Theses of the doctoral (PhD) dissertation

„Safety Instrumented System

Management”
GYÖRGY BARADITS

University of Pannonia
PhD School of Chemical and
Material Engineering Science

Supervisor:
dr. Tibor Chován

University of Pannonia
Department of Process Engineering
Veszprém

2010
1. INTRODUCTION AND AIM OF THE WORK
The international reactions for the industrial
diseases happened in the twentieth century (Bhopal,
SEVESO etc.) – discovering that a profit oriented
process industry unable to limit itself- made the
Governments, both in Europe and in United States, to
think on actions to control the toxic and explosive
activities of these industrial processes. As a result in
Europe the SEVESO I was published first, then later on
the SEVESO II Directive. The SEVESO Directives
contain regulations and limitation amount of toxic and
explosive materials stored to protect the civil sphere,
and prove their protection at a tolerable level, even
decrease the consequences if accidents happen.
Following the SEVESO Directives the IEC 61508
(between 1998 and 2000), which is valid for all
industrial segment except nuclear industry was
published. In this, called umbrella standard the overall
life cycle model, the SIL value (Safety Integrity Level)
and how to manage the functional safety, which are
also referred in the SEVESO Directives was defined.
The next step was the publication of the process
industry specific IEC 61511 standard (published in
2003 – 2004) which applies for the safe operation of
the oil and gas, petrochemical and chemical industry,
being either continuous or batch technology.
In the European the law and order the compliancy
of Directives is mandatory, while the standards are
only proposals. That is why the interpretation of the
standards as proposals includes the possibility of miss

Page 2/15
interpretation often neglecting the fact that many
times the Directives refer to the standards as “good
engineering practice”.
The SEVESO II directives demand the operation of
the functional safety management system within the
given company, without giving any further information
about the method of how to make and operate it. The
methodology is discussed in the process safety
standards (IEC 61508 and IEC 61511) making them
mandatory in this point of view.
The clear message of the cited standards is that the
functional safety shall be maintained all over the life
cycle. That means, that the risk reduction ability of the
safety instrumented system never can be lower than
the target risk reduction factor.
Analysing the problems of the recent practice of the
Hazard and Risk analysis, like Risk matrices and Risk
Graph, lack of Company target Risk matrices, the
influence of subjective (human) evaluation of the
hazards, I stated that this practice could not satisfy
the requirement of the Plant Management and
Owners.
1. in 1/3 of the cases the Safety
Instrumented System was over
engineered, causing extra costs for the
factories
2. in 1/3 of the cases the Safety
Instrumented System was under
engineered, causing poor protections
against the consequences of the hazards,
and resulting extra losses for the factories

Page 3/15
 3. in only 1/3 of the cases the Safety
Instrumented System was engineered
correctly.
Taking into consideration the publication date of
these standards, the time since they have been
effective is too short, that the questions arising to be
answered.
The practical question can be sorted in the following
way:
1. Interpretation of the statement and
description of these standards are
sometimes are too flexible
2. Questions regarding the effective
calculation of the operation risks of the
technology
3. Questions regarding the quantitative
calculation of the operation risks of the
technology
4. Question regarding the design of the
safety instrumented systems
5. Question regarding the operation and
maintenance of the safety instrumented
systems
The deficiencies of the standards may arise from
the iterative method of preparing the standards and
making a lot of compromise during this process. These
imperfection of standards would explain also that
nobody can say: “ if you make this and this, accidents
will never happen”. This compromise can also be
explained with the different safety culture of the
different counties and the lobby activity of the

Page 4/15
multination companies. It is not a goal if this
dissertation to deal with this aspect of the standards.
Taking into consideration the problems and
questions above for the topic of the dissertation I
choose the research and development of point from 2
- 5 as the topic of the dissertation expecting that new
principles, methods gives the possibilities of avoiding
both the over engineering and under engineering.
Studying the point 4, over viewing the most
important questions, based on my experience I
proposed, as a result, a design method, which was
tested in the everyday practice, and provides clear
guidelines in the SIS design for those, who are think in
a similar way.
The goal of the dissertation the research of the
questions found in point 3 – 5 and developing new
methods and solution, which allow solving these
problems.
These results of my research constitute the bases
of my theses.

2. NEW SCIENTIFIC RESULTS

1. I developed a new method and software,

based on this method, which improves the
recent practice of the HAZOP study method,
makes the work more efficient with less
expenditure in both time and man power point of
view.
(Referred publications: 03, 07, 15, 17, 18, 19, 21, 24)

Page 5/15
 A very often asked question when investigating the
operation risk and their consequences of the
technologies is the time and main power spent for this
work.
The most widely used approach for the
determination of the operation risk of technology is
the HAZOP study method. During the HAZOP study
meeting the HAZOP team looking for all the risk of the
technology, the frequency of these risks and the all of
the consequences for the people, environment and
business. This work is multidisciplinary and time
consuming team work with rather big costs.
Analysing the methods described in the literature, I
stated that the adaptation of the suggested ones into
the everyday practice is possible only with big
difficulties and completeness. These methods were
limited to the automation of the parameter/keyword
combination suggested in the HAZOP standard.
I developed a methodology and a supportive new
software tool which gives the possibility of preparing a
knowledge based HAZOP study, improving the
efficiency of the HAZOP study meetings.
The result of this research is the Tool4S (Tool for
Safety) software which gives possibility for both the
HAZOP maker and user to build up a continuously
growing experience and knowledge based library.
This solution also gives possibilities for exchanging
the knowledge and experience based on information
regarding the safety operation of the plants, improving
the safety culture and reducing the risk in operation of
the plants within a company.

