meridium asset safety and compliance with isa/iec ... · pdf filemeridium asset safety and...

Meridium Asset Safety and Compliance with ISA/IEC Standards and OSHA 1910.119

Owner/operators are continuously striving to improve process safety and environmental stewardship while operating in a cost effective manner.

Owner/operator also must adhere to regulatory compliance requirements and to measure and reduce to tolerable levels the risks associated with process safety. Complying with regulatory requirements and proving compliance to both internal and external auditing agents requires a lifecycle approach to the assessment of process risks, determination of safeguards, and safeguard availability. Difficulty meeting audit and regulatory requirements is often exacerbated by organizational silos where one group or department is typically responsible for the hazard assessment and safeguard determination phases of the lifecycle, while another group is responsible for the operation, maintenance, and availability of the safeguard(s).

The Meridium Asset Safety solution – which includes Hazards Analysis & SIS Management software – was developed in 2009 and is fully aligned with the requirements of IEC-61882 (Hazards and Operability Studies), and ISA84.01/IEC-61511 (Safety Instrumented Systems for the Process Industry Sector).

The following information provides details of the Meridium Asset Safety solution that support the key requirements of ISA84.01/IEC-61511.

Does Meridium Asset Safety comply with ISA84.01/IEC61511 requirements? Yes, Meridium fully complies with ISA84.01/IEC61511 requirements for Safety Instrumented Systems for the Process Industries.

In fact, Meridium exceeds those standards in several ways. Here’s a plant scenario which demonstrates some compliance facts: In early September, the thickness monitoring results for the overhead gas piping circuit that feeds the gas compressors began to indicate substantial thinning. The chief inspector performed additional investigation and determined that several sections of piping needed to be replaced during the next maintenance outage, scheduled in approximately 16 months. The following January (4 months after the thinning was noted, a failure of a pressure-sensing instrument took place, causing intermittent high pressure alarms on the overhead gas piping system feeding the gas compressors. The alarm was temporarily defeated by the operator, who also entered a work order to fix the malfunctioning pressure sensor. One week later, the night shift at the plant noticed a leaking PSV (pressure safety valve) on the overhead gas piping system that

ISA84.01/IEC-61511 Safety Instrumented Systems for the Process Industry:

ISA84.01/IEC-61511 Guidance for Determination of Safety Integrity Levels

Meridium Asset Safety and Compliance

feeds light hydrocarbon gases to the gas compressors. Following standard procedures, a temporary MOC (management of change) was invoked and signed, allowing the operators to remove the “CAR Seal” and close the block valve upstream of the leaking PSV. Additionally, an emergency maintenance work order was created to repair or replace the PSV.

The Plant ScenarioThe plant scenario depicted above is all too common. The actions that were taken for each failure were correct but when viewed together, it is clear that the overhead piping system is far more likely to experience high pressure demand due to a failure of one of the gas compressors. This scenario has two common factors:

1) The common equipment (overhead gas line that feeds the compressors)

“Where reasonably practicable, processes should be designed to be inherently safe. When this is not practical, risk reduction methods such as mechanical protection systems and safety instrumented systems may need to be added to the design. These systems may act alone or in combination with each other.”

-ISA84.01-1/IEC61511-1 Section 8.1-API 510 Section 5.2

“The necessary risk reduction (which may be stated either qualitatively or quantitatively) is the reduction in risk that has to be achieved to meet the tolerable risk (process safety target level) for a specific situation.”

-ISA84.01-3/IEC-61511-3 Section 3.2

The criteria to qualify a Protection Layer (PL) as an IPL are: The protection provided reduces the identified risk by a large amount, that is, a minimum of a 100-fold reduction; The protective function is provided with a high degree of availability (0.9 or greater);

-ISA84.01-3/IEC-61511-3 Annex F.9


2) Few if any of the involved parties realizes how the combination of these different failures impacts the likelihood of a LOPC (loss of primary containment). The LOPC probability is now approximately 100x more likely than when the risk was assessed during the PHA (process hazards analysis).

The risk assessment policy that is running in the background of the Meridium Asset Performance Management system sends an e-mail notification to the EHS Manager, as well as the Maintenance Manager, that the “health” of the safeguards on the overhead gas line have elevated the process risk to an unacceptable level. The Plant Manager makes a proactive decision to reduce production rate to a level where the probability of an over-pressurization and possible failure of the overhead gas line is reduced by almost 50% while repairs are made to both the pressure sensing instrument and the PSV. This type of proactive risk reduction is not uncommon even when faced with production deadlines, but is only possible when the right people have the information needed to make the right decisions.

