selection Control system migrations are complex, multifaceted projects that require careful planning, strategic decision-making, and collaboration with the right partners. From deciding whether to manage tasks in-house or outsource to engineering experts, to developing well-written procurement specifications, choosing between single or multiple purchase orders, and selecting the right vendor migration options, every decision impacts the project’s chances of success. Organizations must carefully consider their internal resources, the complexity of the system, and their long-term operational needs to determine the best approach. By taking the time to document the "as-is" state, clearly define system and functional specifications, and engage the right vendors — whether OEMs or systems integrators — companies can navigate the challenges of control system migrations effectively. The key to success lies in thorough preparation, informed vendor selection, and strategic execution to ensure a smooth transition and sustainable outcomes.

October 2024 - Discover how to leverage unplanned shutdowns to facilitate proof testing of safety instrumented functions, improving safety protocols and minimizing downtime. This article explores the following topics: Utilizing unplanned shutdowns for safety instrumented function (SIF) proof testing Reducing maintenance frequency by leveraging these events as safety tests Ensuring regulatory compliance through proper documentation and test validation Applying software tools and data analytics to optimize safety testing Exploring future trends like AI and automation in safety management by Chris Powell, PE, CFSE , SIS Group Manager at aeSolutions . Read the full article here: Leverage Unplanned Shutdowns to Enhance Safety Testing - ChemicalProcessing.com

July 2024 — During my 24+ years in alarm management, I have collaborated with various companies on their distributed control systems (DCS)  across the United States and throughout 20 other countries.  Although every system is different, there are more commonalities than you might imagine. I am consistently asked what my favorite and least favorite control systems are to work on. My answer is always the same, “ my favorite system is the one I just finished for obvious reasons, and my least favorite is the one I’m working on right now .” This is because all alarm management systems have issues, but naturally, these issues  are different from system to system. That is why I felt it was important to discuss how to prevent the five most common industrial alarm management issues. Avoiding Unnecessary and Misused Alarms for Effective Industrial Alarm System Management One tenet of alarm management  is that alarms will only be used for abnormal situations. I cannot tell you the number of times that I have found alarms configured on systems for things that should never have an alarm. Some of these were obviously designed for convenience. A typical example of a convenience alarm is a low-temperature alarm on an ambient sensor located just outside the control room door. Although there are a few circumstances when this could be necessary ( e.g., an extremely low ambient temperature could adversely affect the viscosity of a process fluid ), most of the times that I have encountered this type of convenience alarm , it is simply to let the operator know if it is cold outside. Once, a senior operator in upstate New York actually told me that without the alarm, he wouldn’t know if he should put on a coat or not. The alarm was removed. Another relatively common misuse of industrial alarm systems occurs when a system timer alarm set up thirty (30) to sixty (60) minutes before the end of the shift in order to remind personnel to fill out shift changeover paperwork before going home. In situations where I have found these, the alarms have descriptions like “ Time for Turnover Paperwork”  or “ Call-in Reading to Foreman .” In one of these cases, the description was “ Wake Up and Pack Up to Go Home .” In this case, not only was the alarm removed from the system, but the tag was removed as well, and the person this applied to was told to buy an alarm clock. Ultimately, avoiding unnecessary or misused alarms will improve your industrial alarm system’s effectiveness.   Ensuring Operator Action — Proper Alarm Criteria and the Use of Alert Systems Another principle of alarm management  is that every alarm requires an operator action. When designing an alarm philosophy , one of the steps is to determine the time to respond ( how much time is available to take action to avoid the consequences ) vs. the severity of consequences matrix, as shown in Table 1 below. As you can see in the table above, if there are no consequences or the time available is more than thirty (30) minutes, the parameter does not qualify to be an alarm. Although the operator may need to know that an instrument has reached a certain point, that does not mean that it should necessarily be an alarm. This condition can cause concern when these points support operations and do not meet the necessary qualifications of an alarm but still need to be viewed or accessed as part of operational efficiency. For those items that do not qualify as an alarm, there should be a separate mechanism to inform the operator (e.g., an alert system). I have encountered many types of alert systems, and there are numerous ways to implement them. One of the most common is to set up an alert as a separate “ priority ” on the DCS that has no visual or audible actions tied to it. This will result in the alerts going to a separate screen designated just for them. The operators will have to become accustomed to checking the screen multiple times during a shift, however these alerts should not be short-time critical ( e.g., <1 hour or the potential to be a HIGH priority ). If the alarm has the potential to be a HIGH priority, then it should be re-engineered to the point that the time available is 30 minutes or less.   