Process Safety

How to achieve effective process safety

Automation systems and people can work together with a corporate safety culture in place that emphasizes zero-risk tolerance and proper understanding of engineering principles such as using proper alarm management strategies and systems, regulatory procedures and industry best practices

By Scott Hayes August 6, 2021
Courtesy: MAVERICK Technologies

In industrial environments, a safety risk can happen at anytime, anywhere, due to a combination of factors. Process upsets can be triggered unexpectedly by equipment malfunctions or other issues. If equipment fails and alarms go unnoticed or warning signs aren’t heeded, the potential for risk can be huge. A facility unable to maintain steady-state control automatically during normal operation is an accident waiting to happen.

Preventing safety risks depends on effective process control and the people running the operations. Both must seamlessly work together for facilities to safely operate. For industrial personnel, it starts with a safety mindset ingrained in the corporate culture.

Building a safety culture

A safety-conscious culture requires taking advantage of every opportunity to emphasize and reinforce a safety mindset—an attitude of zero-risk tolerance where complacency is not an option. No one wants to see someone get hurt—or worse, or the negative impact on production, the environment or a facility’s assets and reputation.

The top priority is placed on keeping people and surrounding communities safe. Industrial safety begins at the corporate level and cascades down to all employees. The following should be part of every company’s safety culture:

  • Communicate internal policies and implement process control safeguards and action plans.
  • Invest in training, equipment repair and replacement.
  • Follow applicable laws and regulatory compliance.
  • Leverage industry standards and guidelines (e.g., IEC 61508 and IEC/ISA 61511).

Taking the safety culture further, companies should incorporate upfront safety assessments and risk analysis of existing automation systems and processes to determine the tolerable and intolerable risks. “Tolerable risk” is the benchmark that facilities use to determine their relative safety strategy. This is an important discipline to reduce the risk of liability. It’s also a great opportunity to review key areas to see whether the facility’s automation, safety systems and personnel work together to ensure safe and secure operations.

Figure 1: An effective basic process control system (BPCS) is the most critical layer of protection. It has automated safety layers designed to prevent accidents. Courtesy: MAVERICK Technologies

Figure 1: An effective basic process control system (BPCS) is the most critical layer of protection. It has automated safety layers designed to prevent accidents. Courtesy: MAVERICK Technologies

Automated safety layers

An effective basic process control system (BPCS) is the most critical layer of protection (see Figure 1). It has automated safety layers designed to prevent accidents. A BPCS runs the process, identifies abnormal situations and sets off an alarm or takes other actions. It should be able to compensate for most abnormal situations.

Another common safeguard is a safety instrumented system (SIS), which must intervene if a process goes beyond safe control limits. If a BPCS ages or lacks regular maintenance, incidents start to frequently escalate, and the importance of an SIS becomes even greater. When personnel often depend on the SIS to handle routine upsets and frequent SIS trips become increasingly noticeable, it’s time to take a hard look at the BPCS.

For a review of a safety system, a process hazard analysis (PHA)/hazard and operability (HAZOP) study or other audit is performed to determine any remaining safety-related issues or to identify those situations or other potential system failures that could cause an accident or issue. The SIS layer is designed to minimize risks identified as unacceptable through the HAZOP study. It is comprised of independently-operating safety instrumented functions (SIFs).

As the BPCS is considered the first layer of protection in a well-designed and maintained facility, most SIFs are specifically designed to be low demand (i.e., called upon no more than once per year), with frequent use to be avoided. For example, if an SIF is handling situations every day versus once a year as it was initially designed, the BPCS needs attention.

Relying on the SIS as the last line of defense is not a sound strategy as machines and alarms can only take on so much of the risk. At some point, an operator may have to take over and it should be very clear what they should do and when.

In addition to the BPCS and SIS, there is an additional line of defense: the operator. If the operator is notified by an alarm, has consistent instructions on what to do and enough time to do it, an operator response to an alarm (OPR) can be credited as a protection.

To minimize risk in these instances, operators must have a full understanding and knowledge of company-wide safety policies, strategies and initiatives, along with proper alarm and system training. Trained operators are the key to maintaining the integrity of the BPCS and the SIS’s automated safety functions. If a BPCS or SIS is giving off a warning signal and it’s ignored, or the operator is not properly trained to identify its warning signs, it defeats the purpose of having system safeguards.

Operators, alarms and HMIs

A proper alarm management system and training is critical to ensure operators accurately respond to incidents. Improper alarm management leads to unplanned downtime, contributing to billions of dollars in lost production every year, and the potential for a major industrial incident.

An alarm system tells operators about disruptions the BPCS cannot adequately handle automatically (see Figure 2). An operator response is then required to fix or mitigate the problem. Every alarm is defined upfront and has an associated operator response, and the operator needs to know the appropriate action.

Figure 2: An alarm system tells operators about disruptions the BPCS cannot adequately handle automatically. Courtesy: MAVERICK Technologies

Figure 2: An alarm system tells operators about disruptions the BPCS cannot adequately handle automatically. Courtesy: MAVERICK Technologies

A common problem for operators is having too many alarms annunciated during a facility upset, known as an “alarm flood.” Alarm floods, chattering or an excessive number of active alarms reduces the chance the OPR alarm will receive the attention needed. Alarm response procedures should be clear and easily accessible—ideally in the human-machine interface (HMI)—so operators can respond quickly and effectively.

Today’s high-performance HMI (HP-HMI) graphics help operators identify alarms using grayscale screens with consistent colors or shapes. Operators, however, should still be trained on critical alarm elements and other piping and instrumentation diagram (P&ID) symbols and be able to recognize and respond to abnormal situations. They also should have a clear understanding of what’s happening with the facility’s systems and processes.

For regulatory compliance purposes, the ISA-18.2 standard requires facilities to perform an audit and create a comprehensive assessment that defines the criteria for rating an alarm’s severity and urgency. The assessment evaluates the alarm system performance and work practices used to administer the alarm system. Periodic reviews of how frequently OPR alarms have been triggered along with the timing and accuracy of the associated operator response reveals gaps not apparent from routine monitoring and allows personnel to identify necessary improvements.

With an alarm philosophy (i.e., basically a set of guidelines) in place, facilities can follow the set of criteria to design, develop, implement, modify, manage and continuously improve and maintain alarms. Alarm response procedures also can be developed and specific information on each alarm can be embedded within an HMI to help operators respond quickly and safely mitigate abnormal situations.

Using alarms as safeguards for process control safety risks increases their importance and adds another dimension of importance for performing proper alarm management. Alarm management should be part of a facility’s continuous improvement program and incorporated into any equipment updates or legacy system migration projects. Proper alarm management becomes more imperative than ever.

Seamless automation

To ensure the safety to all in a facility and the surrounding communities, it is best to look at the larger automation picture from a holistic perspective and perform an analysis of systems and processes that are in place. The process is a huge undertaking and may require help from a third-party automation solutions provider who can combine process and automation knowledge with upfront SIS analysis and improvements, along with alarm management expertise. External help also comes in handy when operators need to be trained in understanding the larger safety picture and tolerated risk levels.

Automation systems and people can work together with a corporate safety culture in place that emphasizes zero-risk tolerance and proper understanding of engineering principles such as using proper alarm management strategies and systems, regulatory procedures and industry best practices. When all these are combined, companies can control identified safety risks and hazards and achieve effective process control.


Scott Hayes
Author Bio: Scott Hayes is a program manager at MAVERICK Technologies. He has 20 years of experience in process control. He is a licensed Control System Engineer and a TUV certified function safety engineer.