The primary areas of the safety lifecycle defined below can all be managed in their entirety using Meridium Asset Safety solution:

• Hazard and Risk Assessment (Clause 8)• Allocation of Safety Functions to Protection Layers (Clause 9)• Safety Requirements Specification (Clause 10 and 12)• Design and Engineering of the Safety Instrument Function/ System (Clause 11 and 12)• Installation, Commissioning and Validation (Clause 14 and 15)• Operation and Maintenance (Clause 16)• Modification (Clause 17)• Decommissioning (Clause 18)

• Verification (Clause 7 and 12)• Management of Functional Safety and Safety Assessment Auditing (Clause 5)• Safety Lifecycle Structure and Planning (Clause 6)

– ISA84.01-1/IEC-61511-1 (Safety Lifecycle Phases)

How is Asset Safety different than Risk Based Inspection?The Risk Based Inspection (RBI) process is focused on maintaining the mechanical integrity of pressure equipment items and minimizing the risk of a loss of containment. RBI is not a substitute for a PHA (Process Hazards Analysis) or a HAZOP (Operational Hazards) study. Typically, PHA risk assessments focus on the process unit design and operating practices for a unit, and their adequacy given the unit’s current or anticipated operating conditions. RBI complements the PHA by focusing solely on the mechanical-integrity-related degradation mechanisms and risk mitigation through inspection. The availability of other common forms of risk mitigation such as Process Alarms, Safety Instrumented Functions and Interlocks are managed through a comprehensive lifecycle approach that encompasses: SIL Assessment, Engineering and Design, Installation, Operation, Maintenance, Testing and Inspection. Thus you can see that from a total plant perspective that the two methodologies support the needs of different user groups, but converge at the asset to form an umbrella of safety

and regulatory compliance. The primary audience for ISA84.01/IEC-61511 is the EHS (environmental, health, safety) and I&C (instrumentation and controls) personnel who are responsible for (1) assessing the risks associated with operating a given chemical process and (2) for ensuring the availability, mechanical integrity and operability of equipment covered by this standard.

How Does Meridium Address Asset Safety?The ISA84.01/IEC-61511 Standard and Meridium’s Capabilities

ISA84.01/IEC-61511

Perform HAZOP or What-If Analysis

Link equipment to a system/node

Qualitative, or Semi-Quantitative Risk Assessment

Safeguard assignment

Layer of Protection Analysis

“Evergreen” SRS allows for updates through a documented approval process

Version control and revision history

Fully quantitative LOPA

Markov calculation of PFD avg, MTTFs

IEC-61511, or IEC-61508

Systematic Capability Validation

Uses exida® SERH failure rate library

Utilize your failure rate data

Proof Testing

Trip Reporting and Investigation

Assess Operating Risk

Define the “system” to be analyzed

Determine Consequence Severity and Hazard Likelihood

Application of risk reduction

SIL Assessment (primary)

Safety Requirement Specification

Change Management

SIL Assessment (secondary)

Protective Loop Detailed Design

Architectural Constraints

Validate Loop Systematic Capabilities

Failure Rate Data

Custom Devices

SIL Validation

Modification



However, while an organization’s EHS or I&C group may champion the Asset Safety initiative; Asset Safety is not exclusively an EHS/I&C activity.

Comprehensive Asset Safety requires the involvement of various parts of the organization, such as maintenance and operations. Implementation of the resulting Asset Safety technology (e.g. Hazards Analyses, SIL Analyses, Protective Loops, Proof Testing/Inspection, etc.) may rest with more than one department. In this context, while the primary audience may be EHS/I&C, others within the organization who are likely to be involved should be familiar with the concepts and principles embodied in the Asset Safety methodology.

What are the Expected Outcomes of Applying an Asset Safety process?Back in the plant scenario the EHS Manager has been tasked to inquire and report back the expected outcomes of applying an Asset Safety process, including what if any value it may add. Her research begins with OSHA 1910.119(e) which states that “The process hazard analysis shall be appropriate to the complexity of the process and shall identify, evaluate, and control the hazards involved in the process.”

This means that there is a must be systematic approach to everything as it all relates to process safety. In the past, companies may have conducted Hazards Analyses but were not able to fully integrate the various groups and information needed to have a complete picture of the process risk on a day-to-day basis. Meridium Asset Safety enables meeting the regulatory requirements defined by the standards and linking together all of the disparate pieces of information needed to fully understand and proactively control process risks.

Additionally, outcomes are:• Risk Visibility • Hazards Analysis Recommendation Tracking• Elimination of departmental “silos” between EHS, I&C, Operations, Inspection, and Maintenance departments• Demonstrable and auditable regulatory compliance• Identifying risk drivers

What are the key elements in any Asset Safety program?

• Management system for maintaining documentation, personnel qualifications, data requirements, consistency of the program, and analysis updates• Process Risk Assessment

• Safeguard Identification • SIL Assessment• SIL Validation• Documented methodology for ensuring safeguard availability through inspection, process control, and other mitigation activities

Asset Safety ApproachesThere are 3 primary approaches, described in ISA84.01/IEC-61511. They are:

1. Quantitative2. Semi-Quantitative3. Qualitative

But which is the best? In the plant scenario, the EHS Manager and the I&C Manager decide to review the benefits of each, review ISA84.01/IEC-61511 for additional input, and then select a tool that enforces those industry best practices.

The Quantitative approach is “data-intensive,” with high associated cost and time. This approach considers factors far beyond the scope of the risk of the asset, such as the probability that a person will be present, and historical failure rates, as well as standards based availability for protective layers.

