SlideShare a Scribd company logo

Technical Paper for ASPF 2012 - Choosing the right SIS

Alvin CJ Chin
Alvin CJ Chin
1 of 8
Download to read offline
Choosing the right Safety Instrumented System - Maximize Safety with Nonstop Production Author: Alvin Chin – Sales Director HIMA S.E.A. Sdn Bhd Abstract In today’s competitive environment in the global Oil & Gas, Petrochem, Chem. industries, the decision to save costs i.e. CAPEX and OPEX are the key drivers. The fittest survives - when key decisions are made to manage Plant’s profitability and productivity, while simultaneously owners and operators are required to manage the balance in keeping their Plant operationally safe to meet regulatory compliance and safety standards, such as IEC 61508, IEC 61511, and ANSI/ISA-84. Choosing the right Safety Instrumented Systems (SIS) is a strategic choice. The key factors to consider are: Plant profitability Maximum availability of the plant critical systems Improves lifecycle costs Achieve the high demand to protect plant at maximum safety (SIL3) Keeping operational costs to a minimum and yet only shut down on a real process demand This presentation raises questions for the Operators and Owners of plants to make the right choice for an SIS to improve profitability and safety for their plants. Introduction End users want an SIS that protects the plant, shuts down on real alarms, and doesn’t shut down for any other reason. Managing risks and preventing disasters from happening is as always a challenge to today’s very competitive world. Operators of hazardous offshore production platforms, FPSO, refineries, onshore offloading terminals, petrochemical, chemical and even pharmaceutical plants are constantly balancing between increasing production, avoiding unnecessary shutdown of their plant operations yet not compromising the safety of their plant operational personnel and to protect against equipment failures and to prevent damages to the environment directly or indirectly. There have been several unfortunate industrial disasters in the process industry in the past. There will likely be many more to follow as our daily working conditions, materials, equipment and performances keep changing and getting more and more demanding. Major accidents like Flixborough, Piper Alpha, Bhopal, Texas City, Mumbai High North, Montara Well Head Platform and the most recent Deepwater Horizon Macondo Blowout in 2010 have all painfully revealed certain failures that we can learn from - failures that come with a cost of life, environment and capital investment. Today the offshore oil & gas and the petrochemical industry have tried to prevent disasters by employing Emergency Shut Down systems (ESDs) for prevention and Fire and Gas systems (FGS)
for mitigation of disasters. These safety related systems serve the function of protecting equipments and industrial processes where danger may occur in case of failure. These systems are not part of the process control system. Until a few years ago these systems were being designed in compliance with no reference to a general normative. This has since changed with the increased adoption of IEC 61508 and IEC 61511Standards in the process Industry. These safety systems are more commonly called Safety Instrumented Systems (SIS) defined in the IEC 61508 and 61511. The problem has traditionally been viewed as one of risk management. How much risk can a company allow, without inviting a disaster to happen? The cost of safety is tied directly to the profits of a company. If it is an unsafe company - almost certainly pay out more in Occupational Safety and Health Administration (OSHA) fines, lawsuits and attorney's fees and also for increased insurance premiums than needed. All of these payments directly affect the bottom line. Owners / Operators constantly balancing between increase profitability i.e. driving up plant productivity and yet not compromising safety! Today, every safety case must drive profitability. Traditionally, safety systems are not popular with management. The safety systems are deemed as costly and they are considered as a “sunken cost” - a cost that has already been incurred and thus cannot be recovered and do not contribute to profit. With the exception of certain companies who have worked to create exemplary safety records, most companies appear willing to do the minimum in the area of safety systems that will allow them to appear compliant with the law and the relevant standards. This may neither provide acceptable safety, or acceptable downtime costs due to spurious trips and lifecycle activities. Even though IEC 61508 and IEC 61511 mandate a continuous engineering process for safety instrumented systems, including auditing and recalculating SIL levels and continuous testing programs, selection of the right SIS systems are often relegated to the hands of the instrumentation contractor when new plant construction occurs. This trend is still prevailing and it is extremely difficult to get plant management to comprehend that simply ordering an EPC Contractor to install SIL3 products with the appropriate TÜV certificate and a SIL 3 logic solver (e.g. TMR or QMR PLC )to connect to those SIL3 products, does not make a safety system. Top Management should take extra efforts to review the needs and to take control of the decision to implement the right safety system at the early stage of say a Greenfield project so that they can incorporate the right philosophy in choosing the most efficient process safety design at pre-FEED or FEED stage with the most reliable safety solutions to optimise their production and prevent unnecessary shutdowns. This critical decision should not be taken lightly and not be relegated to EPC contractor but be made by plant owners directly. Many plant personnel realised that though the SIS performing the Emergency Shutdown functions does nothing during the normal operations of the plant. However, the SIS has final control over whether the plant “runs” or “shut down”. Shutting down the SIS invariably means shutting down a running plant in production. The SIS has its “hands around the neck” of plant management, who can’t make product unless the SIS says you can. Today many end-users/ operators of plant are getting accustomed to unnecessary shutdown due to the following activities such as
 A mandatory safety system Operating System upgrade due to “software bugs” that have to be fixed to prevent random failures of the SIS.  A modification of the logic programmes  A repair and maintenance activity such as to remove and replace a faulty CPU card, Communication card or I/O cards .…any work may, and often does, require an SIS shutdown to implement. Of course, an SIS shutdown usually means a plant shut down. What this means is that the lifecycle costs of the SIS may dwarf the entire control budget if the SIS system chosen isn’t the best one for the process. Therefore, the design decision and the purchasing decision for the SIS system may be even more important than that of the DCS and the rest of the control system entirely. Yet plant management and plant engineering rarely conceives of this decision in that way. There is a movement toward the “combined integrated safety system” where the DCS vendor supplies their version of an SIS. The benefits of having single source responsibility are obvious and may sound logical. One has to review also the benefit of insisting that the EPC provide a best- in-class basic process control system (DCS) and a best-of-breed safety instrumented system (SIS) for the smooth operation of its plant and safety. While an automation vendor is obligated to push their own system, whether or not it is appropriate for the project, an EPC or a control system integrator is just as obligated to do the work, expend the effort, to make the decisions at the start of a lifecycle, even though the EPC or the Control System Integrator may not be around to see those decisions validated, that is to provide for the optimum solution for both BPCS and SIS. In many cases, the EPC or Control System Integrator may have handed their responsibilities to the plant owners once their warranty obligation expires. The better solution for today’s process plants is to consider the installation of a high performance stand-alone SIS with the features needed to minimize downtime and improve safety. This type of SIS can easily integrate with any DCS system to provide that best-in-class performance that the end user really wants. What end users really want is a safety instrumented system that protects the plant at maximum safety for equipment and personnel, and doesn’t shut down for any other reason, including spurious trips and the so-called “lifecycle” activities. For plant management, long used to production stoppages and delays from SIS system malfunctions, such an SIS system would be a “Godsend”. What Happens When You Make Changes? Plants have lifecycles. Equipment, tanks, vessels and piping have lifecycles. Controls and control systems have lifecycles too. This means that changes, upgrades and repairs must be made over the course of the lifespan of the control system and the field devices connected to it. These lifecycle events are not necessarily planned. The management of a plant cannot always impose preventative or predictive maintenance practices, and even if they institute a rigorous preventative or predictive maintenance program, accidental failures and unscheduled downtime does occur. If the plant safety systems are not designed to minimize downtime, significant costs may be incurred.
What Happens When You Upgrade? In the majority of SIS and F&G safety systems, upgrading the system requires at least one, and perhaps more than one, shutdown. When this happens, the entire facility’s production stops, because shutting down the SIS shuts down the BPCS (basic process control system) automatically. System upgrades can be planned lifecycle events. This means that the downtime of the entire system has been planned for. However, “planned for” downtime costs the same as unplanned downtime. Let’s look for example at the Petronas off-shore oil platform. It produces approximately 50,000 barrels of crude oil every day. Since the price of oil has varied recently from approximately US$40 per barrel to US$140 per barrel, let’s use US$75 per barrel as a reasonable number. That would be lost revenue of US$3,750,000 per day of planned downtime. These lost of revenue due to this planned downtime on system upgrading can be prevented if these system upgrades can be done online without interrupting production. In today’s context, there aren’t many such safety systems that can fulfil this. Safety Instrumented Systems such as the HIMA HIMax system have been designed to permit system upgrades without interrupting production, and at the same time maintaining complete safety. Systems such as HIMax are based on an architecture that permits faulty modules to be replaced online (hot-swapped) at any time, without interrupting operation. Upgrades and system expansions need not require system (and BPCS) shutdown. What Happens When You Need Maintenance? Long gone are the days of “run it ‘til it breaks” in process plants. Today predictive maintenance technologies are being installed in process plants worldwide. The theory is that by using fault detection software, combined with predictive algorithms, the exact time to failure of any component or piece of equipment can be predicted, and replacement can be scheduled prior to failure. In many cases, such as in the case of large rotating machinery or tankage or valves or other inline components, a shutdown must occur in order to effect the replacement. In most BPCS systems (the plant DCS), hot swapping components such as I/O cards and bus cards can be done without shutting down the plant. But in most safety systems, that’s not permitted. Let’s say the plant requires the addition of a new I/O or processor rack, new local I/O cards, new remote I/O rack and cards…most systems would require the system to be taken down to make those additions. How long is the system down? That depends on the extent of the upgrade and how many modifications need to be made in marshalling cabinets, wiring busses and whether there is requirement to install new field devices to connect to that new I/O. Let’s see what a two-day shutdown for expansion and modernization might cost. Take the case of a VietsoPetro oil platform. VietsovPetro’s output of oil is say 60,000 barrels per day. That alone would represent a loss of revenue (at our $75/barrel figure) of $9,000,000 for a two-day shutdown caused by the need to modernize and expand the SIS. This loss doesn’t take into account that the VietsovPetro platform also produces about 100 million cubic feet of gas per day.
Consider what the benefits and the significant cost of savings if we employed the latest state of the art technology SIS that didn’t require an “all stop” downtime for upgrade or maintenance would be, in relation to a two day shutdown of an oil platform like VietsovPetro. What Is the Impact of Periodic Proof Testing on Production? IEC 61508 and IEC 61511, and ANSI/ISA84.00.01-2004, which are the most referenced safety standards for the process industries mandate an ongoing engineering, maintenance and proof testing program to ensure that the system as it is installed at any moment in time actually fulfils its design requirements and performs according to its stated SIL level. Many SIS systems require entire system power cycling for proof testing. This means that the system must be powered off and on (sometimes repeatedly). This, of course means that the plant must be shut down, or the safety system interlocks will trip and the plant will have an unplanned shutdown. Some safety instrumented systems require such proof testing every three years—with a plant shutdown every three years accompanying it. Plants do require periodic shutdowns themselves for maintenance and expansion. But adding extra time, or requiring an “out of production schedule” shutdown for proof testing of the safety system simply costs money. No wonder plant management detests the safety systems. What Is the Real Cost of Downtime? We have seen that downtime has real costs, and those costs add up to real money very quickly. No plant can easily afford lost revenue in the millions of dollars per day range. When you add in the additional costs of unplanned downtime due to spurious trips, the costs spiral. Unplanned downtime is very costly. Even though the shutdown sequence caused by a trip of the SIS or the F&G system is supposed to cause a “graceful