The document proposes a new process safety KPI (key performance indicator) using two metrics: (1) initiating event demand rate and (2) safeguard unavailability. This aims to better predict major losses compared to typical lagging metrics. The KPI can be automatically collected from process data and presented to management to identify unsafe areas and guide corrective actions. An example shows how a CEO and plant managers drilled down through the KPI data to identify and address frequently failing level control increasing demand rates. The KPI approach allows proactive major loss prevention through improved management oversight of process safety performance.
Safety is an important consideration in process design. Safety integrity level (or SIL) is often used to describe process safety requirements. However, there are often misconceptions or misunder- standings surrounding SIL. While the general subject, functional safety and SIL, can be highly technical, the general ideas can be distilled down to a few readily understandable concepts. In this paper, we will discuss what SIL is, why it is important, what certification means, and the implications and benefits of that certification to the end user.
lain Engels
Product Manager Level & Safety Applications Consultant
Endress+Hauser
Alain werkt bij Endress+ Hauser sinds 1984.
Hij heeft verschillende functies gehad zoals Product Manager van Druk, Temperatuur en Niveaumetingen.
In paralell was hij ook Industrie specialist voor Chemie & Oil & Gas en ATEX, SIL en PED.
SIL = Safety Integrity Level
•Safety systems are becoming increasingly instrumented
•Depending less on human intervention and operator’s ability to respond correctly in a given situation
•Depending more on instrumentation and programmable systems
•SIL requirements are intended to ensure the reliability of such safety instrumented systems
Safety is an important consideration in process design. Safety integrity level (or SIL) is often used to describe process safety requirements. However, there are often misconceptions or misunder- standings surrounding SIL. While the general subject, functional safety and SIL, can be highly technical, the general ideas can be distilled down to a few readily understandable concepts. In this paper, we will discuss what SIL is, why it is important, what certification means, and the implications and benefits of that certification to the end user.
lain Engels
Product Manager Level & Safety Applications Consultant
Endress+Hauser
Alain werkt bij Endress+ Hauser sinds 1984.
Hij heeft verschillende functies gehad zoals Product Manager van Druk, Temperatuur en Niveaumetingen.
In paralell was hij ook Industrie specialist voor Chemie & Oil & Gas en ATEX, SIL en PED.
SIL = Safety Integrity Level
•Safety systems are becoming increasingly instrumented
•Depending less on human intervention and operator’s ability to respond correctly in a given situation
•Depending more on instrumentation and programmable systems
•SIL requirements are intended to ensure the reliability of such safety instrumented systems
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
Socially responsible investors briefing, London, April 18th 2012Shell plc
Peter Voser, Chief Executive Officer and Chad Holliday, Non-Executive Director and Chairman of the Corporate and Social Responsibility Committee presented to Shell’s Socially Responsible Investors in London during the annual socially responsible investors briefing.
This presentation will give you an overview of safety
management system, importance of safety, incident, accident and near miss, Hazards and Risk assessment , Risk Matrix, Risk controls and Mitigation Plan.
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
Socially responsible investors briefing, London, April 18th 2012Shell plc
Peter Voser, Chief Executive Officer and Chad Holliday, Non-Executive Director and Chairman of the Corporate and Social Responsibility Committee presented to Shell’s Socially Responsible Investors in London during the annual socially responsible investors briefing.
This presentation will give you an overview of safety
management system, importance of safety, incident, accident and near miss, Hazards and Risk assessment , Risk Matrix, Risk controls and Mitigation Plan.
An outline of the differing role of KPIs at startups vs mature businesses, drawing out the implications for the approach and methodology to their development.