Implementing Effective Single Alarms for Each Cause or Action | Industrial Alarm Management Creating a single alarm for each cause or corrective action is another doctrine of effective industrial alarm management. In other words, you should not have to be told more than once to do something. This issue most often occurs with multiple levels of alarming ( e.g., High (H) & High-High (HH) or Low (L) & Low-Low (LL) ). Below is an example of multiple level alarming being used correctly and incorrectly. Correct use of multiple levels of alarming example: A tank is ten feet in height and will overflow at that ten-foot level. There is a high-level alarm (H) set at nine feet with a HIGH priority to notify the operator to take action, stopping the level rise. There is a high-high level alarm (HH) at the do not exceed  height of 9.5 feet, with a LOW priority and a corresponding automated action that stops filling the tank. The alarm located at nine feet notifies the operator that action is needed. The alarm at 9.5 feet notifies the operator that the action taken was not effective and the DCS — or in some cases  — the safety instrumented system  (SIS), has shut the process down to avoid over-filling the tank. Incorrect use of multiple levels of alarming example: A client had a 40-foot naphtha tank with a high-high alarm set at 39 feet, designated with emergency priority, and a high alarm set at 38 feet, designated with high priority. There were no automated shutdown systems on this tank, and during operations, they overfilled the tank and had a loss of containment (LOC) incident. In an attempt to remedy this issue, the client contacted the DCS vendor and had a custom code written to add a high-high-high (HHH) alarm at 39 feet with an emergency priority, a high-high alarm at 38 feet with an emergency priority, and a high alarm at 37 feet with a high priority. Much to the chagrin of the client, this attempted resolution left their problem unresolved, and once again, they overfilled the tank and had a subsequent loss of containment (LOC) incident. This cycle repeated several times until they performed an alarm rationalization project. At the beginning of this project, the client’s setup was:                 High-High-High-High-High (HHHHH) Alarm at 39 ft with an EMERGENCY priority High-High-High-High (HHHH) Alarm at 38 ft with an EMERGENCY priority                 High-High-High (HHH) Alarm at 37 ft with an EMERGENCY priority                 High-High (HH) Alarm at 36 ft with an EMERGENCY priority                 High (H) Alarm at 35 ft with a HIGH priority Not only was this bad practice for industrial alarm system management, but the operators became so numb to the alarms that they were ignoring them and setting themselves up to run the tank over again. The results of their alarm rationalization study findings suggested reverting back to the original two (2) alarms and adding an automated shutdown at 39.5 feet with a LOW priority to notify the operator that control has been taken away from the operator and that an automated shutdown has occurred. Preventing DCS Alarm Floods with Advanced Suppression Techniques Another common issue in industrial alarm system management is the prevention of DCS alarm floods  ( e.g., having more than ten alarms in ten minutes ). A leading cause of alarm floods is the absence of the configuration of advanced alarming techniques such as suppression. Many of the newer DCS systems now have some form of suppression built into them; however, this feature is often underutilized. Automated suppression is when the DCS automatically disables (suppresses) an alarm’s audible and visual indicators and sends the alarm to an event log or journal instead. Suppression can be used to support alarm flooding in multiple ways; one way is that it allows a single indication of an issue to be alarmed while hiding all the similar alarms the issue causes. An example of this would be a compressor trip. When the compressor is running, it has numerous alarms configured and enabled, such as the run status, high & low suction pressure, high & low discharge pressure, bearing temperatures, and vibrations —  just to name a few. If the discharge pressure goes high while the compressor is running, it can be a big issue. You may have a plug downstream or someone may have accidentally closed a wrong valve. These things need to be taken care of quickly. However, if the compressor shuts down without suppression configured, the result each time will be a run status alarm along with alarms for the high suction pressure, low discharge pressure, all the bearing vibrations as it spools down, and potentially many other alarms. Typically, the only alarm needed is the run status alarm because if the compressor shuts down, a good operator knows that all of these secondary issues are due to the shutdown. If they are allowed to alarm, they become a distraction and hindrance to the mitigation of the issue.   Enhancing DCS Security — The Importance of Firewalls and Controlled Internet Access Lastly, the largest issue in industrial alarm system management — which thankfully is seen less and less these days  — is the lack of firewalls between the DCS and the outside world. Ideally, a control system would be “ air-gapped ” in order to minimize the possibility of introducing intrusions or viruses. However, this is not always possible. Typically, the DCS will be protected by firewalls, and often, those firewalls will be in their own layer between the control system and the rest of the company assets. The firewalls will only have a minimum number of obscure ports opened, and those ports will only allow one-way (outbound) traffic. This helps to minimize potential hijacking and infections. The most egregious example of not having firewalls that I have encountered was a few years ago on a project outside the US. One of the client’s complaints was how slow their DCS was running, and they were asking for suggestions on how to improve it. Upon entering the control room, my colleague and I were greeted by what is inarguably the nicest control room I’ve ever seen. The room was brightly lit and immaculately clean. The two (2) main operator stations were laid out in a huge arch in the middle of the room with sixteen (16) monitors each. Sitting perpendicular on the right end was the foreman’s station with four (4) monitors. In the back left corner was