2013 Honeywell Users EMEA Nice

Johan School
Concepts and Implementation of Process Risk
Management using Safety Manager
1
 Agenda

• Introduction
• What about safety
• Safety Instrumented Systems
• Industry Standards & Risk analysis
• Honeywell Safety project services
• Honeywell Safety Management Systems
• Operational integration; The human factor approach
• Introduction to Cyber security
• Q&A

2
 About your presenter

• Johan School
• 19 years with Honeywell
• Product Manager Safety Solutions
• Active member national and international
standard committees
• TÜV Functional Safety engineer

3
 2013 Honeywell Users EMEA Nice

What about Safety ?

4
 Introduction to Safety standards

Compliance

Safety
Process
Availability

Risks Cost

5
 IEC 61508 - A safety umbrella for the world

61508 ed1 2000

61508 ed2 2010

6
 Types and names of SIS

• Instrumented Protective Systems

• Safety Interlocks
• Safety Related Systems
• Emergency Shut-down Systems
• Burner Management Systems
• Fire & Gas Systems
• High Integrity (Pressure) Protection System
• …

7
 Technologies applied during the last 80 years

• Electromechanical based technology

– Replacement of hydraulic and pneumatic operating

Increasing functionality and complexity

equipment

• Electronic (solid state) technology

– Replacement of relay based safety systems

• Programmable electronic technology

– Replacement of solid state safety systems

8
 Terminology
E/E/PE: Electrical / Electronic / Programmable Electronic 61508
PES: Programmable Electronic System
PFD: Probability of Failure on Demand
SF: Safety Function 61508
SIF: Safety Instrumented Function 61511
BPCS: Basic Process Control System 61511
SIS: Safety Instrumented System 61511
EUC: Equipment Under Control 61508
EUCcs: EUC control system 61508
RR(F): Risk Reduction (Factor)
SRS: Safety Related System 61508
SRS: Safety Requirements Specification 61511
SIL: Safety Integrity Level
PST: Process Safety Time
SLC: Safety Life Cycle
LS: Logic Solver
SLS: Safety Logic Solver

9
 Protection is Key
Layers of Protection
• It is important to have the
right layers of protection
• With a clear understanding of
how work errors or incidents
develop, and with the many
tools available to help
mitigate these situations, one
can plan for the inevitable.

Anatomy of Disaster
• A typical process plant has many
variables in many processes that
under normal circumstances operate
within the normal limits of process
control

10
 Protection is Key

An abnormal situation can

evolve from an operating
upset that could potentially
become a catastrophic event
involving serious destruction
and harm to the plant and/or
the surrounding community.

11
Some incidents as found on the ASM consortium website (Oct 2013)

12 Direct link: http://www.asmconsortium.net/news/incidents/Pages/default.aspx

 IEC 61508 - Key Item 1: risk reduction

Residual
Acceptable risk EUC risk
risk

Necessary risk reduction Increasing

risk

Actual risk reduction

Partial risk covered Partial risk covered Partial risk covered

by other technology by E/E/PE by external risk
safety-related systems safety-related systems reduction facilities

Risk reduction achieved by all safety-related systems and external risk reduction facilities

13
 What is Risk ?

Risk is defined as the combination of the frequency of

occurrence of harm and the severity of that harm

UNACCEPTABLE RISK
FREQUENCY

ACCEPTABLE RISK

SEVERITY

14
 IEC 61508 - Safety Integrity Levels

Target failure measures for a safety function, allocated to an E/E/PE safety-related system

TABLE 2: SAFETY INTEGRITY LEVELS: TARGET

FAILURE MEASURES
SAFETY Low demand mode High demand or
INTEGRITY of operation continuous mode
LEVEL (Average probability of operation
of failure to perform (Probability of a
(SIL) its design function on dangerous failure per
demand) hour)
4 ≥ 10-5 to < 10-4 ≥ 10-9 to < 10-8

3 ≥ 10-4 to < 10-3 ≥ 10-8 to < 10-7

2 ≥ 10-3 to < 10-2 ≥ 10-7 to < 10-6

1 ≥ 10-2 to < 10-1 ≥ 10-6 to < 10-5

15
 Risk based on Frequency and Severity of consequence

Severity Frequency Risk

Once in 20 million flights 1 x 10E-5

Globally per year , ie 5 x 10E-8 LOWER

Plane crash – 200

deaths

2 x 10E-3
10 times in 10000 road HIGHER
incidents per year in a large
City ie, 1 x 10E-3

