Safety in the Process Industries: trends, leading opinions and

What are the first steps for a proper safety culture and how would you qualify a “good safety culture”? ... He is instructor for Psynapses and consultant for.
Télécharger le PDF
537KB taille 1 téléchargements 267 vues
commentaire
Report
Safety in the Process Industries: trends, leading opinions and experiences QUESTIONNAIRE Question 1

As an introduction, could you please provide us with a few definitions? What are “safety”, “functional safety”, “safety integrity levels” and “safety instrumentation systems”? How are their requirements established? What are the bases of functional safety and the most common pitfalls? Could you illustrate with examples how functional safety can be achieved? Question 2

Before we talk in more depth about international standards topics, could you give us based on your professional experience your impression of how safety is perceived and addressed by companies? What are the first steps for a proper safety culture and how would you qualify a “good safety culture”? Would you say that the approach is different between old and new sites, remote and densely populated sites, emerging and developed regions? How are these differences, if any, acceptable or justifiable? Question 3

In your opinion what are the main safety cultural differences in the various European regions and around the world? What business risks are involved with these differences, if any? Question 4

Throughout all industry sectors (pharmacy, food, medical, etc) do you observe a converging approach for risk analysis, evaluation and functional safety? What are the main features of this convergence? Are the process industries participating in this trend and how? Question 5

Advanced technology and certified solutions have been a strong focus for safety project development and implementation in the past. Is this sufficient to guarantee a satisfactory safety level for a plant operation? What importance should we give to equipment software and application software development requirements and specifications? What do the recent standards say about it? Do you have any recommendations? Question 6

Where should the industry focus to standardize its safety tools? What benefits do you foresee? Question 7

Could we say that the recent EN/IEC 61508 & EN/IEC 61511 European standards relating to Safety Instrumentation Systems (SIS), the former for all industries and the latter for the process industries only, have been acknowledged by professionals in France? Question 8

Are there any obligations in France for having Safety Instrumentation Systems in compliance with the EN/IEC 61508 & EN/IEC 61511 European standards? What is the situation in other regions of the world? What’s the international market response and orientation? Question 9

What are the legal responsibilities to be faced in France in case of an incident involving loss of life, health and/or environmental consequences when it is recognized that the plant Safety Instrumented System failed or was inconsistent with its original purpose? Question 10

How would you describe the conflicting interests between the various parties involved in the industry? What risks can you identify for the future?

Mr. Bertrand Ricque Club Automation ISA France

Safety Users Group © 2007

Question 11

Based on your experience, do you have any recommendations for professionals who intend to strengthen their plant safety? Those planning to implement the EN/IEC 61508 and EN/IEC 61511 European standards for the first time?

Page 2 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Safety in the Process Industries: trends, leading opinions and experiences BIOGRAPHY

B BE ER RTTR RA AN ND DR RIIC CQ QU UE E ,, M Mrr.. C CLLU UB BA AU UTTO OM MA ATTIIO ON N IIS SA A FFR RA AN NC CE E

Born in 1960 and he spent his childhood abroad. He developed a strong taste for international relations and cultural exchanges. After a BS in mechanics, he enters Ecole Spéciale Militaire de Saint-Cyr (French military academy). He completes an MS in general engineering, specialises in unmanned airborne systems and starts his career as commanding officer of a drone unit. He gets familiar with high technology systems, team organisation and initiative. In 1990 he switches to industrial activities and is appointed Senior Project Manager within Elsag Bailey. He manages various projects in petrochemical, offshore, classic and nuclear energy industries. He then hold managing positions within different suppliers of automated production systems, such as Rockwell Automation, Euraltech et Vanderlande Industries. Within all these companies, he promotes good engineering practices based on efficient project management and system availability control. Since 2004, Bertrand Ricque is Unmanned Airborne Vehicle Program Manager within Sagem Défense et Sécurité. He contributes to Instruments, Systems and Automation society SP84 committee and to International Electro technical Commission SC65A workgroup. He is instructor for Psynapses and consultant for safety instrumented systems and FDA certification. He conducts IEC 61508 audits.

