Being Safe, Thinking Safe, Staying Safe The process engineer s commitment to safety and how to deliver it

Similar documents
New requirements for IEC best practice compliance

Fire and Gas Detection and Mitigation Systems

Value Paper Authors: Stuart Nunns CEng, BSc, FIET, FInstMC. Compliance to IEC means more than just Pfd!

IEC61511 Standard Overview

Functional Safety: the Next Edition of IEC 61511

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

BRIDGING THE SAFE AUTOMATION GAP PART 1

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Safety Instrumented Systems The Smart Approach

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

The SIL Concept in the process industry International standards IEC 61508/ 61511

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

Is your current safety system compliant to today's safety standard?

Safety lnstrumentation Simplified

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

InstrumentationTools.com

Safety Instrumented Systems

Why AC800M High Integrity is used in Burner Management System Applications?

2015 Honeywell Users Group Europe, Middle East and Africa

Integrated but separate

Safety in the process industry

Overview of Control System Design

SAFETY MANAGER SC Ensure safety, simplify operations and reduce lifecycle costs

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

Practical Methods for Process Safety Management

Industrial Safety And Emergency Preparedness: NTPC Perspective Shivam Srivastava GM-Safety NTPC Limited

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

Integrating Control and Safety: Where to draw the line.

Siemens Process Automation End-user Summit- 2011

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

Options for Developing a Compliant PLC-based BMS

PPA Michaël GROSSI - FSCE PR electronics

LEARNING FROM TEXAS CITY REFINERY ( BP )

Measurement of Safety Integrity of E/E/PES according to IEC61508

, CFSE, Senior Manager, ABB Taiwan;, 2011/9/2. Functional Safety. ABB Group September 5, 2011 Slide 1

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

ADIPEC 2013 Technical Conference Manuscript

Safety Instrumented Fire & Gas Systems

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

Because Safety is not found in a Box

How E+H instrumentation can improve process safety

Safety Training. Save 5% on any 2013 multi-day course when you register with promo code 13TRNPLMT

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

Proof Testing Level Instruments

Fully configurable SIL2 addressable Fire & Gas Detection solutions

Engineered Solutions for Safety Instrumented Systems

IEC an aid to COMAH and Safety Case Regulations compliance

Alarm Management Standards Are You Taking Them Seriously?

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

SAFETY ON A BROADER SCALE Safety and security for people, processes, plants, communities and environment

Securing and Protecting Process Plants in the Digital Age Functional safety requires IT security

New Developments in the IEC61511 Edition 2

Burner Management and Combustion Control. Copyright 2014 Rockwell Automation, Inc. All Rights Reserved.

Functional safety. Essential to overall safety

Failure Modes, Effects and Diagnostic Analysis

Changes in IEC Ed 2

Only a safe plant is economical

Failure Modes, Effects and Diagnostic Analysis

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

Thermal Solutions ENGINEERED TO ORDER. End-to-end solutions and services to meet your thermal process requirements

Alarm Management Reflections

100 & 120 Series Pressure and Temperature Switches Safety Manual

The agri-motive safety performance integrity level Or how do you call it?

NFPA 85 COMPLIANCES OF BMS: A CASE STUDY OF BOILER CONTROL AT SBM OFFSHORE MALAYSIA COMPANY 1. AHMED ABOUELRISH 2 Universiti Teknologi Petronas

United Electric Controls One Series Safety Transmitter Safety Manual

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Where Process Safety meets Machine Safety

Topic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT. Presented by : Arunkumar A

Retrospective Hazard Review

Functional Safety Solutions

Session Number: 3 Making the Most of Alarms as a Layer of Protection

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

2013 Honeywell Users Group Europe, Middle East and Africa. Erik de Groot. Safety and Fire & Gas Solutions

High Integrity Pressure Protection System

Process Safety. Allan Rentcome Director Engineering Process Safety Technologies. Insert Photo Here

HIPPS High Integrity Pressure Protection System

Managing the Lifecycle of Independent Protection Layers

Risk Assessment of large Hydrocarbon Storage tanks. G. Unnikrishnan, Kuwait Oil Company

Simply reliable: Process safety from Endress+Hauser

excellence in Dependable Automation ALARM MANAGEMENT

Failure Modes, Effects and Diagnostic Analysis

Effective Alarm Management for Dynamic and Vessel Control Systems

Soliphant M with electronic insert FEM52

Achieving Functional Safety with Global Resources and Market Reach

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

SAFEMASTER PRO. The configurable safety system versatile and extendable. Our experience. Your safety.