the utilities operator station with another twelve (12) monitors, and dead center of the front wall were eight (8) 55” monitors that networked together to make two (2) giant screens that were each two screens high by two screens wide. It was impressive, to say the least — until I realized that the giant screen on the right had more flashing red alarms than I have fingers to count . No one was paying attention to them because the operator on the left was using his giant screen to play an online video game. That’s right, the DCS had a direct connection to the internet. My first suggestion was to disable the internet connection and establish firewalls and the second was to delete all non-business required software from the system. Amazingly, within a week of implementing the suggestions, the system speed had more than doubled. While there are many more issues that could be discussed, these are the five most common issues that stand out in my career. Does your plant suffer from any of these issues or others not mentioned here? The Takeaway | Common Industrial Alarm Management Issues Addressing the most common industrial alarm management  issues is crucial for ensuring operational efficiency, safety, and system reliability. By avoiding unnecessary and misused alarms, setting proper alarm criteria, implementing single alarms for each cause or corrective action, preventing alarm floods through advanced suppression techniques, and securing the DCS with firewalls and controlled internet access, companies can significantly enhance their alarm management systems. These ISA-approved  best practices not only streamline operations but also empower operators to respond effectively to true emergencies, thereby minimizing risks and maintaining optimal system performance. Implementing these strategies will lead to a more robust and responsive alarm management framework, ultimately contributing to the overall success and safety of industrial operations. If your alarm system issues have you scratching your head, the experts at aeSolutions  are always available to help identify and mitigate your industrial alarm system problems.   About the author: Burt Ward is a Senior Principal Specialist with a strong background in both operations and digital control systems. His experience includes over 24 years of Alarm Management projects conducted both remotely and onsite around the world.

Reports of accidental releases involving hazardous chemicals at fixed facilities in the US reached all-time highs during the 2023 fiscal year. For these reasons and others, process safety improvements are top of mind in the industrial sector. So how can organizations prioritize limited resources, people-power, and time to take action? This article explores the following topics: Rising Incidents and the Importance of Safety : Reports of process safety incidents have been increasing, with a 51% rise in reportable incidents in 2023, including significant increases in injuries (11%) and deaths (78%), highlighting the urgent need for improved process safety practices. Leadership Commitment : Strong leadership is essential for a robust process safety culture. Senior management must prioritize safety over productivity, dedicating resources, time, and direction to safety initiatives to avoid incidents that could cause serious harm and financial losses. Real-World Data Application : Organizations should implement a structured approach like the PDCA (Plan-Do-Check-Act) cycle to assess process safety systems, execute improvements, and continuously monitor outcomes using real-world data to drive safety progress. Employee Empowerment : Engaging and empowering employees at all levels, especially those interested in becoming subject matter experts (SMEs), fosters a more inclusive safety culture. Educating staff on process safety can bridge knowledge gaps and accelerate improvement efforts. Start Small for Bigger Wins : Focusing on smaller, more manageable process safety improvements can lead to early successes. These wins help organizations build momentum and prepare for tackling more complex safety challenges in the future. Continuous Improvement (CI) System : Utilizing continuous improvement methodologies, like Kaizen and Lean Manufacturing, helps organizations make incremental changes that enhance safety and operational efficiency. Choosing a suitable CI approach and sticking with it is key to long-term success. Focus on Culture : A high-performing process safety program relies on a culture of continuous improvement, employee engagement, and early wins. Starting small and sustaining progress is critical to enhancing both safety and overall operational performance. by Judith Leslie, CFSE, CSP, CCPSC , senior principal specialist with aeSolutions . Read the full article here: Enhancing Process Safety: Five Tips to Build a Better System (Powderbulksolids.com)

September 2024 — The primary goal of an FSA Stage 3 is to verify that the installed safety instrumented system (SIS) matches the design package and is prepared for operational use.   FSA Stage 3 takes place once installation, commissioning, and validation activities are finalized, often as part of the Pre-Startup Safety Review. This stage entails a comprehensive assessment of the installation and pre-commissioning efforts to confirm that the SIS are properly implemented and prepared for safe operational use.   This assessment is the final FSA prior to startup . Subsequent stages are done after gaining experience in operations and maintenance (Stage 4) and, after modifications and prior to decommissioning of a SIS (Stage 5). The deliverable for a Stage 3 FSA includes a comprehensive report with a Stage 3 FSA checklist derived from a site visit and independent assessment. This report will present findings, including serious deficiencies, recommendations, and general observations.   The following recommendations will ensure a cost-effective, efficient, and expedient Stage 3 FSA. What Is the FSA Stage 3 Process? A Functional Safety Assessment  (FSA), defined by IEC 61511 , is an evidence-based investigation into the functional safety achieved by one or more safety instrumented systems (SIS) and/or other protection layers.   