Industrial accidents occur all too frequently, resulting in harm to workers and sometimes to nearby populations and the environment. While avoiding accidents has always been a high priority, traditional views of Environmental, Health and Safety (EHS) have seen it as a cost center, with risk management efforts and protective measures being at the expense of productivity. These views are in decline, because numerous studies over the last 5 years show that companies that view EHS as vital to their Operational Excellence objectives outperform those that don’t, financially, in terms of EHS compliance and accident levels.
What are those higher-performing companies doing differently? It boils down to effectively harnessing and aligning people, processes, and technology. To delve deeper on this, you might like to check out ‘Safety and Risk Management in the Age of IIoT and Digital Transformation’, a piece from LNS Research made available by Rockwell Automation.
So, this month’s ‘Beyond the Measurement’ blog looks at aspects of safety around gas analyzer systems where technology and digitalization may offer opportunities to improve.
Before we dive into details, we take a brief look at the context for safety incidents and the layered and dynamic nature of risk and safety management in industrial facilities.
When you’ve finished reading, don’t forget to join the conversation and complete our survey question here to help shape the future of our gas analysis.
The context for safety incidents
The construction and operation of industrial processes present hazards to people and the environment. A hazard is something that has the potential to cause harm. Risk assessments identify potential hazards and subsequently identify failure scenarios that allow potential hazards to result in actual accidents. They determine the level of risk for each hazard and determine if that level is tolerable or not. They also recommend action to address those risks that are not tolerable, including modifications to eliminate risk, or establishment of risk mitigation measures.
Typically, comprehensive risk mitigation relies on multiple independent layers of protection, which can be physical or procedural. For example:
But things do go wrong. Why? Each layer of protection is imperfect – each has one or more holes. Typically this defense-in-depth type approach ensures at least one of the layers of protection effectively mitigates any risks. Occasionally, however, events conspire so that holes in multiple layers line up, allowing a particular failure scenario to play out unnoticed, until what was a potential hazard becomes an accident. The Swiss cheese model is a great way to visualize this.
Source:David Mack under a Creative Commons Attribution-Share Alike 3.0 Unported license
The nature and scale of the holes vary in every system and organization; after all, each is unique.
The holes also vary over time as circumstances change – for example, in terms of people, processes, asset integrity, or climate. Changes in actual risk may not become immediately apparent.
Our perception of tolerable risk also continuously evolves as we increase our understanding of the harmful effects of specific activities, gain evidence that new approaches work, or see opportunities and risks that technology brings.
My point here is that our risk mitigations will never be perfect. Still, by using a layered and dynamic management system that continually seeks to identify and track changing risk, and update or establish measures that plug or shrink those holes, we can build increasingly resilient and safer systems.
Gas analysis and safety
In our previous blog, we highlighted the use of gas analyzers to support process safety and considered the example of combustion management in control fired heaters. Control fired heaters are integral to many hydrocarbon processes and are highly dependent on reliable continuous measurement of excess air. Efficient operation of larger, fuel-hungry heater units, such as those on ethylene crackers, involves a delicate balancing act to remain on the safe side of a tipping point from efficient, low-emission operating conditions to potentially explosive low-oxygen and fuel-rich conditions.
While the gas analyzer’s purpose is to support process safety during plant operation, we must also consider personal or occupational safety. While the consequences of process safety incidents and personal safety incidents are on different scales, the likelihood of personal safety incidents is typically higher.
Process safety and personal safety are affected by activities undertaken throughout the lifecycle of the plant from design through installation, commissioning, operation, maintenance, and decommissioning.
The following sections consider some key activities within these lifecycle stages and highlight opportunities to improve safety through the digital transformation of traditional approaches.
Improved Safety Instrumented System (SIS) design
In the context of the ethylene cracking process above, a Safety Instrumented System (SIS) is utilized to resolve the delicate balancing act between efficient and safe operation. An SIS is used when other protection methods can’t reduce the probable frequency of a hazard resulting in harm, to a tolerable level.
An SIS is engineered per IEC 61511 to perform specific control functions to failsafe or maintain safe operations of a process when unacceptable or dangerous conditions occur.
The specific control functions performed by an SIS are called Safety Instrumented Functions (SIF). SIFs provide an active protection method, i.e. they have to function automatically and on-demand to detect, decide and act based on input conditions to mitigate the consequences of an industrial hazard by moving the system into a safe state. In contrast, passive protection measures mitigate risk without active functioning or intelligence. Gas analyzers are often used as one active protection component within a SIF.
The gap between tolerable hazard frequency and probable pre-SIS hazard frequency determines the required risk reduction, which directly translates to what is known as the Target Safety Integrity Level (SIL).
Each SIF must be designed to meet the requirements at the Target SIL level and thus demonstrate the required level of risk reduction. The SIL calculations required for this are somewhat complex and time-consuming, but essentially, the process is to gather failure rate data for the SIF components and account for factors such as test frequency, redundancy, voting arrangements, etc. The result is that for each SIF, an overall Probability of Failure on Demand (PFD) is calculated.