Process Control PIP PCEA001 Fixed Gas Detection Guidelines

Numerical Standards Listing

BP TEXAS CITY REFINERY DISASTER

BUSINESS PLAN CEN/TC 305 POTENTIALLY EXPLOSIVE ATMOSPHERES EXPLOSION PREVENTION AND PROTECTION EXECUTIVE SUMMARY

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Transcription:

Being Safe, Thinking Safe, Staying Safe The process engineer s commitment to safety and how to deliver it

Introduction Safety in PEMEX is a priority Priorities need methods and procedures to be managed properly The consequences of failure are so great that some procedures need to be re-evaluated This means that safety requirements need to be specified in a different way Process Engineers have had methods of evaluating risk for several years HAZOP, Fault Tree Analysis But now technology gives huge opportunities Linking the technical possibilities with the realities of modern demands of productivity and profitability is the responsibility of who??? Safety has to be part of the culture of EVERYONE we are all responsible 3 3

The cost of ignoring safety $41,000,000,000 (= $41billion) The amount allocated by BP for the overall costs of the Deepwater Horizon accident - - A totally avoidable accident, caused by poor management decisions and inadequate maintenance procedures 4 4

Failures cost lives 5 5

Failures hurt the environment 6 6

The productivity loss ruins businesses 7 7

Learning what safety costs Why is it so difficult to learn from mistakes others have made Would you prefer to learn from the mistakes of others or make them all yourself? Certainly, you will learn better by making your own mistakes, But learning that way can be very risky and very expensive 8 8

Modern history of industrial disasters Flixborough, Nypro UK, 1 st June 1974 Reactor 5 removed for maintenance Improper temporary connection made between Reactor 4 & 6 Release of flammables caused massive explosion killed 28 and seriously injured 36 others 9 9

Modern history of industrial disasters Bhopal, Union Carbide India, 2-3 December 1984 3 tanks holding Methyl IsoCyanate (MIC), MIC at temp >15 ºC decomposes into deadly components such as hydrocyanic acid or cyanide The 4 layers of protection were defeated by 1 common cause failure and operator / maintenance errors 10 10

Modern history of industrial disasters Bhopal, Union Carbide India, 2-3 December 1984 > 3,000 5,000 people killed by inhaling 41 tons of poisonous gas > 500,000 people were exposed to the deadly gas > June 2010: 23,000 dead and counting 11 11

Modern history of industrial disasters Texas City, BP USA, 23 rd March 2005 Several equipment failures, safety culture was superficial $ 21.3 Million fine was paid to OSHA $ 700 Million was reserved to compensate the victims > $2 Billion set aside for development over 5 years at US BP plants 12 12

Modern history of industrial disasters Texas City, BP USA, 23 rd March 2005 15 killed > 180 injuries 13 13

Modern history of industrial disasters Mogford report Dec 2005 192 pages CSB final report Mar 2007 337 pages Baker panel report Jan 2007 374 pages 14 HIMA 2008 14

Baker report findings 1. Inadequate process safety knowledge and training 2. Failure to follow specified procedures 3. Ineffective management of change reviews 4. No refinery-level management review system to monitor process safety performance 5. Inadequate review of practices against both internal and generally-accepted external standards 15 HIMA 2008 15

Safety Review Panel s Recommendations 1. Process Safety Leadership 2. Integrated and Comprehensive Process Safety Management System 3. Process Safety Knowledge and Expertise 4. Process Safety Culture 5. Clearly Defined Expectations and Accountability for Process Safety 16 HIMA 2008 16

Safety Review Panel s Recommendations 6. Support for Line Management 7. Leading and Lagging Performance Indicators for Process Safety 8. Process Safety Auditing 9. Board Monitoring 10. Industry Leader 17 HIMA 2008 17

Modern history of industrial disasters Hertfordshire, UK, 11 th December 2005 Massive fire at Buncefield fuel depot owned by Total & Chevron Single overfill protection/alarm failed causing a spill that created a huge mist of fuel that ignited > 1 Billion Euro damage 18 18

Again reviews documented 19 19

Macondo Field, Gulf of Mexico Most recently of all: Deepwater Horizon this must make all Oil & Gas management review their Values and their Procedures 20 20

Modern history of industrial disasters Deepwater Horizon, BP, 21 st April 2010 21 21

Modern history of industrial disasters Deepwater Horizon, BP, 21 st April 2010 The environment in which the oil drilling took place 5,000 feet below the ocean's surface is extremely hazardous 126 workers were on board at the time of the explosion 11 people killed The huge environment pollution is estimated at > 41,000,000,000 US $, 22 22

Modern history of industrial disasters The US government holds BP solely responsible for the 11 lives lost For the catastrophic damage to the community For the reduction in BP Shareholder dividend 23 23

Preliminary Analysis already released 24 24

Have we learned anything You would think so, but... 25 25

It seems that no one ever learns... Buncefield Tank Farm exploded 11 th December 2005 BUT it was not the first! 26 26

Organizations have NO Memory! Incidents that have similarities with Buncefield: April 1962, Houston Texas, USA Jan 1977, Baytown Texas, USA Jan 1983, Texaco, Newark, New Jersey, USA Dec 1985, Naples Harbour, Italy Oct 1991, St Herblain, France Jan 1993, Jacksonville, Florida, USA Dec 1999, Laem Chabang, Thailand Dec 2005, Buncefield, UK Oct 2009, Jaipur IOC, India 27 27

The birth of Functional Safety Oil pipeline Italy-Germany approval distributed electronic protective system Book Microcomputers in Safety Techniques published SW quality engineering for large DCS for conventional and nuclear power plants Y2000 certification National Accreditation Scheme for railroad equipment and information security Certification of Organizations & People IEC 61508 maintenance rev. released 64 75 81 86 89 92 93 95 98 99 00 04 10 Dynamic, fail-safe HW systems for large installations First microcomputer based safety related device HW and SW approval of distributed safety related PES for process and machinery industry Accreditation scheme for test and certification bodies in Europe for safety and quality certification of HW and SW of industrial electronics 97 96 ISA 84.00.01 released IEC 61511 = = ANSI/ISA 84.00.01 IEC 61508 released 28 HIMA 2008 28

The most recent Standards to emerge 1984 TUV Guidelines for PES (SK Safety Classes 1-9) 1987 HSE PES Guidelines Parts 1 & 2 1989 DIN 19250/ VDE 0801 for PES (AK Safety Classes 1-8) 1994 Appendix to VDE 0801 - Harmonisation Document 1996 ISA SP84 - Safety Lifecycle, Quantitative Approach 1997 IEC 61508 - Safety Lifecycle, Quantitative and Qualitative Approach 2003 ANSI/ISA 84.01 = IEC61511 - Functional Safety, SIS for the Process industry sector 2004 DIN 19250 withdrawn and Introduction of Machine Safety Standard IEC 62061 Today Many more to come? 29 29

Safety Instrumented Systems (SIS) defined in USA and Europe 1996-2004 Instrumentation, Systems, and Automation Society (ISA), ANSI/ISA 84.01, Application of Safety Instrumented Systems for the Process Industry, 1996 (revised 2004). International Electrotechnical Commission (IEC), IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Sector Performance Based Standards 30 30

Evolving Standards IEC 61508 is an umbrella standard for functional safety across all industries Each industry then uses IEC 61508 as a guide to develop industry specific standards IEC/AS 61511 Process Industry IEC 61513 Nuclear Industry IEC 62061 Machinery Industry Future Rail, Medical, Automotive, Transport 31 31

Everyone now knows who is responsible 32 32

Functional safety was developed to prevent events like this 33 33

Functional Safety Standards IEC 61508 IEC 61511 Process Industry EN 50128 Railway IEC 60601 Medical ISA S84.01 Process Industry IEC 61513 Nuclear Industry IEC 62061 Machinery IEC 61800-5-2 Power Drive Systems 34 34