Page 3 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Safety in the Process Industries: trends, leading opinions and experiences ANSWERS Question 1 As an introduction, could you please provide us with a few definitions? What are “safety”, “functional safety”, “safety integrity levels” and “safety instrumentation systems”? How are their requirements established? What are the bases of functional safety and the most common pitfalls? Could you illustrate with examples how functional safety can be achieved? Answer 1 First of all, we should not forget that French and English don’t share the same vocabulary. I will thus answer with regards to the English meaning. Within the context of industrial installations, I would say that “safety” is a more or less quantifiable perception of the state of being free from danger. The quantification of the state is one thing. The perception is another one, very much submitted to cultural and social drivers. This is the reason why the standards insist on defining an unacceptable risk limit. “Functional safety” introduces the concept that the “safety” is achieved through something realizing a function. Usually, in our scope, this something is a “system”, based on automation and control equipment. This immediately leads to “system engineering”, which unfortunately I don’t see very much in the standards. “Safety Integrity Level” is a more controversial concept. It is very often reduced to a probability of realising a function under specified conditions. I see it more as a complex function of the “integrity” of hardware components and software components in terms of systematic and random aspects. Whatever the fundamental aspect of this concept is that it is a “performance” concept. The underlying consequence being that this performance can be essentially achieved through system engineering (and not cooking recipes…). “Safety Instrumented Systems” are just the equipments automation engineers usually use to realise “safety functions”. The characteristic being that they have inputs, outputs and something in between to handle some kind of intelligence. This concept limits the scope of the standards by itself. The requirements for these systems are usually established after a risk analysis. Unfortunately, the basis for the SRS is very often a mixture of cut and paste from previous projects with cooking recipes from manufacturers of equipment. Page 4 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Answer 1 cont’d This is very far from what is expected in the standards or in good engineering practices. The most common pitfall is the lack of a structured engineering frame for system concept and design. The second one being that the split in responsibilities for project execution poorly map the needs arising from the standards application.

Page 5 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 2 Before we talk in more depth about international standards topics, could you give us based on your professional experience your impression of how safety is perceived and addressed by companies? What are the first steps for a proper safety culture and how would you qualify a “good safety culture”? Would you say that the approach is different between old and new sites, remote and densely populated sites, emerging and developed regions? How are these differences, if any, acceptable or justifiable? Answer 2 Safety is perceived as something which costs and is addressed as a constraint you have to cope with. The first step for a proper safety culture is the acceptance that risk will always exist and the ability to establish acceptable and unacceptable risk limits. The second step is to design safety into everything. I don’t really see differences based on age or population density. Differences between emerging or developed areas are obvious. It is then interesting to look at the cynicism with which companies apply or not safety standards. It is possible, and recommended, to approach the financial aspects of safety through the ALARP concept. I have difficulties to accept that the ALARP concept could be applied based on a better risk acceptance in emerging areas than in developed areas. In addition the safety culture of the process industries, where you have to build the safety, is different from the safety culture of the manufacturing industries, where you buy safe machinery (it’s a simplification). The differences are very puzzling for batch industries like pharmaceuticals or food and beverage, where they have both.

Page 6 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 3 In your opinion what are the main safety cultural differences in the various European regions and around the world? What business risks are involved with these differences, if any? Answer 3 France has a very deterministic approach to risk. This is in my mind due to fact that the French culture rely very much on the government, the administration and the legal system, and not so much on individual responsibility. Some persons see also the origin of this sensitivity in our catholic (versus protestant) culture. The consequence is that the French population is very little aware of risks. We expect that all measures have been taken by the government to avoid risk. This actually means that in the mind of the population, you have risky areas, for instance around a refinery, but that this area suddenly ends (at a fence) and that there is absolutely no more danger outside. This approach induces also a natural trend to adopt “cooking recipes” or “deterministic solutions” (like in the EU machinery directive). Performance based solutions are a revolution because you first have to decide which risk you accept. However the French engineering community as well as the public authorities acknowledge this problem in our culture (since the AZF explosion). Up to now, little is made to modify the situation… The business risks are that a:  

French company with little international experience might have difficulties to enter in the Anglo-Saxon risk culture, Foreign company could encounter difficulties to find the proper suppliers to realise a project in France.

Page 7 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 4 Throughout all industry sectors (pharmacy, food, medical, etc) do you observe a converging approach for risk analysis, evaluation and functional safety? What are the main features of this convergence? Are the process industries participating in this trend and how? Answer 4 Yes. This convergence is emerging. Very slowly. The problem in France is that standards which are enforced by government agencies are the standards related to the EU machinery directive, and thus concerning manufacturing industries. There are not “enforced” standards for process industries. It slows the adoption of the IEC 61508 standards. In addition the general concept of IEC 61508 and its manufacturing industries derivate standard, the IEC 62061 is absolutely not compatible with the EU machinery directive related standards such as EN 954-1. This case generates a passionate debate involving ISO, IEC, standard experts and lobbyists, but don’t find any echo in the industry community. What can be clearly noticed is the growing importance of risk analysis and risk management concepts, especially in the pharmaceutical industry. This is a consequence of the FDA 2004 initiative and we can expect to see this approach gain some consideration in the food and beverage industry in a near future. But again, the approach is not adopted voluntarily. It is under constraint.

