Why is Functional Safety the topic of so many oil and gas companies meetings?  Why is it gaining momentum? and why do people fight it so badly?

IEC61511

This is the international standard for functional safety.  In Europe its considered “State of the Art” or the best solution to the problem of designing unsafe plants.  This spec, although not terribly difficult to read, seems to be difficult to understand.  This is why it’s consuming peoples time in board room meetings day in and day out.

See, this is a performance based specification which leaves it open to interpretation on how to actually implement it.  Ive seen everything from a collection of spreadsheets to access databases to custom built software packages that never really caught on. This unfortunately leaves gaping holes in the implementation of the specification and typically focuses on the first two phases of the lifecycle (Analysis and Realization) and the third phase (Operation and Maintenance) drops off the radar once engineering hands the plant to operations.

Moving Forward

IEC61511 is gaining momentum because, as I mentioned earlier, it is the best spec we have right now to deal with a real issue in designing our facilities.  Functional Safety on the surface looks as though it adds capital cost to a project when in reality companies tend to save money due to the reduction in cost from over designing potentially unsafe loops and implementing over the top maintenance schedules to compensate for it.   Because of the spec being the best there is right now a lot of countries have made it law. Meaning they must follow the safety lifecycle if they would like to operate a facility.  Usually if a specification has become law there is a serious reason right? So why not implement the best safety standard that exists right now?

Push Back

I’ve seen companies push functional safety aside and land up putting redundant SIL rated transmitters on every “potentially unsafe” loop in the plant, feed that into a SIL rated logic solver and pretend that they’ve done their job.  Using only qualitative analysis to design a safety loop is not the most efficient use of resources or instrumentation.  Do they know what level of safety they are achieving? No.  Do they know what level of safety they require? No. Who is stating that this loop requires two transmitters and the other potential danger does not?  This is all decided in a room with about 10 people.  Granted they are all incredibly experienced and knowledgable people, but its there word and experience that is determining what loops deserve special attention.  If IEC61511 did not exist I believe this would be the best way to design a plant, however because the functional safety specification does exist I don’t believe it.  For the extra 20 mins per high risk loop to complete a qualitative analysis using industry standard data it seems pretty cut and dry.

Whats the Take Away….

A very common line that I hear in the industry is “Ive never seen a PLC fail.” while that may be true, and its quite likely it is, PLC’s do fail and they do fail without warning or detection. if we based our life decisions solely on our own experiences we wouldn’t be nearly as advanced now as we are.  I wear a seatbelt as soon as I get in my car.  I get in start my car and put on my seatbelt.  Have i ever needed my seat belt? No.  Why do I wear it? because i’ve learned from others mistakes and I listen to what statistics tell me.  It is far safer for me to wear my seat belt then it is to not wear it and try to come up with reasons to avoid it.  Its also Law to wear your seatbelt and can be fined if your caught not wearing it.