Software packages such as exSILentiaTM or SIL-SolverTM are increasingly used to ease SIF design and SIL verification. They allow modelling of a SIF and use data from integrated device databases to run calculations to arrive at the probability of failure on demand (PFDavg) and mean time to spurious failure (MTTFS). These tools provide cost and time savings.
But could they provide increased benefits as a result of digital transformation?
Rather than using generalized failure rate values for each technology type, could they use specific data, shared in an agreed standard digital format from the equipment suppliers? Specific equipment failure data would provide more accurate results. For complex products where the market has a diverse range of quality, performance capability, and gas measurement technologies, the change in results could be significant, possibly reducing SIF cost or reducing the frequency of manual and production invasive proof test intervals.
Furthermore, if gas analyzer data (measurement, health, event logs) were available, linked with the application and environmental context, the resulting real-world failure data would provide a sound basis for SIL verification, providing greater confidence in safety margins. Also, of course, the data would provide new insight into the causes of failure in the field, allowing product design to become increasingly reliable, leading to safer operation.
Improved human factors design
Industrial facilities are often large and complex places with constraints on how the various physical elements fit together to balance construction and operational costs, physical footprint, process efficiency, reliability, safety, and serviceability.
2D/3D CAD models and process simulation software have long been used to support the industrial design of form and function. Recently Digital Twins bring those models – plus other static and dynamic data – together, and enable more extensive design verification.
Where traditional industrial modelling used basic symbolic representations of equipment, it is now possible to include full detailed models of equipment. Rather than plant designers spending time creating these, equipment suppliers, who create such models anyway, could provide them in a standard form for import into Digital Twins.
Increased fidelity of the models and the ability to import those into immersive and interactive Virtual Reality (VR) systems enables improved design verification, ensuring that use of space, installation access, service access, HMI monitoring/usage access are well planned. Early consideration of human factors improves worker wellbeing and safety.
Installation & Commissioning
Overcoming skills/expertise shortages and travel restrictions
Workforce reductions, the retirement of highly experienced personnel and the proliferation of complex equipment make it a challenge for site engineers to undertake every installation confidently, proficiently, and with the assurance that specific equipment safety measures or recommendations are applied.
Digital Twins and VR can help here too. VR allows site engineers tasked with the installation and commissioning to practice and familiarize themselves with the equipment and procedures, without venturing on to the site.
Suppliers would be best placed to provide equipment specific elements of immersive VR training, drawing attention to critical safety checks and procedures. Unproductive time and cost spent travelling for training can be reduced.
When an engineer moves onto real field installation work, Augmented Reality (AR) headwear can enable continued support. The field-of-view for the site engineer is digitally enhanced, providing access to training, manuals, product bulletins, service records, or even equipment showing live data/health or hazard overlays pertinent to their local vicinity or job – all available at a glance and the point of need.
Guidance, from a remote supervisor within their organization or an external supplier, can be available throughout the job. The remote supervisor can see what the field engineer sees and offer additional information via digital overlays or annotations on the site engineers screen, supplementing an audio link. Guided installation and commissioning procedures with checklists can highlight or indeed require confirmation of safety issues and critical steps, before showing subsequent steps.
Suppliers would also be well-placed to provide AR support during installation and commissioning. Remotely witnessed installation and commissioning could provide increased confidence for installation safety, reliability, and expected quality of measurement. Remote installation and commissioning would also minimize cost, risks, and delays through reduced need for travel and reduced visits to your site by third parties.
In all walks of life, efforts to do something better, faster, or cheaper than others – realising a potential opportunity to lead – never end. Often the reason that the better, faster or cheaper approach hasn’t been possible before is due to associated risks being too high – the risk/reward balance just isn’t sufficiently favorable.
But historically, through innovation, ways to even up the balance and stay in control are developed: these are Enablers. They enable progression whilst keeping risk to a tolerable level. To give some examples, the innovation of brakes was an enabler for faster cars (https://herthundbuss.com/en/industry-more/the-history-of-car-brakes/). Online banking was enabled by careful application of number of security measures.
This is as true for production process optimization as anything else. The reason is clear; there can be numerous benefits, including reduction of costs, energy use or emissions, increased product quality, or increased yield.
What improvements in gas analysis could be an Enabler, allowing processes to run more optimally whilst maintaining current levels of safety margin?
Greater accuracy of measurement without reliance on filtering, and increased speed of response are two options. New opportunities to affect these could result from digitalization, allowing new data sources to be integrated into measurements, or allowing measurement points to be less centralized and therefore more optimally sited near the process conditions.
Keeping gas analyzers online and effectively operating is, as we highlighted in our previous blog and our earlier cases, essential to operational excellence, but they do require maintenance.
However, carrying out maintenance work exposes site engineers to risk. Maintenance tasks themselves can sometimes negatively impact instrument reliability. Maintenance activities may take longer than manufacturers’ assumptions, reducing safety margins included in SIF calculations; Poor awareness of maintenance activities can expose other workers to risk.
As with many things, we need a balance – optimizing maintenance activities to be sufficient to avoid failure and unplanned offline time, yet as infrequent as possible to limit the other risks and costs.
