Process safety: The road to risk reduction
By Lee Swindler
Process safety management (PSM) can be a confusing topic with many specialized concepts and unique terms. One of the more complex concepts is the subject of risk and how to reduce process risk to an acceptable level.
For manufacturing facilities, having a PSM program in place requires verification that their hazardous processes are being operated safely. A key requirement is to perform a risk analysis of the process and associated safeguards to determine the probability of a dangerous event occurring. In other words, an operating company must validate the safety of their process. So, how can you reduce risk and ensure your process operates at an acceptable level? Let's find out.
PSM-required risk analysis can be broken down into three steps:
Step 1: Systematically evaluate the hazards (inherent risks) in operating a given process unit. This is typically done using some sort of process hazard analysis (PHA) with the most common method being a hazard and operability (HAZOP) study. Hazards are identified and individually evaluated to determine the probability (i.e., how frequent) they might occur, along with the severity (i.e., how bad things would be) if the hazard occurs. In most companies, the overall risk is defined as the probability times the severity.
Step 2: Systematically evaluate any safeguards that mitigate those hazards to determine how much residual risk remains after taking credit for those safeguards. The safeguards are called independent protection layers (IPLs). Independence is important, because if one safeguard fails, it should not affect any other safeguard's ability to mitigate risk. Several methods are used to evaluate the safeguards with the most common being a layer of protection analysis (LOPA). Note that this step is optional; some companies use a more conservative methodology that doesn't consider credits for IPLs.
Step 3: After taking credit for any IPLs, compare the residual risk to the company-defined tolerable risk level to determine if action needs to be taken. If the residual risk is greater than tolerable, either the process needs to be redesigned or additional safeguards must be installed. A common safeguard is to install a safety instrumented system (SIS) to reduce the residual risk to acceptable levels. The size of the gap between the residual risk and the tolerable risk determines the safety integrity level (SIL), which is a measure of how "safe" the SIS needs to be. Or more specifically, SIL is a measure of the probability that the SIS will take the process to a safe state when called upon to act.
Let's look at this graphically (Figure 1). In this case, the residual risk exceeds the tolerable risk level even after taking credit for IPLs, such as the basic process control system (BPCS) and mechanical protection (e.g., relief valves or rupture disks). To fill this gap in protection, a SIS is often implemented to reduce the residual risk to a tolerable level.
Figure 1. Residual risk exceeds the tolerable risk level
Note the BPCS IPL is usually a credit for 1) an alarm that triggers an operator response preventing the hazardous event; or 2) some sort of automated control, which keeps the process from reaching the hazardous condition. However, the BPCS can only provide credit for one IPL, because the alarm and automated control functions are not truly independent. Certain BPCS failures could disable both functions.
An automobile analogy
If you find all this confusing, don't feel bad - you are not alone! These concepts can be somewhat abstract, especially if you are not familiar with industrial process facilities. I find it helpful to explain risk reduction in terms of driving an automobile as shown in Figure 2.
Figure 2. Risk reduction from the driver's seat
Statistically, driving an automobile is considered the most hazardous activity any of us do. But it could be worse! Imagine if cars didn't have any safety features or provide a good way for drivers to maintain control. The risk of injury from a collision would be unacceptably high. For many, the inherent risk of this activity would exceed our tolerance level.
Fortunately, modern automobiles have numerous IPLs to help lower this risk to a tolerable level. The steering and brakes are the BPCS in a car. Although they do not run in automatic closed-loop control, they provide an effective way for drivers to safely operate their vehicle. However, failures can still happen, and a clear majority of people want additional protection layers to help keep them safe.
The crumple zones (and seatbelts) in a car are analogous to the mechanical IPLs present in a process facility. They don't require any electronics or sensors to activate and are independent from the other protection layers. Finally, the airbag system is like a SIS. Its system of sensors, a logic solver and a final element (the airbag) provide additional risk reduction. Together all these IPLs help to make modern automobiles safer than ever.
Now that you've taken a drive down the risk reduction road, hopefully you have a better understanding of this important concept. We all play a key role in lowering risk to tolerable levels. Now go out, buckle up, drive and be safe.