25 January 2012
The speaker considered lifecycle and project related risks and looked at some of the most commonly met challenges using real-life project experience.The IEC 61508 standard defines safety as ‘freedom from unacceptable risk,’ which accepts that absolute safety can never be achieved – risk can only be reduced to an acceptable level.This requires an understanding of the nature of risk to enable the most appropriate action can be taken to manage it. The most significant risks to safety facing an operation can include:• Lack of a safety culture – this should be published by management and actively promoted.• Obsolete safety systems – systems may no longer be supported by the vendor. Functionality could be a limiting factor or spares may be difficult to obtain.• Equipment failure – equipment failures may indicate they are not fit for purpose or poorly maintained. • Human factors – Human factors or error may be an issue due to poor design or some other aspect.• Lack of training – Roles and responsibilities should be clearly described but the level of competence may have a shortfall that is not being addressed.Safety-related projects are more involved than other types of projects. There are additional mandates to perform engineering activities that would not be required on non safety-related projects. IEC 61508 and IEC61511 are some of the applicable standards and these are generally specified in conjunction with other published standards and end user specifications. The IEC standards are not ‘how to standards’. They do not tell you how to do something or what equipment to use. This is an important point because there are different technologies that can be applied in different ways. Projects are often guided by other aspects, such as availability of space, phased turnarounds, short duration shutdown periods and finance. However, the standards do set out the approaches for all safety lifecycle activities and provide requirements for functional safety management throughout the lifecycle. Many activities are covered in the lifecycle over a long period of time and require a range of knowledge, competence and resources. Most activities are also iterative so, throughout the operational period, modifications will require earlier activities to be revisited. Also, if the project is a greenfield site or large scale plant upgrade or expansion, then engineering contractors are generally involved. These contractors will engineer the design basis of the Safety Instrumented Systems (SIS) to meet end-user requirements and specifications. Where the project does not include engineering contractors then the same would be true of the selected vendor.On smaller scale brownfield or upgrade projects then end users will normally deal directly with the vendor companies.ConceptDuring the concept phase of a project risk assessments, HAZOP studies and layer of protection analysis take place. These involve multidisciplinary teams identifying potential hazards and operability problems. From this the desired risk reduction factors and strategies are developed. Involving all key stakeholders in the earliest stages of the project can help to identify risk in various functional areas that may be affected by the project or that may affect the project itself. DesignAs far as the design element of the safety lifecycle is concerned, establishing the design basis and having all necessary previous management of change activities completed is critical to identifying project risks. These must be in place otherwise it can lead to greater risk for the project in terms of timescales and budgets and can impact on operational safety further in to the lifecycle. This includes a need to understand any restrictions on the chosen technology and this will be defined in product safety manuals.Management and accountability is also critical and safety leadership from the highest management level cannot be over emphasized. If lacking, this can expose higher degrees of risk. It is also important to understanding who will be accountable for what aspects of the project – and make sure that the right parties are assigned.As an example, the speaker offered a personal experience from a plant expansion project. He said: “The company had decided to retain some elements of scope and part of this included free-issuing some of our equipment to a sub-contractor to include in their marshalling cabinets. The sub-contractor was not familiar with the equipment and ended up connecting the wrong system cables to the wrong termination assemblies – when the coding pins did not fit they re-coded them to force the fit which presented a potential safety hazard.“This exposed the project to potential financial and schedule risk as equipment damage, whether electrical or mechanical, could have required replacement equipment to be purchased and these may have been long lead items.” In this example the safety system supplier should have also been responsible for this part of the project because they hold the most knowledge about the equipment. Carefully planning the execution of a project will ensure that risks are identified early on and taken into account. They also embed a mindset of expecting the unexpected and having alternative plans in place. The necessary quality assurance plans and safety plans also need to be put in place. Again, these are followed to provide traceability in design and help manage risks.The development of the ‘Safety Requirements Specification’ is one of the more important activities of the whole safety lifecycle, showing how the user wants the Safety Instrumented Functions (SIFs) to be designed and integrated in to a Safety Instrumented System (SIS). This specification is also the main reference point that is used in the final validation that all the SIF requirements have been satisfied. In projects that involve a major change or upgrade that affects a SIS, activities generally begin with a detailed site assessment to survey the existing systems and retrieve as much data, in terms of drawings and documents, as possible. The basis would be to verify any ‘as built’ information, provide a complete understanding of the installation, establish the requirements for engineering of the upgrade or replacement systems and establish any constraints on the upgrade or replacement system.Location of the site plays a big part in the survey. An onshore facility with offices close to the site enables initial surveys to be done and allows for this to be easily supplemented with follow up