shutdown” the reality is that it almost never does. When a refinery is shut down suddenly, lines get plugged, valves stick, vessels get coatings of tar and other impurities. Even though the system shutdown safely—that is to say, no personnel were injured—an unplanned shutdown does not mean a simple or easy start-up. So the cost of a spurious trip might wind up being several weeks of lost production. Consider a refinery. Pertamina’s Cilacap refinery in Java, Indonesia processes approximately 230,000 barrels of crude oil per day. Generally, a barrel of oil produces about 19 gallons of gasoline, 9 gallons of fuel oil, 4 gallons of jet fuel, and 11 gallons of assorted other products like lubricating fluids, asphalt, kerosene, and plastic precursors. Let’s add some dollar amounts to the mix. Let’s say gasoline is US$2 per gallon. Fuel oil is US$1.35 per gallon. Jet fuel sells for US$1.20 per gallon, and the lubricants and other by-products might produce another US$1 per gallon. That’s revenue of approximately US$15 million dollars per day (US$ 65 x 230,000 barrels per day). Suppose a spurious trip cost a week’s production. That would be a cool $63 million in lost revenue. And that would be just one trip. Now, look at the lifecycle of that refinery. Refineries last longer than 50 years in production. If the refinery suffered just one spurious trip per year, and that added one week per year of downtime, which would be a lost revenue cost of more than $3 billion over the 50 year lifecycle of the refinery.
Again consider what the cost of a safety system, installed, actually is. If a plant could be equipped with a safety system where spurious trips were designed to be negligible, and where shutdowns for planned maintenance and upgrades were rare instead of common, the real cost of downtime wouldn’t be $65 million per week. Any plant engineering and management personnel should look at their plant history of shutdowns and downtime caused by spurious trips and downtime of the safety systems, and do the math. Installing a “nonstop” safety system such as the HIMA HIMax often generates an ROI of 30 days or less. Even including the “cost of change” the ROI is significantly less than 12 months. What Is the Solution to Increased Safety and Minimal Downtime? Take for example Cilacap Refinery in Indonesia which is built in 1974 and had gone through a few debottlenecking projects to increase capacity. Many refineries in the South East Asia are approximately >20years old. Most of them have legacy control systems and they have legacy safety systems. One solution is to replace the DCS and the safety systems with combined systems that run on the same backplane and have the same operating design. This solution, unfortunately, increases the risk of common mode failure, and the chance of spurious trips, as well as increasing downtime, since upgrades to the DCS may require taking the safety system off line as well. In addition, as we have already noted, this solution risks combining the appropriate DCS with a safety system that is not necessarily the preferred system. The better solution, then, is to consider the installation of a stand-alone SIS with the features needed to minimize downtime and improve safety, along with a best-in-class DCS. Here’s a checklist of features such a safety system should offer: 1. The system should be flexible, scalable and most importantly allow online expansion without having to shutdown the system thereby not interrupting plant production during the lifecycle of the plant operation. Hence increase plant uptime and reduces Operating expenses (OPEX). The system should have the ability to start at whatever size is required, and be capable of essentially infinite expansion without loss of performance. 2. The system should allow for future expansion online without having to buy forward with unnecessary spares for future expansion at the start of a Greenfield project thereby saving capital expenses (CAPEX). The end-user should only buy what he needs now. They need only to pay what they need when they need it. 3. The system should maintain its fast cycle times at high I/O counts. End users should seek benchmarks that indicate that the system will be fast, and stay fast as it expands. 4. The system’s calculation capabilities must be very high, and complex algorithms should not significantly increase the CPU overhead.
5. The system should be compact. Space is often at a premium in marshalling cabinets and on offshore installations, and the system should be designed with space saving in mind. 6. The system should have reliable and fast (1 ms) SOE (sequence of event) recording for demanding critical applications. 7. The system should have high quality diagnostics. a. Maintenance logs should be standard with relevant information such as reload, download, run, stop, force, etc. b. Condition monitoring for relays should be standard c. Large capacity diagnostic storage should be provided. All diagnostic information must be capable of being transferred out of the safety system to the DCS or to an Asset Management System, or both. 8. The system should be able to network and communicate with all major open communications protocols and all major data transfer protocols. The system should be integrable via OPC or other data transfer protocol such as Modbus TCP/IP with all major DCS systems and Asset Management Systems, and all the major data transfer protocols must be supported. 9. The system should be capable of multitasking. a. Multiple applications in the same system must be supported, and each individual application needs to have individual cycle and scan time b. Fixed cycle time must be supported. Time-critical and non-time-critical processes must be permitted in the same system c. Modification of one application must not affect any other application running on the system, and adding, changing or upgrading applications must be reaction free. Moving into the Future What end users really want is a Safety Instrumented System that protects the plant at maximum safety (SIL3), only shuts down on a real process demand, and does not shutdown for any other reason, including SIS lifecycle activities. What the future must bring is a “Nonstop” system that no longer produces the downtime of the past, and that can be upgradeable far into the future. A different perspective on Profitability Traditionally, Plant owners have been using ROI (return on investment) as a tool for evaluating their purchase of equipments. This may not be an effective tool for evaluating. ROI does not take into account the consequences of a sudden unplanned shutdown, process trips or failures. Another financial tool is now considered a better measure called the ROA (return on assets). ROA is defined as ROA = Operating Income / Total Assets. The higher the ROA, the more efficient the plant is using its ‘assets”. Let’s take a view that the Safety System is considered an asset if it operates NonStop without causing unplanned/planned shutdown thus contributing to a positive ROA.
In conclusion, plant owners and end-users are encouraged in reviewing each of their assets and questioning whether its assets affect its plant operations and hence profit. Choose the right SIS that will improves their plant profitability and yet not compromise safety. End

Recommended

Case Study - Safety vs Profitabilty for FPSO Operations
Case Study - Safety vs Profitabilty for FPSO OperationsCase Study - Safety vs Profitabilty for FPSO Operations
Case Study - Safety vs Profitabilty for FPSO OperationsAlvin CJ Chin
 
Intelli permit brochure
Intelli permit brochureIntelli permit brochure
Intelli permit brochureSteve Gauche
 
Yokogawa in the Petrochemical Industry | VigilantPlant
Yokogawa in the Petrochemical Industry | VigilantPlantYokogawa in the Petrochemical Industry | VigilantPlant
Yokogawa in the Petrochemical Industry | VigilantPlantYokogawa
 
IHST - Helicopter Condition-Based Maintenance Program
IHST - Helicopter Condition-Based Maintenance ProgramIHST - Helicopter Condition-Based Maintenance Program
IHST - Helicopter Condition-Based Maintenance ProgramIHSTFAA
 
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...Cairn India Limited
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?ISA Interchange
 
Honeywell - Alarm management standards taken seriously
Honeywell - Alarm management standards taken seriouslyHoneywell - Alarm management standards taken seriously
Honeywell - Alarm management standards taken seriouslyRobert-Emmanuel Mayssat
 
20110204 alarm management seminar ureason v1 3
20110204 alarm management seminar ureason v1 320110204 alarm management seminar ureason v1 3
20110204 alarm management seminar ureason v1 3UReasonChannel
 

Recommended

Case Study - Safety vs Profitabilty for FPSO Operations
Case Study - Safety vs Profitabilty for FPSO OperationsCase Study - Safety vs Profitabilty for FPSO Operations
Case Study - Safety vs Profitabilty for FPSO OperationsAlvin CJ Chin
 
Intelli permit brochure
Intelli permit brochureIntelli permit brochure
Intelli permit brochureSteve Gauche
 
Yokogawa in the Petrochemical Industry | VigilantPlant
Yokogawa in the Petrochemical Industry | VigilantPlantYokogawa in the Petrochemical Industry | VigilantPlant
Yokogawa in the Petrochemical Industry | VigilantPlantYokogawa
 
IHST - Helicopter Condition-Based Maintenance Program
IHST - Helicopter Condition-Based Maintenance ProgramIHST - Helicopter Condition-Based Maintenance Program
IHST - Helicopter Condition-Based Maintenance ProgramIHSTFAA
 
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...
Critical Review of PSM In Petroleum Industry | Mr. Hirak Dutta, Executive Di...Cairn India Limited
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?ISA Interchange
 
Honeywell - Alarm management standards taken seriously
Honeywell - Alarm management standards taken seriouslyHoneywell - Alarm management standards taken seriously
Honeywell - Alarm management standards taken seriouslyRobert-Emmanuel Mayssat
 
20110204 alarm management seminar ureason v1 3
20110204 alarm management seminar ureason v1 320110204 alarm management seminar ureason v1 3
20110204 alarm management seminar ureason v1 3UReasonChannel
 
Process safety managment
Process safety managmentProcess safety managment
Process safety managmentDoruk Kimyasal Yönetim Sistemeri
 
Reliability Centered Maintenance
Reliability Centered MaintenanceReliability Centered Maintenance
Reliability Centered MaintenanceRonald Shewchuk
 
optimizationof production processes
optimizationof production processesoptimizationof production processes
optimizationof production processesSyed Farukh
 
Are you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic SafetyAre you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic SafetyDesign World
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsBelilove Company-Engineers
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...Triumvirate Environmental
 
Process Safety
Process SafetyProcess Safety
Process SafetyConsultivo
 
Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety Enform
 
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...Thorne & Derrick International
 
The Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm ManagementThe Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm ManagementMary Claire Simoneaux
 
Types of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organizationTypes of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organizationSAJID ALI RUK
 
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...InfinIT - Innovationsnetværket for it
 
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal OilCybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal OilPriyanka Aash
 
20_lockout_tagout
20_lockout_tagout20_lockout_tagout
20_lockout_tagoutVikesh Dhiman
 
Maintenance management in operations management
Maintenance management in operations managementMaintenance management in operations management
Maintenance management in operations managementShereen Shahana
 
Guide lockout-tagout information and products
Guide lockout-tagout information and productsGuide lockout-tagout information and products
Guide lockout-tagout information and productsBen Geck
 
828 d da_v27
828 d da_v27828 d da_v27
828 d da_v27automationdcs
 
Bts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsBts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsJeremyGarcia46
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfglan Glandeva
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTEmbitel Technologies (I) PVT LTD
 

More Related Content

What's hot

Reliability Centered Maintenance
Reliability Centered MaintenanceReliability Centered Maintenance
Reliability Centered MaintenanceRonald Shewchuk
 
optimizationof production processes
optimizationof production processesoptimizationof production processes
optimizationof production processesSyed Farukh
 
Are you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic SafetyAre you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic SafetyDesign World
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsBelilove Company-Engineers
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...Triumvirate Environmental
 
Process Safety
Process SafetyProcess Safety
Process SafetyConsultivo
 
Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety Enform
 
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...Thorne & Derrick International
 
The Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm ManagementThe Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm ManagementMary Claire Simoneaux
 
Types of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organizationTypes of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organizationSAJID ALI RUK
 
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...InfinIT - Innovationsnetværket for it
 
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal OilCybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal OilPriyanka Aash
 
Maintenance management in operations management
Maintenance management in operations managementMaintenance management in operations management
Maintenance management in operations managementShereen Shahana
 
Guide lockout-tagout information and products
Guide lockout-tagout information and productsGuide lockout-tagout information and products
Guide lockout-tagout information and productsBen Geck
 

What's hot (19)

Process safety managment
Process safety managmentProcess safety managment
Process safety managment
 
Reliability Centered Maintenance
Reliability Centered MaintenanceReliability Centered Maintenance
Reliability Centered Maintenance
 
optimizationof production processes
optimizationof production processesoptimizationof production processes
optimizationof production processes
 
Are you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic SafetyAre you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
Are you at Risk? The Role of Lockout/Tagout in Pneumatic Safety
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuators
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented Systems
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety Standards
 
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
Complying with OSHA's Lockout/Tagout Rules: Control Hazardous Energy and Ensu...
 
