Why bother with functional safety management?

Functional safety (FS) and the management of these systems is as important to the effective operation as the technical implementation of the solution.

By David Green September 7, 2020

For over 60 years, the provision of safety protection within hazardous industries across Europe has relied on instrumentation systems. The utilization of hardware-only components  – such as electromechanical relays, pressure switches – was commonplace. The term utilized for such systems is functional safety (FS) and the management of these systems is as important to the effective operation as the technical implementation of the solution.

Functional safety legislation

The European Union SEVESO III directive (2012/18/EU) is the framework which provides guidance for member states to follow with regards to the prevention of major accidents involving dangerous substances. The member states are then obliged to implement this in their local laws.

The first edition of the directive was produced in 1982, this was revised in 1999 with the SEVESO II directive. The main change between the first two revisions was the inclusion of the requirements to have a safety management system for the establishment. This revision for some member states resulted in little change to the legislation, as their systems already included this requirement for establishment operators. However, in other member states, this was a new requirement that needed to be incorporated.

Functional safety requirements

The safety management system should cover all aspects of safety which contributes to the safe operation of the facility. This includes a full process safety management scope, including (not exhaustive) relief streams, hazardous area/ATEX, FS systems.

The progression of technology in the 1980’s led to the development of International standards for the specification/requirements for FS systems. Issuing IEC 61508 (Functional safety of electrical, electronic, programmable and electronic safety-related systems) was the first standard that provided common guidance across the globe. This covers safety-related systems within electrical, electronic and programmable electronic systems. The standard has been used to develop other sector specific standards (such as IEC 61511 for the process sector).

The IEC 61508 series of standards each include requirements based on management, competence, auditing, and technical requirements.

There is a misconception  the standards and controls of instrumented systems are purely related to technical requirements and achieving a safety integrity level (SIL). The omission of the correct management system will lead to potential issues resulting in the inadequate definition, design, maintenance, and modification to the systems resulting in unacceptable risk levels to the operation of the facility.

The FS management system (FSMS) should define the procedures, techniques and controls required for the full safety lifecycle, from design concept to decommissioning. This should be included within the company quality management system to ensure the system is maintained with regards to the quality governance/auditing programs of the organization.

Key components for a functional safety management system

An FSMS should include the following key components:

Functional safety governance, which consists of:

  • Roles and responsibilities
  • Competence and training requirements for all personnel involved with safety-related systems.
  • Supplier management.

Safety lifecycle documentation, which consists of:

  • Definition of the documents to be produced during the lifecycle of the safety-related system. For example, during all phases including design, operation, maintenance, and modification.

Procedures defined, which include:

  • Definition of the company rules to be used in the safety management of the safety-related systems.
  • Definition of the techniques to be used within the company (including definition of the acceptable risk targets, methodologies for SIL determination, definition of preferred data sources, modification etc).

Assurance measures and definitions, which include:

  • Definition of the auditing requirements (during each safety lifecycle phase).
  • Definition of the independence requirements of those being requested to audit the activity.
  • Validation and assessment requirements in advance of the introduction of the hazards to the facility.

Monitoring and investigation, which includes:

  • Ensuring robust recording and reviewing of observed deficiencies within the safety-related systems (e.g. failures and demands).
  • Processes are defined for the prevention of the repeats of issues with the specific location or similar equipment within the facility.
Why bother with an FSMS, though? The answer to this question is implementing an FSMS does not only satisfy the regulatory requirements under the relevant legislation for the implementation of the SEVESO III directive, it also provides benefits to the organization. These include:
  • The definition of the rules within the organization ensure consistency between different plants/units / machines irrespective of the personnel involved or the project implementing the functionality.
  • It ensures the adequate implementation, operation and maintenance of the safety-related functions. This will mean the system will operate as expected when called upon and provide the required protection to prevent the hazardous event from occurring and the harm to people, the environment or the asset.
  • It provides definitive guidance to those managing the competence of personnel and sub-contract organizations to allow better training and procurement processes.

The inadequate definition of an FSMS will lead to issues of business continuity. Key personnel leaving the organization will lead to the organization being exposed to implementing inadequate systems. The ultimate consequence would be an incident, there have been many globally due to failed safety-related systems including Buncefield in the UK with non-operation of the high high trip (human error/equipment failure), Capeco in Peurta Rico when level systems failed and there was no high tgh trip (design error), and Deep Water Horizon in the Gulf of Mexico which was as a result of blow out preventer failure (equipment failure).

The correct implementation of an FSMS will ensure the company meets the standard requirements for the SEVESO III directive for the Instrumented protection systems. The better definition within the system will assist the staff within an organization to implement, maintain and manage the systems more efficiently.

There is no off the shelf system that suits every organization – it needs to be appropriate for the organization and the equipment being protected against. The most important aspect is that there is a robust system in place.

This article originally appeared on Control Engineering Europe’s website.

Original content can be found at Control Engineering.


Author Bio: David Green is associate director at Engineering Safety Consultants.