Most people in the oil and gas industry will be aware of the term “functional safety”.
However, apart from those directly involved in the functional safety lifecycle, namely Instrument and Control, Technical Safety and Process Engineers, there is a general lack of understanding of why it is required and how it is achieved.
Where process systems have the potential to cause harm to life or the environment, operators are required to manage and reduce the risk to a level that is As Low as Reasonably Practicable (ALARP).
International Standard IEC 61511, Functional safety – Safety Instrumented Systems (SIS) for the Process Industry Sector, provides guidance on the management, planning and verification of the Functional Safety Lifecycle Activities: Hazard identification, specification, design, installation, validation, operation, maintenance, modification and decommissioning.
An SIS is a combination of one or more safety functions designed to operate independently of the Basic Process Control System (BPCS) and when required will take a specific action to maintain the process in a safe state.
A lack of understanding coupled with the potential complexities of applying the 61511 standards to legacy system brownfield modification has created for some an almost unwillingness to engage in the Functional Safety process.
However, if engaged the IEC61511 life cycle approach to managing safety system design and reliability provides a structure to quantifying the risk and a numerically consistent method of engineering an appropriate solution.
Historically, safety systems were designed according to established industry practice.
However, only the safety system controller was designed and certified for safety applications. Most of the peripheral equipment, for example field devices, were generally of a standard design.
The requirements of IEC 61508 were adopted by equipment manufacturers who now also produce field devices certified specifically for use in safety systems.
Safety functions for similar process systems on different assets can have varied integrity requirements. The variances can be attributed to several factors: Company specific operating & performance standards, exposure levels, process inventory, age of the asset and the experience of the team assessing the risks.
The methods for assessing the protective system integrity – RGA, LOPA and Fault Tree – are well defined and understood, however the output of these assessments can vary across the industry.
Without a broader discussion about how different organisations apply the tools or how specific risks are addressed, the accuracy and reliability of these assessments will remain an issue.
Katoni Engineering has provided expertise and assistance to several clients in their efforts to address gaps in their Safety Systems relative to the requirements of IEC 61508/11.
This has taken the form of detailed documentation review, process safety time to event studies, LOPA, RGA, PFD Calculations, SRS development, SIS design, verification & function safety planning.
As safety systems evolve to meet the demands of the information age, new weaknesses are exposed. The threat from cyber-attacks comes with a new set of risks, which need to be understood and managed to ensure the ongoing reliability of the SIS is maintained.
We are passionate about leading the conversation around functional safety, working with our clients to develop methods and techniques to address gaps, learn lessons and share opportunities for improvement across our client base and the wider industry.
This is why we are looking forward to working with Energy Voice on leading this important industry issue.
It can be easy to forget that functional safety is not about making numbers fit, it’s about keeping people safe and taking the time to design it correctly can save more than lives.
It also protects the environmental, reputational and financial wellbeing of operators.
Paul Gill is principal instrument and controls engineer at Katoni Engineering