Process Safety
Process SafetyProcess Safety
Process Safety
 
Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety Enform oil and gas safety: Process safey vs. personal safety
Enform oil and gas safety: Process safey vs. personal safety
 
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
Panduit Lockout Tagout For Workplace Electrical Safety - 'Why do I Need Locko...
 
The Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm ManagementThe Short Path to ISA 18.2 Alarm Management
The Short Path to ISA 18.2 Alarm Management
 
Types of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organizationTypes of Maintenance Inspections and its importance for the organization
Types of Maintenance Inspections and its importance for the organization
 
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
 
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal OilCybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
 
20_lockout_tagout
20_lockout_tagout20_lockout_tagout
20_lockout_tagout
 
Maintenance management in operations management
Maintenance management in operations managementMaintenance management in operations management
Maintenance management in operations management
 
Guide lockout-tagout information and products
Guide lockout-tagout information and productsGuide lockout-tagout information and products
Guide lockout-tagout information and products
 
828 d da_v27
828 d da_v27828 d da_v27
828 d da_v27
 

Similar to Technical Paper for ASPF 2012 - Choosing the right SIS

Bts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsBts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsJeremyGarcia46
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfglan Glandeva
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTEmbitel Technologies (I) PVT LTD
 
Electronic permit to work
Electronic permit to workElectronic permit to work
Electronic permit to workRisman BizNet
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architectureFelipe Prado
 
SMRP 24th Conf Paper - Vextec -J Carter
SMRP 24th Conf Paper - Vextec -J CarterSMRP 24th Conf Paper - Vextec -J Carter
SMRP 24th Conf Paper - Vextec -J Carterjcarter1972
 
Trend in Maintenance Management
Trend in Maintenance ManagementTrend in Maintenance Management
Trend in Maintenance ManagementUtkarsh Amaravat
 
System Design Guide 2.5
System Design Guide 2.5System Design Guide 2.5
System Design Guide 2.5Alan Smith
 
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in Industry
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in IndustryIRJET- Maintenance and Reliability Strategy of Mechanical Equipment in Industry
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in IndustryIRJET Journal
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksSchneider Electric
 
Impacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsImpacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsNinad Deshpande
 
Reliability - the missing leg of the stool final proof
Reliability - the missing leg of the stool final proofReliability - the missing leg of the stool final proof
Reliability - the missing leg of the stool final proofDonald Dunn
 
3 steps-to-ensuring-mechanical-asset-integrity-en-3293790
3 steps-to-ensuring-mechanical-asset-integrity-en-32937903 steps-to-ensuring-mechanical-asset-integrity-en-3293790
3 steps-to-ensuring-mechanical-asset-integrity-en-3293790Jose Quintero
 
Riskmitigationwhitepaperweb 1
Riskmitigationwhitepaperweb 1Riskmitigationwhitepaperweb 1
Riskmitigationwhitepaperweb 1Yasmin AbdelAziz
 
A Human-Centric Approach to Oil & Gas Industry Safety
A Human-Centric Approach to Oil & Gas Industry SafetyA Human-Centric Approach to Oil & Gas Industry Safety
A Human-Centric Approach to Oil & Gas Industry SafetyCognizant
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati
 

Similar to Technical Paper for ASPF 2012 - Choosing the right SIS (20)

Bts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsBts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettings
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdf
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
 
SKF 2. Future of Monitoring
SKF 2. Future of MonitoringSKF 2. Future of Monitoring
SKF 2. Future of Monitoring
 
Electronic permit to work
Electronic permit to workElectronic permit to work
Electronic permit to work
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architecture
 
Control systems
Control systemsControl systems
Control systems
 
SMRP 24th Conf Paper - Vextec -J Carter
SMRP 24th Conf Paper - Vextec -J CarterSMRP 24th Conf Paper - Vextec -J Carter
SMRP 24th Conf Paper - Vextec -J Carter
 
Trend in Maintenance Management
Trend in Maintenance ManagementTrend in Maintenance Management
Trend in Maintenance Management
 
System Design Guide 2.5
System Design Guide 2.5System Design Guide 2.5
System Design Guide 2.5
 
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in Industry
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in IndustryIRJET- Maintenance and Reliability Strategy of Mechanical Equipment in Industry
IRJET- Maintenance and Reliability Strategy of Mechanical Equipment in Industry
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
 
Impacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsImpacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant concepts
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
Reliability - the missing leg of the stool final proof
Reliability - the missing leg of the stool final proofReliability - the missing leg of the stool final proof
Reliability - the missing leg of the stool final proof
 
3 steps-to-ensuring-mechanical-asset-integrity-en-3293790
3 steps-to-ensuring-mechanical-asset-integrity-en-32937903 steps-to-ensuring-mechanical-asset-integrity-en-3293790
3 steps-to-ensuring-mechanical-asset-integrity-en-3293790
 
Riskmitigationwhitepaperweb 1
Riskmitigationwhitepaperweb 1Riskmitigationwhitepaperweb 1
Riskmitigationwhitepaperweb 1
 
A Human-Centric Approach to Oil & Gas Industry Safety
A Human-Centric Approach to Oil & Gas Industry SafetyA Human-Centric Approach to Oil & Gas Industry Safety
A Human-Centric Approach to Oil & Gas Industry Safety
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
 
