JAN-FEB 2018

Issue link:

Contents of this Issue


Page 21 of 53

22 INTECH JANUARY/FEBRUARY 2018 WWW.ISA.ORG At the intersection of alarms and safety systems When alarms serve the safety system, analysis must be handled with care By Lee Swindler, PMP, Ron Carlton, and Richard Slaugenhaupt I t is not difficult to find resources related to safety instrumented systems (SISs) or alarm management, but discussions relating the two and considering their overlap are rarer. In fact, one could conclude that the two are not related at all, especially when companies address them at dif- ferent times or with different personnel. In a greenfield plant or process unit design, the hazard and operability (HAZOP) study is usually very early in the project—well before any concrete is poured or pipes are welded. Ma - jor hazards identified often trigger some equip- ment redesign. When the HAZOP is finished, a layer of protection analysis (LOPA) may be war- ranted to determine if a SIS is required (figure 1). When the automation systems are finalized later, attention turns to alarm rationalization. An entirely new team of people, perhaps far removed from the HAZOP and LOPA efforts, may address rationalization. If a company is disciplined and fastidious about documenta- tion, it is simple for the rationalization team to incorporate the results of the safety analysis, but this is not always the case. This is unfortu- nate, because details of the safety analysis play a substantial part in defining how the alarm ratio- nalization process incorporates safeguards and independent protection layers (IPLs). The most important layer of protection in any process is effective process control. Short of an outright mechanical failure, operations within normal boundaries produce few, if any, incidents. But no basic process control system (BPCS) can handle every possible disruption, and there will always be some process upsets. The alarm system tells operators about disrup- tions that the BPCS cannot adequately handle au- tomatically. An operator response is then required to fix or mitigate the problem before it escalates to the point where the SIS has to act. By definition, ev- ery alarm has an associated operator response, and the operator needs to know the appropriate action.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2018