Perception and reality – safety standards can deliver both
23 May 2011
A string of high profile incidents have left oil and gas companies under more scrutiny than ever when it comes to safety. Not only must companies operate safely but they must be seen to do so, which makes meeting agreed industry standards imperative, argues Stuart Nunns, manager of safety critical consultancy for ABB and Trevor Dunger, ABB’s pressure and level specialist.
A reputation for safety is a vital asset that’s inextricably linked to profitability. Not even the biggest players escape unscathed when they’re seen to drop the ball. For instance, BP shares slid nearly 2.5% in one morning in January 2011 when the company was forced to close a major Alaskan pipeline after a leak at a pumping station. This was followed by another blow in April when the US Environmental Protection Agency slapped BP with the biggest per-barrel penalty ever for previous leaks. The regulator ordered the company to pay $25 million for spilling more than 5,000 barrels of crude oil in 2006. The Alaskan fine was levied as BP was still dealing with the aftermath of the deadly Deepwater Horizon explosion in April 2010, which killed 11 workers in the Gulf of Mexico. Crucially, the National Oil Spill Commission judged that the tragedy was entirely "avoidable". Here in the UK, Shell was in the dock in May 2011 over an explosion and fire at a Norfolk gas terminal in 2008. Shell pleaded guilty to seven counts of breaching environmental and health and safety legislation. Nobody was injured in the incident, but the cost in terms of fines and any damage to the energy giant’s reputation remain to be seen. With so much at stake, operators and regulators both rely increasingly on international safety standards to prevent problems and to gauge whether a company has taken all reasonable precautions if an incident occurs.
Standards and good practice
Against this backdrop, international standards IEC 61508 and IEC 61511 are increasingly being used as a benchmark of good practice to maintain functional safety and meet any legal obligations. The other factor driving the adoption of these standards is the increasing use of safety-instrumented systems to achieve the required levels of risk. The UK Health and Safety Executive (HSE) states explicitly that it uses IEC 61508 as a reference standard for determining whether a reasonably practicable level of safety has been achieved when electrical, electronic and programmable electronic systems are used to carry out safety functions. The extent to which HSE will use IEC 61508 will depend on individual circumstances. The fact that the sector-specific IEC 61511 “daughter” standard has been developed for process operations strengthens the case for adopting a standards-based approach in oil and gas. Similarly in the US, the Occupational Safety and Health Administration (OSHA) recognises that IEC 61511 sets out good engineering practices for safety instrumented systems.
Supply chain issues
IEC 61508 and IEC 61511 are performance-based standards. They’re not about having the right kit per se. Instead they’re about achieving the right level of overall functional safety throughout the safety lifecycle, which includes specification, design, implementation and operation. The safety lifecycle of equipment or other assets can span many years. It will involve different organisations and a variety of client-supplier contractual relationships that demand clearly specified responsibilities, activities and deliverables. It is therefore essential that all those organisations involved in implementing different phases of the safety lifecycle can demonstrate their competence and ability to work to the relevant standards.
Achieving the organisational capability needed to implement the requirements of IEC 61508 and IEC 61511 across the supply chain can be tricky. Each organisation must be fully conversant with the standards and clarify which clauses apply to its areas of responsibility. As already mentioned, many of today’s regulatory authorities effectively require companies to show this level of familiarity with the standards when they are checking for good practice.
One particularly important area is the development of the Safety Requirements Specification, which includes the specification of the safety instrumented functions and the target safety integrity level (SIL) for each function. Co-operation between the end user and supplier is essential. Good co-operation delivers considerable benefits by helping to clarify project roles and responsibilities. It ensures that SIL achievement and verification activities are undertaken efficiently and effectively.
Revision of IEC 61508
Last year saw the publication of IEC 61508 edition two (IEC 61508-2). While there are quite a few changes from edition one, the addition of a “Safety Manual for Compliant Items” is especially important for product manufacturers. This manual covers any component for which a supplier is making specific claims about the equipment’s compliance with IEC 61508-2. The safety manual includes all the information needed to judge whether an individual element can achieve the individual performance needed to deliver the overall performance required from an overall safety system. The aim is to provide assurance for system integrators and end users.
This is important because some manufacturers have claimed that their element is “SIL rated”, when a SIL level actually relates to the overall system and not to its constituent elements. Of course, each element plays an important part in meeting this overall aim in terms of characteristics such as the probability of failure on demand (PFD) for dangerous random hardware failures.
Functional safety management
Product certification was the approach taken by historical standards such as DIN 19250 or VDE 0801 and more recently IEC 61508. However, an increased awareness of the need for functional safety management at both an individual and organisational level has resulted in a change in direction to include the certification of an organisation as capable of undertaking specific functional safety activities. It includes the organisation’s functional safety management procedures and competence management systems. It also embraces personal competence in respect of the specific duties an individual has to perform.
Currently the development and implementation of functional safety management systems appears to be driven by safety system suppliers. However, it needs to be embraced by all the organisations in the safety lifecycle and, in particular, end users who need to provide evidence to their regulatory authorities as a result of regulatory inspections/audits or in support of safety cases.
Responsible suppliers such as ABB recognise that they must demonstrate safety compliance and competence in an irrefutable way. More and more major clients are specifying the requirements of IEC 61508 and IEC 61511 standards as a functional safety benchmark and as a contractual requirement.
What should they look for? A complete life cycle safety model should be drawn up and mapped to the relevant sections of the IEC 61501 and IEC 61511 standards. The model should include all the supporting procedures and documentation needed to justify the title of a Functional Safety Management System (FSMS). A true FSMS typically includes management systems, policy, competence, assessments and audits, modification and impact procedures, verification procedures and reporting. It may also include skeleton documents for all the main working documents, such as the functional design specification, system design specification and testing, factory acceptance tests, site acceptance tests and operational manuals. The development of this safety lifecycle model makes full use of existing quality management processes and procedures.
Users / purchasers should also look for independent certification through organisations such as TUV Rheinland, for example. This gives them the assurance that the supplier’s functional safety management systems have achieved accepted standards of good practice and helps support the case for due diligence throughout the supply chain.
Other advantages of working to such international standards include an easier procurement process and less protracted pre-contract discussions. This can make proposals more cost-effective.
Even though the situation is changing slowly, many companies still labour under the misapprehension that in order to meet the target SIL for a safety instrumented function all that is required is the PFD of the dangerous random hardware failures. This is a far cry from the truth and fails to take account of the other key parameters, namely architectural constraints and systematic safety integrity.
The international safety market is being driven by technology, standards, legislation and incidents, and many organisations see accredited certification of their operations as the way forward. Accredited certification for an organisation is a significant undertaking. It requires management commitment at the highest level in addition to a comprehensive work programme involving the entire organisation.
ABB has extensive experience in functional safety and takes great pains to demonstrate its own organisational and individual functional safety competence and compliance. That includes having products, applications, engineers and implementation procedures audited and approved by TUV.
Contact Details and Archive...