Society of Petroleum Engineers : Model Based Engineering
Society of Petroleum Engineers : Model Based EngineeringSociety of Petroleum Engineers : Model Based Engineering
Society of Petroleum Engineers : Model Based Engineering
 

Technical Paper for ASPF 2012 - Choosing the right SIS

  • 1. Choosing the right Safety Instrumented System - Maximize Safety with Nonstop Production Author: Alvin Chin – Sales Director HIMA S.E.A. Sdn Bhd Abstract In today’s competitive environment in the global Oil & Gas, Petrochem, Chem. industries, the decision to save costs i.e. CAPEX and OPEX are the key drivers. The fittest survives - when key decisions are made to manage Plant’s profitability and productivity, while simultaneously owners and operators are required to manage the balance in keeping their Plant operationally safe to meet regulatory compliance and safety standards, such as IEC 61508, IEC 61511, and ANSI/ISA-84. Choosing the right Safety Instrumented Systems (SIS) is a strategic choice. The key factors to consider are: Plant profitability Maximum availability of the plant critical systems Improves lifecycle costs Achieve the high demand to protect plant at maximum safety (SIL3) Keeping operational costs to a minimum and yet only shut down on a real process demand This presentation raises questions for the Operators and Owners of plants to make the right choice for an SIS to improve profitability and safety for their plants. Introduction End users want an SIS that protects the plant, shuts down on real alarms, and doesn’t shut down for any other reason. Managing risks and preventing disasters from happening is as always a challenge to today’s very competitive world. Operators of hazardous offshore production platforms, FPSO, refineries, onshore offloading terminals, petrochemical, chemical and even pharmaceutical plants are constantly balancing between increasing production, avoiding unnecessary shutdown of their plant operations yet not compromising the safety of their plant operational personnel and to protect against equipment failures and to prevent damages to the environment directly or indirectly. There have been several unfortunate industrial disasters in the process industry in the past. There will likely be many more to follow as our daily working conditions, materials, equipment and performances keep changing and getting more and more demanding. Major accidents like Flixborough, Piper Alpha, Bhopal, Texas City, Mumbai High North, Montara Well Head Platform and the most recent Deepwater Horizon Macondo Blowout in 2010 have all painfully revealed certain failures that we can learn from - failures that come with a cost of life, environment and capital investment. Today the offshore oil & gas and the petrochemical industry have tried to prevent disasters by employing Emergency Shut Down systems (ESDs) for prevention and Fire and Gas systems (FGS)
  • 2. for mitigation of disasters. These safety related systems serve the function of protecting equipments and industrial processes where danger may occur in case of failure. These systems are not part of the process control system. Until a few years ago these systems were being designed in compliance with no reference to a general normative. This has since changed with the increased adoption of IEC 61508 and IEC 61511Standards in the process Industry. These safety systems are more commonly called Safety Instrumented Systems (SIS) defined in the IEC 61508 and 61511. The problem has traditionally been viewed as one of risk management. How much risk can a company allow, without inviting a disaster to happen? The cost of safety is tied directly to the profits of a company. If it is an unsafe company - almost certainly pay out more in Occupational Safety and Health Administration (OSHA) fines, lawsuits and attorney's fees and also for increased insurance premiums than needed. All of these payments directly affect the bottom line. Owners / Operators constantly balancing between increase profitability i.e. driving up plant productivity and yet not compromising safety! Today, every safety case must drive profitability. Traditionally, safety systems are not popular with management. The safety systems are deemed as costly and they are considered as a “sunken cost” - a cost that has already been incurred and thus cannot be recovered and do not contribute to profit. With the exception of certain companies who have worked to create exemplary safety records, most companies appear willing to do the minimum in the area of safety systems that will allow them to appear compliant with the law and the relevant standards. This may neither provide acceptable safety, or acceptable downtime costs due to spurious trips and lifecycle activities. Even though IEC 61508 and IEC 61511 mandate a continuous engineering process for safety instrumented systems, including auditing and recalculating SIL levels and continuous testing programs, selection of the right SIS systems are often relegated to the hands of the instrumentation contractor when new plant construction occurs. This trend is still prevailing and it is extremely difficult to get plant management to comprehend that simply ordering an EPC Contractor to install SIL3 products with the appropriate TÜV certificate and a SIL 3 logic solver (e.g. TMR or QMR PLC )to connect to those SIL3 products, does not make a safety system. Top Management should take extra efforts to review the needs and to take control of the decision to implement the right safety system at the early stage of say a Greenfield project so that they can incorporate the right philosophy in choosing the most efficient process safety design at pre-FEED or FEED stage with the most reliable safety solutions to optimise their production and prevent unnecessary shutdowns. This critical decision should not be taken lightly and not be relegated to EPC contractor but be made by plant owners directly. Many plant personnel realised that though the SIS performing the Emergency Shutdown functions does nothing during the normal operations of the plant. However, the SIS has final control over whether the plant “runs” or “shut down”. Shutting down the SIS invariably means shutting down a running plant in production. The SIS has its “hands around the neck” of plant management, who can’t make product unless the SIS says you can. Today many end-users/ operators of plant are getting accustomed to unnecessary shutdown due to the following activities such as