Page 6/15
 The developed method is presented on the example
of the a fire furnace in the oil industry, illustrating the
advantage of the, ie. the reduction in the time and
man power cost of preparing HAZOP study to one
quarter.
In practice the developed method was used in a
supervision project of 40 fire furnace in the oil
industry proving the preliminary expectations in its
effectiveness.

2. I developed a new, so called cumulative LOPA

method and its software implementation to
calculate the quantitative evaluation of the
operation risk of the technologies insisting on
the tight interpretation of the referred
standards.
(Referred publications:01, 05, 06, 14)
At the HAZOP meeting, the causes of the operation
risk of the technology, the frequency of their
occurrence, the consequences and their severities for
the people, environment and the business are
determined.
The standards offer both qualitative and
quantitative methods for the evaluation of these
consequences. Using quantitative method the result
will be less subjective and more precise. I stated that
the results requested, taking into consideration the
criteria of the every day practice, can only be satisfied
with using LOPA (Layer of Protection Analysis)
methodology.

Page 7/15
 Analysing the everyday practice of LOPA method, I
pointed out that the commercial software do not
satisfy the fully comprehensive requirements of the
standards.
I developed a method, called cumulative LOPA,
which satisfy the fully comprehensive requirements of
the standards.
The new, cumulative LOPA, method was
implemented into the Tool4S software, and was tested
in the practice.
The successful test in the everyday practice showed
that this method has significant advantages, ie. gives
the possibility of finding non instrumented (cheaper)
protection layers, as well as their application and
calculation in the LOPA.
The other advantage of the method is that the
Tool4S software calculates not only the SIL values of
the safety instrumented functions but their risk
reduction abilities too. Therefore the accuracy of the
SIL calculation from one order of magnitude modified
to a concrete figure, which depends on only the
accuracy of the PFD (Probability Failure on Demand)
values of the components. Besides the improved
accuracy, the consistency of the calculations
increased. This is a very important issue of this
method.
The algorithm built in the Tool4S software
decreases the calculation time of SIL and risk
reduction values with one order of magnitude.
The cumulative LOPA method with the support of
Tool4S was tested in every day practice and proved its

Page 8/15
effectiveness and correctness by the fast and accurate
calculation.

3. I developed a failure model, improving the

failure model of the standards, for the
maintenance of the safety instrumented
systems, which describes the realistic behaviour
of the actuators in the safety instrumented
loops, taking into consideration of the influence
and interaction of the technology.
(Referred publications: 02, 12, 23, 25)

The referred standards give guidance for the

maintenance and periodic proof test of the safety
instrumented systems. This guidelines does ot deal
with the content of the test action. It only says if that
the “proof test is successful, and then the component
can be taken into consideration as new”.
After recognising that this is a very simplified
definition, the „proof test coverage factor”, showing
the efficiency of the proof test, ie. how percentage of
the dangerous undetected failures was discover by the
proof test was discovered by the proof test, was
introduced in the every day practice. This practical
solution is a compromise not gives definition what the
overall safety means (100%).
The cause of this problem is the simplified failure
model described in the standard.
I developed a failure model, which gives a better
approach and understanding of the behaviour of the
actuators in the safety instrumented loops taking into

Page 9/15
consideration of the influence and interaction of the
given technology.
Studying the failure model I recognised that the
process of the proof test is not complete without the
maintenance, against that the standard does not
provide any correlation between the proof test and the
maintenance.
This model helps to understand what the proof test,
coverage factor and the maintenance is, and what
kind of relationship exists between them.

3. RESULTS IN THE PRACTICE

The result presented in the dissertation was

introduces into our everyday practice and was tested
while preparing HAZOP study and LOPA calculations.
The Tool4S software developed for solving the
discussed problems was used over some 100 risk
analysis and proved the efficiency of this way of risk
analysis.
The Tool4S software also gave the possibility that
the consequences of the hazards could be evaluated
quantitatively matching the requi-rement of the
standards and making the calculation more accurate
and the work more effective.

4. FURTHER RESEARCH POSSIBILTIES

The result presented in the dissertation brought up
some new research topic too.

Page 10/15
 One of this is the extension of the HAZOP template
method for other process unit, like distillation towers,
turbines, packages etc.).
Another possibility is the further development of
the MARKOV failure model of the actuators of the
safety instrumented loops giving the possibility of
better understanding of the interaction between the
techno-logy and actuators and on this bases providing
better and efficient main-tenance design.