Car crash – 2
deaths

16
 Costs of risk <-> Costs of Safeguarding

Costs Optimum Total costs

Costs of safeguarding

Costs of risk

Level of
safe-guarding

Level of Risk reduction Vs Cost

17
 Protection Layer

Part 1, 3.2.59 of IEC 61511:

• any independent mechanism that reduces risk by control,
prevention or mitigation

18
 IEC 61511 LOPA-model
COMMUNITY EMERGENCY RESPONSE
Emergency Broadcasting

PLANT EMERGENCY RESPONSE

Evacuation Procedures

MITIGATION
Mechanical Mitigation Systems
Safety Instrumented Control Systems
Safety Instrumented Mitigation Systems
Operator Supervision

PREVENTION
Mechanical Protection System
Process Alarms
Operator Supervision
Safety Instrumented Control Systems
Safety Instrumented Prevention Systems

CONTROL and MONITORING

Basic Process Control Systems
Monitoring Systems (process alarms)
Operator Supervision

PROCESS

19
 Layers Of Protection
Figure 9 of IEC 61511

20
 Layered safety approach

Emergency shutdown

Burner management

Fire and Gas

21
 2013 Honeywell Users EMEA Nice

Safety instrumented Systems

22
 SIS,SIF and SIL Safety Instrumented System
• A system composed of sensors, logic solvers, and
final control elements for the purpose of automatically
taking the process to a safe state when pre-
determined conditions are violated.
Safety Instrumented System (SIS) Basic Process Control System

Inputs Outputs Inputs Outputs

PT PT
1A 1B

I/P

FT

Reactor

23
 SIS,SIF and SIL Safety Instrumented Function

Temperature SAFETY INSTRUMENTED FUNCTION

transmitter

Shut-off
Solenoid
Temperature valve
transmitter

Logic Solver
Level switch (PLC) MCC

Globe
Solenoid
valve
Flow
transmitter

Safety Instrumented System

24
 What is the safety system ?

Sensor Logic Solver Final Element

25
 As good as the Weakest Link

Sensor Logic Solver Final Element

SIL2 SIL3 SIL1

Complete loop SIL2 + SIL3 + SIL1 = SIL1

26
 2013 Honeywell Users EMEA Nice

Industry standards & Risk analysis

27
 Safety Standards - Compliance to what ?

28
 Prescriptive and Normative standards
• Prescriptive standards specify the requirement to
meet the code while normative or performance
based standards only give a guideline to the
designer / end user.
• Some examples:

– While NFPA 72 is a prescriptive the IEC 61508 /

61511 and ISA 84.01 standards are normative.
– NFPA 72 code is primarily intended for Fire
protection inside buildings.
– Other standards like EN54 is a performance
based standard with some prescriptive
guidelines

29
 Common standards used in the Process industry

• IEC 61508 is a standard written with an intent to help

design and develop products which are SIL rated for
any industry.

Manufactures of components for Safety Instrumented

Systems are required to design their hardware and
software in accordance with the international
IEC61508 standard.

• IEC 61511 (ISA84.01) has been written to help

analyze, design, realize, install, commission and
maintain SIL loops for the Process industry.

Safety Instrumented System designers, integrators

and users should follow the international industry
specific IEC61511 standard.

30
 What does IEC61511or ISA 84.01 require?

‘IEC 61511/ISA 84.01 covers the design and management

requirements for SISs from cradle to grave.

• Its scope includes: initial concept, design, implementation,

operation, and maintenance through to decommissioning.

• It starts in the earliest phase of a project and continues

through startup.

•It contains sections that cover modifications that come

along later, along with maintenance activities and the
eventual decommissioning activities.’

31
 Safety best engineering practices

• Best engineering practices with regard to the application of

Safety Instrumented Systems in the process industries
concern the following:
– Hazard and risk assessment methodologies
– Safety Requirements Specification / SIL Selection
– SIS design concepts
– Reliability Analysis techniques, RBD, FMEA, Markov
– SIS validation techniques
– SIS operation, maintenance and testing
– SIS-related Process Safety Management
– Safety Lifecycle Management
– Safety verification, validation, audits and assessments

All of these are covered within IEC61511

32
 Safety best engineering practices

• Taking shortcuts through the “Safety Life-Cycle” to

save money may result in serious consequences and
long-term expense. It is well known that accidents do
and will continue to happen in the process sector.

