Making the Safety Connection

Tuesday, June 17, 2014 @ 03:06 PM gHale

By Luis Duran and Gregory Hale
Safety is all about vigilance and consistency and it still remains among the top concerns affecting process operators worldwide, not only compliance to local and international regulations but effectively avoiding the risk in the production process.

However, in quite a few cases the industry implements process safety and risk reduction mechanisms using different and disconnected systems, thereby losing the ability to effectively assess and reduce risk.

To make matters worse, in more cases than not technology selection does not end up tied into a culture of safety in the organizations making the decisions, leading to additional inconsistencies and gaps and therefore creating additional opportunities for hazards to escalate.

Technologies to Enable Process Safety Compliance
Certified Safety System Releases
OTC: Safety, Security Reign
KOSO America Earns Functional Safety Certification

You see in project specification statements as “system must be designed following IEC61511/ISA84”, or system must be “SIL 3 certified”, but in reality, just what does that mean? How is that making the plant a safe place to work?

We are defining safety as freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment. Functional safety is the part of overall safety that depends on a system or equipment operating correctly in response to its inputs.

There are several industry standards that help guide users in implementing Functional Safety:
• IEC61508 Functional safety of electrical/electronic/programmable electronic safety-related systems
• IEC61511/ISA84 Functional safety – Safety Instrumented Systems for the process industry sector
• IEC 62061 Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems

Functional safety standards are applicable to product designers, vendors, system integrators and end users. All will have different responsibilities in the implementation of functional safety or safety systems, but all must be ready to demonstrate competence for the activities directly under their responsibility.

We can first look at IEC61511/ISA 84 for the process industries, which includes pulp and paper, fine chemical, petrochemical, refining, oil and gas, and non-nuclear power generation.

By simply asking for a product certificate without further analysis or taking the time to understand how the product works and how it reduces risks, it will not ensure safety.

Designing according to IEC61511/ISA 84 is more than selecting a certified product. This standard covers two key areas safety lifecycle and safety integrity levels.

This standard:
• Requires that a hazard and risk assessment end up carried out to identify the overall safety requirements
• Requires that an allocation of the safety requirements to the safety instrumented system(s) is carried out
• Works within a framework which is applicable to all instrumented methods of achieving functional safety
• Details the use of certain activities, such as safety management, which may be applicable to all methods of achieving functional safety

In other words the design best practices to ensure that a logic system is capable to provide the intended risk reduction and this includes following the Safety Lifecycle and Functional Safety Management System (FSMS) that documents and verifies best practices ended up followed.

In addition to IEC61511/ISA 84, there is IEC 61508. However, the fact a safety system follows IEC61508 and ended up certified as SIL 3 capable does not ensure the system is safe and secure.

As a part of the good news, the latest revision of IEC61508 requires product designers to perform a threat analysis on the system to consider the impact of network security in the performance of the safety system. In addition to the safety requirements (traditionally linked to a SIL rating), this was not a requirement in systems certified before 2010.

Over the years of working together, end users encouraged vendors to offer safety solution that were SIL 3 capable and also interfaced to BPCS using open networking elements opening SISs to a variety of exploitable vectors. Addressing those potential threats requires analysis and mitigation strategies particular to each case.

Today, most of the major vendors provide SIS solutions that sit on the same Ethernet infrastructure as the BPCS components. In such case the design should include zone definition, access control restriction across multiple zones and other methods to reduce the potential risk.

Users have many options, starting with the selection of the vendor considering a sound security strategy (i.e. one that considers security in system design, defaults and delivery of the installation plus a consistent communication strategy to alert a user to potential risk or emerging threats and mitigation) to implementing advanced network analysis tools that specifically monitor traffic originating from and destined to the SIS. Deep packet inspection/content filtering must deploy on any shared network to provide assurance that these systems are functioning as designed or even deploying application-layer unidirectional security gateways.

The best way to ensure safety and security is to take a proactive approach and implement a functional safety and security lifecycle management, this allows the user to identify threats and ways to mitigate them.

Click here to download an interactive discussion on major Safety issues in the industry.

Luis Duran is product manager of safety systems at ABB. Gregory Hale is the editor and founder of

Leave a Reply

You must be logged in to post a comment.