5. PUBLICATIONS OF THE AUTHOR RELATED TO THE THESIS

Articles in International journals:

[01] György Baradits sr., János Madár Ph.D., Ákos

Baradits, György Baradits jr, SIL Determination
According To IEC 61511-3: Cumulative LOPA
method, accepted publication, Elsevier, Process
Safety an Environment Protection, 2010

[02] György Baradits sr., János Madár Ph.D., Novel

failure model for the purpose of modeling the
imperfect proof-testing, György Baradits
sr.1,János Madár1, János Abonyi, IRECHE,
March, 2010, p 210-218

[03] György Baradits sr., Cost effective HAZOP

study methods, International Journal of
Intelligent Information Management, submitted
for publication, 2010

Articles in Hungarian Journals:

Page 11/15
[04] Baradits György sr., Áttekintés a folyamatok
biztonságáról - Az emberiség története a
robbanások története?, Magyar Elektronika,
2006

[05] Baradits György sr., Ipari katasztrófák –

SEVESO direktívák?, Magyar Elektronika, 2006

[06] Baradits György sr., ATEX – mint független

biztonsági védelmi réteg?, Magyar Elektronika,
2006

[07] Baradits György sr., Technológiák veszély

forrásai, Magyar Elektronika, 2006

[08 Baradits György sr., Kötelezıek-e a

szabványok – Biztonsági kultúra kérdése?,
Magyar Elektronika, 2006

Referred presentations:

[09] György Baradits sr., Behind the Standards,

SIPI 61508 konferencia, Budapest, 2004

[10] Baradits György sr, Baradits György jr. Vegyes

hálózati megoldások a MOL Rt. Dunai
Finomítóban ESD és DCS rendszer között, DCS
konferencia, Lillafüred, 2004

[11] Baradits György jr., ATEX, SEVESO II, IEC

61508/61511: variációk egy témára, DCS
konferencia, Lillafüred, 2005

[12] Baradits György sr., Baradits György jr.,

Biztonsági szabvány és a periodikus

Page 12/15
 (idıszakos) karbantartás, VII. Mőszaki
Biztonsági Konferencia, Keszthely, 2005

[13] György Baradits sr., György Baradits jr., Safety

standards and reality, realisation of a project,
case study, International Safety Conference,
ABB, Manchester, 2005

[14] Baradits György sr., Folyamat biztonsági

szabványok alkalmazása tőzvédelmi
rendszerekben, DCS konferencia, Lillafüred,
2007

[15] György Baradits sr., HAZOP’s role in the

application of Safety Standards, IECH, 2007

[16] György Baradits sr., Ágnes Kun, Experience of

SIL project in the MOL Refinery, 2008, MOL
Konferencia, Sopron

[17] T. Varga, G. Baradits, J. Abonyi, The role of

dynamic process models for the detection of
safe operating regions of process systems, VII.
Alkalmazott Informatika Konferencia, Kaposvár,
2008

[18] György Baradits sr., János Abonyi Ph.D., A new

software based HAZOP study development
methodology, 8th International Symposium of
Hungarian Researchers on Computational
Intelligence and Informatics, 2008

[19] Baradits György sr., János Abonyi Ph.D.,

Technológiai adatok és folyamatmodellek
alkalmazási lehetıségei veszély- és

Page 13/15
 mőködıképesség (HAZOP) vizsgálatokban,
CINTI konferencia, 2008

[20] Baradits György sr., Baradits György jr.,

Biztonsági és nem biztonsági elemek
használatának gyakorlati szabályai biztonsági
rendszerekben az MSZ EN 61508 és az MSZ EN
61511 szerint, DCS konferencia, Lillafüred,
2008

[21] Baradits György sr., Abonyi János Ph.D., Egy

új, szoftver alapú HAZOP készítési módszertan,
CINTI Conference, Budapest, 2008

[22] György Baradits sr., György Baradits jr.,

Experience of SIL project in the Slovnaft
Refinery, IPC2009 — 44th International
Petroleum Conference, Bratislava, 2009

[23] György Baradits sr., János Abonyi Ph.D., János

Madár, Ph.D., Novel model of proof test
coverage factor, CINTI Conference, Budapest,
2009

[24] György Baradits sr., János Madár Ph.D. Batch

reaktorok kockázat elemzése és biztonsági
rendszerei, DCS konferencia, Lillafüred, 2009

[25] György Baradits sr., János Abonyi Ph.D., János

Madár Ph.D., Proof Test Management of SIS,
Advance Process Solution Conference, 2009,
Balatonfüred

Non referred presentations:

Page 14/15
[26] Baradits György sr., MTL Field IO rendszerek
alkalmazása különbözı DCS-ekben, DCS
konferencia Lillafüred, 2001

[27] Baradits György sr., Baradits György jr.

Termelés Management a gyártás
automatizálásban, DCS konferencia, Lillafüred,
2003

[28] György Baradits sr., Foundation fieldbus for

safety instrumented functions (FFSIF),
Foundation Fieldbus Seminar, Hungary

Page 15/15