OPTIMIZING

PROCESS
SAFETY
LIFECYCLE
APPROACH
PROVIDES
NEW
INSIGHTS
TO MANAGE
HAZARDS
Validate assumptions using the latest analytics tools and your
real data to minimize your risks

Author : A.M. (Tony) Downes,

Global Process Safety Advisor
TABLE OF
CONTENTS

3 Background
4 Traditional Safety Strategy
7 Creating a Digital-Twin for Safety
8 Expanded View of the Process with YOUR Data
10 Advantages for Plant Operators
11 Conclusion
11 References

2 Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards
BACKGROUND

Process safety is a significant, mandatory

investment in today’s global market. It ensures
plant assets are protected, and personnel is
provided a safe work environment. However,
current practices in this area can be inconsistent
and ineffective.

Process safety is about managing the integrity of operating systems by identifying

hazards, estimating their risk, and applying engineering safeguards and disciplined
operating practices. It deals with the prevention and mitigation of incidents that have the
potential for severe, even catastrophic damage. Poor process safety performance is very
bad for business. Closing the loop on the safety lifecycle is more important than ever –
but it’s also more achievable than ever before.

Over recent decades, improved understanding of process safety risk and decreasing risk
tolerance has led to many more safety barriers, particularly Safety Integrity Level (SIL)
rated interlocks, being installed in process industry facilities. Unfortunately, the barriers
an organization has to prevent major accident hazards from occurring can become
less robust without continual checks that they are solidly in place and truly achieving
the company’s risk targets. Closing the loop “manually” is possible, though painful
and expensive. Keeping a half-dozen documents – managed by four or five different
departments – in perfect harmony might be theoretically possible (with a lot of effort)
but in practice, it doesn’t work. With critical process information held in silos in different
domains, it just isn’t “operational.” And, as one safety expert recently noted, “Our problem
is with ‘the last mile’ – what really happens in the field.”

A growing number of plant owners are looking for a way to compare their facility’s actual
performance against its intended design. They need solutions making it possible to
monitor performance across their operations, identify bad actors wherever they exist,
and sustain minimal risk throughout the life of the plant. The goal is to ensure operations
run for the next 30+ years with suitably reliable Independent Protection Layers (IPLs) to
safeguard assets from potential hazards. Advanced analytics – programmed from the
expectations in the HAZOP/LOPA/SIL – hold the key.

Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards  3
TRADITIONAL
SAFETY STRATEGY
Historically, the way that process safety has been
approached requires many resources with varying
types of expertise (internal and external) and different
tools for gathering relevant data and conducting
hazard-related studies. This has been, and continues to
be, an expensive, inefficient and costly process.

Unit information switches back and forth many times, and manual data entry, revision
control, and normal human behavior create havoc and lead to systematic errors.

The common elements1 of a process safety strategy in the process industries include:

HAZOP
Industrial facilities seeking to optimize their process safety performance typically start
by conducting a Hazard and Operability (HAZOP) study to find hidden hazards in their
processes and give a preliminary Risk Ranking. This process should be deliberately
conservative. If the HAZOP team overestimates the risk of a particular scenario, this can
be revisited during the expert review in the next step.

1
This whitepaper assumes that the reader already
understands the fundamentals of Risk Estimation.

4 Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards
LOPA
The second step in modern risk management systems is a Layer of Protection Analysis
(LOPA), which builds on the information developed during the HAZOP. The primary
purpose of LOPA is to determine if there are sufficient layers of protection against the
consequences of an accident scenario (i.e., can the risk be tolerated?). Because the
LOPA process has more parameters available, it allows a more precise estimate of
the risk – on both the Consequence and the Likelihood side. Many companies require
that LOPAs be led by more experienced risk analysts. Based on publicly available
documents like CCPS’s LOPA book2 , they generally establish tables for things like
Initiating Event Frequencies (IEF) and Probability of Failure on Demand (PFD) for
Active Safeguards, as well as Conditional Modifiers3 , Probability of Ignition4 , etc.

