September 2018

Environment and Safety

Process safety as a profit center?

In today’s economic environment, new capital spending is harder to find than loose change buried under the couch cushions.

Scott, M., Schuler, T., aeSolutions

In today’s economic environment, new capital spending is harder to find than loose change buried under the couch cushions. Whatever money is found is dedicated or, at least driven, toward projects that increase profits. It is difficult for companies to invest when there is little tangible return on investment in the near future. Whether at a brownfield or greenfield site, process safety is evoking pain in the form of excessive resources and money. Unfortunately, process safety experts may contribute to negative connotations by not streamlining their efforts or capitalizing on the information for continuous improvement. An out-of-the-box method is proposed here to empower cultural change to consider process safety as a profit center rather than as a burdensome cost center.

What is the problem?

Admittedly, process safety does not qualify as a profit center by manufacturing additional product or printing money. However, the way that process safety has been approached requires many resources with varying expertise (internal and external) and various tools for conducting a hazard and operability (HAZOP) study, a layer of protection analysis (LOPA), safety integrated level (SIL) verification calculations, safety requirement specifications (SRS), etc., while supporting operations. This has been, and continues to be, an expensive, inefficient and costly process.

Fig. 1. The acronyms influencing process safety to date.
Fig. 1. The acronyms influencing process safety to date.

Twenty-five yr ago, standards and best practices (ISA-84, IEC 61511, etc.) were enacted that mandated the completion of a HAZOP/LOPA, SIL verification calculations, SRS, proof test procedures, etc., to ensure performance when required. Numerous acronyms (LOPA, SIL, SIF, IPL, TMEL, etc.) were created to quantify values and balance the severities of events, the likelihood of occurrence and to secure appropriate numbers of protection layers to ensure risk was adequately managed (FIG. 1). These terms became the commandments of process safety engineers wanting to make a difference. However, after 25 yr, are facilities truly being made safer? Are we effectively communicating to management the changes necessary to minimize risk? Does management have the information to make informed business decisions on what risk reduction-related efforts need to be funded? Is it possible to balance overall financial spending while ensuring that the operation is ultimately profitable?

Taking the traditional approach to complete front-end process safety paperwork requires a small army of people with numerous technical backgrounds and competency levels, as well as numerous tools (Microsoft Word, Excel, HAZOP/LOPA software, AutoCAD, etc.), supporting documentation and calculations. Unfortunately, these have historically been disparate tools that include numerous, non-standard, unlimited text fields.

Examples of real-world, simple scenarios that make the present approach unmanageable include:

  1. The analysis and paperwork required to replace legacy switches with more modern transmitters. This work requires the following:
  • Analyzing risk
  • Performing new SIL calculations
  • Updating safety requirements
  • Updating technical drawings
  • Replacing proof test procedures
  • Rescheduling maintenance intervals.

This method is nearly impossible with everything else on the operations to-do list.

  1. Reacting to a plugged tap, using the information to find other potential bad actors, and ensuring future events do not fall through the cracks. Questions that must be asked are:
  • Does the maintenance technician know that the plugged tap impacts process safety?
  • Can the increased risk of continued operation if the transmitter is out of service be easily understood?
  • Can sibling devices/protection layers be quickly identified?

This method, too, is nearly impossible with everything else on operations to-do list.

A more effective way to manage safety, while making a company safer on a daily basis, must exist.

Where to go from here?

Continuing with the aforementioned examples, three specific, simple actions need to happen regarding technology:

  1. Consolidate tooling with a single data model to manage process safety documentation
  2. Interface with operational data to monitor performance vs. the respective risk profile
  3. Identify bad actors and take action to effectively minimize risk.

Consolidate tooling

New tools are penetrating the hydrocarbon processing industry marketplace as the Industrial Internet of Things (IIoT)/digitalization revolution takes off in the process industry. These tools are called process safety lifecycle management tools, and they can cost-effectively remove risk from business. The premise of these tools is to consolidate process safety data into a single data repository. This data is fed to an analysis engine, where it can be efficiently and automatically leveraged to unlock hidden process safety information.

A consolidated toolkit allows the seamless transfer of data from one process safety document to the next. For example, LOPA targets flow into the SIL calculation engine. Then, the SIL calculation and the LOPA targets transfer to the SRS. Finally, test procedures are updated with data from the SRS.

A consolidated toolkit helps maintain standard documentation by enabling personnel to connect operating data with design assumptions, which substantially reduces labor hours (FIG. 2). Since it is tag-based, a change in an instrument (e.g., replacing a switch to a transmitter) will go through each document that references the instrument. This operation is a critical step in allowing staff to reap the rewards associated with the safety lifecycle.