Stages 1 through 3 of an FSA cover the Safety Instrumented System  (SIS) from its inception through design, construction, and commissioning. These stages are essential for the implementation of a new or modified safety system. Stage 3, which occurs after the installation, pre-commissioning, and final validation of the SIS, ensures that the system is ready for operation and can effectively mitigate risks as intended. The FSA Stage 3 process typically consists of the following steps: installation validation, operational readiness, maintenance preparedness, and system validation. The objectives for each of these processes are listed below in the table below. Process Step Objectives   Installation Validation ●      Physical Validation : Ensure that hardware, such as transmitters and valves, is correctly installed and wired according to design specifications. ●      Wiring and Connections : Check that all wiring and connections comply with design documentation, including correct labeling, termination, and routing.   Operational Readiness ●      Operator Training : Confirm that operators are trained to use the new system and understand its impact on process control. ●      Procedure Verification : Ensure that operating procedures align with SIS functionality, including emergency shutdown procedures, alarm handling, and routine maintenance tasks.   Maintenance Preparedness ●      Maintenance Training : Train maintenance personnel on SIS maintenance requirements, including routine checks, troubleshooting, and repair procedures. ●      Spare Parts Inventory : Verify that an adequate inventory of spare parts is available to address potential failures, ensuring minimal downtime. Validation of System Functionality ●      Component Testing : Each component undergoes testing to ensure correct functionality. For instance, sensors must accurately detect process parameters, and actuators and final control elements must respond as expected. ●      Integrated Systems Testing : Conduct integrated testing to ensure that the entire SIS works as a cohesive unit, as envisioned. This involves simulating process conditions and verifying the system's appropriate response to hazardous situations. Table: Process Steps for FSA Stage 3 Team Engagement and Stage 3 FSAs Successful Stage 3 FSAs benefit from active team engagement. Teams should allocate sufficient time for interviews and training sessions, allowing assessors to gather comprehensive information. This level of commitment, although challenging due to operational demands, significantly enhances the assessment's effectiveness and the overall safety of the SIS. During Stage 3 FSAs, typical issues include discovering that safety instrumented functions do not perform as expected during testing, often stemming from incorrect design assumptions. To mitigate such issues, it is essential to involve key personnel such as operations supervisors and maintenance technicians in the assessment process. This personnel inclusion ensures a comprehensive understanding of the system's functionality and readiness. Conclusion By ensuring that the installation, operational readiness, and maintenance preparedness are thoroughly verified, Stage 3 FSAs help prevent hazardous events and protect both personnel and assets. Engaging the team actively and addressing potential issues proactively can significantly enhance the effectiveness of Stage 3 FSAs, ensuring the safety and reliability of industrial operations.

August 2024 — Imagine discovering a critical flaw in your safety system design before your plant goes operational. This scenario, while nerve-wracking, underscores the importance of early intervention in the design phase. When developing a Safety Instrumented System  (SIS), it’s crucial to ensure that the hardware and software meet the practical needs identified from the initial hazard and risk assessment. That’s the purpose of a functional safety assessment  (FSA). FSAs, as defined by IEC 61511 , provide a five-stage, evidence-based investigation to judge the functional safety achieved by one or more SIS and/or other protection layers. Stages 1 through 3 of the FSA encompass the SIS  from its original concept through design, construction, and commissioning. Stage 1 specifically takes place after the hazard and risk assessments have been completed and before detailed design work begins, which can help with the early identification of design flaws and safety issues. Here’s what to expect in the Stage 1 FSA process, along with recommendations for a successful outcome. What Are the Goals of a Stage 1 FSA? A well-executed FSA reduces the likelihood of safety incidents. For FSA Stage 1, the primary goal is to verify that the safety requirements specification  (SRS) accurately reflects the needs identified during the hazard and risk assessments. Does what’s on paper reflect the scenario in which the SIS must operate in the real world? Will the SIS actually mitigate the risks identified in the hazard and risk assessment? By ensuring thorough verification of the SRS at this early stage, Stage 1 FSAs help prevent costly modifications and delays later in the project lifecycle. Proper planning leads to smoother project execution, reducing downtime, and increasing overall efficiency. The deliverable for a Stage 1 FSA includes a comprehensive report that presents findings, recommendations, and general observations. It is a good idea to loop in stakeholders to review this deliverable together to align on opportunities to course-correct and next steps. Key personnel include process engineers, control engineers, operations supervisors, and site leadership. What is the Anticipated Time, Cost, and ROI of a Stage 1 FSA? The effort for executing an FSA is minimal relative to the overall project. The initial cost of performing a Stage 1 FSA includes expenses related to document reviews, stakeholder interviews, and detailed analyses. The expense is minimal compared to the total project cost. The duration of a Stage 1 FSA can vary based on the project's size and complexity, typically involving several days of document reviews and interviews with key personnel. Failing to conduct a thorough Stage 