Why it pays to pay more for safety (Part 2)

In our last blog, we looked at the real costs that can arise where safety takes a back seat and explained some of the factors behind the higher costs of specialised instrumentation and control equipment for safety applications.

In this blog, we’ll be looking at the parameters that define the overall effectiveness of a safety loop and will show why opting for higher integrity equipment can save money in the long term.

Let’s start by looking at the required Safety Integrity Level (SIL), as defined by IEC 61508. IEC 61508 is the “mother” standard that spawned corresponding “daughter” standards for the process industries (IEC 61511), nuclear facilities (IEC 61513) and machinery (IEC 62061). It is not a legal requirement for British businesses, but HSE accepts it as good practice.

Confusion can often arise when it comes to designing a safety system as it’s not as simple as just applying a blanket SIL to cover an entire process. Instead, operators must first consider the individual safety instrumented functions (SIF) within a process, these being the functions of a given device that are necessary to protect against a hazardous event. This can then be used as the basis for designing and engineering the safety system solution, consisting of the inputs, the logic solver and the final elements, including instrumentation.

As a general rule, it is almost always better to design risk out of a process before installing specialised systems to control it. This will often reduce the required SIL and therefore the cost of the safety systems needed to deliver it.

Next is the average probability of failure on demand (PFD). The acceptable PFD of a system varies depending on the required SIL as well as the required mode of operation of the safety instrumented function, which is the frequency with which a safety instrumented system will be used. For a safety function operating in a low demand mode of operation, the PFD ranges from ≥10-2 to ≥10-1 for SIL1 to ≥10-5 to ≥10-4 for SIL4.

The overall PFD is calculated by combining the PFDs of all the individual components in the loop. For example, a transmitter designed for safety will typically offer a lower PFD than a standard transmitter, bringing down the overall PFD of the system and potentially raising the SIL.

Other factors that determine whether an individual instrument is suitable for a particular SIL are the safe failure fraction (SFF) and the hardware fault tolerance (HFT).

The SFF is a function of the number of safe failures, the number of dangerous undetected failures and the number of otherwise dangerous failures that can be rendered safe by being detected, for example, by installing self-diagnostic capabilities.

The HFT indicates the number of faults that need to crop up within a device before a safety failure occurs. For instance, the failure of a standard transmitter might result in the output from a transmitter freezing on its last setting, but a transmitter designed for safety might revert to a prearranged fault setting, which could in turn trigger an alarm. Built-in redundancy can also raise the HFT from 0 to 1.

The integrity level provided by a given combination of SFF and HFT varies depending on whether the overall safety system is a well-proven Type A or less well-understood Type B, according to the IEC 61508 standard. The other key factor to be considered is the systematic capability. This relates to factors such as the methodology, techniques, measures and procedures used in the design and engineering of the element itself and the integration of elements to form the safety system.

The other thing to look out for is the quality of documentation available from the equipment supplier. Are their instruments certified by independent testing bodies? Have they got a sufficiently strong track record for the user to be confident that the equipment is “proven in use”?

Savings soon add up

Independent tests and extra paperwork may not sound like a cheap option, but there are several ways in which opting for higher integrity equipment can save money in the long term.

The first is that the safety systems do not need testing as often to check that they are still working properly. The required proof test interval can be extended significantly if equipment can demonstrate a higher HTF and a lower frequency of dangerous undetected failures. This will deliver lower operating costs for any user, but the difference is likely to be especially significant in industries such as offshore or nuclear, where gaining access to the systems can be difficult and expensive. It might, for example, mean the difference between sending inspectors out to an oilrig by helicopter every three months or once a year.

The second area where savings can be made is in insurance. In fact, some insurers now insist on complying with particular safety integrity levels before they will agree to provide cover.

However, it is the prevention of accidents that still offers the biggest potential financial savings, not just in terms of financial penalties, but also the impact that an accident or incident can have on a company’s share price and reputation. Add to this the imperative to protect personnel and be a good neighbour to the surrounding community and the case for excellence in safety systems is compelling – whatever the state of the economy.


Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: