ARC has written extensively about the rapidly ageing installed base of process automation systems that are approaching the end of their useful life, but the same principle applies to other systems, most notably process safety systems. ARC estimates that the value of the installed base of process safety systems reaching the end of their useful life could be in the neighborhood of $8 billion worldwide. Replacing or migrating process safety systems, however, carries with it a unique set of concerns and considerations compared to process automation systems. Conforming to international safety standards, such as IEC 61511, means that end users must conduct a hazards and risk analysis in addition to allocating safety functions to protection layers. Users should also consider the benefits of remote diagnostics provided by today's intelligent safety instrumented system (SIS) devices and control valves.
The Ageing Installed Base of Safety Systems
ARC estimates that the value of installed base of process automation systems nearing the end of their useful life is around $65 billion. The overall market for process safety system is much smaller, but even if the ageing installed base of safety systems is just 12 percent that of DCSs, it still represents around $8 billion worldwide. Users installed the first wave of process safety systems soon after the first wave of DCSs.
Existing safety systems need to be replaced for many of the same reasons users need to replace their existing DCSs. Suppliers may no longer support the systems, parts may be difficult to obtain, or the system may be running in a degraded state. Unlike DCSs, safety systems don’t actively perform process control. Instead, they just wait for an abnormal situation to occur and then quickly shut down the process or take the plant to a safe state.
Logic solvers in safety systems tend to be very reliable. For this reason, many safety systems are left in place for a long time, perhaps even longer than legacy process automation systems. A fair number of legacy safety systems in place still have MS-DOS interfaces and other very old technologies. If the system is very old, there may be only a couple of people in a given plant that are even familiar with it, and it can be difficult to train new engineers and technicians to work on an old safety system. A sizable installed base of old relay-based safety systems still also exist and are pastdue for replacement.
Several incentives have been in place for users to hold on to their legacy safety systems. The grandfathering clause in the ISA 84 standard, for example, allows end users to keep their old safety instrumented systems as long as they were designed using previous good engineering practices.
Unique Considerations in Safety System Migration Companies must consider several important points when modernizing their process safety systems and safety instrumented systems. Unlike DCS upgrade projects, SIS upgrade projects typically include the safety instruments, control valves, and the process safety system. Many end users now take advantage of the diagnostics included in HART-compatible safety devices.
New safety system installations must also conform to standards such as ISA84 and IEC 61511. ISA 84 is essentially the same as IEC 61511, except for grandfather clause in the former. ANSI has also adopted ISA 84. USbased process manufacturers must follow ISA 84 when implementing a new process safety system to comply with OSHA requirements.
The IEC 61511 Lifecycle
The IEC 61511 standard has a specific lifecycle management process that companies must follow when installing a new safety instrumented system. The IEC 61511 standard specifies 12 steps in the safety lifecycle. These are segmented into four phases: Analysis, Realization, Maintenance, and Ongoing Functions. Let's take a look at the Analysis phase, which includes the initial planning, identification, and specification of safety functions required for the safe operation of a manufacturing process, including documentation of the safety requirements. Specific activities include:
Perform Hazard and Risk Analysis: Determine hazards and hazardous events, the sequence of events leading to a hazardous condition, the associated process risks, the requirements of risk reduction, and the safety functions required.
Allocate Safety Functions to Protection Layers: Check the available layers of protection. Allocate safety functions to protection layers and safety systems.
Specify Requirements for Safety System: If tolerable risk is still out of limit, then specify the requirements for each safety system and respective safety integrity levels (SIL).
More Services Required
As the Analysis phase of 61511 alone shows, the process of implementing a process safety system involves much more complexity and requires a lot more documentation and work process management compared to a basic process control system. End users are already stretched to the limit in terms of resources, so it is natural that more of the engineering services required to properly specify and install a process safety system will beperformed by automation suppliers and other third parties. It is also effective to automate as much of the lifecycle process as possible using production management, workflow, and procedural automation applications.
Last Word
The wave of safety system migration is already upon us. It has been the topic of numerous end user case studies at many of the user group meetings that ARC attended this year. Suppliers are building their service capabilities and developing new tools to make the process of ISA 84 and IEC 61511 compliance that much easier and more cost effective for end users. As you evaluate replacement safety systems and suppliers, ARC recommends strongly that -- just as if you were replacing your basic process control system (DCS) -- you make every effort to avoid a direct functional replacement. Instead, your new safety system should take advantage of new technologies and approaches that can make your plant safer, without negatively affecting production.
Author: By Larry O'Brien