1 FSA can lead to incomplete or incorrect safety requirements. This oversight can result in costly modifications, delays, and potentially catastrophic failures once the system is operational. These issues often incur far higher costs than the initial FSA investment. A Stage 1 FSA can help surface the following issues: ●     Incomplete risk assessments ●     Failure to capture safety requirements ●     Insufficient detail in the preliminary assessments. ●     Inadequate stakeholder engagement Conducting a Stage 1 FSA allows for early identification of design flaws and safety issues, which are less expensive to address in the design phase than during or after construction. What is The FSA Stage 1 Process? The FSA Stage 1 process typically consists of the following steps: ●     Hazard and risk assessment verification ●     Verification of safety requirements specification ●     Operational readiness Table: Process Steps for FSA Stage 1 Process Step Objectives   Hazard and Risk Assessment V ●      Review of Hazard Analysis:  Ensure that all potential hazards have been identified and assessed. ●      Risk Assessment Validation: Confirm that the risk assessments accurately reflect the potential consequences and likelihood of identified hazards.   Verification of Safety Requirements Specification ●      Document Review:  Verify that the SRS accurately captures all safety requirements derived from the hazard and risk assessments. ●      Design Verification: Ensure that the proposed SIS design addresses all identified safety requirements and mitigates the associated risks. ●      Cross-Functional Collaboration: Engage with multiple stakeholders to verify the SRS and ensure it reflects the input and expertise of all relevant parties. Operational Readiness     ●      Stakeholder Engagement: Confirm that all relevant stakeholders, including process engineers, control engineers, and operations personnel, are involved in the development and review of the SRS. What Are the Renewable Energy Implications As renewable energy sources reach maturity in the market, the nature of hazards and associated risks change with new unknowns and limited data. Consider the unique explosion and flammability risks of hydrogen, which is relatively new to the market. The hazard and risk assessments for hydrogen facilities  must account for these unique dangers. Similarly, large-scale battery storage systems, essential for renewable energy, can suffer from thermal runaway leading to fires and explosions. Wind and solar farms present risks such as electrical hazards, mechanical failures, and environmental impacts. It is critical that the team conducting the FSA understands the unique hazards. Conclusion Stage 1 FSAs help prevent hazardous events and protect both personnel and assets. Engaging the team actively and addressing potential issues proactively can significantly enhance the effectiveness of Stage 1 FSAs, ensuring the safety and reliability of industrial operations. If you have any questions about your scenario, aeSolutions  is here to provide support. Our team of industry experts are available to help navigate even the most unique challenges.

Understanding FSA Stage 2 Continuing from part one of our Functional Safety Assessment (FSA) series , FSA Stage 2 is a critical checkpoint after design and engineering of the Safety Instrumented System  (SIS). At this pre-installation stage, the FSA team assesses that the SIS will perform reliably once operational. It means ensuring that the design and engineering of the SIS meet the requirements as defined in the Safety Requirements Specification  (SRS) developed during earlier phases of the SIS safety life cycle as described in the process industry consensus ISA / IEC 61511  standard. According to the ISA / IEC 61511  standard, it is recommended to perform an FSA Stage 2 after the SIS has been designed and factory acceptance tested . Conducting a thorough FSA Stage 2 ensures that potential safety issues are identified and resolved before the SIS is operational, preventing costly changes, rework, and unexpected project delays.   What are the Goals of FSA Stage 2? The success of any SIS hinges on whether the design makes sense for real-world considerations. During FSA Stage 2, every component of the SIS goes through rigorous verification and testing for any field installation problems. This stage verifies compliance with the requirements as defined in the SRS while also identifying potential issues that could compromise safety.   Table 1: What FSA Stage 2 Accomplishes       Design Verification Implementation Review Prepare for Installation Confirm that the SIS design meets the requirements as defined in the SRS Assess the SIS hardware and software components to ensure they are correctly designed and engineered for field installation Establish a strong foundation for the successful execution of subsequent phases of the SIS safety life cycle.   What is the FSA Stage 2 Process? At the heart of every FSA Stage 2 is a thorough review of the SIS design and engineering. This involves evaluating the SIS logic solver(s), input/output (I/O) modules, communication system(s), control panel(s), and other critical components, including field instrumentation, to ensure they meet the design specifications provided in the SRS. The assessment also verifies that the SIS components are configured to fulfill their intended Safety Instrumented Functions (SIFs). Any discrepancies or gaps are identified and corrected before they can impact the SIS performance. A common misconception is that FSA Stage 2 can serve as a substitute for Factory Acceptance Testing (FAT) , where the SIS logic solver(s) hardware and software are tested in a controlled environment prior to field installation. In reality, they are complementary processes that work together to ensure system reliability. FAT tests the SIS logic solver(s) hardware and software, while FSA Stage 2 provides an independent assessment of these tests, ensuring the system is robust, meets all requirements, and is ready for the field installation. Proper documentation is the backbone of an effective FSA. In addition to reviewing the output of the FSA Stage 1, the FSA Stage 2 will review the documentation developed during the SIS design and engineering. One of the most important aspects of the FSA Stage 2 is to confirm all the findings from the FSA Stage 1 are addressed. By verifying that all findings from previous stages are documented and addressed, teams can maintain continuity and avoid costly delays ensuring that the SIS evolves smoothly from design to implementation and beyond.   