Using smart field devices to improve safety system performance
Safety monitoring software can use data from smart field devices to improve safety system performance and operation
By Guillermo Pacanins, P.E.
Any process plant that handles products, feedstock, or fuels that are the least bit hazardous (flammable, toxic, or otherwise environmentally dangerous) has safety concerns. Operating in compliance with regulations and standards is a way of life for oil, gas, petrochemical, biofuel, and many commodity chemical producers. But beyond compliance, companies want and need to protect their people, equipment, and the surrounding environment.
Applicable standards include ANSI/ISA-84.00.01-2004 Parts 1–3 (IEC 61511 Mod) and IEC 61508, along with facility-recognized best procedures and practices. Compliance with these standards ensures that the plant is not simply within the letter of the law; it helps the plant operate with minimal potential for incidents and injuries.
Undertaking this effort begins with plant hazard and operability studies and the layer of protection analysis (LOPA) methodology. Some situations may call for a quantitative risk analysis, as provided by the Center for Chemical Process Safety and indicated by ANSI/ISA-84.00.01-2004 Part 3, Appendix F.
Performing a LOPA helps identify which identified hazards require safety instrumented functions (SIFs) and the required probability of failure on demand for each to lower the risk to a tolerable level. Performing a LOPA is a main step toward ensuring that requirements under ANSI/ISA-84.00.01-2004 Parts 1–3 (IEC 61511 Mod) are met.
Once the safety instrumented system (SIS) is designed and implemented according to the safety requirement specification, its operation must be maintained and monitored to ensure integrity of the SIF, and to ensure ongoing compliance with standards. Any changes to the hardware, such as new equipment, new field devices, different products, or different specified operations and processes must be taken into account using a management of change procedure. Any malfunctions or other process issues must also be accounted for, typically by proof testing and monitoring the SIS along with its associated field devices, such as sensors, instruments, valves, and logic solvers (figure 1).
Figure 1. Picture of a smart instrument installed in the field.
Real-time safety monitoring software improves the integrity of process safety systems and ensures compliance and safe operation. Companies can enhance the results generated by the software with the information supplied by SISs, plant automation systems, and their associated smart field devices. All these systems and their associated components must be maintained, a task that can be eased by using smart field devices.
Safety systems need maintenance too
In a process plant that runs well, the safety system can fade into the background, because it has a low daily demand rate. Nonetheless, field devices connected to an SIS still need maintenance. Many plant accidents have been caused by a neglected safety system field device not working properly when called upon in an emergency.
The reality of thinly staffed process plants is that the operations and maintenance professionals charged with this time-consuming and complex task also have to watch over the other plant assets that support regular production. They are responsible for availability, productivity, and so on. Since the SIS does not affect these areas under normal circumstances, it can become a secondary concern, or slide even further down the list of priorities.
To make matters worse, field devices that are part of the SIS do not always employ the latest technologies. They often do not have the capability to provide information to the main plant automation system, an asset management platform, a computerized maintenance management, or other related systems. There may be no alternative to sending an individual to a given field device and inspecting it where it is installed, a task that is often postponed.
All SISs depend on field devices for their information, many of which are discrete (on/off), plain 4–20 mA analog, 24 VDC, or some other analog signal type. Each device provides its primary variable and nothing more. This does not have to be the case, because smart field devices can produce extensive diagnostic and other information.
Many field sensors, instruments, and valve actuator positioners installed in the past 10 or even 15 years have some diagnostic capability built in. In other cases, dumb field devices can be upgraded to smart ones, either through retrofit or replacement. In either case, an SIS that is capable of gathering more diagnostic information from each field device greatly improves the quality of data available from these systems, and ultimately makes life easier for the process automation professionals responsible for the SIS.
However, even if all needed data is available, users must still make sense of the information. Volumes of raw diagnostic data must be transformed into useful information that guides maintenance efforts and promotes correct operation of the SIS and other related systems. This is not an easy task, as the relatively small number of plants that operate effective asset management programs indicates. Still, there is a way to improve safety system operation without unduly burdening plant personnel, and it starts with smart field devices.
Advantages of smart field devices
When applied effectively, using diagnostics from smart field devices has a variety of benefits, which are summarized in table 1 and detailed below.
1. Diagnostics can indicate out-of-spec instrument operation. Many field devices used in an SIS are more complex than a simple level, pressure, or temperature switch. As a result, there are ways they can malfunction or drift out of the normal range. Diagnostics can indicate these safe failures where a device has malfunctioned without causing an alarm or an incident. This allows operators to compensate until the device can be repaired or replaced.
2. Diagnostics can indicate failure of communication links. A field device that is functioning properly but cannot communicate due to a network failure is still a failed device. However, with the right diagnostic information, operators can isolate the problem as a network issue more quickly and save time troubleshooting. In some cases, a workaround can be created, such as reverting to a 4–20 mA signal.
3. Diagnostics can predict incipient failure. Smart field devices have powerful capabilities to diagnose their own internal systems, to the extent that many can determine when their own circuits are beginning to show signs of degradation. This information can be sent to the asset management system, so operators have the maximum amount of time to correct the problem before an outright failure.