The intermediate approach is Semi-Quantitative. This approach provides a “consistent” approach to risk assessment – it is repeatable, cost-effective, efficient, and combines the best of both the Qualitative and Quantitative approaches.

The Qualitative approach to Asset Safety means that a group of experts decide the level of risk through consensus. This approach is faster than the others, however, it is often critiqued as being based on “opinion,” having a lower number of options, and being non-repeatable. This is due to the experts determining a low/medium/high risk values, and the fact that the group may not be the same 5 years later during the next risk assessment.

Is Meridium flexible enough to support all three assessment approaches?The Meridium best practice approach is to assess the hazard and determine an availability target for the safeguard(s) using either qualitative or semi-quantitative methodologies, and to re-assess the hazard using a fully quantitative approach if the initial availability target was greater than 99% availability. This “blended” approach applies a degree of practicality by allowing the user to apply a high degree of rigor where needed, and apply more cost effective assessment methodologies in less demanding scenarios.

How does ISA84.01/IEC-61511 define these approaches?

Assessment Approach

Quantitative

Semi-Quantitative

Qualitative

Characteristics (as described by ISA84.01/IEC-61511)

• Results should be a fair approximation of the actual availability requirement of the safeguard• High level of detail and precision• Algebraic calculations• More detailed quantitative input is required

• Less rigorous than quantitative approach• Faster than quantitative approach• Results are typically represented in consequence and probability categories• Less detailed data required that quantitative approach

• Based on engineering judgment and team experience• Low level of detail• Generally conservative • Effective screening approach• Inputs are given in data ranges rather than discreet values• Qualitative results (e.g. High, Med, Low)• Requires a higher level of judgment, skill and understanding


Can the health and availability of Protective Loop Elements can be measured in near real time?The health and availability of protective loop elements such as sensors, logic solvers, and final elements can be directly interfaced to your process historian, providing a near real time visibility into the process risk in your facility. Being able to leverage information from equipment and asset strategies as well as methodologies such as RBI adds clarity and stimulates cross functional ‘integrity’ team building and exchange of best practices. The approach is very practical, easy to apply and transparent. The integrated framework of Meridium allows for seamless analysis, consistency of approach and synergy with other strategy assessment methodologies including RCM and RBI.

Back in the plant scenarioAfter reviewing OSHA 1910.119, and ISA84.01/IEC-61511 and determining that Meridium APM best facilitates her needs, the

EHS Manager files the following report:

She reports back to the Plant Manager the Meridium risk assessment policy that was running in the background and monitoring the RBI inspection priority, as well as the pressure sensor health and PSV bypass reduced the probability of a $15,000,000 lost profit opportunity. The Plant Manager agrees to apply additional instances of the risk assessment policy to all of the equipment in the plant that have high inspection priorities. The EHS Manager reviews the ISA84.01/IEC-61511 essential elements.

The 11 essential steps in managing Safety Instrumented Systems for the process industries are:

1. Hazard and Risk Assessment (Clause 8)2. Allocation of Safety Functions to Protection Layers (Clause 9)3. Safety Requirements Specification (Clause 10 and 12)4. Design and Engineering of the Safety Instrument Function/ System (Clause 11 and 12)5. Installation, Commissioning and Validation (Clause 14 and 15)


6. Operation and Maintenance (Clause 16)7. Modification (Clause 17)8. Decommissioning (Clause 18)9. Verification (Clause 7 and 12)

10. Management of Functional Safety and Safety Assessment Auditing (Clause 5)11. Safety Lifecycle Structure and Planning (Clause 6)

– ISA84.01-1/IEC-61511-1 (SAFETY LIFECYCLE PHASES)

Compliance and measuring compliance, means so much more than performing required tasks such as process hazards analyses, proof tests, and inspections at prescribed intervals. Compliance in

the realm of process safety needs to be a part of the everyday fabric of our work lives. Following a prescribed lifecycle approach where the entire lifecycle of the process - from engineering to installation, and operation and maintenance to decommissioning - is managed in a single platform that is well integrated with other business platforms within our organization, such as process historians, PI servers, and EAM and CMMS systems, enables us to go beyond schedule compliance and truly manage process safety compliance as dictated and intended by the standards. When properly managed, process safety ensures the availability of the equipment in our facilities, as well as compliance with local, national, and international standards.

Meridium is the global leader in asset performance management (APM) software and services for asset‐intensive industries. Meridium provides insights into industrial assets for mitigating risk and improving operational excellence. Founded in 1993 and headquartered in Roanoke, VA (USA), Meridium pioneered the vision, software and technology behind APM. Today, Meridium serves market‐leading companies with more than 1,000 licensed sites around the globe.


Corporate HeadquartersRoanoke, Virginia, USA +1.540.344.9205

Regional OfficeHouston, Texas, USA +1.281.920.9616

EuropeMadrid, Spain +34.91.562.84.28

Middle East/AfricaDubai, United Arab Emirates +971.4.365.4808

Asia/PacificSingapore +65.9764.1244

[email protected]

102014v35

meridium asset safety and compliance with isa/iec ... · pdf filemeridium asset safety and...

Documents