Treating the causes not the symptoms

07 October 2017

Learning from your mistakes can be expensive in the processing industry. Implementing a Functional Safety Management system allows failures to be anticipated and avoided.

Figure 1: An FSM is based on the safety life cycle as defined in DIN EN 61511.
Figure 1: An FSM is based on the safety life cycle as defined in DIN EN 61511.

Cutting corners on safety to reduce costs in the processing industry can be a very costly mistake. The devastating Gulf of Mexico oil spill was a direct consequence of the Deepwater Horizon oil platform explosion. One of the main factors that contributed to the explosion was the sealing of the bore hole: despite warnings, a cheaper solution was adopted that involved a higher risk of escaping gas. Take heed; in all plant construction, whether for the chemical industry, for firing technology or for incineration systems, systematic hazard assessment is essential.

There are clear legal requirements regarding the implementation of functional safety measures. In Germany, for example the Industrial Safety Regulation obliges operators of plants requiring compulsory monitoring to ensure the safety and protect the health of their employees. It lays down clear guidelines on hazard assessment and protective measures, and names the elements of infringements and criminal offences. Nevertheless, for reasons of cost many safety measures are not implemented at all, or are only implemented half-heartedly. Other stumbling-blocks are a lack of knowledge on the topic of functional safety, or confusion about navigating complex standards and guidelines. 

Establishing a Functional Safety Management (FSM) system can help avoid major safety risks, and on a smaller scale can reduce downtimes.

FSM is a systematic procedure that can help to avoid potential failures even at the stage of plant planning and development. The failures that occur in a plant can be generally divided into two groups – stochastic and systematic. Stochastic failures occur by chance and are not able to be prevented beforehand. One example is the unforeseeable failure of an electric component. If something like this occurs it is a case of minimising the damage that could be caused by malfunction, and ensuring sufficient safety in advance by redundancy concepts. While Stochastic failures cannot be prevented in advance, systematic failures can be recognised beforehand and their consequences are foreseeable. For example, an error in the instructions for inspecting a protection system results in an inspection that is wrongly carried out. The intended function of the protective system is not ensured and as a result there may be damage to the plant, to the environment and, in the worst case, to people.

Systematic failures therefore need to be anticipated and avoided. A study by the Health and Safety Executive (HSE) demonstrates that this is worth doing. In the UK the HSE regulates major areas of health and safety at work. The study investigated 34 accidents that caused substantial damage, and came to the conclusion that more than 60% of these failures were built into the plant before it was commissioned. Around 25% of failures arose through installations or changes made after commissioning. Only 15% of the failures that occurred had a stochastic cause.

The main cause of systematic failures is generally humans, so it is important to support people during the planning and implementation stage, in order to avoid these errors – which are mainly down to the management – as effectively as possible. This is where FSM systems help. They are based on legal regulations, guidelines and standards. An FSM system is built on the ‘safety life cycle’ as defined in DIN EN 61511. Figure 1 shows all the stages of hazard and risk assessment, from planning to commissioning and ending with decommissioning. Right at the beginning, people responsible for each of the total of eight phases are defined in a safety plan. In each of these phases the FSM system uses two main instruments: process definition (left-hand bar: Management and Evaluation of Functional Safety) and control of whether the process definitions are actually adhered to (right-hand bar: Verification).

Figure 2: Excerpt from a style sheet for Phase 1 of the safety life cycle for verification of the activity concerned. (supplied by Rösberg).
Figure 2: Excerpt from a style sheet for Phase 1 of the safety life cycle for verification of the activity concerned. (supplied by Rösberg).

Process definition and control
Process definitions are created for each individual phase of the safety life cycle. For each phase the hazard level is also defined. That in turn influences who should perform verification. Where the hazard level is low, this can be done by employees within the company, but the higher the hazard level, the more independently the verification must be conducted, and for extremely dangerous processes the ‘four eyes’ principle applies. The question of who is allowed to verify which processes is decided not only by independence, but also by competence. Both specialist qualification and professional experience in the particular area play an important role here.

Style sheets similar to quality management sheets are used for control. With these specially prepared lists, potential causes of failure can be systematically checked. When compiling these checklists for a particular plant, specifications from various standards can mainly be used. Individual adaptations are only necessary in a few cases. The aim of the catalogue of questions in these style sheets is to eliminate all possibilities for different interpretations as to whether, and how, tasks have been carried out. Figure 2 shows an example of an excerpt from a style sheet for phase 1 of the safety life cycle for verification of the task concerned. After each phase a note is made of whether all tasks have been performed in compliance with the rules. Only then will the Safety Manager give his ‘all clear’ for the next step.

Improving safety at work
Andre Günther, product manager for Functional Safety at Rösberg Engineering says that increasing safety is often thought to mean doing without freedom and flexibility. “This, however, is exactly what FSM is not trying to achieve,” he said.  “A well-set-up FSM system helps users to develop the best and safest solution as simply as possible.” Günther and his colleagues support plant constructors and operators in all tasks involving functional safety and also help with the integration of an FSM system. Plant operators who have previously installed a quality management system according to DIN EN ISO 9001 are already part of the way there. Günther explains: “The departments and their employees are then already accustomed to defined processes and the use of style sheets. And individual processes are already in place, such as e.g. steering and document revision.” The Rösberg team help with the integration of quality management (QM) and FSM systems by defining relevant interfaces. The company has developed its own style sheets verified by the TÜV (German safety and standards institution). These can be made available to the customer after consultation. Günthers sums up: “Although the legal requirement for functional safety is clear, many people still hesitate to adopt an FSM system. By providing services in this area, we want to help lower the inhibition threshold so that implementation becomes straightforward, feasible and preventative – and people are not forced to learn from their mistakes when it is too late.

Print this page | E-mail this page