The combustion process has always been considered having the potential for a hazardous event which could lead to personnel injury or loss of production. To mitigate this risk, the process industry is now implementing Safety Instrumented Systems which can identify hazardous operating conditions and correctly respond in such a way to bring the combustion process back to a safe operating condition or implement an automatically controlled shutdown sequence to reduce the risk of operator error causing a catastrophic event. Oxygen and combustible flue gas analyzers are now being utilized in these combustion Safety Instrumented Systems (SIS) to identify hazardous operating conditions and automatically return the process to a safe state. The standards of IEC 61511 and API RP 556 will be reviewed as they apply to flue gas analyzers, as well as the process variables of the oxygen and combustible analyzer available for implementation into the SIS system for combustion monitoring, and the resultant actions required to return the process to a safe condition.
Safety Instrumented System (SIS) Principles Comprehensive&Understanding Train...DEVELOP
DEVELOP Training Center (TM) menyelenggarakan Training Safety Instrumented System (SIS) Principles Comprehensive&Understanding yang sangat berguna untuk mendapatkan skill tentang Safety Instrumented System (SIS) Design, Analisis dan Report pada Project&Plant Operation.
Materi Training di DEVELOP Training Center (TM) dirancang khusus oleh para praktisi engineer dan designer disesuaikan dengan kebutuhan project. Anda akan mendapat sharing ilmu langsung dari para praktisi yang berpengalaman bertahun-tahun.
Regulatory modifications have raised important issues in design and use of industrial safety systems. Certain changes in IEC 61508, now being widely implemented, mean that designers and users who desire full compliance must give new consideration to topics such as SIL levels and the transition to new methodologies.
Reliability Instrumented System | Arrelic Insights Arrelic
An approach that strays from the conventional, coupled with
consistency, enables us to contribute to the company's overall
growth and success.
This Insights talks about RIS Process and applications
The placement of gas detectors has traditionally been an imprecise field of engineering. With no detailed prescriptive rules on when and where to place gas detection equipment, designs have been left to experts who use their judgment along with rules of thumb to set designs. These ad hoc methods have left industry in a position where different process units within the same refinery have vastly different gas detection designs for equipment in similar operating profiles. Furthermore, often no documented basis for the selection exists making it difficult to justify the differences in designs between units to stakeholders and regulators.
In 2011, ISA released a technical report describing performance based methods for fire and gas system (FGS) design. This technical report laid out a safety lifecycle and introduced the new metric of “coverage” to define FGS designs. The approach presented in ISA TR84.00.07 was applied to the problem of H2S gas detection on a refinery Sulfur Recovery unit. All of the process equipment was assessed using calibrated semi-quantitative techniques, resulting in graded areas with associated coverage targets. Fire and gas mapping software was then utilized to confirm that the assigned coverage targets were achieved. This paper describes how that project was executed, presents an overview of the results, and compares the resulting design against other process units and expectations.
Optimizing Fire3 and Gas System Design Using the ISA Technical Report ISA TR8...Kenexis
Fire and Gas Detection and Suppression Systems (FGS) have long been successfully employed as a safeguard in the process industries. Unfortunately, design methods for determining the quantity and placement of detectors have historically been less than satisfactory. Design practices based on rules of thumb and experiences have often resulted in design inconsistencies, and achievement of tolerable risk cannot be ascertained. Rule-based methods often place detectors where they are not needed and leave high risk areas unnecessarily exposed. ISA released technical report TR 84.00.07 to address this problem. This technical report explains the metrics, such as detector coverage, and techniques that can be applied to the design of FGS which results in optimal designs that are safer and more repeatable. This paper will provide an overview of the contents of the technical report, and also provide some case study examples that show how these performance-based methods result in superior designs to currently used techniques such as grid-based approaches.
Performance based gas detection for hydrocarbon storageKenexis
The design of hydrocarbon gas detection systems using risk analysis methods is drawing a lot of attention because industry experts have come to a consensus that design codes used in traditional gas detection system design work are not sufficient for open-door process areas having serious hazards, such as fire, flammable gas and toxic gas. The ISA Technical Report TR 84.00.07 provides guidelines for the design of fire and gas systems in unenclosed process areas in accordance with the principles given in IEC 61511 standards. This paper presents an overview of the design of gas detection systems using risk assessment methods that are described in the ISA technical report. These methods are statistical in nature and are used to assign and verify targets for the performance metrics (detector coverage and safety availability) of gas detection systems. This paper also provides an overview of the performance based safety life cycle of gas detection systems from conceptual design stage to operations and maintenance.
