Why it pays to focus on functional safety management
13 March 2018
Quite apart from any moral considerations, skimping on lifecycle safety requirements can be an expensive mistake, say John Walkington of ABB. The right functional safety product and management systems focus can deliver long-term security and a lower life-time cost.
With companies facing considerable pressure to cut costs in every possible area, many find themselves subject to tightening budgets, even in areas as critical as functional safety.
Moreover, as the safety and cyber security standards currently accepted as good practice are not actually legal requirements in many countries, there is an obvious temptation to be sparing on safety and security system implementation and the follow-on operational inspection, testing and repair regimes.But operational decisions that skimp on functional safety management requirements (FSM) are very unlikely to prove a cost-effective strategy in the long run.
Spending money and resources on equipment and Functional Safety Management
When it comes to specialised instrumentation, control equipment and operations and maintenance for functional safety and security applications, it’s true to say that as in most things in life, ‘you get what you pay for’.
Making sure an instrumented safety system (SIS) doesn’t fail when you need it, demands a combination of good quality equipment that has been extensively tested and analysed which can then be integrated using a competency and management system with a demonstrable systematic capability (SC). It may also mean that to achieve a defined level of safety integrity and safety functionality, the devices used in the SIS need to possess a level of redundancy and a self-diagnostic capability far outstripping that required for non-critical systems.
All this additional safety assurance will invariably have an impact on the cost of the SIS overall. However, the adage to remember to apply here is that ‘good safety is good business’ and a little more spend on FS assurance during specification, selection, design and change management pays dividends during the many years of operation.
The second point is that safety is a niche application linked to a facility’s ‘licence to operate’ requirements. For example, an offshore platform might easily have over a thousand control loops distributed around the facility but fewer than 150 dedicated safety functions. This more specialised market for safety equipment and safety lifecycle management simply doesn’t benefit from the same economies of scale as the mass-market in standard controls.
Lifetime savings
Managing functional safety and security is an increasingly complex challenge and involves specifying safety and security requirements and ensuring that they are successfully transposed into design and engineering solutions by your supply chain partners.
The introduction of Edition 2 of the IEC 61508:2010 functional safety standard gives a higher priority to defining a suitable, dedicated safety requirements specification (SRS) for each project. It introduces a formal stage between the conclusion of the hazard analysis stage of a project and specifying particular SIS requirements leading into the design and engineering phase. The same focus on requirements specification can also be found within the sector standard IEC 61511:2016 Edition 2 and the associated links to SIS security risk assessment in conjunction with compliance to Standard IEC 62443.
Ultimately, the SRS is intended to bring together all the information necessary to make sure that any SIS required provides the right level of performance and risk reduction without being overly complex or expensive. If safety systems are over-specified, they are likely to cost more upfront, and because of the extra complexity, require more operational management and maintenance once commissioned.
Over-specification pushes up the Opex running costs over the lifetime of the plant. By contrast, the consequences of under-specification can be much more serious as the safety system may well be inadequate and unable to provide the correct level of risk reduction, i.e. one with the potential to result in a failure on demand and/or cyber security breach.
Confusion can often arise when it comes to designing a safety system as it’s not as simple as just applying a blanket SIL to cover an entire process. Instead, operators must first determine the requirements for individual safety instrumented functions (SIF) within a process that are necessary to protect against a specific hazardous event.
Once safety functionality and safety integrity are identified, they can then be used as the basis for designing and engineering the safety system solution. This consists of the input sensors, the logic solver and the final elements, including the functional safety management system used to successfully integrate the various SIFs into a compliant SIS.
Rather than looking for the cheapest option, it’s important to look for an SIS with instruments, safety and security management systems and supporting services offering the optimum combination of functionality, reliability, security and cost-effectiveness over their design and operational lifetimes.
As a general rule, it is almost always better to design risk out of a process before installing specialised systems to control it. This will often reduce the required safety integrity level (SIL) and therefore the cost of the safety systems needed to deliver it.
The other key factor to be considered is the systematic capability of the SIS. This relates to factors such as the methodology, techniques, measures and procedures used in both the manufacturing of the safety devices used and the integration of those devices to form the entire safety system during the design, engineering, operations and maintenance lifecycle phases. Many integrators purport to offer a safety standards ‘compliant’ FSM process, however it is important to question whether they are truly robust in technical depth, have independent certification from a recognised source such as TÜV and whether their in-house competencies are evident in their in-country location regarding systems assurance.