Fig. 2. Seamless data transfer inherent to a consolidated tool.
Fig. 2. Seamless data transfer inherent to a consolidated tool.

Monitoring performance

The majority of the risk analysis and reliability engineering completed in the initial process safety design basis in consolidated tooling is based on assumptions. Examples of critical assumptions include:

  • What hazards exists? How severe are these hazards? What is the assumed frequency/probability of these hazards occurring?
  • What instruments are being used? What is the assumed failure rate of each device or protection layer?
  • How often does a device or protection layer require testing to ensure that it has not failed?
  • How often is a process unit outside of safe operating limits?
  • Can a device be bypassed? If so, for how long? How long does it take to repair a device or protection layer?

Standards (ISA-84, IEC 61511, etc.) mandate that these initial assumptions be compared to actual plant performance. This is in line with the old adage, “If you cannot measure it, you cannot improve it.” A true process safety lifecycle management tool monitors data from the process historian and computerized maintenance management system (CMMS) to be able to compare assumed performance vs. actual performance. This operation transforms process safety deliverables into an automated auditing engine that can readily identify process safety-centric bad actors. For example, an SIL 2 safety instrumented function that is guarding against a potential multiple fatality scenario that:

  • Has plugged taps that result in a “device out of service” label and is bypassed, while taps are rodded out multiple times a year
  • Has sensors/final elements that are not tested on schedule per SIL calculations
  • Has successfully responded to high pressure five times/yr
  • Has final elements that leak excessively.

Identify bad actors to minimize risk

Fig. 3. FSI can be calculated by comparing actual vs. assumed performance.
Fig. 3. FSI can be calculated by comparing actual vs. assumed performance.

A single metric has been developed to measure overall performance of all protection layers vs. what is assumed during initial design and maintained over the life of a facility. The fundamental concept behind the key performance indicator (KPI) is leveraging logic used in a LOPA study, where the team evaluates potential hazardous scenarios by establishing the severity of the event and the likelihood of the event occurring, given the effectiveness of various protection layers. To reduce the risk to a tolerable level, safeguards—in the form of independent protection layers (IPL)—are added. If a facility can monitor the performance of IPLs in real time, then the functional safety index (FSI) can be calculated by comparing actual vs. assumed performance (FIG. 3). FSI can be added to a monthly scorecard alongside throughput to ensure that operations has safely met its goals. The FSI enables operators to identify bad actors and invest to reduce risk.

As bad actors are removed, facilities are able to keep all information “evergreen” due to a consolidated toolkit. What is meant by the term “evergreen?” Facilities maintain piping and instrumentation diagrams (P&IDs) in an evergreen fashion. Changes occur through a variety of projects where the drawings impacted by the project are edited, checked and approved. At some time after the project has been commissioned, the drawings are as-built to match the as-constructed state of the facility. This is what the authors call evergreen documentation. Maintaining process safety design basis documentation in an evergreen state ensures that an assumed risk profile is always up-to-date and matches the as-built equipment in the field. Therefore, the assumed risk profile and actual risk profile remain evergreen throughout the life of a facility.

Process safety as a profit center

If senior management has a dashboard that displays FSI at the enterprise level and has established a corporate goal for this KPI, then investments made on sustaining the business (e.g., money spent on keeping product in the pipe) can be better managed. Therefore, management can review spending more on testing vs. facility siting, SIS and/or relief valve upgrades. With this type of information, management can now determine:

  • Which type of risk reduction program/project moves FSI the most with the least amount of investment
  • Which business units might need to be sold or idled, if the cost to bring into compliance is excessive
  • Which mechanical integrity programs are most effective at finding and eliminating process safety bad actors.

The process safety team can now discuss risk reduction in terms of financial impacts/benefits to the business, as opposed to trying to teach senior management the painful acronyms of process safety. This benefit provides management (investment approvers) with data/information to successfully fund initiatives that remove risk from the business. The data helps prove that a justifiable business reason exists for the expenditure, and safety experts are happy since it makes the company/facility safer. This is a win-win for both parties. Process safety can fight for and justify spending on par with any other project in the overall portfolio. This crucial data helps transition process safety from a cost to an asset. HP


aeSolutions is a member of the Control System Integrators Association (CSIA).

The Authors

Related Articles

From the Archive



{{ error }}
{{ comment.comment.Name }} • {{ comment.timeAgo }}
{{ comment.comment.Text }}