Effective functional safety: Products, people, and places

It is important for those working in any industry to know their role in making sure operations are conducted with the highest level of functional safety to protect people, products, and places.

By Intertek Functional Safety June 16, 2016

If someone were to ask you if you’ve taken the proper measures to ensure the safety of your facility and those in it, what would you say?

It is important for those working in any industry to know their role in making sure operations are conducted with the highest level of functional safety to protect people, products, and places.

As generic as the term sounds, "functional safety" is a specific discipline involving the planned reduction of risks through automated safety systems. These safety systems usually consist of a sensing element, a logic processor, and an actuator. System relationships play a crucial role in any operation; however, they take on particular importance in the oil and gas industry, as any failures can have dangerous and even catastrophic consequences on facilities, employees, and the environment around them.

To ensure you’re taking the right steps to address all aspects of functional safety within your facility, there are three areas where you should dedicate your focus when developing a functional safety program-personnel competency, product certifications, facility level design, operation, and maintenance.

While functional safety requires the cooperation and due diligence of everyone involved in an operation, the responsibility for a program’s implementation, and ultimately its effectiveness, falls to three groups: management, buyers, and engineers. It is up to these individuals to see that a program is developed, managed, that the right specifications are put in place, and that the system designed will operate as intended.

Management requirements

One of the most important steps, although often overlooked, is management’s role in implementing a functional safety program. Any effective program starts at the top, and there are measures that management must take to set the foundation for a safe working environment.

It is management that has the initial responsibility of developing the program and seeing that it is run by competent personnel.

Personnel competency begins with management identifying those personnel that will be responsible for managing functional safety and making certain that those individuals are competent to perform the tasks assigned to them through knowledge, experience, and training.

Once those personnel are identified, a risk assessment should be conducted and a safety plan put in place that defines required activities. The risk assessment will identify any hazards that may exist, while the safety plan outlines the requirements to perform a task or process in as safe a manner as possible.

After a risk assessment is conducted and a safety plan developed, management should see to it measures are in place to provide quick and satisfactory resolutions for the recommendations made in the risk assessment, that there is an effective way to audit compliance with safety requirements, and that those safety requirements are realized into actual engineered systems.

It is crucial that management understand that for a program to be effective, it must not only be implemented but managed throughout the lifecycle of any component, machinery, or system. Taking these step ensures that a functional safety program does not stop with the development of a plan but is continuously managed, audited, and updated to make certain that the proper safety controls are in place and operating properly.

Safety requirements specification (SRS)

After management has identified a functional safety team and conducted a risk assessment, the process then moves into Safety Requirements Specification (SRS). It is in the SRS where it becomes the responsibility of the buyers to assess what equipment needs to be purchased to meet the requirements of the safety controls identified and that the correct specifications are in place for each safety control.

The SRS is where product certification comes in, going further into the details of safety functions and controls with the goal of specifying the requirements for each Safety Instrument System (SIS).

An SRS should include concrete descriptions of each safety related function to be implemented. If there are safety requirements that do not originate from the risk assessment, the basis of those requirements should be identified within the SRS. Every piece of equipment should have a safe state of the process and safety functions defined for each of its operating states (e.g., startup, normal operation, maintenance, etc.).

Once decisions have been made on the safety functions for each piece of equipment, performance requirements (e.g., speed, accuracy, etc.) should be established for each of those functions.

In addition to the performance requirements, a determination must be made as to the required Safety Integrity Level (SIL) for each safety function. The SIL determines the effectiveness of a safety control in mitigating an associated risk. SIL levels range from a SIL 1 to a SIL 4; SIL 1 being the lowest level of effectiveness such as personal protective equipment and SIL 4 being the most effective with the elimination of the hazard.

If, for example, a safety control is put in place that achieves SIL 3, it has reduced a particular risk by a factor of 1,000 to 10,000. A SIL 3 safety control would usually come in the form of an engineering control to isolate personnel from the hazard. It is rare in the oil and gas industry for an application to employ a safety function which requires SIL 4, as this risk is usually cause for re-design. It should also be noted that SIL levels for specific applications should be developed based upon knowledge of each application.

Along with the more general safety controls that may apply to an entire operation, there are specific considerations for certain safety controls. Sensor inputs should be defined with regard to criteria such as range, electromagnetic interference limits, accuracy, and bandwidth, while outputs should be defined in terms of accuracy update, frequency, and range, among others.

The operation and implementation of resets for each input and output should also be well-defined, as well as the operation of bypasses or overrides. In addition, the operator interface should be defined in terms of data display, alarms, and so on.

The SRS requires that any local or application-specific regulatory requirements, such as IEC 61511-1, be considered when assessing safety controls, as wells process common cause failures such as coating, corrosion, or plugging.

An effective SRS must take into account not only regular operation, but also what happens when something goes wrong. Those responsible for the SRS must ensure that in the event of a system failure, sufficient information and means are available for the operator to assume safe control.

Conceptual SIS design

Once the appropriate steps have been taken in the SRS, the process then moves into Conceptual Safety Instrument System (SIS) Design. It is here when engineers must determine if the system that has been designed will operate as intended. The largest element in Conceptual SIS Design is an analysis of each safety function. The first task is to determine if safety functions are being handled by a system separate from the process control, and if not, there should be documented justification.

SIL levels also play a large role in Conceptual SIS Design as it should be verified that the performance of each safety function has been analyzed and documented quantitatively to ensure that it meets its required SIL. If a safety function does not meet its required SIL, it should be documented within the Conceptual SIS Design as to the justification for the system configuration. In addition, if multiple functions are being performed with the same logic solver, the shared components should meet the highest SIL requirement.

Along with the SIL requirements, an assessment should be conducted to assess the status of the technology and level of redundancy selected for each safety function, and if selections have been made, those should be identified. Each safety function should also have its own manual test intervals, and each of those intervals should be justified. If any noncertified equipment is being used, proven-in-use criteria should be established for each piece of equipment.

Taking these steps to assess potential hazards in your facility, determine the safety controls necessary to mitigate them; selecting the personnel with the competence to carry out these steps will lay the groundwork for an effective functional safety program.

Intertek Functional Safety is a CFE Media content partner.