The other thing to look out for is the quality of documentation available from the equipment supplier and systems integrator e.g. Are their instruments certified by independent testing bodies? Have they got a sufficiently strong functional safety management and competency assurance system in place that can demonstrate the necessary systematic capability claims for the safety devices / integrated solution? Are the device manuals & certificates / project documentation suitable for the specific safety related application and who has independently verified the solution provided is fit for purpose?
Assurance and savings
Additional verification, independent assessment and extra paperwork may not sound like a cheap option, but there are several ways in which opting for higher integrity and demonstrable systematic capability can both save money during initial project execution and in the longer term, and most importantly, for providing the necessary systems assurance for protecting the asset.
The first is that the safety requirements are implemented and the design efficiently delivered without the need to ‘design by assumption’. If an FSM is not in place at the outset of the project, this lack of ‘process’ invariably brings with it significant additional issues such as extended clarifications from within the supply chain, extensive TQ requests seen as normal operation, unexpected design changes, delays in planning / milestones not completed, document / revision control and approval issues, and so on, all of which impact on project management and ultimately cost.
Following a defined safety lifecycle approach means the project execution phase is optimised in terms of the impact to cost and schedule. Issues that could affect functional safety and systematic capability are identified and addressed early during FS Audits and Assessments so that the installed and commissioned SIS meets the necessary safety requirements.
Next the safety systems do not need testing as often to check that they are still working properly. The required proof test interval can be extended significantly if equipment can demonstrate a higher HFT (Hardware Fault Tolerance) and a lower frequency of dangerous undetected failures. This will deliver lower operating costs for any user having chosen the correct safety devices and implemented the necessary practicalities for maintenance & testing requirements during the design stage. The difference is likely to be especially significant in industries such as Offshore, Refining and Petrochemicals, where gaining access to the operational safety systems can be difficult and expensive.
The subsequent area where significant savings can be made is in the area of operational change management and maintaining systematic capability. A SIS designed, engineered and installed in accordance with the safety and security standards has the supporting documentation in place to rapidly ‘impact assess’ for management of change implications. Such a robust process will allow for efficient FS assessment, modifications and upgrades to take place without the need to undertake extensive system gap assessments and documentation site surveys to try and re-establish the SIS baseline. Even more so, it provides the necessary traceability and confidence that changes to the SIS are being managed correctly to ensure it will continue to operate on demand.
The fourth area where savings can be made is related to demonstrable compliance with good practice safety standards for Insurance underwriting purposes. Systems that are not-easily demonstrated to comply with industry good practice standards may also require extensive systems ‘re-engineering’ of key documentation before Insurers will agree to provide cover. In some cases, it may well be that the ‘licence to operate’ is not agreed or is suspended with the regulatory authorities and the facility is not allowed to start-up / operate until such safety assurances can be demonstrated, thereby introducing extensive start up delays and loss of production / plant availability costs to the business.
However, ultimately it is the prevention of accidents that still offers the biggest potential financial savings, not just in terms of financial penalties, but also the impact that an accident or incident can have on a company’s share price and reputation. Add to this the imperative to protect personnel and be a good neighbour to the surrounding community and the case for excellence in safety systems including the necessary management focus and spend on functional safety is compelling – whatever the state of the economy.
So, in your organisation, when it comes to specifying safety systems and applying industry good practice requirements, don’t be tempted to ignore the cost of functional safety as the benefits for actively seeking implementation far outweigh the significant business risk to simply ignore it.
About the author
John Walkington is Managing Consultant, Functional Safety, within the ABB UK Oil, Gas & Chemicals Technology Group and manages the activities of the ABB safety lead competency centre (SLCC).
He has some 36 years’ experience within the Process Industries, having worked previously for companies such as ICI Agrochemicals, Refining and Petrochemicals and BASF Polymers & Plastics where he held a series of posts in process plant operation & maintenance, technical engineering and project management.
He is a Fellow of the Institution of Mechanical Engineers, a Member of the Institution of Measurement and Control and is a TUV Rheinland certificated FS Expert.
Contact Details and Archive...