Safety Should Come First, That’s Why an Integrated Safety Shutdown System and Fire and Gas System Keep Disaster at Bay

By Ged Farnaby and Gregory Hale
Just about five years ago a huge fireball lifted the lid off the Buncefield Oil Storage Depot in Hertfordshire, England. The disaster that struck early that December 11, 2005 morning left 43 hospitalized and an entire nation in shock.
When you look back at it, the disaster started long before the actual 6:01 a.m. blast. At 7 p.m. the night before workers started filling Tank 912 with unleaded fuel. At midnight the terminal closed, and workers checked the contents of the tanks and found everything normal. In the usual scenario, gauges monitor the level of the fuel in the tank as it fills from a pipeline. At 3 a.m. the level gauge for Tank 912 indicated an unchanging level reading, which was odd because it was filling at 550 cubic meters an hour. Something had to be wrong.

Calculations show the tank would have started to overflow at 5:20 a.m. Looking back, a high-level switch, which should have detected the tank was full and shut off the supply, failed to operate. The switch failure should have triggered an alarm, but that also failed. Forty-one minutes later, 300 metric tons of unleaded fuel spilled down the side of the tank through the roof vents onto the ground inside a bund wall, the semi-enclosed compound surrounding several tanks.
This type of massive overflow can result in the rapid formation of a rich fuel and air vapor. Closed circuit television footage showed such a vapor flowing out the bund wall around 5:38 a.m. By 5:50 a.m., the vapor started flowing off the site, near the junction of Cherry Tree and Buncefield Lane. At that same time, the rate at which fuel pumped into the tank started to increase. The fuel increased to 890 cubic meters per hour from 550. By 6:01 a.m., the first explosion occurred. The blast hit 2.4 on the Richter scale.

Buncefield is just one example of a system gone wrong. That is why with catastrophic incidents continuing to occur at manufacturing facilities across the globe and landing on the 6 o’clock news, safety has become a more important cog in the chemical process industry than ever before. That is where an integrated safety shutdown system and a fire and gas safety system come into play.

Clearly defining the two systems, the fire and gas system takes action to reduce the consequences of a hazardous event after it has occurred. The fire and gas system automates emergency actions with a high-integrity safety and control solution to mitigate further escalation.

Honeywell Banner

A fire and gas safety system consists of detection, logic control and alarm and mitigation functions. Logic Solver is the central control unit of the overall fire and gas detection and control system. The controller receives alarm and status or analog signals from field monitoring devices required for fire and gas detection. The controller handles the required actions to initiate alarms and mitigate the hazard.

Fire and gas systems can detect early warnings of explosive and health hazards, including combustible and toxic gas releases, thermal radiation from fires and minute traces of smoke in sensitive equipment enclosures. They also provide audible and visual alarm indications so operators and personnel are aware of hazardous situations.
Integration at the controller level provides plant-wide safety instrumented system (SIS) point data, diagnostics and system information, as well as alarms and events, operator displays and sequence of event information to any station. By doing this, it minimizes intervention and shutdowns, reduces hardware costs, and allows plants to recover quicker from process upsets.

The new generation of fire and gas solutions provides alerts of abnormal situations in a fast, accurate and structured way, giving personnel time to decide upon the correct course of action. These solutions include new integration capabilities with process simulation tools, fire and gas detectors and control communication protocols, enabling safety engineers to design and build large integrated and distributed plant-wide safety strategies.

A safety shutdown system, on the other hand, is a prevention safety layer, which takes automatic and independent action to prevent a hazard from occurring, and to keep personnel and plant equipment safe.

Understanding the differences between the two is vital because in an escalating situation with a potential situation nearing the verge of taking off, the systems need to work together and the people in charge have to understand what each system is doing.

Business and Safety

Manufacturing plants have always had to deal with intense business challenges ranging from increased accident, incident and insurance costs, to compliance with strict standards and codes such as NFPA, API and OSHA in the U.S. and BS EN and SEVESO II in Europe, along with corporate image and environmental issues across the globe. But in these very difficult economic times where budgeting is very tight, plants need to hike the effectiveness of fire and gas systems by getting more out of fire and gas detector coverage, system safety availability and mitigation effectiveness, while at the same time, reducing the cost of ownership for safety equipment.

Today’s manufacturing plant needs to become smarter and integration with other systems will play a larger role in increasing safety as well as efficiency. As it is with most aspects in manufacturing, there has to be an overall plant safety strategy where end users need a unified platform for emergency shutdown and fire and gas detection so there is a single window for operators and a common tool for engineering and maintenance to drive down operational risk and costs.

Managers today face a double-edged sword. They need to increase effectiveness, productivity, and allow for a safe and smooth running environment, while at the same time they must reduce costs and produce more product.

On top of that, facilities must also deal with the cost of upgrading and refurbishing existing, non-integrated fire and gas systems. In the past, proprietary fire and gas systems were standalone or a hardwired mimic overview panel linked to a control system. With these older systems, a user had to manually activate fire-control measures, which was far from an ideal practice. Today, fire and gas detection systems are programmable and tightly integrated with the overall process safety strategy. Mitigation initiates either through an emergency shutdown system or directly by the fire and gas system itself.

All of that means uptime is at a premium and manufacturers need a smooth running fire and gas safety system that can ensure minimal unplanned downtime.

People, plant, production protection

Detecting and minimizing the effects of abnormal situations remains vital to ensuring the safety of personnel, the environment, the plant, and production.

Fire and gas solutions:

• Monitor areas where hazardous levels of explosive or toxic gas are not normally present;
• Give early warning of the buildup of gas or fire before it becomes a hazard;
• Automate emergency actions with a high-integrity integrated safety and control solution;
• Comply with national and international laws or local codes; and
• Recover from abnormal situations quickly to resume full production.

Fire and gas systems can detect early warnings of explosive and health hazards, including combustible and toxic gas releases, thermal radiation from fires and minute traces of smoke in sensitive equipment.
They also provide sound and visual alarm indications to ensure operators and personnel know there is a hazardous situation. With improved detection capabilities, fire and gas systems initiate actions, such as deluge systems and evacuation procedures. This minimizes the escalation of safety incidents and protects personnel, property and the environment.

Taking it one step further, a user can plug a fire and gas system into an integrated solution that provides common tools, operating interface and networking, resulting in independent systems that tie together on a common platform. One approach is to integrate at the controller level which provides plant-wide safety instrumented system point data; diagnostics and system information; alarms and events, operator displays; and sequence of event information to any station. This minimizes manual intervention and drastic plant shutdowns, reduces hardware costs, and allows plants to recover.

Standard Involvement

Industrial standards are playing an increased role in developing, implementing and installing fire and gas systems. The IEC 61511 standard (ANSI/ISA84.01 in the U.S.) is a major step toward protecting industrial plants. The overall safety lifecycle model described in the IEC standard goes from the concept (definition) phase to the decommissioning phase, necessary to ensure the functional safety of equipment under control. This lifecycle falls over categories such as procedures, documentation, testing and validation, planning, hardware and software development, and risk assessment.
In addition, there is thought as to whether fire and gas detection systems should contribute to risk reduction or be under consideration for the installation only. The implementation of the IEC 61511 and ISA84.01 standards is becoming increasingly prevalent for fire and gas detection systems. In addition, the ISA technical report TR84.00.07 is also out to provide guidance on the evaluation of fire and gas system effectiveness.

The IEC 61511 standard concerns the determination and development of risk reduction measures required as the outcome of the equipment under control risk assessment. The basic concept of risk assessment is to identify and analyze all potential risks to the equipment under control. This includes calculating the probability of each hazard and determining the risk reduction measures required to achieve an acceptable safety integrity level.
The potential risk of equipment under control could be the outcome of the probability that the hazard occurs, and the consequences of the hazard: risk = probability x consequences.

The reduction measures either decrease the risk probability, or mitigate their consequences through the fire and gas system. Risks can be reduced through a combination of several risk reduction measures, where each measure takes care of a part of the total required risk reduction factor.

A quality fire and gas system combines state-of-the-art fire and gas detectors, conventional and analog addressable fire panels, clean agent and inert gas fire suppression systems, and a SIL 3-certified fire and gas logic solver into a consistently designed and executed solution. An integrated system provides common tools, operating interface and networking, resulting in a common platform with independent systems.

Entire Approach

By taking standards and applying them with technology, industrial operations benefit from a holistic approach to safety that supports everything from a secure process control network to the perimeter of the plant. This layered safety strategy encompasses process and system technology, along with the people who interact with that technology, to help plants achieve their safety objectives.

A layered safety strategy brings together all plant protection layers required for achieving optimum functional safety. It also provides the required functional safety with a high safety integrity level. This includes visualization and logging capabilities enabling optimal operator response and accurate evaluations. By integrating basic control, prevention and mitigation components, a chemical process industry company can vastly reduce its overall project costs and ongoing maintenance expenses.

At the core of a layered safety strategy is process design, which is the essence of the business, safety and production considerations necessary for effective operations. The next level of the layered approach implements tools and procedures for managing abnormal situations and reducing incidents. When an abnormal situation occurs, alarm management, early event detection, and abnormal situation management-designed displays ensure operators have the information available in the context they need it. This enables faster reaction to hazardous situations. Again, the faster the ability to react, the safer everything will be and the quicker everyone is able to get back to normal operations.
Next, properly designed emergency shutdown systems and automated procedures can move a plant to a safe state in case an incident escalates beyond the inner sphere of protection.

Should an incident occur, fire and gas detection solutions, coupled with rapid location of individuals and a carefully designed emergency response procedure, will help contain the impact.
The outer level of the layered approach to safety protects the perimeter of the plant using physical security which safeguards access to structures and monitors traffic approaching the facility.

When designing an integrated system, the project strategy starts with an assessment of future or existing fire and gas performance according to functional safety standards. Based on this assessment, end users have a detailed plan for installing new equipment or updating legacy technology to an optimal level of safety. This process begins with a hazard and risk assessment (such as HAZOP) and then continues through the various steps of the safety lifecycle as outlined in safety standards such as IEC 61511. An integrated main automation contractor (I-MAC) can help identify fire and gas hazard points and possible risks, and then develop basic design packages and related acceptance test criteria to meet safety requirements. This can leave the manufacturer with the ultimate in risk reduction and better performance, while meeting compliance with safety standards, and increased lifecycle sustainability.

In addition, I-MAC can also implement SIS solutions; live hot cutover, implement and execute revamps; and installation, commissioning and safety validation.

To sustain the end user’s fire and gas system, I-MAC’s can also provide lifecycle support services that include periodic proof testing; system maintenance; training programs on safety, code and standard compliance; and spare parts management.

The fire and gas system should have communications integration with the plant distributed control system (DCS) in order to have fire and gas graphics and alarms displayed to the operator.

However, there also should be independent displays, such as independent human-machine interfaces (HMIs), for plant operators to respond to F&G excursions when the DCS HMIs are not available. The plant F&G system, with a fire system for occupied buildings, should integrate with the plant evacuation and site security center for efficient plant-evacuation procedures. This enables plant managers to keep better tabs on personnel and efficiently coordinate with first responders during emergencies.

Plants implementing an integrated control and safety system platform for fire and gas, emergency shut down and DCS systems can significantly lower their operation and maintenance costs, and in many cases, reduce overall wall-to wall project costs by 25%.

Seamless integration with the emergency shut down and DCS through a common network protocol provides a safe landing in case of emergencies and eliminates the need for additional equipment or engineering.
Integration of fire detection and security systems for offsites and utilities with the plant automation infrastructure further improves operator efficiency, through single-window access for alarm visualization, diagnostics, and events and historians.

A working fire and gas system, along with trained personnel and a strong plant safety strategy, will keep disasters like Buncefield off the 6 o’clock news.

Ged Farnaby is global solutions manager for fire and gas solutions at Honeywell. His email is

Gregory Hale is editor and founder of Industrial Safety and Security Source (, the online news site covering safety and security in the manufacturing automation sector. His email is


Pin It on Pinterest

Share This