• As our awareness of IEC61508 and IEC61511

continues to grow and we strive to implement best
industry practices, the process sector will be
pacesetters when it comes to safety, plant reliability
and the environment.

33
 Safety Life Cycle per the standards (IEC61511)

34
 The Safety Life Cycle simplified
Conceptual Process
Design
Develop Safety Requirements Establish Operation &
Specification Maintenance Procedures

Perform Process Hazard Analysis

& Risk Assessment
Perform SIS Conceptual Pre-startup Safety Review
Design, and verify it meets (Assessment)
the SRS

Apply non-SIS protection layers

to prevent identified hazards or SIS Startup Operation,
Maintenance Periodic
reduce risk
Perform SIS Design Detail Functional testing

No
Modify or Decommission
SIS Required ? SIS ?
SIS Installation Commissioning
and Pre-Startup Acceptance Test
Yes
Decommission

Define Target SIL

SIS Decommissioning

35 Analysis phase Realization phase Operation phase

 1. Hazard and Risk Assessment
• Output is a list of hazardous events with their process
risk and acceptable risk.

36
 2. Allocation of Safety Functions
• Often called SIL Analysis or SIL Determination
• Output is a list of Safety Instrumented Functions
together with their required Safety Integrity Level.

37
 3. Safety Requirements Specification - SRS

• Defines functional and integrity requirements of SIS

• Output is set of documents ready for detail design.

38
 SRS should include the following information (1)

• Description of all the SIF necessary to achieve the required functional

safety;
• Requirements to identify and take account of common cause failures;
• Definition of the safe state of the process for each identified SIF;
• Definition of any individually safe process states which, when occurring
concurrently, create a separate hazard (for example, overload of
emergency storage, multiple relief to flare system);
• The assumed sources of demand and demand rate on the SIF;
• Requirement for proof-test intervals;
• Response time requirements for the SIS to bring the process to a safe
state;
• The SIL target and mode of operation (demand/continuous) for each
SIF;
• Description of SIS process measurements and their trip points;

39
 SRS should include the following information (2)

• Description of SIS process output actions and the criteria for successful
operation, for example, requirements for tight shut-off valves;
• The functional relationship between process inputs and outputs,
including logic, mathematical functions and any required permissives;
• Requirements for manual shutdown;
• Requirements relating to energize or de-energize to trip;
• Requirements for resetting the SIS after a shutdown;
• Maximum allowable spurious trip rate;
• Failure modes and desired response of the SIS;
• Any specific procedure requirements for starting up and restarting the
SIS;
• All interfaces between the SIS and any other system (including the
BPCS and operators);
• Description of the modes of operation of the plant and identification of
the safety instrumented functions required to operate within each mode;

40
 SRS should include the following information (3)

• The application software safety requirements;

• Requirements for overrides/inhibits/bypasses including how they will be
cleared;
• The specification of any action necessary to achieve or maintain a safe
state in the event of fault(s) being detected in the SIS;
• The mean time to repair which is feasible for the SIS;
• Identification of the dangerous combinations of output states of the SIS
that need to be avoided;
• The extremes of all environmental conditions that are likely to be
encountered by the SIS shall be identified;
• Identification of normal and abnormal modes for both the plant as a whole
(for example, plant start-up) and individual plant operational procedures
(for example, equipment maintenance, sensor calibration and/or repair).
Additional safety instrumented functions may be required to support these
modes of operation;
• Definition of the requirements for any safety instrumented function
necessary to survive a major accident event, for example, time required for
a valve to remain operational in the event of a fire.

41
 Cause-and-Effect Diagram
• SIFs commonly documented by
Cause and Effect diagrams
• Should include SIL.

CLOSE VALVE UV-03A

CLOSE VALVE UV-03B

OPENS VALVE UV-03C

Set LIC1 to MAN, OP=0

CLOSE VALVE LZV-02

OPEN Deluge valve

Instrument Range

Trip Point

Units
SIL

Tag# Description
BS-01 Burner Loss of Flame 1 ~ ~ X X X
PSL-01 Fuel Gas Pressure Low 2 ~ 7 X X X

LZHH-02 LPG Tank High High Level 2 0-3500 3200 mm X X

F&G Det Fire and Gas Detectors 1 X

42
 4. Design and Engineering
• SIS vendor for logic solver
• EPC contractor or end-user for field hardware.

