LEADERS IN RISK ENGINEERING AND EHS SOLUTIONS

The Final Word in Risk Mitigation – from Concept to Operation

GVK BIO – HYDERABAD

LOPA Training, 23
23--Sep
Sep--2019
ABOUT MURUGAPPA GROUP

September 24, 2019 Slide 2

ABOUT MURUGAPPA GROUP

September 24, 2019 Slide 3

 What We Do….at CHOLA MS RISK SERVICES

Chola MS Risk Services SeptemberSeptember

24, 2019 24, 2019 Slide 4
 About the Speaker – Amresh Deshmukh
A Bachelor in Instrumentation Engineering with 20 years of rich
5
experience in functional safety, plant engineering, Project
Management, safety consulting, Asset Integrity, Process
Enhancement in Industrial Automation. Has Worked with Sudarshan
Chemicals, Max Group , Asian Paints and AkzoNobel prior to
Cholamandalam MS heading Chola MS RS Functional safety division. Has the distinction
Risk Services - of executing the safety lifecycle for Specialty Chemicals ,Oil and
DGM (Risk Services)
Gas ,Chemicals delivering Sustainable Safety Instrumented
Systems for life spans of the facility Is a certified champion for
process safety management ,asset integrity &Process safety,
Management of change and functional safety .Has presented
papers in ISA ,HSE conferences on functional safety challenges
,perspectives and Importance of Proactive HSE Plans .
Chola MS Risk Services SeptemberSeptember
24, 2019 24, 2019 Slide 5
About the Speaker – Shivendra Kapoor
B.E – Instrumentation & Control Systems (Mumbai University)
TUV SUD certified Functional Safety Professional (FSCP) (IEC 61511) - 2013
Exida FSP (IEC 61511) - 2017
16 years industry work experience for EPC, LSTK, detail engineering, site installation, erection,
workshare for major oil and gas/chemical/minerals/FMCG companies like: Saudi Aramco,
Petronas, Kuwait Oil Company, HPCL, Reliance, Essar, Bayer, ONGC, Lyondell Basell, Exxon Mobil,
AnRak, Unilever, HYL, etc.
International work exp: USA, Canada, Malaysia, Kuwait, Middle East for:
Functional Safety Lifecycle, PSM (OSHA 1910.119), Post loss investigation/audits, Instrumentation
Authored various technical articles on Safety Instrumented Systems, published in leading
magazines like: Chemical Industry Digest (Blockdale Publishing), IPM.
+500 hours experience on delivering technical trainings, lectures in industries, colleges,
associations, etc. on safety instrumented systems and instrumentation.
Authored 90 min. online course on Layers of Protection Analysis- LOPA in a Nutshell.
September 24, 2019 Slide 6
CASE STUDY VIDEO

PROCESS SAFETY VIDEO - Pharma

September 24, 2019 Slide 7

THE BASICS
SAFETY: Freedom from unacceptable RISK
A.) GENERAL SAFETY
B.) PROCESS SAFETY
HAZARD RISK
HAZARD: Potential to cause harm
examples: 1- Pressurized tank containing 100 tons of
ammonia
2- Glenn McGrath Bowler
September 24, 2019 Slide 8
THE BASICS
Risk = Frequency (f) of occurrence of harm X Severity (s) of
the harm
Simple example:
f1 =once in 100 yrs s1 =minor injury
f2 =once in 10 yrs s2=major injury
f3 =once every year s3=several fatalities

High Risk = ? Low Risk = ?

September 24, 2019 Slide 9
RECEPTORS

P E

A R
September 24, 2019 Slide 10
BATCH SYSTEMS – COMMON ISSUES
Common Pharma Equipments:
Centrifuges, Dryers, Millers, Filters
Day Tanks, Storage Vessels
Batch Reactors,
Charging and transferring equipments, etc..
Share your experiences…

September 24, 2019 Slide 11

FUNCTIONAL SAFETY (FS)?

FUNCTIONAL SAFETY: A part of the overall safety

relating to the process that depends on a correct
functioning of the Safety Instrumented Systems (SIS).

Requirements to Achieve Functional Safety:

1- Safety Function Requirements (What ?)
2- Safety Integrity Requirements (How Best?)

September 24, 2019 Slide 12

ABOUT IEC STANDARDS FOR ‘Functional Safety’

September 24, 2019 Slide 13

IEC 61508 & IEC 61511
IEC 61508 (Ed.2010) – Functional Safety of (E)lectrical/ (E)lectronic/
(PE) Programmable Electronic Safety Related Systems
7 Parts (Normative + Guidance)

IEC 61511 (Ed.2016+) – Functional Safety - Safety Instrumented

Systems for the Process industry sector
3 Parts (Normative + Guidance)
Process Industry Sectors ?
+AMD1:2017
September 24, 2019 Slide 14
SIS, SIF, SIL

o SIS – May have one or many SIFs –?

o SIF – Just one Safety Instrumented Function – ?
o SIL – Performance metrics of a SIF – ?
“SIL is applicable to a SIF”