What is the Stakeholder Involvement for an FSA Stage 2? FSA Stage 2 is a team effort, and results are highly dependent on the involvement of key personnel including the following essential roles:   Table 2: Roles & Responsibilities Role Responsibilities PHA  and LOPA Leader Ensures that the outcomes of the hazard and risk assessments are accurately reflected in the SIS design and engineering. Operations Representative Verifies the practicality and effectiveness of their operational processes implemented in the SIS design and engineering. Maintenance Representative Assesses the maintainability and testability of the SIS, ensuring that future maintenance needs are considered during the SIS design and engineering. SIS Engineer Oversees the technical aspects of the SIS, ensuring that all components meet the required specifications and performance standards provided in the SRS.   FSA Stage 2 | An aeSolutions Case Study Recently, aeSolutions conducted an FSA for a fired equipment modernization program which involved multiple thermal oxidizers/incinerators. The project faced several challenges, including inconsistent safety requirements and the complex integration of new SIS components with the existing systems. By conducting a thorough FSA Stage 2, the team identified and corrected design flaws early, preventing potential safety hazards and ensuring the SIS met updated regulatory standards and design requirements. The FSA Stage 2 process included a comprehensive review of the SIS design and engineering documentation including the FAT records and an independent assessment to ensure the new SIS equipment was ready for the field installation. The lessons learned from the first thermal oxidizer were applied to subsequent fired equipment, streamlining the FSA process and reducing overall project costs. This proactive approach not only enhanced safety but also fostered collaboration among the project engineering, operations, and maintenance teams, contributing to a more robust and reliable SIS. The success of this project demonstrated the value of performing a meticulous FSA Stage 2, particularly in complex modernization efforts. The insights gained have been integrated into the company’s standard procedures for future projects, ensuring that similar initiatives can be managed more efficiently while maintaining the highest safety standards. The Takeaway Per the ISA / IEC 61511  standard, FSAs provide a five-stage, evidence-based investigation to judge the functional safety achieved by one or more SIS and/or other protection layers. FSA Stage 2 is the critical step in ensuring that the SIS is ready for field installation. By thoroughly verifying the SIS design and engineering, FSA Stage 2 helps to identify and address potential issues before they escalate into costly rework and project delays. It safeguards the integrity of the SIS, verifying that all components meet safety standards and are configured for optimal performance. This stage supports bridging the gap between design and construction, ensuring that all SIS components are aligned with safety requirements — readying them for the field installation. As organizations continue to adopt more complex and integrated systems, the value of a thorough FSA Stage 2 becomes even more critical — laying the groundwork for safer, more efficient, and ultimately more successful projects. Be sure to check out the next blog in our FSA series that discusses how an FSA Stage 3 confirms your Safety Instrumented System (SIS) is ready for operational use .

There are many devices (sensors, logic solvers and final elements) used in safety instrumented systems that are independently certified for use in safety applications to different safety integrity levels (SIL). There is considerable debate however whether fire and gas system hardware should have SIL ratings at all. Vendors are naturally interested in promoting independently certified hardware in order to differentiate their products. Considering the differences between safety instrumented systems and fire and gas systems, focusing on the SIL rating or performance of the actual fire and gas hardware alone is considered by some to be a misleading and questionable practice. This paper reviews a) the differences between safety instrumented systems and fire and gas systems, b) how typical voting of fire and gas sensors not only reduces nuisance trips (which is desirable) but also reduces the likelihood of the system actually responding to a true demand (which is not desirable), and c) why concepts and standards that apply to safety instrumented systems (e.g., SIL ratings) may not be appropriate for fire and gas systems . ​ Keywords: FGS, F&G, Fire and gas systems, SIL, Safety integrity level, ISA/IEC 61511 , certification Unlock this download with the form below:

Understanding a Dust Hazard Analysis (DHA) Following on from the first four aeSolutions blogs on the subject of combustible dust concerns , this blog provides another deep dive into the topic. We previously addressed the basic concerns around combustible dusts, many of the standards that address dust hazard guidance , and the properties and testing for combustible dusts ; potential ignition sources ; and potential safeguards . This article will build on those topics to pull it all together and review a commonly used dust hazard analysis (DHA) method. The Challenges | Dust Hazard Analysis (DHA) A Dust Hazard Analysis or DHA is an important method to assess the risk posed by ignition of combustible dusts. Companies handling highly hazardous chemicals (HHC) routinely conduct process hazard analyses (PHAs), but it is not common to encounter PHAs that thoroughly review combustible dust hazards or company internal standards that address combustible dust