43
 Standards Compliance

• Target SIL must be specified for each SIF

based on hazard and risk analysis
• Processes for SIS throughout lifecycle must comply
• Each SIF must meet target SIL requirements for:
– Random failure rate (PFDave)
– Architectural constraints
– Development process for each component.

44
 Compliance to ……
Work
People
Process

Technology
People

Processes
Product

45
 5. Installation, Commissioning, Validation
• Logic Solver installed with field equipment
• Includes loop checking, validation and final functional
safety assessment.

46
 6. Operations, Maintenance and Modification

• User must follow a Functional Safety Management

System for the lifetime of the SIS.

47
 Operations and Maintenance Obligations

• Proof test each SIF at specified interval

• Monitor design assumptions
– Demand rates
– Component reliability
• Adjust test interval to suit process
• Control modifications
• Ensure Maintenance and Operational Overrides are
used as designed
• Monitor and promptly follow-up diagnostics.

48
 Responsibilities during the SLC (for logic solver)

Activity Customer MAC EPC

HAZOP Risk matrix R
Conduct HAZOP S/A R
Tolerable Risk criteria R
Conduct SIL determination S/A R
SIL verification (preliminary) A R?
SRS generation S/A R
System Design & Engineering A R S
Installation, Validation A S R
Commissioning R S S
Operation R
Maintenance , Modification R S

R – Responsible, S- Support, A-Approve

49
 2013 Honeywell Users EMEA Nice

Honeywell Safety Services

Excellence
50
 IEC 61511 Safety Lifecycle Services

51
 IEC 61511 Safety Lifecycle Services

Project Services

52
 Honeywell Global Projects and Services Excellence

Structured Global Operation

by forming discipline based team for skills,
processes, best practices, tools, knowledge and
expertise deployment closely aligned with project
engineering.
Disciplines:

Hardware and Field Engineering

Systems Engineering

Network and Interface Engineering

Control Application Engineering

Safety Engineering

Operator Effectiveness Engineering

Asset Effectiveness Engineering

Plant Business Improvement Services

Project Management and Lead Engineering
Highest project quality and consistent global designs

53
 Global Processes and Standard Builds

SIS Modifications

SIS Modifications
Operational life

T (years)

<1 5 10 15

• Global Project Execution Process & Tools TÜV

certified (IEC 61511)
• Provides all documents, supportive guidelines &
checklists and tools to execute safety projects.
• Based on proven-in-use Methods and Solutions (>
20 years).

54
 Standard builds

55
 Standard builds

Solution
Binder

HMI

Project Services Standard functions

Standard Shapes

56
 Recommended reading

• IEC 61508
• IEC 61511
• Seveso II Directive
• Guidelines for Safe Automation of Chemical Processes. CCPS,
AIChE, New York, 1993
• Guidelines for Technical Management of Chemical Process Safety
- Center for Chemical Process Safety (CCPS) (1989) New York:
American Institute of Chemical Engineers.

57
 2013 Honeywell Users EMEA Nice

Safety Management Systems

58
 Integrated SIS evolution
Advanced Experion integration &
Universal Safety Logic Solver

2012
Remote Universal Safe IO
2010
Safety Manager QPP-0002 and PCDI

2008
Experion Safety Manager
TUV Certification to IEC 61508/61511 SIL3
QMR Integrated into Experion 2004

FSC is certified to meet

FSC Integration to PlantScape
IEC 61508 SIL3
FSC Integration to PlantScape and then to Experion 1999

TPS FSC Safety Manager Module

1996
Honeywell
SIS Integration with TDC/TPS

1994 Single and dual channel systems meet

Fail--Safe Controller (FSC
Fail (FSC)) safety and availability objectives
1987

Pepperl & Fuchs 1985 Initial Purpose-built Systems

Fault detection via testing, comparison and voting.
Insufficient for TUV approval, move to Diagnostics-based solutions
1984
Redundant “Standard” PLCs (1-o-o-2) with added diagnostics
1980 Investigation with University of Eindhoven on GP-PLC’s
1975 Relay-based technology