  • 3.  A mandatory safety system Operating System upgrade due to “software bugs” that have to be fixed to prevent random failures of the SIS.  A modification of the logic programmes  A repair and maintenance activity such as to remove and replace a faulty CPU card, Communication card or I/O cards .…any work may, and often does, require an SIS shutdown to implement. Of course, an SIS shutdown usually means a plant shut down. What this means is that the lifecycle costs of the SIS may dwarf the entire control budget if the SIS system chosen isn’t the best one for the process. Therefore, the design decision and the purchasing decision for the SIS system may be even more important than that of the DCS and the rest of the control system entirely. Yet plant management and plant engineering rarely conceives of this decision in that way. There is a movement toward the “combined integrated safety system” where the DCS vendor supplies their version of an SIS. The benefits of having single source responsibility are obvious and may sound logical. One has to review also the benefit of insisting that the EPC provide a best- in-class basic process control system (DCS) and a best-of-breed safety instrumented system (SIS) for the smooth operation of its plant and safety. While an automation vendor is obligated to push their own system, whether or not it is appropriate for the project, an EPC or a control system integrator is just as obligated to do the work, expend the effort, to make the decisions at the start of a lifecycle, even though the EPC or the Control System Integrator may not be around to see those decisions validated, that is to provide for the optimum solution for both BPCS and SIS. In many cases, the EPC or Control System Integrator may have handed their responsibilities to the plant owners once their warranty obligation expires. The better solution for today’s process plants is to consider the installation of a high performance stand-alone SIS with the features needed to minimize downtime and improve safety. This type of SIS can easily integrate with any DCS system to provide that best-in-class performance that the end user really wants. What end users really want is a safety instrumented system that protects the plant at maximum safety for equipment and personnel, and doesn’t shut down for any other reason, including spurious trips and the so-called “lifecycle” activities. For plant management, long used to production stoppages and delays from SIS system malfunctions, such an SIS system would be a “Godsend”. What Happens When You Make Changes? Plants have lifecycles. Equipment, tanks, vessels and piping have lifecycles. Controls and control systems have lifecycles too. This means that changes, upgrades and repairs must be made over the course of the lifespan of the control system and the field devices connected to it. These lifecycle events are not necessarily planned. The management of a plant cannot always impose preventative or predictive maintenance practices, and even if they institute a rigorous preventative or predictive maintenance program, accidental failures and unscheduled downtime does occur. If the plant safety systems are not designed to minimize downtime, significant costs may be incurred.
  • 4. What Happens When You Upgrade? In the majority of SIS and F&G safety systems, upgrading the system requires at least one, and perhaps more than one, shutdown. When this happens, the entire facility’s production stops, because shutting down the SIS shuts down the BPCS (basic process control system) automatically. System upgrades can be planned lifecycle events. This means that the downtime of the entire system has been planned for. However, “planned for” downtime costs the same as unplanned downtime. Let’s look for example at the Petronas off-shore oil platform. It produces approximately 50,000 barrels of crude oil every day. Since the price of oil has varied recently from approximately US$40 per barrel to US$140 per barrel, let’s use US$75 per barrel as a reasonable number. That would be lost revenue of US$3,750,000 per day of planned downtime. These lost of revenue due to this planned downtime on system upgrading can be prevented if these system upgrades can be done online without interrupting production. In today’s context, there aren’t many such safety systems that can fulfil this. Safety Instrumented Systems such as the HIMA HIMax system have been designed to permit system upgrades without interrupting production, and at the same time maintaining complete safety. Systems such as HIMax are based on an architecture that permits faulty modules to be replaced online (hot-swapped) at any time, without interrupting operation. Upgrades and system expansions need not require system (and BPCS) shutdown. What Happens When You Need Maintenance? Long gone are the days of “run it ‘til it breaks” in process plants. Today predictive maintenance technologies are being installed in process plants worldwide. The theory is that by using fault detection software, combined with predictive algorithms, the exact time to failure of any component or piece of equipment can be predicted, and replacement can be scheduled prior to failure. In many cases, such as in the case of large rotating machinery or tankage or valves or other inline components, a shutdown must occur in order to effect the replacement. In most BPCS systems (the plant DCS), hot swapping components such as I/O cards and bus cards can be done without shutting down the plant. But in most safety systems, that’s not permitted. Let’s say the plant requires the addition of a new I/O or processor rack, new local I/O cards, new remote I/O rack and cards…most systems would require the system to be taken down to make those additions. How long is the system down? That depends on the extent of the upgrade and how many modifications need to be made in marshalling cabinets, wiring busses and whether there is requirement to install new field devices to connect to that new I/O. Let’s see what a two-day shutdown for expansion and modernization might cost. Take the case of a VietsoPetro oil platform. VietsovPetro’s output of oil is say 60,000 barrels per day. That alone would represent a loss of revenue (at our $75/barrel figure) of $9,000,000 for a two-day shutdown caused by the need to modernize and expand the SIS. This loss doesn’t take into account that the VietsovPetro platform also produces about 100 million cubic feet of gas per day.
  • 5. Consider what the benefits and the significant cost of savings if we employed the latest state of the art technology SIS that didn’t require an “all stop” downtime for upgrade or maintenance would be, in relation to a two day shutdown of an oil platform like VietsovPetro. What Is the Impact of Periodic Proof Testing on Production? IEC 61508 and IEC 61511, and ANSI/ISA84.00.01-2004, which are the most referenced safety standards for the process industries mandate an ongoing engineering, maintenance and proof testing program to ensure that the system as it is installed at any moment in time actually fulfils its design requirements and performs according to its stated SIL level. Many SIS systems require entire system power cycling for proof testing. This means that the system must be powered off and on (sometimes repeatedly). This, of course means that the plant must be shut down, or the safety system interlocks will trip and the plant will have an unplanned shutdown. Some safety instrumented systems require such proof testing every three years—with a plant shutdown every three years accompanying it. Plants do require periodic shutdowns themselves for maintenance and expansion. But adding extra time, or requiring an “out of production schedule” shutdown for proof testing of the safety system simply costs money. No wonder plant management detests the safety systems. What Is the Real Cost of Downtime? We have seen that downtime has real costs, and those costs add up to real money very quickly. No plant can easily afford lost revenue in the millions of dollars per day range. When you add in the additional costs of unplanned downtime due to spurious trips, the costs spiral. Unplanned downtime is very costly. Even though the shutdown sequence caused by a trip of the SIS or