Common Questions

1. Why conform to Safety Standards?
Compliance to National and International safety standards is enforceable if the standards are listed or referenced in the country's legislation. These references are sometimes called "good engineering practices." The Occupational Safety and Health Administration (OSHA) USA law and the Australian Occupational Health and Safety (OHS) are examples of this legislation. Other countries e.g. Germany and the UK are required to adopt IEC-61508 /61511 when applying safety instrumented systems to process hazards. Since most major process companies are international, they have adopted the IEC standards. There is also growing support from liability insurance providers requiring the insured embrace the IEC standards to reduce risks associated with the process industries especially off shore installations. Perhaps the biggest incentive for companies to adopt requirements of the safety standards is the potential for liability suits after an event. The punitive sanctions of regulatory agencies are minimal as compared to the enormous awards made to plaintiffs in past litigation. Finally, it has been shown that it makes excellent business sense to follow these good engineering practices by reducing the risk of personal injuries and also maintaining reliable production.

OSHA

OSHA's CFR 1910.119 "Process Safety Management of Highly Hazardous Chemicals" (Feb. 1992) established the requirements for a broad based performance specification to reduce or minimize the frequency and consequences of chemical releases, fires, and explosions. Of the many articles contained in this document, several refer to or specifically apply to critical hazards assessment, safety system design, testing, and use.

Key articles and elements are as follows:

• Paragraph (e) - Process Hazards Analysis
  The PHA shall address:
  1. The hazards of the process...,
  2. The identification of any previous incident which had a likely potential for catastrophic consequences...,
  3. Engineering and administrative controls.... And their interrelationships such as (early warning methods) which might include process monitoring and control instrumentation with alarms,... (including redundancy in instrumentation)
  4. Consequences of failures of engineering and administrative controls....
  5. A qualitative evaluation of a range of the possible (safety effects) of failure of controls on employees in the work place.
• Paragraph (j) - Mechanical Integrity
  
  1. Application (Applies) to the following process equipment...
     1. Emergency Shutdown Systems
     2. Controls (including monitoring devices and sensors, alarms, and interlocks)...
  2. Quality Assurance
     1. In the construction of new plants and equipment, the employer shall assure that the equipment... is suitable for the process application for which (it) will be used,
     2. Appropriate checks and inspections shall be performed to assure that equipment is installed properly and consistent with design specifications and the manufacturer's instructions,
     3. The employer shall assure that maintenance materials, spare parts, and equipment are suitable for the process application for which they will be used.

Additionally, training, operating and maintenance procedures, compliance audits, and management of change articles and paragraphs also involve these areas. The intent is to show proper consideration, implement adequate systems, achieve appropriate documentation, and implement good engineering and management practices to ensure compliance.

OSHA measures performance based on the specific requirements of the rule, and good engineering practice based on majority peer and industry accepted guidelines and standards. The most recent and predominant standard directly involves the mitigation or reduction of risk through safety systems. This is an ANSI standard and therefore considered good engineering practice. This standard is the ISA-S84.01.

ANSI/ISA-S84.01-1996/2004   IEC-61511-1

The ISA-S84.01-1996/2004, is the good engineering practice and ANSI standard defining the criteria for defining and applying Safety Instrumented Systems (SIS). SIS's are also known as Extrinsic Safety Systems, or systems that lie external to a process. Extrinsic Safety systems are utilized if an inherently safe or intrinsically safe process cannot be designed, and if risks cannot be sufficiently reduced to an acceptable level utilizing Independent Protection Layers (IPL). The newly released document is included in Section 10.4 for reference.

Companies should be aware of the increasing threat of litigation by overzealous attorneys and juries that have no sympathy for companies who do not follow standards in their designs.

The punitive sanctions of OSHA, EPA, or other country legislation requirements, are insignificant as compared to the class action awards plaintiffs are receiving.

2. Why Should Process Safety Engineers Be Certified?
The typical answer to this question is initially very defensive. Certified to what? By whom? Who mandates certification of plant personnel? Why? What does this buy me?

The truth is that none of the safety standards (IEC 61508/ IEC 61511 / ANSI S84.01, etc) nor any of the safety regulatory bodies (OSHA / EPA / HSE, etc) mandate plant personnel certification by any specific organization. As a matter of fact, safety standards don't even mandate certification of Safety Instrumented Systems (SIS) equipment by any specific testing lab (TÜV / F.M., etc).

However, what the standards and regulatory agencies do require is that certain target safety measures be met. For example, logic solvers used in a SIL 1 through SIL 3 safety instrumented function (SIF), shall be designed to meet IEC 61508 or be documented to meet the requirements of "proven in use".

The problem here is that documenting that a logic solver meets the standards' "proven in use" criteria, with all the hardware and software target measures, fault insertion tests, safety manual documentation, etc., becomes an insurmountable task for an end user. The cost would be prohibitive and the liability is not something the plant would want to undertake.

Therefore, when it comes to SIS logic solvers, the process industry has reached a consensus in generally specifying that the equipment be third party certified to meet IEC 61508 parts 2 and 3. Although it is technically accepted that the certification be performed by an NRTL (Nationally Recognized Testing Laboratory), process plant specifications mostly require that the certification be issued by TÜV, recognizing this lab as the safety system's "mark."

So, if it is an industry recognized requirement that the SIS hardware and software be certified by TÜV, why not certify the engineers that design, integrate, program, install, operate and maintain the SIS?

IEC 61508/ IEC 61511 / ANSI S84.01 and other international and national safety standards, as well as national regulatory agencies, require that all personnel involved in any stage of the SIS safety life cycle have proven and documented competency for the tasks they are assigned.

IEC 61511-1 Functional Safety – Safety Instrumented Systems for the process industry sector. Paragraph 5.2.2.2 : Persons, departments or organizations involved in safety life-cycle activities shall be competent to carry out the activities for which they are accountable.

As with SIS hardware and software certification, competency assessment of plant or contractor engineers is best served by third party certification. Furthermore, TÜV is best suited for this certification through the TÜV ASI- Rheinland Functional Safety Program.

Full details of the TÜV Functional Safety Program can be reviewed at http://www.tuvasi.com.

In the same way that all project specifications now require that SIS logic solvers carry a TÜV certificate to the appropriate SIL, the tendency is to also require that engineers specifying, integrating, programming, installing and maintaining these systems have a TÜV ASI – Rheinland certification of competency. After all, what good is it to have the best hardware in the world if the engineers implementing the project cannot prove competency for the task they are assigned?

The main driver is Process Safety. However, a significant motivator is the avoidance of litigation actions in the case of process hazard incidents where competency of personnel requires recognized third party documentation of training and certification.

Premier Consulting Services (PCS), in cooperation with TÜV Industrie Service ASI, Rheinland-Germany, has developed the Premier Functional Safety Engineering (PFSE) training course, which has been reviewed, assessed and accepted by TÜV-ASI as an integral part of the TÜV Functional Safety Program for Safety Instrumented Systems. PCS course instructors are certified TÜV Functional Safety Experts. As a matter of fact, PCS instructors became the first two "experts" certified by TÜV-ASI-Rheinland on a world-wide basis.

Full details of the Premier Functional Safety Engineering (PFSE) course can be reviewed here.

Premier Safety Consulting will be posting more questions and answers in the future.