How often have you been at conferences where the presenters refer to the “Swiss Cheese Model”?  The intent of the model is to convey what happens to the protection layers in Safety Instrumented Systems (SIS) when they are poorly designed, implemented and maintained.  In this case, when any of the 3 previous issues occur, “holes” can develop in the protection layers, similar to how a Swiss Cheese looks.  When these holes line up in all the independent layers, then we have the potential for serious problems to occur.  For example, a failure on demand of the SIS leading to an incident where the incident outcome will have some form of consequence which could be severe.

Figure. Swiss Cheese Model Showing What Happens When Random and Systematic Failures "Line Up"

Therefore, what type of failures can lead to these holes appearing?  These failures can be Random in nature or Systematic.

•    Random failures - can be caused by equipment failures such as mechanical relief, BPCS, interlocks and SIF. 
•    Systematic failures - can be caused by improper training, lack of competency, software bugs, incorrect procedures, and lack of administrative controls.

It is important to note that the IEC61511 defines a lifecycle approach to SIS design, operation and testing and we can design the SIS correctly at the start but if it’s not maintained properly then the “holes” can appear.  This can be seen in some of the accidents that have occurred over the past twenty years, with the Texas City Isomerization explosion being a prime example. Years of neglect and improper maintenance and repairs led to the unfortunate event where the safety systems in place failed to operate correctly.

There’s an old adage that’s used in industry known as the 20:20 rule, whereby it’s twenty weeks in design, twenty months in implementation and twenty years in operation.  From the SIS lifecycle perspective, over 90% of its lifetime will be spent in the Operational phase; therefore, it is of prime importance that the SIS is properly maintained, tested and operated.  Tracking useful life will be part of the mechanical integrity to ensure that devices are either replaced or refurbished prior to the end of its useful life to maintain the integrity of the SIS and its SIFs.

There are still many companies that are not properly conforming to these requirements and not tracking useful life or following the proper test intervals for the SIS and its SIFs.
If this blog has piqued your interest, then please check out our upcoming webinar on the subject: ."What is the Swiss Cheese Model andHow Does it Apply to SIS?"