4 - Kuwait Oil Company

AnalysisRealizationSLC analysis phase focuses onthe SIL selection process andstarts from the basic conceptualdesign of the process and safetysystem through to the releaseof the safety requirementsspecifications. This includescollecting supporting informationon process and tolerable risklevels of the organization throughPHA, HAZOP and potentialsafety instrumented functionsare identified. By LPOA, theamount of risk present withoutSIS is characterized. If the riskis within a tolerable level, SIS isnot required to be implementedand can rely on existinglayers of protections. If risk isintolerable, appropriate SIL toreduce the risk to an acceptablelevel is determined and thesame shall be documented withrelevant information as safetyspecification.SLC realization phase highlightson designing and fabricating theSIS to meet the specificationsyielded by the analysis phase.SLC operation phase starts fromstartup to decommissioningthrough the entire safety system.The highlights of this phase ismaintaining function, testingand proof testing the system toOperationensure the system is functionallysafe. The operation phaseends when the system is fullydecommissioned and taken outof service or when modified withrespect to a specific MOC whichwill start the safety lifecyclefrom beginning. The SLC can besummarized in three steps whichinclude analyzing the hazardousrisk, designing the suitablesolution and verifying that thesolution effectively solves thehazard risk.Proof TestingIn order to maintain the SIL levelof a SIS loop, proof testing isan important factor. Dangerousfailures are identified by prooftesting. For the proof testexecuted online, all the prooftesting devices shall be anintegral part of SIS loop. In mostcases, full proof testing is notpractical in a running plant. Inthis case partial stroke testing isadopted as a method to executeproof testing.Periodic proof testing shallbe carried out by well writtenprocedures and methodologies,and proof testing shall haveproper records with details suchas description of tests, dates,name of person, serial number,tag numbers, results of tests andinspection, etc.Personnel competencycertificationA major issue faced bycompanies that implement SISis the verification of personnelcompetency. Personnel whodesign, implement, maintain andoperate SIS are required to becompetent in the process they areassigned.As per IEC 61508, “All personnelinvolved in any overall E/E/PES or software safety life cycleactivity including managementactivities should have theappropriate training, technicalknowledge, experience, andqualifications relevant to thespecific duties they have toperform.” Personnel competencyis therefore now a “Normative”requirement in the IEC 61508edition 2.0. Many companies areconcerned that there has been noguidance on how this assessmentshall be carried out. There areagencies such as TUV, ISA, Exida,Risknowlogy and more whichprovide certification programs toovercome these issues.What may go wrong in SISdesign?There is a general tendency tokeep adding safeguards in thebelief that the more safeguardsadded, the safer the process.In fact it is a false concept.Eventually the more and moresafeguards that are added thatare unnecessary for the SIF,the effect shall be less focuson the safeguards that arecritical to achieve tolerablerisk. Unnecessary safeguardsalso become complex whichmay result in new unidentifiedhazard situations. Selection ofa competitive team for the SISdesign is an important criterionto achieve an optimum andeconomical design. Gatheringrelevant plant data and historyis another major factor to beconsidered during SIS design.October - December 2012 27