What are the 5 mistakes in Process Safety validation?

Keywords: Instrument Integrity, Risk Reduction, Process Safety Management System, Instrument Protective Functions, Condition Based Maintenance, Safety Integrity level (SIL).

No alt text provided for this image

 Yearly Instrument Protective Functions (IPF) reports for safety-critical elements are common practice in the oil and gas and petrochemical industry. Including mean time between failures (MTBF) calculations and fail to danger/ fail to safe evaluations, they give an overview about the integrity of the installed based instruments and help to define eventual engineering adjustments. However, input information for the IPF reports is often manually entered on paper or in excel sheets which is inefficient, costly and subject to human errors. Plants sometimes cannot retrieve or store the instrument data because the infrastructure is not there to connect to directly.

The method of monitoring process safety and fire & gas instrument within the oil and gas and petrochemical industry needs to evolve. Operators need to be able to trust their instruments and rely on actual, accurate and controlled real-time data. What if the process safety instrument data were automatically entered in a process safety maintenance management system? IPF reports could be customized and generated any time, instrument maintenance activities could be triggered by predefined conditions, etc. The possibilities are extensive.

By using an automatic process safety maintenance management system, the reliability of the safety-related instruments can be improved, company risks can be reduced, and the efficiency of testing and can be increased.

1 Introduction

Nowadays it is uncommon to wait an extensive period to receive results. If you must wait a week for medical results, you start questioning why it is taking that long. Yet in some parts of the industry, it is still acceptable to have yearly intervention moments, instead of real-time observation. Instrument Protective Functions (IPF) reports are usually done on a 6- or 12-month schedule. These reports provide results on the reliability of the process safety-related instrument. In the worst-case scenario, it would be possible to have a poor performing process safety instrument of nearly a year. Would you trust a doctor that lets you wait months for results?

Process safety reporting is required by law to obtain and keep the license to operate. There are international standards like IEC 61511, API, ISA and legislations which outline the requirements to obtain a license to operate. If these requirements are not met, the plant is not permitted to operate. These laws and legislations set a base level of trust in the operations of a plant.

No alt text provided for this image

Instrument is evolving from simple 4-20 milliamp transmitters into smart instrument, which does not only transmit the reading but which is also capable of sharing health status information. Examples of simple instruments are temperate transmitter, pressure transmitter, process safety valve, fire detector, gas detector, etc. Validations can be done automatically and in some cases, the validation can even be done automatically. Yet in IPF reporting it is still common to do manual validations. While doing these validations the results are written down on paper or in more advanced cases logged into a handheld. This process is time-consuming and error-prone. Within the industry, the biggest margin of errors is caused by humans. With the capabilities of smart instruments, this process can be automated. The validations from the field can immediately be stored into a database, preventing human errors in the process.

Manual validations require a person to be present while the validation runs, to observe the results. When using instrument automated validations, the presence of a person is not needed and can be executed remotely. This would mean that 1 person could start multiple validations at the same time and have the results be stored automatically, which saves significant amounts of time.

Being able to remotely trigger the validations can improve time efficiency even further. Smart instruments can handle remote triggers to start their validations. Considering the process, there is the potential to initiate validations on all the instruments at the same time. A process safety maintenance management system could schedule these triggers and could for example run monthly validation and calculate Key Performance Indicators (KPI’s) like Mean time between failure, fail to safe, fail to danger, fail to nuisance, availability rate, etc. If a process safety instrument is not performing within the process safety criteria they must be replaced.

The logic to determine if a piece of instrument is running correctly can be executed automatically when a new validation result is received. Combining automated judgment with automated scheduled validations would provide insight on the recurrence of the validations and provide way more accurate insight into the performance of the safety instrument.

Human interaction is needed when validations fail. When validations fail, maintenance is needed to correct or replace the instrument. An example of maintenance would be to calibrate a process safety-related pressure transmitter to make sure the validations are within expected ranges and that the instrument is working safely with other words e.g. if the pressure comes above HPA the safety system should act accordingly and close the valve.

The live process and diagnostic data create further opportunities to observe and maintain the safety instrument. An experienced technician can judge whether the instrument needs maintenance. For example, reading will drop if a filter starts getting plugged. Based on the information retrievable from the smart instruments and the experience from technicians, triggers can be designed which indicate when maintenance needs to be done and more specifically which maintenance needs to be done. The maintenance is then instead of corrective or preventive, based on conditions.

2 Trust factors

What determines if an instrument trustworthy?

·        Acts according to designed safety criteria

·        Results of gathered data

·        Amount of gathered data

·        Quality of gathered data

·        Method of gathered data

·        Frequency of gathered data

·        Performance indicators

·        Cross comparison

 Is a result within its limits trustworthy when a fault signal is active on the instrument? When you have a complex system, is one sample enough to validate the system? Would you rather trust a validation ran in the field over a validation in a controlled laboratory? These questions seem simple but are questions we do not always keep in mind when executing routine tasks. To improve the trust in safety-related instruments the correct answers need to be given for these questions every single time.