The LOPA also establishes how effective each of the protection layers is supposed to
be. Let’s illustrate with a real-world example. Operating a gasoline storage tank (Fig. 1
below) has a specific risk. A HAZOP team might look on it as follows:

There are two main potential hazards: an internal explosion in the headspace and an
overfill and spill. Let’s focus on the overfill hazard. Most analysts would expect the
worst consequence of a spill of a flammable liquid.

If a layer is an active safeguard like a High-High Level interlock, then it has a certain
reliability – and thus a probability that it will be in a Fault state when a demand (like a high
level) occurs. Better hardware and more testing can help – as can analytic software. And
Analytic software can confirm the demand rates the HAZOP team assumed or flag when
demands occur much more often than expected.

Figure 1 Gasoline Storage Tank

LSHH

HHH
HH
H

HV XZV

HOW ANALYTICS CAN PREVENT ACCIDENTS

-- Initiating Event: LIT Error.
IEF ~1/10 years1
-- Safety Interlock: LSHH �> XZV SIL22
-- Conditional Modifier: Prob. Of Ignition ~0.993
-- Combined Probability of Fire ~ 0.001/year
1. Typical failure rate from CCPS LOPA Book.
2. Assumed RRF of 100 (PFD = 0.01)
3. CCPS POI Tool for heptane at 60degF:POII ~.01; PODI ~0.99 POEGI ~0.5
But in Buncefield UK, the LIT was sticking about once per week. And the LSHH had
been left in Bypass after a test. Analytics tools can monitor for such “stuck signals” IF 2
“Layers of Protection Analysis”
Analog transmitters are used. And enterprise tools can watch for problems at small, 3
CCPS CM
out of the way facilities.
4
CCPS POI

Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards  5
SIL ANALYSIS
Once the reliability of the active safeguards has been established, the functional
safety experts can design the Safety Instrumented Systems (SIS) to achieve that
level of reliability.

Recent events have propelled industrial companies to work towards an evergreen

functional safety management plan, including monitoring the performance of
protection layers. The focus is on understanding how issues affect their risk profile, as
well as managing risks and demonstrating adherence to policies. Work has been done
to synchronize:

-- PHA studies
-- LOPA findings
-- SIL calculations and verification
-- Safety Requirements Specifications (SRS)
-- Daily operating data

SAFETY INTEGRITY REQUIREMENTS

DEMAND MODE OF OPERATION
Safety Integrity Level (SIL) PFDavg Required Risk Reduction

4 10 -5 to 10 -4 >10,000 to <= 100,000

3 10 -4
to 10 -3
>1000 to <= 10,000
2 10 -3 to 10 -2 >100 to <= 1000
1 10 to 10
-2 -1
>10 to <= 100
A More than 10-1 >1 to <= 10

HONEYWELL'S LAYERED APPROACH TO PLANT SAFETY

Process Design

Basic Process Control System

Alarms & Operator Actions

Safety Interlocks (SIS)

Gas & Fire Detection/Alarm

Emergency Shutdown (ESD)

Site Emergency Response

Community Emergency Response

Honeywell offers solutions for all of the above. This whitepaper focuses on the highlighted layers.

6 Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards
CREATING
A DIGITAL-TWIN
FOR SAFETY
In light of recent high-profile accidents in the industrial
sector, plant owners are devoting a more significant
share of their budget to implementing process safety
measures. In most cases, however, the traditional
approach to safety is inefficient, and the documents
produced are just that –documents – without any
connection to each other or to the real-world operation
post-design. Disparate reports and tools are commonly
employed to support the safety lifecycle.

The latest integrated solutions for process safety fully automate the safety lifecycle,
helping to reduce errors, lower costs, continuously monitor operations for hazardous
conditions, and provide safety alerts in a timely fashion. They are designed to enable
plant operators to accurately identify bad actors using real-time risk management.

Technology advancements enable industrial organizations to collect hazard review

data into a single enterprise-wide system so they can analyze intended versus actual
safety performance, and fix problems before they lead to serious incidents. While
doing so, they can reduce man-hours, not just for design, but also for investigating
issues as called for in IEC-61511. They can also drive consistency, ensure process
compliance, save money on functional safety engineering, and make better risk-
based business decisions.

Enterprise tools enable safety personnel at all levels of the organization to monitor
process conditions by comparing actual performance from the plant historian with
pre-defined hazard conditions from the risk analysis and take immediate action to
minimize risk. These tools also facilitate analyses such as PHA, LOPA, SRS, and SIL
calculations and classifications without excessive engineering costs.

In addition, solutions are available to use cloud-based data capture and analytics,
together with off-site resources, to analyze the performance of Safety Instrumented
Functions (SIFs) against expected or assumed behaviors for trip events. This
capability also helps operating companies understand the range of trips in similar
process units across sites or around the world.

Manufacturing facilities can now take advantage of an approach that tightly connects
advanced analytic tools with process hazard analysis, LOPA, reliability calculations,
safety requirements specifications, cause and effects, and functional test procedures
to focus on key areas of safety performance. The goal is to detect clues of potential
problems so as to stop accidents before they occur.

Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards  7
EXPANDED VIEW
OF THE PROCESS
WITH YOUR DATA

At many industrial facilities, it is not uncommon for

operating metrics to suggest that everything is under
control, when digging below the surface reveals signs of
significant risks to the safety layers and barriers meant
to prevent major accidents. Usually, safety personnel
only look at historians after a process upset of some
kind has occurred.

Plants can now utilize a methodology for managing process safety information that
connects design assumptions to real-time operating data and proactively removes
risk. This strategy relies on modern computerized analytic systems to optimize
safety functions that have been handled manually for years. It is intended to identify
potential vulnerabilities and address them before an upset or incident occurs.

New process safety lifecycle management tools are penetrating the marketplace as
the Industrial Internet of Things (IIoT)/digitalization revolution takes off in the process
industries. These tools can cost-effectively remove risk from business. Their premise
is to consolidate process safety data into a single data repository. This data is fed to
an analysis engine, where it can be efficiently and automatically leveraged to unlock
hidden process safety information.3

At the same time, the centralized database approach brings together key workgroups
such as process and functional safety experts, automation specialists, and operations
and maintenance personnel to interact with the same information and stay in-sync
within a shared system.

Process safety lifecycle management tools look for a host of crucial issues:

-- Is the Safety Instrumented System (SIS) prevention layer ready?

-- Is the SIS prevention layer degraded in any way?
-- Are any SIFs in bypass today? Or over the past year?
-- How did this layer perform during the last demand (real or spurious)?
-- What are the Risk Reduction Factor (RRF) and Probability of Failure on Demand
(PFD) averages over the past year or so?
-- How steady is the Basic Process Control System (BPCS) layer?
-- Are any critical control loops degraded?
-- What is the real initiating event frequency?
For any plant, the ideal operating state is when production processes follow control
strategies designed, built, and checked during the Hazard and Operability (HAZOP)
stage for safe operations.

Emerging process safety techniques are innovative in the way they enable plant
operators to compare what should happen with process safety to what actually does
happen. They also ensure a single-source of truth for process data. An inherited data

8 Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards
model linking risk rankings down to tagged devices makes it easier to support daily
operations and maintenance activities. Previously invisible risk become identifiable by
analyzing deviations in operations compared to the original design assumptions.

Making all the “what should happen” information available in a database means plant
personnel can now configure analytic tools to do automated tracking, recording and
validation on the condition of the SIS and final elements. They can take into account
events from all operations (planned and unplanned) to track and automatically
validate them versus the expected behavior. This makes it easy to analyze SIL-related
Key Performance Indicators (KPIs) to track failed operations, demand rate on SIFs,
failure rate on final elements, and test intervals.

For plants that are already up and running, the latest software solutions help PHA
revalidation teams move smoothly through their work of identifying issues using data
from their own unit’s performance. They also improve the speed and accuracy of
numerous technical activities needed to properly analyze risk during revalidations.

Process safety specialists can use advanced analytic engines to look for gaps
between plant design and historian data, and thus help make operations safer, reduce
spurious trip rates, and minimize engineering costs. Information from historians as
well as Computerized Maintenance Management Systems (CMMS) is collected and
supplied to an event-processing engine, which examines time-stamped event journal
data and analog historian data for field devices and other equipment.

The data system continuously executes performance, health, efficiency, and safety-
related calculations and compares the results of current actual operation to an
expected performance model. Predicted or detected deviations from these models are
used to generate notifications to facilitate investigation and intervention to minimize
the cost and frequency of an event.

Experience has shown that having the HAZOP, LOPA, cause & effect matrix, and
historian data in a safety “digital twin” enables a sustainable analytics solution.

Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards  9
ADVANTAGES
FOR PLANT OPERATORS
No matter where they are in the process safety lifecycle, plant owners can utilize
new safety methodologies to reduce risk and save money, while complying with best
engineering practices throughout the operating life of their facility. The latest process
safety tools use a plant’s test and operating history to minimize risk and optimize
technology investments.

Manufacturers can do more with data via a connected, intelligent approach to process
safety. This includes turning process historian data into valuable safety insights.
Employing a single data system for all process safety risk management information
and analysis, they gain the means to improve monitoring of operational hazards and
streamline work to enhance functional safety:

-- Integrate process hazards and risk analysis as part of a cohesive safety strategy
-- Find and fix safety problems that previously went undetected
-- Realize the benefits of drawing PHA and LOPA processes closer together
-- Do away with enormous 10x safety factors through a better understanding of
actual risk
-- Eliminate the difficulty of keeping many separate documents in sync for years to
come
-- Implement template-based SIFs to streamline safety design efforts
-- Simplify preparation of SRS and SIL calculation documents
-- Improve methods for passing outputs to the SIF implementation team
-- In addition, continued progress in the area of process safety enables plants to take
steps to ensure reliable operations and maintenance:
-- Comply with best practices like IEC 61511 requiring robust testing as well as
investigation of trips to ensure safeguards stay in place and work properly every time
-- Ensure data can demonstrate that the site is in compliance with risk management
requirements, or indicate when there’s an issue
-- Provide reliability information as an input to the next revalidation cycle of the PHA
-- The ability to leverage a digitized process safety lifecycle during capital project
execution has the potential to drive significant efficiency and cost improvements.
This includes a reduction in time and effort due to the typical copy factor between
plant equipment and SIFs, and savings in functional safety engineering services.
Furthermore, data generated in the design phase can be used in operations to
validate assumptions and make risk-based business decisions.

10  Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards
CONCLUSION
Thanks to innovations in process safety management, industrial organizations can
take advantage of integrated enterprise systems and effective performance metrics
that truly reflect the state of risk controls and allow plant managers to target resources
towards the areas of greatest concern. This approach connects design assumptions
with actual performance, and helps facility operators to be confident their protection
layers will work.

The addition of more advanced and continuously running process safety lifecycle
management tools makes process safety monitoring and analysis practical to
do all the time. And today’s new enterprise tools that integrate PHA/LOPA and
SIL calculation systems along with Analytics Systems that continually check the
real-world performance of the Process systems (using Historian data) and the
Maintenance systems against the assumptions takes this approach to the next level.

If you would like to hear more about Honeywell’s new Process Safety Suite, which
does all the above and can connect to any system, please contact your Honeywell
representative or hpsmarketing@honeywell.com

REFERENCES
1 Veazey, M. “Process Safety Management: Overcoming the Silo Factor.” (2017).
Retrieved August 15, 2019.

2,3 Scott, M., Schuler, T. “Process safety as a profit center?” (2018). Retrieved
August 15, 2019.

Optimizing Process Safety: Lifecycle Approach Provides New Insights To Manage Hazards  11
For more information
To learn more about
Honeywell’s Process Safety Suite visit,
https://hwll.co/processsafetysuite or
contact your Honeywell account manager.

Honeywell Process Solutions

1250 West Sam Houston Parkway South
Houston, TX 77042

Honeywell House, Arlington Business Park

Bracknell, Berkshire, England RG12 1EB UK
Shanghai City Centre, 100 Zunyi Road
Shanghai, China 200051
WP-19-12-ENG I 09/19
www.honeywell.com © 2019 Honeywell International Inc.