Key points

Like any equipment, safety systems require verification and maintenance using a highly structured methodology. The right software solution can manage and oversee this program to ensure operational safety performance.
Chemical processing facilities and refineries must maintain safety instrumented systems (SISs) to protect workers, equipment, and surrounding communities from potential fires, explosions, or releases of dangerous chemicals. In so doing, a SIS must take the plant to a safe state in the event of a process going out of control.
Since much depends on the effectiveness of a SIS, facilities must have the means to verify their SIS can perform the required protective tasks as outlined under a variety of regulations and standards.
This begins with initial system design, and it extends as long as the plant continues to operate, calling for tests and reports as outlined by the relevant standards. Verifying a SIS is a labour-intensive process of testing and recordkeeping, with careful management required over its lifespan (Figure 1).

Figure 1: Safety instrument systems are deployed in process plants and facilities to ensure correct response to safety-related failures.
Periodical maintenance, including proof testing, is critical since all elements of a given safety-instrumented function (SIF), and the larger SIS, can degrade over time, potentially affecting the performance of safety equipment and hardware.
For example, an emergency shutdown valve, if not cycled for an extended period, (perhaps in violation of its testing schedule), may stick in its position and not move when the system calls for such an action during an incident. Therefore, it is important for safety managers to know if some part of a SIS is no longer performing as designed or suffers some other performance downgrade during its lifecycle.
The rate of degradation of safety equipment, like any equipment, can be reduced through careful ownership and regular maintenance. However, operational integrity can also be affected by other internal and external factors that emerge over time.
If personnel cutbacks cause less frequent maintenance attention, it can compromise the effectiveness of safety equipment and may violate requirements for SIS testing. Worst case, the equipment will not be able to perform its function when called upon during an incident. Therefore, plant management must ensure it does not create operational risk due to neglect. Any SIS must be maintained within acceptable limits throughout its lifecycle.
System verification calls for a plant operator to compare a specific safety-related device to its nominal performance specs, plus any critical elements of the SIS design. These actions must be documented for audits by the plant safety manager and regulatory authorities.
Many companies struggle with finding an effective way to manage their testing regimens, including collecting and organising all the related data in a format acceptable to technical authorities and regulatory bodies (Figure 2).

Figure 2: Process plant personnel must maintain their safety instrumented system over its entire lifecycle, a challenging task.
A dynamic software monitoring tool is one approach to support safety monitoring and address these requirements. When all safety data is available, management can track and analyse key safety performance metrics including SIF activations, independent protection layers, initiating causes, SIS availability, and maintenance overrides. This information can be used to identify potential safety issues, reduce unnecessary maintenance activities, and improve the overall safety solution design.
A company with a strong track record for safety demonstrates its compliance culture and corporate social responsibility. This reinforces a longstanding relationship with safety regulators, improves the perceptions of the public, and reassures shareholders that their investments are safe. At the same time, SISs don’t generate income, at least not directly, so companies don’t want to spend more time or resources than necessary on keeping them in their expected operational condition.
Working with safety standards
Given the importance of SIS functions, international standards have been compiled to ensure they are designed well and maintained properly so they can do their job in the event of a safety occurrence. The leading standards today are IEC 61508 and IEC 61511 Edition 2 (2016).
Both call for facilities to comply with the standard over the lifecycle for the SIS. Therefore, production facilities must establish safety applications management procedures compliant with the standards, and then implement these procedures using recognised best practices.
A facility must demonstrate to safety authorities how its SIS is designed, maintained, inspected, tested, and operated in compliance with the standard. This includes presenting evidence and documentation of practices and actions.
Unfortunately, safety managers quickly find that producing and interpreting safety-status reports is a time consuming and labor-intensive task, requiring individuals to convert raw safety data into more meaningful information. These are largely manual procedures and therefore prone to errors, inaccuracies, and scheduling problems.
Responding to evolving standards
With the release of the IEC 61511 Edition 2 (2016), safety engineers and managers discovered new challenges as the revised standard introduced many requirements, causing them to re-evaluate their approach to collection, measurement, and analysis of safety data. Its stronger focus on SIS performance requires a balanced approach that complies with safety regulations, while remaining maintainable throughout its lifecycle at an affordable cost.
Over-engineering a SIS may exceed safety requirements and may not be cost effective. An under-engineered SIS may be more cost-effective but may compromise safety integrity. The objective is balancing fulfillment of safety requirements at a reasonable cost. It is also critical to mitigate the effects of inappropriate system modifications, poor housekeeping, and general equipment deterioration.
Monitoring safety performance
The standards call for companies to produce detailed reports, documenting efforts to support regular assessments of safety regimes. These typically include records from past events and alarms, but formats often vary and aren’t always user friendly or easy to interpret.
Raw data has to be segmented, grouped, and analysed according to the relevant SIFs. Analysts must associate events with parameters, such as demand frequency, output response time, and the duration that a SIF is in operational mode.
Traditionally, this is a manual task, and the resulting report quality is dependent on the experience and knowledge of the engineer. This is difficult to manage effectively and increases the exposure to errors and inaccuracies.
Nonetheless, it is important to re-validate original design data against actual operational performance to ensure safety system integrity so new newly discovered risks can be assessed and appropriate countermeasures adopted. This procedure must be executed continuously over the operational life so SIS performance can be evaluated from actual operation.
There must also be a mechanism to oversee changes, operating in accordance with change management requirements of the standard. A dynamic software monitoring tool can be an effective way to address these requirements, and to help maintain and improve safety performance.
It should collect, organise, and present all safety related data, including SIF activations, independent protection layers, SIF maintenance (proof testing), initiating causes, and maintenance overrides. By accessing comprehensive safety performance data, plant managers can monitor SIS integrity, identify potential safety issues, reduce unnecessary maintenance, and improve future SIS design.
The Value of Software
Exaquantum Safety Function Monitoring (SFM) is a dynamic software monitoring tool to measure SIS performance (Figure 3). It establishes SIS benchmarks by highlighting units that have exceeded expected design targets, along with underperformers.