59
 Global development

London (ON)
Unisim
Fort Washington (PA)
RIO development
Integration test ‘s-Hertogenbosch

Phoenix (AZ)
Engineering tools

Bangalore
Builder

Perth
HMI Integration

60
 Design Overview

• Fail Safe Design Safety: Freedom of Unacceptable Risk

– Fault Tolerant for Safety

– Continuous Testing of Safety Components
– Automatic and Accurate Fault Detection
– Isolation of Faulty Part
– Built on QMR Technology
– IEC 61508 - SIL3 Compliant

61
 Digital Output of a general purpose PLC

+ 24 Vdc
What can
“1” go wrong?
CPU
Normally energized

LEAD BREAKAGE
=
Nuisance trip
LOAD,
e.g. SOV

0 Vdc

62
 Digital Output of a general purpose PLC

+ 24 Vdc

“1” SHORT CIRCUIT

CPU =
Normally energized Dangerous State

What can
go wrong? LOAD,
e.g. SOV

0 Vdc

63
 Digital Output Safety Manager
+ 24 Vdc

CPU

STATUS

LOAD,
e.g. SOV

0 Vdc
Diagnostics!

64
 Diagnostics within Safety Manager

• Memory check on processor and communication

modules;
• Voting on processor level (1oo2D);
• Independent Watchdog;
• System Cycle Time check;
• Walking bit tests on data-busses;
• System temperature check;
• Voltage monitoring;
• Etc, etc, etc …………..

65
 Digital Output Safety Manager

+ 24 Vdc

Secondary means
of de-energization
& “0” de-energized

CPU
STATUS
Short circuit

STATUS
Defect

LOAD,
“0” de-energized
e.g. SOV
0 Vdc

66
 Digital Output Safety Manager
Fault tolerance for availability via redundant hardware

+ 24 Vdc
“0” de-energized “1” energized

Secondary means
of de-energization
& &

CPU
STATUS STATUS

STATUS STATUS

LOAD,
“1” energized
e.g. SOV
0 Vdc

67
 2013 Honeywell Users EMEA Nice

Operational integration, the human

factor approach
68
Operational integration: The human factor approach
• Advanced technology makes it possible to
combine process Control and Safety Instrumented
functions within a common automation
infrastructure while ensuring regulatory compliance

• The most reliable approach to control and safety

system integration maintains principles of
segregation, with safety and control strategies
developed by different groups using dedicated
methods.

• Operational integration based on the separation

principle offers better support for plant life-cycle
management.

69
Operational integration: The human factor approach
• How to achieve an integrated
1st Transparency control and safety solution with
advanced functionality and
productivity, without compromising
2nd Communication safety and security ?

3rd Information

4rd Integrated tools

• In a typical industrial operation,
four levels of integration are
essential from a usability point of
view:

70
Operational integration: The human factor approach

Transparency

First, the operational integration must

allow plant personnel to have a:
• Seamless, transparent interface to the
process under control. Whether the
actual strategy is running in the process
controller, the safety system, or on a
higher level makes no difference.
• All required information would be
available on the operational level.

71
Operational integration: The human factor approach

Peer to Peer communications

• Second, peer-to-peer communication

between safety controllers and
process controllers is the key to
integration. Information from one
controller needs to be communicated
to peers quickly in order to anticipate
process startup or abnormal
situations in a controlled manner.

72
Operational integration: The human factor approach

Provide information

• Third, all data available in the lowest

level of process and safety I/O can
be transferred to the higher level of
operations and turned into
information that is usable for various
higher level applications.

• System information (incl. diagnostics)

• Process information (A&E, SOE)

73
Operational integration: The human factor approach

Configuration tool integration

Finally, configuration tool integration

Safety builder only has added value if the point
information is securely
interchangeable.

Publication
• single point of data entry,
• all information (can be) replicated to
other databases.
Control builder • Available for use at all levels of the
safety and control topology.