4 Design

The first and most important part of process safety instruments is if they act according to the design. When a limit is reached an action needs to be taken e.g. the set of the sprinkler system, shut a valve or ring the alarm. When doing validations, it is being checked if an instrument runs correctly, but the failure scenario is not continuously tested if an instrument runs correctly. In normal operations, these scenarios should be avoided, but when the opportunity is there to test the failure scenarios, it is important to make sure that all systems respond the way they should in case of an emergency.

5 Results

Results are the basis to prove the trustworthiness of an instrument. When the results go out of the preconfigured bounds for a safety instrument an action needs to happen. An alarm needs to ring in case of a gas detector and a sprinkler system needs to activate in case of an office fire. These systems are to ensure the safety of the people and resources in a certain area and within the industry, it safeguards the process operation. It is however very costly when the sprinkler system is triggered incorrectly and destroys all electrical instruments like computers and ruins all documentation. This is the reason why generally for the firefighting system initially only an alarm is ringing and sprinklers are not automatically engaged in an office area. The reason is the risk involved with the potential danger that the office fire has to the people and resources in that moment and place.

6 Amount

The number of results of an instrument provides information about the precision and accuracy. This information only becomes available when you compare measuring results to previous results. It is comparable to shooting with bow and arrow. one single shot tells you something about your accuracy. It does not give you any information about your precisions, because there is nothing to compare it to. Conclusions can be drawn after a couple of shots:

These extra results provide valuable information which otherwise would not have been considered when only looking at one validation. This extra information can detect if there is a failure upcoming, for example through trend checking.

7 Quality

One value by itself often does not tell you the full story of an instrument. For simple analyzers, there is often a flow switch or some extra signal to tell you that the value is trustworthy. The more complex the instrument is the more information it can provide about its trustworthiness. Combine that extra information with the results gathered in the chapter amount and a system can produce a quality label to inform the investigator about the quality of the instrument at the time of doing validation. This quality label provides extra insurance that the data received from the instrument is correct.

8 Method

There are different ways and methods to run instrument validations. The most prominent validations methods are:

·        Reference sample validation

·        Reference measurement validation

·        Filter validation

·        Line sample validation

·        Response time validation

·        Timed response validation

These validations can be divided into two categories:

·        Validations to determine accuracy and precision (first 4)

·        Validations to determine the speed of response (last 2)

These methods provide also provide information about the repeatability and the reproducibility of an instrument. If a person can produce the same results multiple times with the same validation method, then the repeatability is high. If different people or 1 person with different methods can produce the same results, then the reproducibility is high.

Another factor in the method of validations is how they are executed. The different ways of doing validations are:

·        Manual

·        Semi-automatic

·        Automatic

The biggest difference in these options is the amount of human involvement. Systems do not change procedures or execute them partly. Humans do have the tension to change things, especially when pressed for time or with a lack of motivation. This inconsistency is a big risk for data gathering. An instrument measuring value is a process that can be controlled and improved. The process of reading a value and writing it into a system by a human cannot be controlled. Human errors cover a large portion of the errors in our industry and can be prevented. Humans don’t like to do the same task repeatedly, even it is their job. Therefore, automated data gathering is preferred over manual data gathering. It reduces costs, it reduces the change of errors, it creates opportunities for gathering more data and created instant evaluations and notifications or alarms. The human can then use all this extra information to judge where actions are needed to correct the instrument and make sure everyone stays safe. There are more testing methods in regards to process safety like a stroke test for valves, but these methods

9 Frequency

The importance of frequency can be explained by an example of a bowl of marbles. In case you have two marbles, the chance of picking the yellow marble is 50 percent. Given that the picked marble is put back the second time the chance of getting the yellow marble is 75 percent and the third time 87,5 percent etc. When the bowl of marble contains more marble, the chance is significantly reduced for picking the fellow marble.

The important question is how confident do you want to be to catch the error or how much assurance do you want that there is no error in the instrument. The more complex the system, the more validations need to be done to ensure that the instrument is trustworthy.

8 Performance indicators

Another important aspect of the quality label is the performance indicators. Performance indicators can be calculated when then state of an instrument is being recorded. Possible states are utilized, maintenance, faulted and out of service (offline). Calculations that can be made based on those states are mean time between failure, mean time to repair, etc. These calculations can be used as a basis for the quality label mentioned in chapter 5.

10 Cross comparison

Instruments can be cross-checked to further increase the trust in an instrument. Cross-referencing becomes easy when all the data is stored in a database and available through an easy to use application. With cross-referencing, anomalies can be found like the temperature difference of night and day.

11 Conclusion

The full data spectrum of a process safety instrument needs attention to gain trust and improve reliability.

1.     Make sure the design is correct and that the instrument still acts accordingly.

2.     Verify the instrument by running validations, preferably automatically.

3.     Gather enough information to make sure there are no decisions made on random results.

4.     Check multiple aspects of the instrument to ensure data quality.

5.     Choose the correct method for the validation for quality and efficiency.

6.     Plan the frequency of validations based on the complexity of the instrument.

7.     Use performance indicators to watch the performance of an instrument.

8.     Conduct cross-comparisons to find additional improvements.

Through automation, the efficiency of maintaining safety-related instruments can be improved, which creates time to look further into the instrument data to further improve the performance and trust in the instruments. 


Wolter Last的更多文章