Figure 3: The right software tool can significantly simplify SIS monitoring and compliance.
The designed safety performance is compared against actual operational safety function activity to highlight issues, validate safety design, optimise test scheduling, and help users improve safety and availability of the plant (Figure 4).

Figure 4: Exaquantum SFM gathers and analyses SIS performance data for presentation and analysis.
Safety design expectations are usually derived from hazard analysis and risk assessment data. SFM uses this information to compare against actual operational SIF activity.
For example, a safety valve has been designed to go from an open to closed state during a SIF activation, during a target period of 30 seconds. SFM can examine data relating to this SIF activation and determine if it operated within the intended design.
By accessing this information and examining it against internal benchmarks and operational safety function activity, SFM can highlight issues, validate safety design intervals, and optimise test scheduling.
SFM is also able to monitor demand frequency of individual SIFs, which is a key component to assess the safety integrity level for that SIF (Figure 5), when compared with the designed frequency of the SIF.

Figure 5: SFM monitors and reports on SIS activity including SIF activations, final element actuations, and SIF conditions.
For safety managers overseeing several locations, having a database that automatically monitors safety systems across facilities is crucial to enable comparison to the SIS design, report safety issues, and compliance to country safety standards.
Sustainable SIS
Yokogawa recognises the challenges for plant owners maintaining one, and perhaps multiple SISs, in a large facility or companywide. Yokogawa’s Sustainable SIS solution is a holistic approach to ensuring optimum safety performance throughout a facility’s lifetime.
From a monitoring and analysis standpoint, the quantity of data increases with time, and it’s important to gather critical SIS performance information that does not consume vast quantities of time and resources.
SFM collects safety performance-related data in a single location, and it can provide the information required by regulators without additional manual overhead costs to prepare reports. By keeping track of safety systems, it helps uphold the overall consistency of SIS information throughout the safety lifecycle, while addressing the following key questions:
- Was the initial system design done well?
- Is the system still performing as originally designed?
- Could some adjustments optimise safety while reducing cost?
- Is it possible to prove the validity of proposed changes?
- Can I prove to regulators that my safety system is performing correctly?
Keeping the facility safe
Process safety is achievable through a disciplined framework of systems and processes to reduce the risk of incidents. SISs reduce risk by providing mechanisms so a plant can be taken into a safe state in the event of a deviation or failure.
It is therefore important that organisations have the capabilities to ensure that a SIS can be maintained throughout the operational lifespan of the process plant or unit, and at an affordable cost and without compromising safety integrity.
An effective software monitoring tool can collect, organise, and present all safety-related data to help track and analyse key safety performance metrics for a sustained approach throughout the entire lifecycle.
By keeping track of all safety performance data during the plant operation phase, organisations can verify that these and other design parameters are being met. Continuous improvements based on operational data will be achievable, along with right sizing of the safety system, tuned to operational conditions. Downtime periods for scheduled testing and turnaround can be optimised, increasing plant availability.
Operational conditions within process plants can change rapidly. Organisations must be able to react quickly to these variable conditions, reduce risks, and ensure safe operation. There may also be instances when safety systems are not available through override, inhibit, or bypass actions, thus preventing a SIS from performing its intended function. Having the ability to monitor and assess the risks of such actions based on current plant conditions helps ensure that the plant is operating with tolerable risks.
Organisations must adhere to applicable international standards. Common to all safety standards are requirements that SIS operators must periodically validate designs against actual operation, and then make necessary modification to ensure evergreen safety performance.
Additionally, they must also maintain adequate documentation of process data, along with audits of test and inspection procedures. The right software tool helps plant personnel perform these and other tasks.
A software solution is an effective way of keeping track of a facility’s safety systems. With online monitoring capabilities and automatic built-in report generation, coupled with a user-friendly and agile interface, users are able to access safety-related data quickly and easily. SFM will increase the dependability of the safety system, while providing a cost-effective way to improve its performance over time.