September 24, 2019 Slide 15

SAFETY INSTRUMENTED SYSTEMS (SIS)

One SIF
Example

Weakest Link

September 24, 2019 Slide 16

 SIF ATTRIBUTES (SLATS)
Five Basic properties of SIF are
Sensing (e.g.: Pressure Sensors with remote seals)
17
•

• Logic Action (e.g. : PLC, Relays, SIS /ESD systems)

• Actuation of Final Element (ESDV, pump-motors)
• Timing (SIF Response Time)
• SIL Level ( 4 Discrete Levels)

“Response time of SIF should generally be atleast less than 50% of the
calculated Process Safety Time (PST)”
Chola MS Risk Services SeptemberSeptember
24, 2019 24, 2019 Slide 17
RISK REDUCTION CONCEPT
Your Tolerable Risk

Adobe Acrobat
Document

September 24, 2019 Slide 18

WHAT IS A DEMAND

DEMAND : A Demand is a requirement placed on a

‘safeguard’ when process conditions require the safeguard
to function in order to prevent a hazard to progress further.
Example: A PSV mounted on a pressurised vessel to protect
(safeguard) it from overpressure and associated
consequences.
PSV – Fails to lift at Pset - Dangerous – Fail on demand
PSV – Lifts below Pset– Safe – without demand
September 24, 2019 Slide 19
IEC 61511 – SAFETY INTEGRITY LEVELS (SIL)

Less than one dangerous

failures in 10 years

September 24, 2019 Slide 20

IEC 61511 – DEFINITION of SIS SLC
IEC 61511-1, Clause 3.2.70 defines the SIS SLC as :
“Necessary activities involved in the implementation of SIF occurring
during a period of time that starts at the concept phase of a project
and finishes when all of the SIFs are no longer available for use.”
1. Consistent Approach, Helps Achieve OPTIMAL Design
2. RAGAGEP
3. Past Problems NOT Repeated
‘FS’
IS A WHOLE LIFECYCLE ISSUE –
FROM CONCEPT THROUGH TO CREMATION
September 24, 2019 Slide 21
SLC
ANALYSIS
20 W

REALISATION
20 M

OPERATION
20 Y
September 24, 2019 Slide 22
FUNCTIONAL SAFETY MANAGEMENT

IEC 61511 specifies the key NON-TECHNICAL

requirements such as:
Management of Functional Safety (FS),
FS Assessment, FS Auditing
Verification
SLC structure and Planning
It has been observed that without a proper FSM in place, the FS project goes haywire !!!

September 24, 2019 Slide 23

FUNCTIONAL SAFETY MANAGEMENT (FSM)

Specify Technical Requirements

Specify Management Activities
Specify Roles and Responsibilities for teams , organizations ,
individuals

“Cover all the phases of the lifecycle”

September 24, 2019 Slide 24

ANALYSIS PHASE

SIL ASSESSMENT

SPEND MORE ‘TIME’ HERE, TO SPEND ‘LESS’ MONEY ON SIS.

September 24, 2019 Slide 25

 SIL ASSESSMENT/ TARGET SIL DETERMINATION

26 A risk based approach to identify the required Safety Integrity

Levels (SIL) for Safety Instrumented Functions (SIFs) in
accordance with IEC standards
Performed by a multidisciplinary team led by a SIL Facilitator
Determination of SIL of a SIF can be achieved by using different
qualitative and quantitative approaches after a Hazard
Identification study is conducted.

Chola MS Risk Services SeptemberSeptember

24, 2019 24, 2019 Slide 26
METHODS OF SIL ASSESSMENT
Standards IEC61508 / 61511 suggest number of methods to determine the SIL
Standards do not recommend a particular qualitative or quantitative method
to determine SIL, this is up to end user organization.
Methods:
- Risk Matrix
- Risk Graph
- LOPA
LOPA--Layer of Protection Analysis

* END USER SPECIFIC & CALIBRATED “TOLERBALE RISK MATRIX” IS A MUST FOR
AN EFFECTIVE AND CORRECT SIL ASSESSMENT STUDY *
September 24, 2019 Slide 27
ALWAYS REMEMBER-
SIL ASSESSMENT = TEAM EXERCISE
Process
Instrumentation
Projects
HSE/ Loss Prevention
Operations
Maintenance
Electrical/ Mechanical/
others as required

September 24, 2019 Slide 28

BPCS and SIS – THE INDEPENDENCE

September 24, 2019 Slide 29

 LAYERS OF PROTECTION

30

SIS

Reactive
Opportunity Zone

Pro-active
Chola MS Risk Services SeptemberSeptember
24, 2019 24, 2019 Slide 30
PREVENTION ZONE
Process Design: The Basic Process Control System (BPCS) or DCS
provides safety through proper design of process control/regulatory
control. 24x7 should be active.

Critical Alarms: This layer of protection provides critical alarms

which alert operators to a condition that a measurement has
exceeded its specified limits and requires intervention.

