Professional Documents
Culture Documents
Todd Stauffer, P.E. Peter Clarke, PhD, CFSE Presented at the 9th Global Congress on Process Safety (April 30, 2013)
Copyright exida Consulting LLC , 2013
Layers of protection
Benchmarking Survey
Purpose of Survey: To benchmark the current practices used in industry for the management of alarms used as safeguards and/or independent protection layers). Survey Details:
Took place September 24th October 5th, 2012. 225 respondents / 26 questions Demographics
# 1 2 3 Region North America Europe Asia Pacific % of Respondents Industry 30% 25% 18% Oil & Gas Chemical Engr & Consulting % of Respondents 55% 23% 10%
Safeguards IPLs
6
Process Safety
IPL Alarms
Alarm Management
Alarm Rationalization
Review existing / potential alarms against alarm criteria in an alarm philosophy document Document alarm purpose / objective (cause, consequence, corrective action, time to respond)
Document design (limit, priority,classification) Record Results in a Master Alarm Database (MADB)
Goal - to create the minimum set of alarms needed keep the plant safe and within normal operating limits
Topics Covered
PHA Number of Alarms Identified as Safeguards, Percent of Cause: Consequence Pairs in a HAZOP Steps to Ensure an Alarm Identified during PHA is valid What is done with PHA results LOPA Where do LOPA Alarms come from Typical / Maximum levels of Risk Reduction Criteria for determining when an alarm is an IPL Ineffective IPL alarms Alarm Management (including Human Machine Interface) Assigning Alarm Priority, Use of Classification Display of IPL Alarms Use of Alarm Response Procedures
May 29, 2013
Copyright 2013 exida.com LLC 10
24.6% 21.6%
25.1%
15.8%
7.6% > 65% 1.8% None (0) <10 11-50 51-100 101-500 >500
Poll Question #1
How many different alarms in your system are typically identified as a Safeguard or Recommendation during a PHA?
1. 2. 3. 4. 5. 6. 7. None (0) < 10 11 to 50 51 to 100 101 to 500 > 500 Dont Know
Copyright 2013 exida.com LLC 12
1:1
Alarm
Ref: IEC-61882 Hazard and operability studies (HAZOP studies) Application guide 2001
13.8%
< 5% (small minority) 36% 7% 20% > 50% (majority) 3% 33% 15%
<5%
5-15%
16-25%
26-50%
>50%
15
Verify the Discuss / operator document alarm response does mechanical not place him / integrity her in danger requirements 47.1% 34.1%
None
Series1
2.9%
Poll Question #2
Would you spend extra time during a PHA to do the following ?
Discuss / Document the operators response Discuss / Document whether the operator has sufficient time to respond Verify that the alarm is independent from the cause Verify the operator response does not place him / her in danger
Copyright 2013 exida.com LLC 18
HAZOP PHA
Spreadsheet
PHA Results- what is done with the requirements for alarms identified as safeguards or recommendation
After the PHA or HAZOP has been completed, what is done with the requirements for alarms identified as safeguards or recommendations? Check all that apply.
70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0%
Best Practice
They are transferred They are available automatically to a They are extracted Master Alarm Management of for review during manually by Database so that Change (MOC) alarm reviewing all PHA rationalization and process is initiated they are available reports design during alarm rationalization and design 59.3% 51.5% 42.5% 27.5%
None
Response Percent
18.6%
5.4%
33.6%
Best Practice
75- 99%
50 - 74%
<50%
All IPLs are Safeguards, but not all Safeguards are IPLs
Copyright 2013 exida consulting LLC
North America
Europe
Asia Pacific
PHA Practices differ by Region of the World Copyright 2013 exida consulting LLC
Poll Question #3
What % of alarms considered during a LOPA were identified during a PHA?
1. 2. 3. 4. 5. All (approximately 100%) 75 to 99% 50 to 74% < 50% Dont Know
23
Typical Level of Risk Reduction (RRF) Taken for a Safety IPL Alarm
What level of risk reduction (RRF) do you typically take for a Safety IPL alarm
43.0%
SIL 1
Up to 2.0
2.0 - 9.9
>10.0 10.0
Chemical
Poll Question #4
What risk reduction factor (RRF) do you typically take for a Safety IPL Alarm
1. 2. 3. 4. 5. 6. 1.0 (no risk reduction) Up to 2.0 Between 2.0 and 9.9 10.0 > 10.0 Dont Know
27
Maximum Level of Risk Reduction (RRF) Taken for a Safety IPL alarm
In your experience, what is the maximum level of risk reduction (RRF) that has been taken for a Safety IPL alarm?
8.1%
11.9%
10.4%
10.4% 2.2%
Up to 2.0
2.0 - 9.9
10.0
100.0
>100.0
Considerations for Determining When an Alarm can be an IPL (Credited with Risk Reduction)
What considerations are used to determine whether an alarm can be credited with risk reduction
80.0% 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% The operators The alarm is have been specifically The alarm is trained on the designed to auditable (proof causes, potential prevent the tested at consequences, consequences appropriate and corrective under frequency) actions for the consideration by alarm the operator The alarm is Alarm system dependable performance (# (based on of alarms / per calculating the hour, nuisance All alarms in the Probability of alarms, alarm system (safety Failure on floods) is and non-safety) Demand for the measured and have been annunciation of determined to rationalized the alarm and be acceptable successful according to ISAoperator 18.2 or EEMUA response) 191 guidelines 42.7% 38.9% 32.1%
Best Practice Best Practice Best Practice Best Practice Best Practice Best Practice Best Practice Best Practice
There is not more than one alarm credited with risk reduction per layer of protection
Series1
73.3%
67.9%
63.4%
59.5%
48.9%
38.9%
26.0% 17.6%
>65%
14.5%
4.6%
Never Infrequently Sometimes Frequently (0% of the time) (< 1% of the Safety (between 1 to 5 % (> 5% of the Safety IPL Alarms) of the Safety IPL IPL Alarms) Alarms)
Copyright 2013 exida consulting LLC
Unknown
UNDER-PROTECTED
5.0% 0.0% Based on company defined risk matrix, taking into consideration consequence to economic, safety, environmental and Public Image aspects Series1 30.2%
Based on the direct & immediate consequence Automatically set (assuming all other to the highest layers of protection priority allowed in operate as the system (e.g. expected) and the Critical, amount of time Emergency, etc) available for the operator to respond 21.7% 17.1%
Not Applicable
Based on the assumption that the associated SIF and other associated IPLs fail
22.5%
4.7%
3.9%
Alarm Classification
Do you classify alarms?
No 20%
Yes 80%
Classification: A method for grouping alarms that have common sets of requirements (testing, training, MOC, reporting)
Copyright 2013 exida consulting LLC
64.1%
31.3%
21.4%
20.6%
18.3%
They are annunciated through the same HMI as the BPCS Series1 64.1%
They are annunciated through hardwired light boxes or panel boards 31.3%
They are annunciated The are They are part of through light annunciated boxes or panel a standalone through system boards and the dedicated HMIs same HMI as the BPCS 21.4% 20.6% 18.3%
(Yes) - Provided
26%
On screen display called up in context 28% within the HMI Call up files or displays on a dedicated 18% computer (other than the HMI)
Likely cause(s) of the alarm Potential Consequences of Inaction Corrective Action that is required to prevent the consequence Time available to respond Confirmation / Verification of the alarm condition
Copyright 2013 exida consulting LLC
Immediate access to Cause, Consequence, Corrective Action and Time to Respond helps improve operator response
Alarm Response Procedures can be created from the results of rationalization using SILAlarm
LOPA
Ensure that IPL alarms meet the criteria established as industry best practices Choose risk reduction levels wisely
HMI
Increase Use of / Access to Alarm Response Procedures by Operators
Copyright 2013 exida consulting LLC
General
Increase familiarity with ISA-18.2 Apply industry best practices rigorously and consistently Compare Your Company Practices to Actual Industry Practices (Benchmarks) Industry Best Practices
Copyright 2013 exida consulting LLC Best Practice
41
Questions ?
To download a copy of the whitepaper: click here