PLAYING SAFE with instrumentation

With supporting evidence from recent Health & Safety Executive recommendations1, we examine the role of safety management systems; shortfalls inherent in many systems and a logical solution to safeguard against a major plant shutdown, failure, or the worse case scenario, a fire or explosion.

As sensors and communications evolve, the process industry has seen the establishment of 4-20mA; digital communications protocols such as HART; and is now watching the emergence of a common, interoperable, fieldbus standard. Process plant instrumentation is getting clever in fact it's becoming 'smart'. But not quite smart enough.

There is an enormous installed base of 'smart' devices in process plants around the world, including mainstream instruments like pressure and temperature transmitters as well as niche instruments such as density meters. At worse they remain under-utilised, as no use is made of the digital signal and they still function on 4-20mA. At best, they are utilised in their 'smart' mode and may even have alarms configured, but if the alarm status on safety critical loops is not distinguishable from other operational alarms, there is a serious risk of uninformed operator response leading to disaster.

A control system of today quite often has more alarms configured than measurement points, many of which will be classified as high priority. The lead-up to a potential disaster could see alarms being received in the control room at a rate of one every 2-3 seconds. Often the only action open to the control room operators is to acknowledge the alarms in ignorance of their consequence.

The constant monitoring of instrument health and notification of changes provides proactive instrument maintenance. Only then is a complete, real-time process plant health check a reality. This function needs to remain independent from the control system itself in order that separate alarms for instrument failures or configuration updates are allowed for operators to be more selective in their responses.

HSE RECOMMENDATIONS

HSE observed2 that 'safety management systems should have a component that monitors their own effectiveness'. HSE recommends3 that 'all safety critical parts of plant should be included by companies in comprehensive inspection programmes'

The effective monitoring of alarms should clearly be manageable. Safety critical alarms must be distinguishable from purely operational, non-critical alarms. Priorities relating to the potential hazardous effects of instrument failure must be correctly assigned and an independent alarming system implemented on those devices.

As the HSE highlighted4: 'The use and configuration of alarms should be such that: safety-critical alarms, including those for flare systems, are distinguishable from operational alarms; alarms are limited to the number that an operator can effectively monitor; and ultimate plant safety should not rely on operator response to a control system alarm'. And5, 'safety-critical plant elements on which the safety of a process relies, that is whose failure could lead to hazardous events, should be identified. Any safety system used to protect against hazardous events should be specified, and subsequently designed, based on an appropriate hazard and risk analysis so that functions to be carried out and the necessary level of integrity are systematically determined.'

In line with these recommendations, systems such as Peek Measurement's Smart Adviser act as an independent alarm function which constantly monitors the health of a plant's instrumentation. This function is independent from the control system, thereby allowing operators separate alarms for instrument failures and process variations. All configuration changes to an instrument can be monitored and reported, which ensures that any hazardous operation reports will be completed. The Smart Adviser is easily installed into existing plants by tapping into a DCS or PLC. Alternatively, HART devices can be connected directly into the Smart Adviser. The digital HART signal contains key device health information and up to four process variables can now be measured from each field device.

The health and status of all HART transmitters can be continuously monitored and logged to ensure a complete, constant and real-time process plant health check. Instruments are managed using the universal commands within the protocol and therefore no 'Device Descriptions' are required.

On-line alarms and warning systems ensure that device or plant failure or shutdown are reduced. Alarms can be set on multiple parameters, without relinquishing its single channel integrity and independence of each input. Alarm relays per input card, visual LEDs and common alarm relays all ensure that the versatility of alarm handling is easily installed into existing plant systems.

One of the challenges with all digital data is ensuring it can be read by the plants control system. The Smart Adviser comes into its own by reproducing 4-20mA analogue signals for any of the process variables in the digital domain, saving on wiring and instrument costs.

The multidrop facility used by many HART transmitters can still be utilised with 4-20 mA analogue loops being recreated from digital signals to supply control systems.

Acting as a HART multiplexer, the Smart Adviser also allows for either the use of third-party software or its own MMI software for multiple functions such as chart recording, trending, data-logging and configuration tools.

Peek's MMI interface now gives technicians direct access (via password!) to field instruments without having to always use hand-held terminals. h

REFERENCES

1. Health & Safety Executive Report 'The explosion and fires at the Texaco Refinery, Milford Haven, 24 July 1994' Printed and published 1997 by the HSE C30, ISBN 0 7176 1413 1. 2. Recommendation 2 from ref 1.

3. Recommendation 11 from ref 1.

4. Recommendation 6 from ref 1.

5. Recommendation 7 from ref 1.