Editor's Choice


When safety instrumented systems and inadequate operators collide

September 2022 Editor's Choice

A safety instrumented system (SIS) is intended to reduce the risk of a harmful incident. This is achieved using a combination of hardware and software controls implemented on every unit in operation. A layered approach to protection is usually followed. Examples of instrumented controls include hardwired trip systems, interlocks and alarms.

Minimising the risk of failure

Containing the residual risk requires each of the control measures to be effective. During the design phase, teams of engineers and subject matter experts will perform a systematic analysis of the process to identify each possible hazard and then identify what controls need to be in place. The HAZOP is an example of such a technique.

Whichever method is used, it is worth remembering that the SIS itself can fail. We need to eliminate, as far as possible, the risk of underlying process failure coinciding with SIS failure, thereby leading to an incident. There are techniques for quantifying the reliability of SIS systems so that the real risk is adequately understood and mitigated. One example is the Safety Integrity Level (SIL) analysis.

Engineers tend to focus on physical equipment and not people

As instrument and automation engineers, we are trained to be comfortable with physical systems – but less so with systems involving people. When we review the causes of a significant incident, it is tempting to point to a hardware device as the underlying root cause of the failure. We tend to gloss over the importance of humans in the sequence of events that led up to such failure.

The consequences of people getting it wrong

In March 2005, the BP Texas City Refinery experienced a significant safety incident that resulted in 15 fatalities and 180 injuries, after a “geyser of flammable hydrocarbon liquid and vapour erupted from a blowdown stack, creating a huge fire”. Inexperienced operators had continued pumping flammable feedstock into the raffinate tower.

During the engineering design, the HAZOP and LOP (layer of protection) analysis should have picked up the scenario where liquid could be pumped for an extended period into a unit in operation without observing a rise in levels. Whether or not this possibility had been identified, the systems must have failed because, at the time, no alarm alerted the operators of what was happening, and the pump did not trip.

The investigation report made a very insightful observation. It noted that it is easy to identify the physical device that failed and that subsequently led to the incident. Investigators are prone to locate the person most closely associated with the failure of that device, be they operators, maintenance personnel, managers or others. The investigation often recommends a simple technical solution: fix the device, add some more SIL hardware and all will be well.

In the BP Refinery incident, the investigation concluded that there were more underlying problems than just the physical safety integrity system. The issues also lay with poor training and inexperienced people. This, combined with poorly maintained and deteriorating equipment, led to a high-risk situation that was an accident waiting to happen. In addition, while the plant’s deteriorating condition was understood to be a risk, fixing this would have required an extended shutdown, resulting in significant shareholder pain. The record will show that the shutdown did not happen in time.

Is it time to share our lessons learned between IT and OT?

IT managers and CIOs are all too familiar with system failure. Some would argue that this is due to a lack of proper methodology and discipline. However, as with industrial operations, IT projects rarely fail owing only to a technical issue. IT projects are particularly challenging because people need to change how they do things to take advantage of the system.

It occurred to me that this hard-earned experience from the world of IT can also be applied in the operations environment. With the convergence of IT and OT, best practices from the respective disciplines can be shared in ways that previously might not have been obvious.

Poor training and inexperience are disastrous in the world of IT projects – even more so when operating a hazardous refinery. Is it not time to get our heads together and come up with a more holistic solution that incorporates both the physical and engineering aspects, as well as the people factors, to keep our plants running safely and reliably?


About Gavin Halse


Gavin Halse.

Gavin Halse is a chemical process engineer who has been involved in the manufacturing sector since mid-1980. He founded a software business in 1999 which grew to develop specialised applications for mining, energy and process manufacturing in several countries. Gavin is most interested in the effective use of IT in industrial environments and now consults part time to manufacturing and software companies around the effective use of IT to achieve business results.




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

PC-based control for waterjets
Beckhoff Automation Editor's Choice
Control systems are subject to very specific demands from every form of production technology, including waterjet cutting. IGEMS from Sweden set itself the goal of taking this process to a new level in terms of precision and speed, and achieved it with the help of PC-based control.

Read more...
Case History 193: The big dipper.
Michael Brown Control Engineering Editor's Choice
This article gives an example of an important flow control system for flare gas in a petrochemical refinery. The control was suffering from serious problems, often cycling severely, and at other times the flow process variable (PV) would suddenly move quite a lot away from the setpoint (SP).

Read more...
Edge computing: Introducing AI into the factory
Editor's Choice IT in Manufacturing
As AI evolves, it is evident that the most powerful models will be cloud-based, and hosted in data centres that are beyond the control of the average business. The practical application of AI in manufacturing control and automation will only be possible if some of the computing workloads can be brought onto the plant, inside the firewall and inside the plant network.

Read more...
36 years of innovation and success
SAM Systems Automation & Management Editor's Choice System Integration & Control Systems Design
Systems Automation & Management was established in 1988 at a time when there were no other systems integrators (SIs) in the process business. SA Instrumentation & Control’s editor caught up with managing director, Claudio Agostinetto to find out more about how this thriving company has prospered over the last 36 years.

Read more...
The world’s greatest model railway
Horne Technologies Editor's Choice Motion Control & Drives
Located in Hamburg’s traditional warehouse district, Speicherstadt features the largest model railway in the world, and is one of the most exciting tourist attractions in Germany.

Read more...
Loop signature 23: Tuning part 1.
Michael Brown Control Engineering Editor's Choice
This is the first of several articles dealing with the subject of tuning. I have found that many people think that optimisation consists solely of tuning. I would stress once again that tuning is the last thing one should do when optimising regulatory controls.

Read more...
Plastics meets packaging for consistent and efficient process control
Beckhoff Automation Editor's Choice
PC- based and EtherCAT-based control and drive technology from Beckhoff represent a universal solution that transcends industry and application boundaries. This standardised and scalable automation platform offers numerous advantages. Industry experts delve into how machine builders and end users in the plastics and packaging industry can capitalise on these advantages.

Read more...
Continuous corrosion resistance
ifm - South Africa Editor's Choice Sensors & Transducers
The polypropylene version of ifm’s LDL400 conductivity sensor is based on the proven LDL200 inductive conductivity sensor. Its material properties make it the ideal choice for applications in which metallic sensors tend to corrode.

Read more...
Control architecture leads to faster, easier product development for refrigeration
Opto Africa Automation Editor's Choice IT in Manufacturing
What’s the secret to providing superior service and staying competitive in a changing market? You might learn something from ALTA Refrigeration’s experience. Over ten years, it transformed itself from a custom engineering services company into a scalable industrial equipment manufacturer, using an edge-oriented control architecture to manage a growing installed base.

Read more...
Step into the visual factory
Turck Banner Southern Africa Editor's Choice Electrical Power & Protection
At Banner, the visual factory comprises three key applications for lighting and indication in industrial settings. These applications include the ability to help machines and workstations quickly communicate their status to people nearby, to use light to guide workers to perform certain tasks such as part picking, and to provide illumination for work areas and tasks.

Read more...