4. Smart field devices can ease the task of redundant system design. Many new smart field devices incorporate capabilities for what is essentially internal redundancy and diagnostics. Clever designs that include voting schemes and redundant circuitry provide the kinds of functions that otherwise would have to be built into the safety system. Moving that kind of capability into the field reduces the complexity of the centralized processing. These features include fail-safe, fail-tolerant with redundancy one out of two voting with diagnostics (1oo2D), and 2oo3D—which allow single smart devices to achieve higher safety integrity level values.
5. Process data in addition to the primary process variable can improve safety system performance. Many smart instruments are multivariable devices that make measurements in addition to the main variable. For example, a pressure instrument usually requires an internal temperature measurement to correct the pressure reading. While that temperature reading would not ever be used for a safety function, this “free” data can be helpful in troubleshooting or diagnosing process problems.
6. Smart field devices have the ability to automate some testing protocols. Partial-stroke testing (PST) of emergency shutdown (ESD) valves is now a regular practice in many plants. PST and full-stroke tests follow very strict schedules to fulfill the requirements of relevant standards. Smart valves can digitally connect their actuators and positioners to sophisticated asset management platforms that can be programmed to carry out these tests and record necessary performance data with little or no operator intervention.
7. Smart field devices can feed information to the basic process control system (BPCS) in appropriate situations. Traditionally, most field devices in safety systems were simply discrete: they went from off to on when a liquid level, pressure, or temperature rose too high or dropped too low. As those devices are replaced with smart counterparts that provide scalar digital data, the BPCS can productively use that information. As long as the basic safety function is not compromised, there is no reason that the safety level instrument in a tank cannot report its information to the BPCS, eliminating the need for another field device.
Smart field devices can provide a host of useful information, but are most effective when supported by safety monitoring software.
Converting raw data into useful information
Without a plan supported by the right analytical tools, the flood of data from smart field devices can quickly overwhelm users, causing them to neglect useful information. Fortunately, safety monitoring software tools that can turn this data into actionable information are available.
A safety monitoring software platform is typically PC-based and receives information from existing control or safety systems via a digital data link (figure 2). A safety monitoring system can fulfill several critical functions (table 2).
Figure 2: Diagram showing smart instruments connected to a control or safety system, which is in turn connected to a PC running SafeGuard Sentinel
1. It provides visualization of real-time risk exposure based on actual operating conditions. Once the SIS moves beyond simple safety switches, safety monitoring software can draw more information from the larger group of smart field devices and watch for changes in the risk landscape. Even if no devices have actually tripped, the system can detect a changing situation that is building toward a higher risk level.
2. It monitors changes in risk levels over time. As the safety monitoring software gathers data over time, it can determine the characteristic operating levels. If those levels begin to move or if changes in production or recipes generate new conditions, the safety monitoring software evaluates the evolving risk profile and determines if the underlying assumptions in the original design still apply. Many process manufacturing environments are dynamic due to changes in manufacturing techniques, sources of feedstock, production levels, and so forth. These variations can also change the specifications of the SIS, and safety monitoring software can guide continuous evaluation to ensure that the SIS is working as originally designed.
3. It provides contingency plans for safety incidents. Few things can make a bad situation worse than a poorly trained, overwhelmed, or panicked operator making the wrong decisions in a crisis. Many studies have shown that people are often the weakest link in a safety chain. Safety monitoring software can have embedded elements that guide operators through difficult situations, reducing the likelihood of incorrect responses. This is important, as even an experienced operator may make a wrong choice in a new situation, which is often the case with a safety-related incident.
Safety monitoring software provides the benefits outlined above by supplying information to operators in easy-to-understand formats. It turns raw data into graphs, charts, and diagrams that show overall safety system performance at a glance, while also allowing operators to drill down to reveal details (figure 3).
Figure 3. Screen shot from SafeGuard Sentinel
Although smart field devices and safety monitoring software can greatly improve safety system performance and operation, there is an art to applying these tools to optimize plant operations.
A delicate balance
Safety systems can fail in two ways: they may be unable to respond as planned during a crisis, allowing a critical situation to escalate. Or, a system may create a spurious trip and shut down the operation when no actual threat exists. Even though this is called a safe failure, it is disruptive to production and costly. There is also a temptation for operators to manually override or bypass these safe failures, which can create very dangerous situations.
An effective safety system depends on a chain of events and devices. Field devices feed data to the SIS and to the BPCS, which in turn supplies information to the safety monitoring software. But like any other systems, the devices and software tools that monitor real-time risk exposure are only as good as their users, who must possess the required level of expertise to understand the risk in the process, the SIS automation, and the safety requirements of the process.
Those responsible for maintaining the system must walk a fine line between having mechanisms that truly protect the plant, its people, and the environment—against having mechanisms that are too sensitive and trip unnecessarily. Adding a higher level of hardware sophistication can contribute to a safer plant, but at the risk of excessive complexity if intelligent design is not employed.
The best solution in many cases is to use safety monitoring software to distill the data from smart field devices and other sources into easily understood and actionable information that can improve the operation of the safety system.
ABOUT THE AUTHOR
Guillermo Pacanins, P.E., holds a B.Sc. in electrical engineering. He is a certified TÜV Rheinland functional safety expert and has more than 27 years of experience with process controls and functional safety in process industries. He serves as a system designer, workshop presenter, and trainer for ACM Facility Safety, where he holds the title of safety lifecycle leader/educator.
“The coming wave of process safety system migration”
“Understanding safety life cycles”
“Selecting safety system sensors”