Functional Safety Standards IEC 61508 IEC 61511 Process Industry EN 50128 Railway IEC 60601 Medical ISA S84.01 Process Industry IEC 61513 Nuclear Industry IEC 62061 Machinery IEC 61800-5-2 Power Drive Systems 35 35

Evolving Standards Other standards reference safety standards FM AS 7605 Programmable Logic Control (PLC) Based Burner Management FM AS 7610 Combustion safeguards and Flame Sensing NFPA 85 Boiler and Combustion Systems Hazards Code OSHA Process Safety Management & duty of care. 36 36

Why do we need Functional Safety? Analysis of 34 incidents, based on 56 causes identified 20 % Changes after commissioning 44 % Specifications 15% Operations and maintenance 6% Installations and commissioning 15% Design and implementation s Out of control: Why control systems go wrong and how to prevent failure? (2 nd edition, source: Health & Safety Executive HSE UK) 37 37

HSE Summary Analysis of incidents Majority of incidents could have been anticipated if a systematic risk-based approach had been used throughout the life of the system Safety principles are independent of the technology Situations often missed through lack of systematic approach 38 HIMA 2008 38

HSE Summary Design problems Need to verify that the specification has been met Over dependence on single channel of safety Failure to verify software Poor consideration of human factors 39 HIMA 2008 39

HSE Summary Operational problems Training of staff Safety analysis Management control procedures 40 HIMA 2008 40

Systematic Failures Human Errors 44 % of failures occurred when the systems did exactly what they had been designed and programmed to do - and failed anyway Less than 15% of accidents can be blamed on operator or maintenance error Bad things keep happening Systems aren't perfect, stuff goes wrong. We need to design for failure 41 41

Systematic Failures Human Errors? 42 42

If only we had known Accidents are not due to lack of knowledge but failure to use the knowledge we have. Lessons from Disaster (T. Kletz 1993) 43 43

Functional Safety - what is it for? Analyses possible hazardous events Proposes the engineering which needs to be done Helps maintenance to identify the processes needed to maintain safety 44 44

Human Errors : an excuse for an accident? Given the right conditions all things succumb to human or systematic error operator makes a mistake closing a valve, transmitter left in test mode following repair, poorly trained engineers leading to bad maintenance, hazard poorly identified etc 45 45

Making the process safe It s a commitment by the Operator to the people working in the plant to the community where the Process Equipment is located to the shareholders and partners REMEMBER: It is defined that the Operator is responsible for the safety of the plant 46 46

Using Technology to make things safer The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment. Warren G. Bennis 47 47

Technology in SIS Currently-used SIS logic solvers are very different in their design They range in age from 1983 to the present-day Originally SAFETY was sacrificed in favour of AVAILABILITY The early designs needed a 2oo3 architecture to be able to reduce the PFD to acceptable (SIL 3) levels Finally the industry realised that TMR is only an architecture 48 48

What matters in a logic solver? Is it a system you can work with easily? People make mistakes when using / maintaining logic solvers which they don t understand Does it meet the required SIL level according to IEC61511? If you still believe that TMR is better than 2oo4 or any other architecture, you are WRONG Can EPCs develop configurations and easily change those configurations later? EPCs never get the configuration right first time Can the logic solver work equally well with local or remote I/O? If not, you are limiting the flexibility of the design 49 49

Choosing a SIS Logic Solver Can the Program be continuously edited with no need EVER to take the SIS offline? There is no need to accept that this limitation is unavoidable If you intend to follow IEC 61511 recommendations, does the logic solver make it easy to do so? Think about PROOF TEST INTERVALS 50 50

Think about HOW you will apply the SIS Don t leave the design of the SIS to the EPC alone You have good FS engineers involve them in the design DON T FORGET PEMEX operations have to live with the SIS long after the EPC has left the site 51 51

Making the process safe It s a commitment by the Operator to the people working in the plant to the community where the Process Equipment is located to the shareholders and partners REMEMBER: It is defined that the Operator is responsible for the safety of the plant 52 52

Think about HOW you will apply the SIS Don t leave the design of the SIS to the EPC alone You have good FS engineers involve them in the design DON T FORGET PEMEX operations have to live with the SIS long after the EPC has left the site 53 53

Use technology creatively Don t stay with old ideas and concepts Many new projects use old specifications to save money - IT DOES NOT EVER SAVE MONEY 54 54

Use technology creatively EXAMPLE 1 Remote I/O is a very economical way of creating local SIS enclosures 55 55

Use technology creatively EXAMPLE 2 Use one redundant CPU for as many I/O as possible It s cheaper than multiple CPU sets It s safer than many CPU sets It s more available than having many CPU sets 56 56

Use technology creatively EXAMPLE 3 Run as many safety-related applications as possible in one CPU, together with the ESD Fire and Gas - can be cheaper and easier to maintain Turbomachinery control easy to run as a separate task Burner Management etc If this seems to break too many rules ask yourself: where did these rules come from? 57 57

Work with Operations Maintenance Design and Implementation of SIS needs consultation with Maintenance Training Who When Why Maintenance Work Stations Should they be separate or part of the Control Room Operator responsibility? Spares supply and shelf life Consider supplier maintenance contracts with redundant systems there is PLENTY of time for them to respond, within 4, 8 or 12 hours Use trained specialists to make changes and repairs to the SIS 58 58

New ideas about the DCS SIS communications requirements The safety responsibilities of the Contractor are totally different Operator s responsibilities Contractor s responsibilities It is the OPERATOR who has responsibility for safety for the lifetime of the plant so don t leave this to the EPC! 59 59

The Operator must be involved with the decisions being made by the Contractor Functional Safety methodology must be followed by the Contractor (who often gets support from Safety System suppliers like HIMA) Technology changes fast but that is not an excuse to not be interested it s an opportunity to get better systems newer systems provide increased ways of being safe 60 60

Since PEMEX is responsible, PEMEX should specify what is wanted New technology systems provide increased ways of being safe Process Automation needs Best of Breed safety solutions Safety systems should be Harmonized throughout the plant The concept of the MAC should be challenged by the Operator It does not provide the SAFEST Safety System It does not provide the MOST AVAILABLE SIS The EPC will buy the CHEAPEST Safety System PEMEX should define which SIS they want and make this a condition of the award to the EPC.: The MAC becomes a Conditional MAC ( C-MAC ) 61 61

The myth of Integrated Safety There is no such thing as an Integrated Control and Safety System Safety must not be integrated into the Control System DCS CONTROLLER DCS CONTROLLER SAFETY SAFETY 62 62

Integrated Safety DCS CONTROLLER DCS CONTROLLER SAFETY SAFETY What s this? 63 63

Connecting SIS to DCS DCS CONTROLLER SAFETY Some operators want management info to be passed from the SIS to the DCS for display and historization. The data is passed via a standard communication bus (non-safe) So there is no integration between SIS and DCS Conclusion 1: there is no such thing as an ICSS 64 64

Connecting SIS to DCS DCS CONTROLLER SAFETY Some operators want management info to be passed from the SIS to the DCS for display and historization. The data is passed via a standard communication bus (non-safe) So there is no integration between SIS and DCS Conclusion 2: there is no requirement for the DCS supplier to provide the SIS 65 65

Challenges of process safety implementation Complex process operations need equipment to be HARMONISED Particularly safety equipment Complexity increases new risks Different safety products confuse maintenance engineers Causes mistakes and shutdowns Or worse accidents 66 66

Challenges of process safety implementation Poor management lack of awareness lack of competency limited focus on optimizing production Ineffective communication Only solved with training 67 67

Challenges of process safety implementation Technology transfer from one world region to countries with different culture and attitudes towards standards A shortage of process-specific experience Reduced know-how... Solved by using global specialists with international coverage 68 68

Summary All YOU need is: Know How Know How Know How Experience Experience Experience Competency - Competency Competency In order to achieve the adequate safety culture, competency of every human being working in the lifecycle of our process industry is becoming the de facto standard for those who want to keep their plant safe, productive and avoid very costly penalties and lawsuits should things go wrong like they have in the past. 69 69

Have COMPETENT people working and helping you keeping YOUR plant FUNCTIONAL SAFE. Nonstop. 70 70

Thank you for your attention 71 71

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback