Last week I taught the ISA EC 52 training course – Advanced SIL Selection. This course covers a wide range of SIL selection topics and techniques, but spends the build of its time addressing the Layer of Protection Analysis (LOPA) approach, because this is the approach that is most commonly used in industry. The LOPA approach tends to use more quantitative information in the development of accident frequencies, as opposed to the more qualitative approaches in risk graphs, hazard matrices, and consequence only approaches. Initiating event frequencies and independent protection layers need to be quantified – at least to the order of magnitude level – in order to obtain results.
Immediately, as soon as the need to perform a calculation is developed students immediately ask “where do I get the data?” The answer is usually not what the student wants to hear. What would is desired is a look-up table that is always correct, but unfortunately, that is not realistic. As engineers we are perpetually searching for the “right” number. For instance, when it comes to the probability of failure of an operator to properly respond to an alarm and bring the process to a safe state, some say that the right answer is 10% given that the response situations meets certain criteria and 100% if it does not. Other adamantly profess that 100% is the correct number because you can never rely on a human being in an emergency situation. Other have different opinions still. So, what is right? The real but undesirable answer is – it depends. The specific situation and the specific person has to be taken into consideration when making this assessment. Even something more concrete such as failure of a pump is still situationally depended. Some pumps in severe service are expected to fail in less than a year while others can last dozens of years without failing.
While the “numbers” put into a LOPA are situationally dependent, there are good sources of data that you can use as a starting point. Books such as the Layer of Protection Analysis: Simplified Process Risk Assessment from the Center for Chemical Process Safety of the American Institute of Chemical Engineers and the Kenexis SIS Engineering Handbook provide data tables that include some discussion about applicability of the data in certain situations. While these references are good starting points for the quantification of LOPA scenarios, they are only initiation estimates that should be used in lieu of actual operational statistics.
As a plant’s experience with the use of SIS in accordance with IEC 61511 (ISA 84) grows, it will become necessary to utilize real operating data instead of what are essentially assumptions about expected performance that come from the aforementioned reference books. The standard clearly states that these initial estimates must be replaced with actual operating data at some time in the future. As such, it is incumbent upon each operating plant to being collecting data now that will be used during the SIS Design Basis Revalidation process that will necessarily occur in the future. The other benefit of this data collection activity is the ability to be able to report real time trends of activity to key decision makers so that corrective actions can be taken if IPL performance or initiating event rates are greater than initially estimated.
Kenexis has a lot of good reference information on the use of real data for SIS design basis revalidation. This month’s newsletter contains a feature on a presentation the I gave on using real time data to track safety performance, and the website contains a great white paper on the SIS Design Basis Revalidation Process. If you are interested in SIS Design Basis Revalidation you can download the White Paper.