Page 8 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 5 Technology advanced and certified solutions have been a strong focus for safety project development and implementation in the past. Is this sufficient to guarantee a satisfactory safety level for a plant operation? What importance should we give to equipment software and application software development requirements and specifications? What the recent standards say about it? Do you have any recommendations? Answer 5 This point is the most disputed aspect of the standards. The standards clearly don’t describe certification of the “safety functions” and of the “safety instrumented systems”. Not because it would be impossible, but because it does not suit the needs and because it does not prevent from poor engineering. The standards focus on good practices and tend to reject cooking recipes. Of course it is the interest of nobody to generate additional work and to use expensive competencies, except for the persons and valuables you try to protect. It is also a problem for component manufacturers and sellers to sell their products when the standard reads you must buy overall performances and engineering methodologies. There is still a big conflict between representatives of end-users and of manufacturers within the standards work groups. Again, the certification only certifies that the figures associated with the products can be trusted. Nothing else. Of course certification is helpful as you at least have figures to check the performances of the system you are designing. Certification also gives you a visibility on the failure modes of the component. But it doesn’t guarantee in any way the overall performance of an SIS within a specific functional and process environment. My recommendation would be that a key capability for reaching a good safety level is a proper engineering process based on good software development methodologies such as rationale or CMMI. Certification of hardware is useless without certification of programmers and organisations.

Page 9 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 6 Where should the industry focus to standardize its safety tools? What benefits do you foresee? Answer 6 I don’t see any benefit in standardizing safety tools. The application range from huge safety systems counting more than 10 000 I/Os to very simple safety loops in machinery. The difficulty in the concept relies much more in operation modes or proper answers for risk analysis and management rather than in the off-the-shelf solutions. However the design tools are very important. These tools range from risk analysis software and methodologies to formal proof capability.

Page 10 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 7 Could we say that the recent EN/IEC 61508 & EN/IEC 61511 European standards relating to Safety Instrumentation Systems (SIS), the former for all industries and the latter for the process industries only, have been acknowledged by professionals in France? Answer 7 No. Not yet. Only multinational large companies use commonly these standards.

Page 11 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 8 Are there any obligations in France for having Safety Instrumentation Systems in compliance with the EN/IEC 61508 & EN/IEC 61511 European standards? What is the situation in other regions of the world? What’s the international market response and orientation? Answer 8 No. Compliance to the EU Seveso II directive is not expected to be reached through mandatory standard. But as these standards are EN (Europe Norme) and also NF (Norme Française), and as no other ones do exist on the market, a court of law would expect you to stick to them.

Page 12 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 9 What are the legal responsibilities to be faced in France in case of an incident involving loss of life, health and/or environmental consequences when it is recognized that the plant Safety Instrumented System failed or was inconsistent with its original purpose?

Answer 9 This is a good question. Normally the responsibility is held by the plant manager as a performance obligation. In case of an accident the plant manager and his staff would try to demonstrate that their responsibility is attenuated by the failures of the supplies.

Page 13 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 10 How would you describe the conflicting interests between the various parties involved in the industry? What risks can you identify for the future?

Answer 10 Government agencies see the standards as an opportunity to reach better safety levels, but they cannot clearly make them mandatory without taking a responsibility should an accident happen. The manufacturers, if they can turn the standards to product certification see them as an opportunity for additional sales. On the opposite, as the standards request good engineering, which is difficult to sell for product manufacturers, the performance obligation is perceived as a threat. The system integrators, having little safety engineering capability (to levels requested by the standards) will stick to the manufacturer approach. The specialised engineering companies have excellent competencies but are used to work for military or aerospace industries where the timeframe and market prices are not similar to process and manufacturing industries. If they want to enter the IEC 61508 business, they have to lower their costs. End users have less and less competent teams. They just want to buy the solution and are willing to listen to any fairy tales. Third party certification companies are just building their competency in this field and will probably play more a consultancy than audit role.

Page 14 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007

Question 11 Based on your experience, do you have any recommendations for the professionals who intend to strengthen their plant safety? Those planning to implement the EN/IEC 61508 and EN/IEC 61511 European standards for the first time? Answer 11 1. Send the whole team to an IEC 61508 training. This is a minimum of 3 days. 2. Start your project with the help of an expert. 3. Carefully select the suppliers, especially for software development among companies willing to invest in the safety business. 4. Don’t forget formal reviews and project assessments at key phases of the project : • • • • • •

After Risk analysis After SRS issuance After SIS design After test specifications issuance After Factory Acceptance Test After installation and commissioning

Page 15 of 15 Mr. Bertrand Ricque Club Automation ISA France

Safety in the Process Industries: trends, leading opinions and experiences Safety Users Group © 2007