74
Operational integration: The human factor approach

Choosing the right approach

• Safety and control strategies developed by different

groups using dedicated methods
• Separated databases for Control and Safety
strategies,
• Database integrity and security
• Managed and protected application environment
• Dedicated hardware & software
• Secure network environment
• Cyber security safety device certification

75
Operational integration: The human factor approach

Benefits to end users (1)

• Provides one process window
Includes relevant & critical process information
• Integrated Alarm & Events
• Integrated Sequence of Events
• Using an ASM compliant environment
• Adjust test interval to suit process schedule
• Ensure Maintenance and Operational Overrides are
used as designed
• Monitor and promptly follow-up diagnostics as they
are available within one environment

76
Operational integration: The human factor approach

Benefits to end users (2)

• Change management made easy
• A change to the Safety environment is automatically
available within HMI and for Process interaction
• What is defined within the Safety Manager to be
available is automatically distributed within
Experion, No communication address mix up or
mistakes
• No direct interaction with Safety processor, but
embedded
• Easier to implement, easier to understand, Safe
landings of processes

77
 2013 Honeywell Users EMEA Nice

Introduction to Cyber Security

78
 Cyber security

• Cyber security, why worry

• Cyber security and Safety
• Test / certification programs
• Architectures
• What’s next?

79
 Cyber security, why worry

• Control and safety systems have evolved over the

years
– From proprietary hardware/software to a combination of
proprietary and commercial of the shelve equipment
– Increased connectivity from process control networks to plant
and enterprise networks
– Increased demand for remote access for operational and
maintenance purposes
• The world has evolved
– Knowledge is easily obtainable: control system manuals,
discussion groups through the internet
– Spreading of ideas
– The sport of hacking

80
 Incident types

Hacker

Disgruntled
employee
Technician
Equipment, software

Malware (Virus,
Worm, Trojan)

Source: Repository of Industrial Security Incidents (RISI

(RISI,, www.securityincidents.org)

81
 Cyber security and Safety

• Cyber security and Safety incidents have many things

in common
– They both cause production loss
– They can cause reputational damage (Siemens, RIM)
– They can cause equipment damage (Stuxnet)
– They can cause casualties

82
 What can we do to prevent this

• System level actions

• Product level actions

83
 Embedded device robustness testing

• BCIT (British Columbia Institute of Technology) (2006)

• Wurldtech,
– Promoted by end users by lack of international standard
– De facto standard focused on robustness of end device as
they are.
• ISA Security Compliance Institute
– Industry consortium, founding members: Chevron,
ExxonMobil, Honeywell, Invensys, Siemens, Yokogawa
– Industry participants: ISA99 Standards committee

84
 Embedded device cyber security

• ISCI developed the Embedded Device Security

Assurance (EDSA) certification program
– Using the framework of the ISA99 Standards Roadmap.
– Modeled after the safety standard IEC61508
– Providing detailed requirements
– An independent assessment program
• EDSA technical elements:
– Functional Security Assessment (FSA)
– Software Development Security Assessment (SDSA)
– Communication Robustness Testing (CRT)

85
 Functional Security Assurance Certification

SDSA – Evaluate how cyber

cyber--security is designed into the system

Integrated Threat Analysis FSA – Evaluate the defenses provided by the embedded device
(ITA) and what system level protection is required

CRT – Physical testing of the device to asses vulnerabilities and

probability of false trip or failure of control
Software Development Security
Assurance (SDSA)

Functional Security Assessment (FSA)

Communications Robustness Testing

(CRT)

86
 Safety Manager certified topologies
• Safety Manager out of the box certified for use in:
Safety
Applications Icon
Station
Experi
on
Server

(S)NTP
PTP

– Fully integrated network topologies CF-

CF- 9

SafeNet P2P over segregated Modbus TCP

FTE

SM-
SM - C300 P2P over FTE
Network

C200

Safety Safety
Manager Manager
Other device

C300 Controller

Universal
Safety I/O

– Fully segregated network topologies Applications

Experion
Server

• Segregated Process and Safety (S)NTP

PTP

communication network CF-

CF- 9

SM-
SM - C300 P2P Modbus TCP
FTE

• Providing maximum security,

C200

Safety Manager SafeNet P2P over segregated

Network

Other device

Safety Manager
C300 Controller

availability and reliability

Separated Safety
network Safety Universal
Station Safety I/O

87
 What’s next

• Customers
– Should add Cyber security requirements to the RFQ
• ISASecure certification
– Should assess the overall security of their system/plant
– Should approach security similarly as Safety
• Competence of people, security lifecycle, well defined processes

88
 And……

• Happy to answer your questions

• Always looking for feedback !

You can reach me via :

Johan.school@honeywell.com

89