SIS: The SIS operates independently of the BPCS to provide safety

rather than process control. The SIS performs shutdown actions
when previous layers cannot resolve the problem. SIS is dormant
except when called upon to act.
September 24, 2019 Slide 31
MITIGATION ZONE
Relief Devices : This active protection layer employs pressure relief
devices and/or RD or a flare system to prevent a rupture or explosion
Dike/Bunds: This passive protection layer employs Dikes/Bund walls
to contain loss of containment.
Plant Response: This passive protection layer consists of
containment barriers for fire or explosions as well as procedures for
evacuation.
Community Response: The outermost layer of protection is the
emergency response action taken by the community and consists of
fire fighting and other emergency services.
September 24, 2019 Slide 32
BASICS OF LOPA
Anything in the world can fail!

Chola MS Risk Services SeptemberSeptember

24, 2019 24, 2019 Slide 33
LOPA – MORE DEPTHS

Chola MS Risk Services SeptemberSeptember

24, 2019 24, 2019 Slide 34
ABOUT INITIATING EVENTS
An initiating event starts the chain of events that may lead to an accident. It
can be comprised of a single initiating cause, multiple causes and may be in
the presence of enabling conditions or conditional modifiers.

Types of Initiating Events:

• External events (depends on end
end--user) - Generally not considered
– Earthquakes, tornadoes, hurricanes, or floods
– Mechanical impact by motor vehicles
• Equipment failures
– Failures in control systems/ equipment failures (e.g rotating )
• Human failures (depends on end
end--user)
– Operational error, Maintenance error – Inadvertent opening/ closing of valves

September 24, 2019 Slide 35

INDEPENDENT PROTECTION LAYERS (IPL)
o Specific: Designed to always prevent the Consequence and act
Quickly
o Independent: of all other IPLs and Initiating Cause
o Dependable: IPL Tables – atleast an order of magnitude.
o Auditable: Periodic testing and maintenance of the IPL is
required
Remember:
All IPLs are PLs, but all PLs are not necessarily IPLs!
PLs need to meet the SIDA criteria
IPLs may be ACTIVE or PASSIVE
Failure data of IPLs is considered from end users standards, international
references
September 24, 2019 Slide 36
ENABLING CONDITIONS
o ENABLING CONDITIONS :
Enabling events or conditions are factors that are neither
failures nor protective layers. These factors or conditions do not
directly cause the scenario, but must be present in order for the
scenario to proceed .
For example, a scenario may involve failure of a delivery hose
during delivery of a dangerous substance due to the tanker being
driven away whilst still connected.
In order for this scenario to be realized, a delivery must be
taking place. The initiating event is therefore a combination of
a delivery taking place (an enabling condition) and a human
failure in attempting to drive away whilst still connected.
September 24, 2019 Slide 37
CONDITIONAL MODIFIERS
o CONDITIONAL MODIFIERS :
Conditional Modifiers are factors that relate to conditions
necessary for the Hazardous events to occur.

These include factors such as :

•Occupancy Factor
•Use Factor
•Likelihood of Fatality
•Occurrence of Significant Weather Conditions
•Ignition Probability

September 24, 2019 Slide 38

LOPA WORKFLOW
F = Fe*PA*PB*PC*PD

F is the mitigated event frequency

Fe is non-mitigated event frequency
PA/PB/PC/PD is the PFD values for each
effective protection layer

The SIL is determined by comparing

The established tolerable frequency
(goal) with the total mitigated event
frequency i.e.

PFDSIL= FGOAL/FTMEF
September
September 24, 2019 Slide 39
24, 2019 39
 IE, IPL, EC, CM……….

40

Chola MS Risk Services SeptemberSeptember

24, 2019 24, 2019 Slide 40
EXAMPLE OF INITIATING EVENTS(SAMPLE)
Pressure Vessel Failure 10-6

Piping Failure – (100 meter section – Full Breach ) 10-5

Piping Leak – 100 m 10-3

Atmospheric Tank Failure 10-3

Gasket / Packing Blowout 10-2

Turbine / Diesel Engine Overspeed with Casing Breach 10-4

Third party Intervention (external impact by backhoe, vehicle,
10-2
etc.)
Safety Valve Opens Spuriously 10-2

Pump Seal Failure 10-1

Unloading / Loading Hose Failure 10-1

Small External Fire (all causes) 10-1

Large External Fire (all causes) 10-2

LOTO (Lock-Out Tag-Out) Procedure Failure - (overall
10-3 per opportunity
failure of a multiple-element process)
September 24, 2019 Slide 41
ACTIVE IPLS (SAMPLE)

September 24, 2019 Slide 42

PASSIVE IPLS (SAMPLE)

September 24, 2019 Slide 43

INDEPENDENT PROTECTION LAYERS
…not usually considered as IPLs
• Training and certification
• Procedures / SOP
• Testing and inspection
• Maintenance
• Communications
• Signs
• Plant Emergency Response & Community Emergency Response
• Others as per end user practices

September 24, 2019 Slide 44

SIMPLIFIED EXAMPLE

UNDERSTANDING LOPA - EXAMPLE

September 24, 2019 Slide 45

QUESTIONS

September 24, 2019 Slide 46

September 24, 2019 Slide 47