the F&G system is supposed to cause a “graceful shutdown” the reality is that it almost never does. When a refinery is shut down suddenly, lines get plugged, valves stick, vessels get coatings of tar and other impurities. Even though the system shutdown safely—that is to say, no personnel were injured—an unplanned shutdown does not mean a simple or easy start-up. So the cost of a spurious trip might wind up being several weeks of lost production. Consider a refinery. Pertamina’s Cilacap refinery in Java, Indonesia processes approximately 230,000 barrels of crude oil per day. Generally, a barrel of oil produces about 19 gallons of gasoline, 9 gallons of fuel oil, 4 gallons of jet fuel, and 11 gallons of assorted other products like lubricating fluids, asphalt, kerosene, and plastic precursors. Let’s add some dollar amounts to the mix. Let’s say gasoline is US$2 per gallon. Fuel oil is US$1.35 per gallon. Jet fuel sells for US$1.20 per gallon, and the lubricants and other by-products might produce another US$1 per gallon. That’s revenue of approximately US$15 million dollars per day (US$ 65 x 230,000 barrels per day). Suppose a spurious trip cost a week’s production. That would be a cool $63 million in lost revenue. And that would be just one trip. Now, look at the lifecycle of that refinery. Refineries last longer than 50 years in production. If the refinery suffered just one spurious trip per year, and that added one week per year of downtime, which would be a lost revenue cost of more than $3 billion over the 50 year lifecycle of the refinery.
  • 6. Again consider what the cost of a safety system, installed, actually is. If a plant could be equipped with a safety system where spurious trips were designed to be negligible, and where shutdowns for planned maintenance and upgrades were rare instead of common, the real cost of downtime wouldn’t be $65 million per week. Any plant engineering and management personnel should look at their plant history of shutdowns and downtime caused by spurious trips and downtime of the safety systems, and do the math. Installing a “nonstop” safety system such as the HIMA HIMax often generates an ROI of 30 days or less. Even including the “cost of change” the ROI is significantly less than 12 months. What Is the Solution to Increased Safety and Minimal Downtime? Take for example Cilacap Refinery in Indonesia which is built in 1974 and had gone through a few debottlenecking projects to increase capacity. Many refineries in the South East Asia are approximately >20years old. Most of them have legacy control systems and they have legacy safety systems. One solution is to replace the DCS and the safety systems with combined systems that run on the same backplane and have the same operating design. This solution, unfortunately, increases the risk of common mode failure, and the chance of spurious trips, as well as increasing downtime, since upgrades to the DCS may require taking the safety system off line as well. In addition, as we have already noted, this solution risks combining the appropriate DCS with a safety system that is not necessarily the preferred system. The better solution, then, is to consider the installation of a stand-alone SIS with the features needed to minimize downtime and improve safety, along with a best-in-class DCS. Here’s a checklist of features such a safety system should offer: 1. The system should be flexible, scalable and most importantly allow online expansion without having to shutdown the system thereby not interrupting plant production during the lifecycle of the plant operation. Hence increase plant uptime and reduces Operating expenses (OPEX). The system should have the ability to start at whatever size is required, and be capable of essentially infinite expansion without loss of performance. 2. The system should allow for future expansion online without having to buy forward with unnecessary spares for future expansion at the start of a Greenfield project thereby saving capital expenses (CAPEX). The end-user should only buy what he needs now. They need only to pay what they need when they need it. 3. The system should maintain its fast cycle times at high I/O counts. End users should seek benchmarks that indicate that the system will be fast, and stay fast as it expands. 4. The system’s calculation capabilities must be very high, and complex algorithms should not significantly increase the CPU overhead.
  • 7. 5. The system should be compact. Space is often at a premium in marshalling cabinets and on offshore installations, and the system should be designed with space saving in mind. 6. The system should have reliable and fast (1 ms) SOE (sequence of event) recording for demanding critical applications. 7. The system should have high quality diagnostics. a. Maintenance logs should be standard with relevant information such as reload, download, run, stop, force, etc. b. Condition monitoring for relays should be standard c. Large capacity diagnostic storage should be provided. All diagnostic information must be capable of being transferred out of the safety system to the DCS or to an Asset Management System, or both. 8. The system should be able to network and communicate with all major open communications protocols and all major data transfer protocols. The system should be integrable via OPC or other data transfer protocol such as Modbus TCP/IP with all major DCS systems and Asset Management Systems, and all the major data transfer protocols must be supported. 9. The system should be capable of multitasking. a. Multiple applications in the same system must be supported, and each individual application needs to have individual cycle and scan time b. Fixed cycle time must be supported. Time-critical and non-time-critical processes must be permitted in the same system c. Modification of one application must not affect any other application running on the system, and adding, changing or upgrading applications must be reaction free. Moving into the Future What end users really want is a Safety Instrumented System that protects the plant at maximum safety (SIL3), only shuts down on a real process demand, and does not shutdown for any other reason, including SIS lifecycle activities. What the future must bring is a “Nonstop” system that no longer produces the downtime of the past, and that can be upgradeable far into the future. A different perspective on Profitability Traditionally, Plant owners have been using ROI (return on investment) as a tool for evaluating their purchase of equipments. This may not be an effective tool for evaluating. ROI does not take into account the consequences of a sudden unplanned shutdown, process trips or failures. Another financial tool is now considered a better measure called the ROA (return on assets). ROA is defined as ROA = Operating Income / Total Assets. The higher the ROA, the more efficient the plant is using its ‘assets”. Let’s take a view that the Safety System is considered an asset if it operates NonStop without causing unplanned/planned shutdown thus contributing to a positive ROA.
  • 8. In conclusion, plant owners and end-users are encouraged in reviewing each of their assets and questioning whether its assets affect its plant operations and hence profit. Choose the right SIS that will improves their plant profitability and yet not compromise safety. End