hazards. Many companies’ PHAs do not address combustible dust hazards in an organized manner or in a manner that complies with industry guidance on dust hazard analyses (DHA), if the dust hazards are reviewed at all. Why Would You Conduct a Dust Hazard Analysis For a Combustible Dust Process? There are several reasons, and the most obvious is to protect people, the environment, assets, and reputation from dust explosions and fires. Other reasons for a Dust Hazard Analysis (DHA) include: The OSHA general duty clause requires that, in addition to compliance with hazard-specific standards, all employers provide a work environment " …free from recognized hazards that are causing or are likely to cause death or serious physical harm. " A company may identify the need for a Dust Hazard Analysis on an existing combustible dust process internally due to this requirement. A dust explosion incident involving a dust with identical or similar properties to that in an existing process may occur. An industrial hygiene review of process dust or particulates may identify combustibility concerns. A PHA team may identify the need for a deeper dive into dust risks. A codes and standards review may identify NFPA 652 (Standard on the Fundamentals of Combustible Dust) as a needful standard for compliance. NFPA 652 is considered to be a Recognized And Generally Accepted Good Engineering Practice ( RAGAGEP ). An insurance company providing coverage for the facility may request it. How to Conduct a Risk-Based Dust Hazard Analysis A Dust Hazard Analysis is a focused method to improve facility safety by identifying combustible dust hazards and necessary safeguards associated with a process. There are variations across companies on how DHAs are conducted, similar to the many variations on PHAs that can be found in industry, but there are two basic approaches: a traditional approach based on an engineering analysis and standards compliance; and a risk based approach. Most companies opt for a risk-based approach and those basic steps are described here: Identify the relevant properties of a combustible dust (as described in part 2 of this series). Form a suitable team to perform the Dust Hazard Analysis, including a qualified facilitator. Determine which internal and industry standards apply to the Dust Hazard Analysis and educate team members on those standards. (There is a partial list of applicable industry standards in part 1 of this series.) Assemble or develop the process safety information that the Dust Hazard Analysis team will need, including equipment ratings, electrical area classification designations, dust data, safe operating ranges, operating procedures, housekeeping protocols, and current maintenance regimes, among other data. If there are existing mitigating safeguards (as described in part 4 of our Dust Hazard Analysis series ), data on those systems should also be readily available. With guidance from a qualified facilitator, the team develops the credible dust cloud and dust layer scenarios internal and external to the equipment. The team identifies the credible internal and external ignition sources for each scenario (as described in part 3 of our Dust Hazard Analysis series ). The team then assumes that an ignition occurs in each scenario and assesses and describes the potential unmitigated safety and environmental (and sometimes commercial and reputational) consequences. Guidance from a qualified facilitator is crucial at this step. The team then assesses the likelihood of occurrence of the credible ignition sources. Guidance from a qualified Dust Hazard Analysis facilitator is also crucial at this step. Risk ranking results and acceptance criteria vary from company to company, but typically the team then uses the consequence and likelihood to develop an unmitigated risk rank for each scenario. The team then assesses existing preventive and mitigating safeguards for each scenario, using those factors to determine the existing mitigated risk rank for each. When the mitigated risk ranking does not meet the risk criteria set by the company, then the team typically develops recommendations for additional engineering and/or administrative safeguards. The team may also need to issue recommendations to ensure that safeguards have sufficient specificity, independence, dependability, and auditability, similar to Layer of Protection Analysis (LOPA) independent protection layers , if that is a company expectation. Finally, the facility follows up on the Dust Hazard Analysis (DHA) recommendations. If this process sounds a great deal like a HAZOP study to you, then you are right on target. It is also a common practice for companies to adapt their LOPA methods to be suitable for Dust Hazard Analyses for the higher consequence scenarios. It is generally a feasible task to adapt or develop HAZOP and LOPA software templates to be suitable for DHAs. It can even be done in spreadsheets or word processing documents in case of need, though this type of documentation is a little more difficult to initially develop. An excellent reference for those who wish a deeper dive into DHA methods is Guidelines for Combustible Dust Hazard Analysis , 1st Edition, 2017, by Center for Chemical Process Safety, published by Wiley-AIChE available on-line from your favorite technical bookseller. The Risk of Dust Hazards Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood. Even if you have a good-quality PHA, it may not delve deeply enough into the combustible dust topic in accordance with NFPA 652. NFPA 652 states that existing processes and compartments (e.g., building compartments) shall have a completed DHA by September 7, 2020 (¶ 7.1.1.2) and that the Dust Hazard Analysis shall be reviewed and updated at least every five years (¶ 7.1.4). Are you in compliance? Are you positive your site is managing its combustible dust risks in all phases of operation well enough to prevent a serious explosion? The Takeaway - Dust Hazard Analysis (DHA) If you have not previously taken a deep dive into the combustibility properties of your particular dust(s) and completed a Dust Hazard Analysis at your site, now would be a good time to do so. If you do not have the right expertise in your staff to assess dust hazards, consider engaging a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful analysis with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Written by Judith Lesslie, CFSE, CSP AIChE Webinar: Combustible Dusts and Dust Hazard Analysis: Assess Your Risk presented by Judith Lesslie - Senior Principal Specialist - aeSolutions