surveys, allowing to operators become familiar with the site and the project team. In comparison, on an offshore location, it not as convenient to get back onsite and has the obvious additional logistical considerations. Establishing the design basis can also be affected by the nature of the project or by the installed equipment. In a project in the Netherlands, the speaker was in the unique position of providing systems for the same end user on two sites. One being an expansion project and the other being a greenfield plant. This did not impact on any ongoing activities but did ensure that design aspects were in place early on, familiarity with the equipment was gained and typical loops and HMI templates were developed.This key stakeholders principle can be expanded to vendor resources. Early involvement in the design phase, where a vendor engineer is resident in the design team can reduce later risk. Another consideration is how to establish the functional requirement of the system. In cases where the system to be replaced is programmable then it is possible to retrieve an application download to form the reference point. In cases where the system is hardwired or relay based this is not possible and it will be necessary to go back to the site assessment to validate drawings and documents are ‘as built’.ImplementationCorrect specification and design will minimise project risk by ensuring that implementation proceeds unhindered. Communication is critical in any project and still tends to be at the root of most problems. Factory acceptance testing on a Romanian project, for example was halted after three days set up, because the communications mapping had been configured differently.In this project, the end user had a DCS from one vendor and a safety system from another and took it upon themselves to do the communication between all parties. This was not simply a miscommunication – the two parties had never been put into contact nor had they any reason to foresee a problem. It took six weeks to rectify the problem. It is essential that, where there are multiple vendors, one needs to be assigned as lead.Human factors and errors continue to be one of the biggest contributors to safety incidents. Operational changes, manning levels, training and competence, shift handover, fatigue, communications are just some. However, human error should be seen in a more constructive way based on situation and is a management responsibility. Handover procedures, for example, are used where operators coming on shift have to be aware of the overrides currently applied. HMI also design needs to be clear and concise to minimise misoperation. Proactive lifecycle management will reduce exposure to risk and prolong the system life expectancy at maximum efficiency. It will also further prolong the return on initial investment and retain intellectual property. Vendors should provide lifecycle guides on their products to allow end users to plan activities for routine turnarounds to ensure that the systems are proof tested and to make best use of technology advances.If the system is not actively managed, then the competence level of the people maintaining the system may reduce over time with lack of familiarity. Recovery from a critical situation may depend on training and if that has lapsed then again human error may expose additional operational risks.A petrochemical site in Saudi Arabia undertook a complete rack room bulldoze and rebuild, replacing 4000 DCS and 2000 ESD IO in a nine-day period, following a 18-24 month development. The planning of this nine-day period, where a large team of people were engaged and 24x7 working shifts, was impeccable. The extensive planning that had taken place was a big factor in the success of the project. It is also important to plan for sufficient time to undertake testing, particularly where there are multiple nodes or multiple vendors or multiple interfaces.OperationPlanning for lifecycle management, maintenance activities and document management is another common challenge. Scheduling of safety critical device maintenance is part of the end users overall safety management system. Safety critical devices should be identified with care, and policies developed to ensure they are in service and operating correctly. Document management is part of this and good housekeeping is important. Use of up to date processes, procedures and drawings and documents is critical to plant operations, particularly when those drawings and documents form part of the design basis for future projects. Continual improvementContinual improvements are key to further reducing risks in projects and further enhancing safety leadership and management. Engineering tool sets are available to support the activities in the safety lifecycle and for back documentation exercises.In the case of Triconex Upgrade projects, MSW to TS1131 auto translation negates any possible human error in interpretation of existing application software and coding errors. State transition modelling tools can be used to generate complicated sequences and for reverse engineering of systems where information is limited. This results in the auto-generation of application logic and negates human coding errors, providing a higher level of confidence when going into factory testing and can be used to support change management.Real-time risk exposure tracks a plant or units operating risk profile and compares it to the designed risk profile. This is then used to indicate deviations. Contingency plans give operators expert information, allowing them to deal with operational issues as they arise. This also provides for intellectual property retention and re-use.Enabling a mobile workforce – with handheld devices, synchronised to provide maintenance activities and schedules, including those for safety critical devices – can also provide mobile access to up to date documentation, processes and procedures, helping to reduce the impacts from human error and can assist with emergency preparedness and evacuation. “Development of leading and lagging key performance indicators, with dashboard type interfaces, can help with monitoring and measurement for continual improvement while operator training enhances competence and motivates towards good performance, offering a big contribution towards the achievement of safety goals.
Print this page | E-mail this page
This isn't a paywall. It's a Freewall. We don't want to get in the way of what you came here for, so this will only take a few seconds.
Register Now