Condition-based maintenance (CBM) can help in achieving this balance. CBM needs significantly more data from a gas analyzer than is necessary for process control. Instead of using the NAMUR NE 107 type diagnostic health indicators (Fault, Maintenance Required, Out-of-specification, and Service In Progress) currently provided, the measurements, conditions or life-counters behind those indicators must be exposed. Also, the range of measurements and conditions monitored must be more comprehensive, including sensor conditions, analyzer conditions, and sample systems and other environmental conditions.
Patterns, trends and correlation analysis can then provide greater insight into how things are changing over time and at what moment in the future those changes may impact performance.
Increasingly capable plant operational Intelligence systems, build on top of or integrated into plant historians, are optimized to ingest and cleanse this type of data, contextualize it, analyze it and provide dashboards or notifications of trends or significant changes to the workforce.
Integrating equipment into these systems using traditional Fieldbus protocols such as Modbus is possible. However, because Modbus maps for all types of device are unique and don’t conform to any standard profile, ingestion needs to be configured. The overhead here can be a disincentive and limit use of available data. Support by gas analyzers for connectivity methods such as Profibus, Wireless HART, OPC-UA, i.e., those that do have device and function block profiles, helps overcome this data accessibility barrier. Another useful option could include embedding an OSIsoft PI agent into products, enabling the device data tags to be enumerated in the PI server when the instrument joins the network. These approaches enable a more plug and play approach.
Lower overhead proof testing
Proof testing is an essential part of a SIF. IEC 61511 requires periodic proof tests to uncover any failures within the SIF that would otherwise go undetected and prevent the protection function (a dangerous failure).
For gas analyzers, proof testing has been part of a maintenance activity requiring bypass of the analyzer for the duration of the test, a manual effort by site engineers to instigate, observe, confirm and log a record of correct behavior, then remove the instrument from bypass mode.
Through increased sophistication of product design, it is possible to automate 4-20 mA and relay proof tests without requiring bypass and without impacting operation. The test frequency can increase, and instances of bypass can reduce, thus increasing SIF safety integrity.
Results of automated proof tests would be available as part of condition-based monitoring, increasing visibility of any issues.
Overcome skills/expertise shortages and travel restrictions
The issues impacting safety during installation and commissioning are equally applicable during maintenance activities. The solutions discussed in that section, such as engineer training via VR, guided field-work through AR and access on-demand to the right data at the right time via QR codes are all equally applicable and could contribute to improved safety.
Improved Change Management
When a component of a SIF has software-configurable elements related to the safety function, how confident would you like to be that the configuration is always correct?
For a gas analyzer, examples include the mA output Jam level on fault conditions, the measurement range assigned to the mA output, the measurement path length, and the assignment of an mA input providing pressure measurement into a compensation function contributing to accurate measurement.
Field instrumentation has traditionally not focused on security. A small number of role-based access levels may afford some protection: for example, Viewer, Operator, and Supervisor access levels, each protected by a basic password/code. While a Supervisor level login may somewhat limit changes to the configuration of a safety function, any individual who knows the Supervisor password has that access. Role-based access means there is no record of who, at an individual level, logged in – it was just someone acting as a Supervisor. Often there are no logs to track the time, date and detail of a configuration change.
Use of a Supervisor level of access can become commonplace because it unlocks everything and means passwords are seen not to ‘get in the way’. A side-effect of this can be increased risk of unintentional change to safety configuration, which can in turn, either allow dangerous conditions to go undiagnosed, or cause unintentional process shutdown, both of which result in unnecessary costs.
Minimal security is a historical hangover related to: this type of equipment having very little connectivity, industrial cybersecurity not traditionally being a significant concern, and the use of highly resource-constrained digital microcontrollers and memory devices restricting capability.
Times have changed. Connectivity has rapidly increased, bringing considerable benefits but also increased risk. Industrial cybersecurity has become a significant concern, with external threats, supply chain threats and, unfortunately, also industrial insider threats. High-performance and memory capacity electronics are readily available at low cost.
Instrumentation must now carefully consider both security and safety. Without adequate security, safety cannot be adequately assured. Although, it is also worth noting that security controls can also hinder safety, so both must be considered jointly — more on this in a future blog.
For now, in terms of change management, increased availability of Ethernet at the field device level, particularly with the advent of Advanced Physical Layer (APL) Ethernet, allows field instruments to more easily tap into existing Enterprise Identity-based access management systems. Instrument access permissions could be assigned to individuals. Consistent identity-based access will better restrict access to instrumentation configuration and enable traceability at an individual level.
HMI design could be improved to minimize inadvertent safety configuration change by requiring a second re-authentication, in the same way that online banking requires re-authentication before transferring funds.
A further layer of protection could be added using dual-identity authentication, requiring any two sufficiently privileged individuals to log in, to confirm a change to safety-related configuration.
I’ve highlighted a few ways in which I think safety could benefit from digital transformation. Now we’d like to know what you think, so please join the discussion in our comments section.
Each blog post also links to a one or two-question survey on our website – let us know your views, as your feedback will help to improve and prioritize not only our future posts but also our future gas analysis solutions.
Contact the author, Tony Dodd, for further information on this digitalization topic.