Refiners use a wide array of process heaters. The operation of these heaters poses a number of hazards that must be controlled, and are typically controlled using safety instrumented functions. The number and type of safety instrumented functions that are employed vary to a great degree from refiner to refiner and from site to site. This paper presents a summary of some of the results of a benchmarking study that was performed to determine the most prevalent practices in industry and establish the degree of adoption for some of the more common safety instrumented functions.
Shared Field Instruments in SIS: Incidents Caused by Poor Design and Recommen...Kenexis
Even though the ISA 84 standard for Safety Instrumented Systems has been in use since 1996, there is still a lot of confusion about a key attribute of good SIS design – specifically separation of basic process control systems (BPCS) and safety instrumented systems (SIS). It could be argued that newer versions of SIS standards have further complicated the issue be specifically allowing combined safety and BPCS applications, given that certain requirements are met. The objective of the standard is not to enforce a complete separation between the systems but to either:
1) prevent a single point of failure from both creating a demand to the SIS to activate while simultaneously preventing the SIS from performing its critical action; or,
2) ensure that the frequency of this sort of single point of failure is low enough that tolerable risk goals are not violated.
The requirements for when sharing BPCS and SIS equipment is acceptable that are presented in the most recent version of the SIS functional safety standard (i.e., ISA 84.00.01-2004 – IEC 61511 Mod) are complex, confusing, and often misunderstood or simply ignored. Understanding when sharing is acceptable is and when it is not is further complicated by the fact that it is a multi-disciplinary effort, requiring knowledge not only of the instrumentation itself, but also of the process to which the equipment is connected. In fact, knowledge of the process and how it responds to BPCS failures is much more important. Verification that sharing BPCS and SIS equipment is acceptable thus requires a detailed analysis of all of the failure modes of the shared equipment along with an assessment of how each of those failure modes affects the process under control.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
1. The New Process Safety KPI
Edward M. Marszal, PE, CFSE
President, Kenexis Consulting Corporation
2. Speaker Information
Edward M. Marszal, PE, CFSE
President, Kenexis
13 Years Experience
ISA Author “SIL Selection”
ISA Committees - S84, S91, S18
ISA Safety Division Director
ISA, AIChE, NFPA Member
BSChE, Ohio State University
3. Introduction
Process industry safety performance can be improved
• Major Hazards Still a Problem
Upper management disconnected from operations
• No “feel” for day-to-day operation
• Important information not available (can be hidden)
Actionable metrics allow oversight
Typical safety metrics not effective
• Slips, trips, and falls not well correlated to major losses
Better Metrics Essential
• Predictive information can be developed from process history
• Collection and presentation possible with existing tools
4. Management 101
Improved major loss prevention though improved
management
Management process
• Determine the objective
• Identify parameters affecting the objective (KPI)
• Measure performance against the parameters
• Adjust processes, procedures, and equipment to optimize KPI
values
5. Current Metrics
Process industry safety management is based on metrics
• First Aid Cases
• Reportable Injury Rate
• “Near-Miss” Report Rate (good, but lagging, infrequent, and
reliant on human reports)
• Unsafe Activity Reports
• Unresolved PHA Action Items
Current metrics not well correlated with major losses
6. Metrics Desirable Attributes
New metrics are essential to improvement
New metrics fore-shadowed in recent standards
Must “predict” major loss issues
• Could lead to major loss, but stops short
