Functional Safety is just for High Hazard Establishments – Truth or Myth?

Background to the article

In 2015 the Control of Major Accident Hazards Regulations in the UK were updated following the release of the EU directive SEVESO III (2012/18/EU) in 2012. This change resulted in some establishments changing classification with regards to these regulations and their classification as ‘high hazard’. 

Some establishments became lower tier from previously not being categorised, with others being upgraded to upper tier. This change led to new companies being included in the regulatory audit program for hazards management by the regulatory authorities. 

In the UK, the COMAH regulations are those which the regulatory authorities will provide judgement of the achievement of sufficient controls for these high hazard establishments. Other EU member states and countries globally will have different regulations. The UK regulations will be referred to for the remainder of this article.

This leads on to the question posed in the article title, ‘Functional Safety is just for High Hazard establishments – truth or myth?’

The management of risks in every facility is required under the establishment’s country laws.

The management of risks includes those associated with occupation risks (completing tasks, moving around the facility, falls from height etc) alongside process risks (risks arising from operating and maintaining the facility). The process risks should be managed following management procedures for all aspects of the activities being conducted.

Functional Safety (FS) is the part of the process risk management for utilisation of control systems. The standards related to FS provide a framework and structure for the utilisation of electrical, electronic and programmable electronic systems (E/E/PE) to provide risk reduction.

This forms part of the overall safety requirements of the company’s establishments to maintain tolerable risk levels for employees, the public and the environment. A series of standards based on ‘IEC 61508 – Functional safety of electrical/ electronic/programmable electronic safety-related systems’ has been developed for different industries for this purpose.

This management and evaluation of the process risks is required.  The implementation of FS reviews is irrespective of whether the facility is regulated under the COMAH regulations or not.

Some companies in the UK were caught out by the changes to the COMAH regulations in 2015 and the ensuing regulatory audit program. The audits included evaluation of the procedures, techniques and evaluations for the requirements of FS systems within the establishments. The companies in this situation were found to be lacking in these requirements.

What could be included in the FS systems?

The standards refer to E/E/PE systems or in the process sector standard (IEC 61511) Safety Instrumented Functions (SIF) / Systems (SIS).  Systems which are considered within the scope of FS include:

• Process measurements and protections e.g. pressure protection, vessel overfill, thermal oxidiser / heater flame out systems etc
• Machinery circuits e.g. machine protection, interlocks on movable guarding, robot controls / protections etc
• Control systems which upon failure a hazard could occur e.g. electronic speed control of a compressor

So, what should a company do?

The company firstly needs to understand whether they have any systems which fall under the scope of FS. The utilisation of appropriate techniques to evaluate the risks from their operations will provide detail on the protections that the company relies on to prevent harm. 

The results of the evaluations may prove that there are no E/E/PE systems required to prevent harm to people, the environment or the company assets. 

If other (non E/E/PE) risk reduction measures / protection devices are in place then these should be managed and maintained to ensure risk is tolerable, for example using a relief valve to prevent overpressure should be subject to maintenance and testing.

The appropriate standards for the management of these devices should be referred to for demonstration that everything is reasonably practicable in the company’s demonstration of achieving the tolerable risk requirements. 

The evaluation may detail that there is the requirement to provide protection with E/E/PE systems. The company should then proceed to implement appropriate management systems to effectively manage, implement, operate, and maintain the functions.

Where to start?

The start of the process is to evaluate the appropriate standard to utilise this is normally IEC 61511 for the process sector, but you may need to refer to different standards like IEC 61508 or IEC 62061 if your business is more heavily populated by machinery protective systems or you supply components to be used in the process sector.

The relevant standard for most of the process industry sector is ’IEC 61511 – Functional Safety for process industry sector’, currently at 2017 edition. This standard provides a framework which can be followed. This standard is cited as good practice by the regulatory authorities when providing judgement of whether adequate controls are in place. 

The standards have a clause on the ‘Management of Function Safety’ which defines the requirements for the processes that need to be in place.

The safety lifecycle defined in the standard (IEC 61511 used in this article) gives phases for the achievement of FS. See below, figure 7 in IEC 61511-1:2017+AMD1:2017:

The lifecycle phases selected for the company’s activities should be included in the procedures that are produced. The procedures need to consider:

• Technical aspects of completing the work;
• Management arrangements
  • Overall responsibility within the organisation
  • Responsibilities within each activity
  • Competence requirements
  • Control of suppliers
  • Documentation structures
• Monitoring aspects
  • Auditing arrangements for demonstrating compliance
  • Functional Safety Assessments
  • Key Performance Indicators

Once the processes and procedures are in place then those expected to use them should be informed, trained and validated as appropriate to their role.

When developing the procedures, consider who will be reviewing / using them. It might be prudent to have multiple documents which together form the basis of the processes.

This is normally a good solution when there are different parties responsible for different aspects of the safety lifecycle. If there are few people involved, then a single procedure with all aspects detailed maybe more suitable.

A word of caution; when developing your procedures it will be expected by regulatory authorities that procedures and processes should be in place even if the instrumentation doesn’t reach the threshold of a Safety Integrity Level (SIL) (or Protection Level Requirement Plr).

Any instrumented system cited within the risk assessment will need to be managed as a ‘low integrity’ system, this involves the management, testing and control of modifications for the system / function. The requirements for low integrity systems may not be as stringent, but still need to be defined.

So, what does the risk evaluation look like?

The standard, in IEC 61511-3, includes a few examples of methods which can be used to conduct the risk evaluations. The first thing to note is that these examples are exactly this, they should not just be taken and used. They would give you an idea but are not necessarily calibrated to any specific country’s accepted risk targets by the regulatory authorities.

The following activities will guide you through the process:

• Setup the rules
  • Establish the method and targets to be used
  • Establish a terms of reference for the review including:
    • Team composition, who do you need?
    • What default causes and frequencies will you use
    • What default protection layers can you use and reliability
    • Scope of the study
• Arrange the session
  • Allow sufficient time to have an effective review
  • Have the multi-disciplined team available
  • Have all of the documents / equipment detail readily to hand
  • Have a suitable location / facilities to conduct the analysis (this may be online)
• Conduct the review
• Document the review, ensuring that any assumptions / justifications are provided with references when appropriate
• Pass any systems requiring SIL (PLr) ratings or Low Integrity into the further phases of the lifecycle for completion.

There are other articles in the archive that explore the methodologies of Layers of Protection Analysis (LOPA), Risk Graph and Risk Matrix in more detail so I haven’t expanded this here. The high-level information in here provides some guidance on the management of the activities.

The key to a successful study is preparation.  Having the correct rules, people, documents and facilities. The old saying is very true in these sessions ‘fail to prepare and prepare to fail’ and ‘rubbish in = rubbish out’.

Conclusions

The rating of hazard for the facility has no bearing on the management of risk when operating manufacturing facilities. Whether the establishment is classed as high hazard under the SEVESO III directive (and relevant member state legislation) or local laws outside of the EU is irrespective of the requirement to manage risk and therefore if instrumentation is used the IEC 61508 series of standards are seen as good practice.

The operating company needs to ensure that their operations are adequately managed to prevent harm to people, the environment and assets.

Internationally standards have been developed that enable successful frameworks to manage the risks with different technologies allowing structured approach.

Regulatory authorities can (and do) ask to see the procedures, and proof of compliance to them, when they visit the facility. These activities are through proactive audits or reactive investigations.

The setting of the management systems and initial studies is the start of the journey in the arena of FS if you use control systems.