Houston, TX - February 20, 2024 - a eSolutions, a leading consulting, engineering, and systems integration company specializing in industrial process safety and automation products and services, announces the opening of its newest office located in Houston’s Energy Corridor. The relocation is part of the company’s aggressive  strategic growth plans and will serve as a hub for its operations in the Gulf Coast region.   The new office will allow aeSolutions  to enhance its service offerings in the energy sector, providing localized client support and strengthening relationships with key industry partners. The Houston Energy Corridor, renowned as a global energy hub, offers an ideal location for aeSolutions to engage with a wide range of markets, including traditional and alternative energy sectors, agribusiness, metals, chemicals, and petrochemicals.   Chris Neff, Senior Vice President, Project Development for aeSolutions, explained, "Houston continues to be a crucial market for aeSolutions because of its concentration of client operations and its significance in the energy sector as well as many other growing market sectors. We believe growing a regional presence from  Houston will allow us to serve our clients better."   The Houston office will provide a variety of expertise and services tailored to support aeSolutions' clients in the region. These services include project development and execution, focusing on fired equipment, alarm management, process safety management, and safety instrumented systems.   "We aim to offer project solutions to our clients in Houston and the broader Gulf Coast area, helping them navigate complex safety issues and enhance their operations to drive client success," Neff added.   As part of its outreach, aeSolutions invites interested parties to schedule introductory meetings to learn more about its services and explore potential job opportunities in the Houston area and nearby Gulf Coast regions.   For more information, visit www.aesolutions.com or contact Chris Neff at houston@aesolutions.com .   For job inquiries, please email resumes@aesolutions.com .   About aeSolutions   In business since 1998, aeSolutions is a consulting, engineering, and systems integration company that provides industrial process safety and automation products and services. They specialize in helping industrial clients achieve their risk management and operational excellence goals through expertise in process safety, combustion control and safeguarding, safety instrumented systems, fire and gas, control system design and integration, alarm management, and related operations and integrity management systems. For more information, visit www.aesolutions.com .

In the world of employment policies, there is a magical two-word phrase that suddenly changes one key policy (the infamous dress code) into something completely different: “casual day.” The casual day is a specific time when employees are allowed, and sometimes encouraged, to dress in a more casual, relaxed, and laidback style than the normal dress code calls for, and is generally seen as a fun way to break from the norm. At aeSolutions, we have our own version of the casual day every Friday. On these days, employees who aren’t meeting with clients or working at a job site may wear jeans and a more casual shirt to the office. Occasionally, this can lead to some funny discoveries about an employee’s fashion sense, or propensity to go clothes shopping at the same stores (check out the picture of Ken and Josh, who came in as accidental twins a few weeks ago!), but overall it’s appreciated by everyone as a way to relax as we close out another fast-paced week. This tradition started in our Greenville, SC headquarters, but as the company has grown and expanded into Texas, Alaska, and beyond, it’s been fascinating to watch how our “dress down” Fridays have been incorporated into each office. Our Greenville office, which has an average January temperature of about 50 degrees, is where you’ll usually see the most t-shirts year-round. During the college football season, all the shirts in the office seem to change color at the same time, and it’s not uncommon to see clusters of Clemson Orange or University of SC Garnet & Black take over some of our conference rooms. Meanwhile, over in our Houston office, polo shirts (the unofficial uniform of engineers everywhere) tend to come out in full force when Friday rolls around. Given the heat, we’ve recently even incorporated a system where employees can contribute to fundraising efforts for the Leukemia & Lymphoma Society in order to earn a “shorts day” – which is much appreciated in the middle of summer! The Anchorage office has its own unique take on the day. Some of our Anchorage staff actually start the week at the exact opposite end of the spectrum, wearing ties on Monday (not required by our dress code!) This makes the eventual “dress down” on Friday all the more visible. For most of the year, these days are accompanied by a sea of flannel taking over the office. For a rare handful of weeks in the summer the odd short-sleeved shirt will make an appearance, but those usually disappear before September and the season’s first snow. Regardless of the office you’re in, our casual Friday has become an important part of the aeSolutions culture. We have fun with it and get to show off what snazzy dressers we can be while staying focused on continuously improving the process safety performance of our clients. If you’re interested in exploring whether aeSolutions is the right fit for you, you can view our open positions at www.aesolutions.com/careers . ---------------------- aeSolutions Corporate Culture: https://www.aesolutions.com/corporate-responsibility Individual Employee Spotlights: https://www.aesolutions.com/employee-spotlight