Must be clearly defined and consistently applied
Must be relatively frequent events
Automatic collection and reporting beneficial
7. Accident Causation Model
Hypothesis: Most major accidents happen because
multiple failures occur; starting with an initiating event
Failure Failure Failure Accident
Initiating Event Propagating Event Propagating Event
8. The New KPI
Major loss prevention distilled to two numbers
Initiating Events (Demand Rate)
• Actual/expected frequency of occurrence
Safeguard Unavailability
• Probability safeguards will operate on demand
Metrics applied at all levels, and allow “drill-down”
• Organization -> Site -> Unit -> Hazard
9. Demand Rate
Scaled Demand Rate – Actual/Expected Frequency
• Target 1.0 – Higher is unsafe
Expected demand rate obtained from existing PHA
• Layer of Protection Analysis (LOPA) requires this data
Can be automatically logged, tracked, and reported
• Demands typically historized
• Critical alarm activations
• Safety instrumented function activations
• Pressure relief alarms
10. Safeguard Effectiveness
Safeguard Scaled Unavailability –
Actual Unavailability/Target Unavailability
• Greater than 1.0 is unsafe
Unavailability – fraction of time a safeguard can not perform
is intended function
• Safeguard equipment is in failed state
• Safeguard is bypassed
Required safeguards listed in good PHA (e.g., LOPA)
Data collection and reporting (combined system)
1. Functional test of equipment (database logged)
2. Time in bypass – historized
11. Example
A CEO receives safety KPI as part of a monthly briefing
Actual Target
Scaled Demand Rate 1.413 1.0
Scaled Unavailability 0.877 1.0
12. Example
The CEO drills down into the data to determine the source
of the problem
Facility Scaled Demand Rate
Chemical City 3.45
Port Process 0.877
Polymer Valley 0.351
New Chemical City 0.798
The CEO places a call to the chemical city plant manager
13. Example
The chemical city plant manager goes online and views his
plants data
Process Unit Scaled Demand Rate
Utilities 0.694
Monomer Preparation 0.887
Gas Preparation 10.40
Polymerization 0.899
14. Example
The chemical city plant manager then drills down into the
data, in conference with the operations supervisor and
unit engineer
Hazard Scaled Demand Rate
Separator High Alarm 0.100
Separator Low Shutoff 0.887
Separator Relief 35.00
Liquid Pump Shutoff 0.899
15. Example BPCS
LIC-101
The chemical city team review
the separator low level
shutoff
V-101
LT-101 LT-001
To Low
Pressure
Separator
LV-001 LV-101
16. Example
Consequence (Risk Matrix )
Tag
Item IPF Description Hazard Prevented Severity
No. Consequence
- Safety
1. LSC- High Pressure Low-Low level in the High pressure in 4
001 Separator Low- separator vessel may result downstream vessels may
Low Level Closes in gas blowby of high result in overpressure and
Separator Liquid pressure gas into rupture of the equipment.
Outlet Valve downstream equipment that This could lead to release of
is not rated to withstand flammable material to the
that higher pressures. atmosphere with subsequent
fire or explosion potentially
resulting in injury or fatality
D e s c ri p ti o n o f re q u i re d ac ti o n
Likelihood
Independent Protection Layers Required
Category Selected
Initiating Event SIL (All
IPL IPL SIL
L RR IPLs Causes)
Category Credit
1. Failure of level 4 3 1. Operator Operator 1 SIL 2 SIL 2
controller LIC-101 intervention Intervention
such that valve based on
LV-101 fails to low level
the open position. alarm.
17. Example
The team determine that the expected demand rate of once
in ten years was being significantly exceeded because
level control was very frequently failing.
The level control scheme and equipment was replaced to
reduce the initiating event
18. Conclusions
Current typical process safety metrics are not adequate
New KPI should predict major losses
Typical accidents can be predicted by process demands
and safeguard effectiveness
The required KPI can mostly be collected and reported
automatically
The major limitation to this approach is the inability to
measure accidents that are the direct result of the
initiating event