As the incidence of cybersecurity threats in industry continue to rise, the automation world continues to grapple with how to address these issues. There are many good practices available to end users such as creating demilitarized zones between the business network and the industrial network, banning the use of portable devices on the industrial network, ensuring that security patches are installed regularly, etc. While these solutions all make a lot of sense, I recommend an attack at the problem core. Patching, for example, is very important, but it is also very expensive and carries some extra risks in an industrial automation system such as impacting the performance of…
The new and updated version of the ISA-18.2 standard (ANSI/ISA-18.2-2016, Management of Alarm Systems for the Process Industries) has now been officially released. This supersedes the original edition (2009). The new version incorporates feedback from 6+ years in the "field" and includes some updates based on the IEC 62682 international standard.
Selected highlights include:
Updated definition of an alarm:
Alarm: audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a timely response.
Note that the word “timely” was added making it consistent with the IEC 62682 international Standard.
Each month at exida, we strive to spotlight one of our products that makes the job easier for today's industry professional. In this blog, I wanted to talk about our latest edtion of the SERH (Safety Equipment Realiability Handbook).
The Safety Equipment Reliability Handbook (SERH) book set is a hard copy of exida’s SERH database that contains a vast amount of equipment item reliability data.
The SERH provides a collection of failure rate data that is applicable for use in Safety Instrumented System (SIS) conceptual design verification in the process industry. It remains the ultimate reference source for any safety engineer involved in Conceptual…
In several of our technical papers over the years, we have noticed that failure rates for the manufacturer, model number are different at different sites, even when the processes were quite similar. When I have mentioned this to end users and manufacturers, often the response is “Yes, I have noticed. Why does this happen?” exida finally has enough field failure data to create a simple model for this based on concepts from IEC 61508. We call our model the Site Safety Index™ (SSI).
A wide range of factors seem to contribute to the SSI. After gathering lots of expert opinion on these factors, it became clear that they had everything to…
How does a team get to play in the NCAA tournament? They don’t just buy plane tickets and arrive at the arena ready to play whoever else shows up. In fact, there is a rather rigorous process to determine who gets to play and what seed they are, which then determines who plays who. But before all of that, the team coaches and school officials decide who will be on their team. They conduct training camps and drills and practices. And they compete with other schools to recruit players. Then they determine the best players that will start, and the backup players who reinforce them. (Kinda sounds like competency evaluation, or project feasibility…
The ISA-18.2 and IEC 62682 alarm management standards provide recommended targets for average alarm rate and for alarm floods - a condition during which the alarm rate is greater than the operator can effectively manage (e.g., more than 10 alarm per 10 mins) Ref ISA-18.2. During alarm floods the chance of an operator missing an alarm or making a mistake is increased. The following table taken from IEC 61511 shows how the reliability of humans is impacted by stress.
An interesting question arose recently when creating an FSM plan:
Does the ISA-18.2 standard on alarm management address the claiming of the operator’s response to alarms as a layer of protection?
Not specifically, however the ISA-18.2 standard does require that alarms are rationalized, and that alarm system performance is measured and judged against recommended metrics. Both activities in the alarm management lifecycle directly impact the dependability of the operator’s response to alarm as an IPL. Remember, an IPL must be:
• Specific • Auditable • Independent • Dependable
An unrationalized system is likely to have too many alarms, incorrect priorities, and alarms without an operator response. A…
Performing site audits for numerous customers can be very telling. All sites have their own unique layout, procedures, documentation, and people. Did you know that failure rates differ from site to site? Are you surprised? According to our recent webinar results, the majority of people aren’t, and in fact they expect it. If this is the case, then why isn’t anyone taking into account these factors?
This is how the Site Safety Index (SSI) started.
Over the last 30 years exida has accumulated over 200 billion operating hours of REAL failure data. From this data, exida was able to create the SSI. A number of field failure…
Good things happened in the fields of functional safety and control system cybersecurity in 2015. I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015 were:
The IEC 61511 Standard requires the user to create a Safety Requirements Specification (SRS) for a Safety Instrumented System (SIS) that incorporates all the analysis done during the Risk Assessment, HAZOP/PHA and LOPA reviews. The SRS falls into two types: an initial conceptual SRS, often referred to as the Process Safety SRS; a detailed Design SRS which contains all the detailed design information.
As in any requirements specification, how well and how concisely information is conveyed to the designer is essential to ensure that there is no ambiguity and potential for misinterpretation of the requirements. This is especially true for safety-related process applications using SIS, where it is critical to convey the requirements…
Site audits have shown many differences in how things are done from site to site. This impacts many variables in a safety instrumented system!
A key metric for process industry designs is called average Probability of Failure on Demand (PFDavg). After several studies of many field failure and proof test reports, several variables* have been identified as key to a realistic PFDavg calculation.
The adoption of the functional safety standards continues to gain momentum in turbine applications. Both industrial and power turbine sites are now requiring compliance to IEC 61511. This blog will review both technical requirements and market trends related to functional safety system design. Market trends will cover which standards are required by region, turbine, size, and industry.
In Part 1, we discussed the application of IEC 61511 to Turbine Applications and how we demonstrate compliance. In Part 2, we took a high-level look at the safety lifecycle, take a look at the IEC 61511 lifecycle, and discuss hazard matrixes, risk graphs, and LOPAs.
In this blog, we will look at implications of IEC 61511 and effective implementation.
exida has launched the web site www.silsafedata.com. SILSafe Data is a web site listing a number of product categories used in process control and the expected range of failure rates for process industry applications. The use of realistic and application appropriate failure rate data has a significant impact on the validity of SIL verification calculations. Unfortunately there is often conflicting or incomplete information readily available to perform the tasks needed for safe designs. The impact of poor information can lead to dangerous under-designed systems, expensive overdesigns or even the need to re-design the safety integrated system.
Determining if data is suitable for use is a critical first step. The SILSafeData.com…
We all know when we’re finished with the product development cycle; it’s printed in a little box on the project schedule Gantt chart. The end of July… right there on the schedule, and it’s been there since the project inception. So what happens when you reach 31-July and your product still isn’t ready? Do you start changing the calendar to read 32-July, 33-July, and so on? That might work if you only need a few more days of wringing out the functional testing, or finish the user manual. But if you reach the 254th day of July, you’ve got a big problem.
In my project experience, there is always an end date. Some…
While channel surfing the TV this weekend, I happened to stop on an old show called “My Mother The Car.” (Ok, I’m dating myself, but it was filmed in color, as opposed to some other favorite old shows still in black-and-white). The fictional car, a 1928 Porter built for the TV series, was the reincarnation of the owner’s deceased mother. The car was always available for advice and helped the owner with various problems that could be solved within a 22-minute sitcom. With all of its life experiences, I’m sure that car was smarter than a Fifth Grader.
This show got me thinking about how cars have changed over the years. New cars…