SIS and LOPA
SIS and LOPA
(OP)
I would be interested to hear of our members' experiences with Safety Instrumented Systems (SIS) and/or Layer of Protection Analysis (LOPA). Some of our clients are taking tentative steps into these subjects. They are writing engineering standards and starting to apply them. They are asking whether they should include determination of Safety Integrity Level for some of their critical Protective Control Systems. About 3 or 4 years ago the Center for Chemical Process Safety of the AIChE published a book on Layer of Protection Analysis. Are members applying this methodology? What outcomes have resulted?
HAZOP at www.curryhydrocarbons.ca





RE: SIS and LOPA
ISA-TR84.00.02-2002 – Part 1 includes the phrase Safety Instrumented Functions (SIF). ISA 84 addresses Fault Tree and Markov. Although the Layer of Protection Analysis is all over the ABS site, I do not recall seeing LPA in ISA 84.
From the ABS Consulting site, http://www.abs-jbfa.com/lopa.html:
Key Questions for Protection Layers
How safe is safe enough?
How many protection layers are needed?
How much risk reduction should each layer provide?
LOPA Answers the Key Questions About the Number and Strength of Protection Layers by:
Providing rational, semiquantitative, risk-based answers
Reducing emotionalism
Providing clarity and consistency
Documenting the basis of the decision
Facilitating understanding among plant personnel
HAZOP has deficiencies. The questions fall along the lines of excess of a property such as flow or pressure then inadequate level of that property around a node. HAZOP does not address the environmental issues associated with area classification, etc. I participated in a HAZOP of a platform with some majore compressors. The skids were poorly classified and crappy instrument and electrical devices installed without any regard to rathional thought. The HAZOP does not address these type problems. I encourage each process hazard consulting firm to add a few issues to the process analysis that are outside the piping system. Do you suppose the LOPA is the answer?
John
RE: SIS and LOPA
HAZOP at www.curryhydrocarbons.ca
RE: SIS and LOPA
One of the key drivers for this is the UK CoMAH legislation (We are a top tier site), and the HSE enforcement for this goes along the lines of requiring us to demonstrate that our instrumentation is fit for purpose. LOPA is a useful tool for doing this, and was certainly better to many of the other alternatives outlined in the IEC 61511 standard. One of the main advantages is that other systems directly tell you that there is a requirement for a certain safety integrity level (SIL) of an instrument. LOPA allows the assessing team to come up with alternative strategies for dealing with the risks.
RE: SIS and LOPA
HAZOP at www.curryhydrocarbons.ca
RE: SIS and LOPA
Control systems are not my expertise but I'm at a facility that for years have had their own proprietary means of evaluating safety critical instrumentation. They are in the process of revising their methods to fall in line with the ISA standards, for one reason because OSHA has accepted it as a good engineering practice.
I'm sure there are many places on the internet that you can find discussions about this but here's one as example....
http://ww
So now our facility is applying the SIL determinations for any new designs and will be reassessing all existing systems to the new SIL requirements. As far as I know, I don't think using the new SIL determinations are resuliting in any significant changes to the safety systems as was previously designed using their proprietary methods.
In regards to your last post, take another look at the above internet link.
RE: SIS and LOPA
I have reviewed a few accident reports at http://ncsp.tamu.edu/reports/default.htm and I have not found "failure of the protective system" among the causes, either root or contributing. Are we focusing our scarce resources in the right area?
HAZOP at www.curryhydrocarbons.ca
RE: SIS and LOPA
LOPA is not intended just a system for evaluating instrumentation systems. It is first and foremost a risk assessment tool. It can be applied to assessing the integrity level required for an instrumented system. If it is simply a case of using LOPA to determine the integrity of an instrumented system, then in my opinion, it is not being used as effectively as it could be. The LOPA tool is used simply to determine whether the system or process is 'safe', where safe is defined as meeting a required standard or level of risk. It can indeed be used as a tool for incidents caused by corrosion, erosion, human error etc. I have often found that, when carrying out our LOPA assessments that simply upgrading instrumentation is often neither the easiest or most cost effective approach. Indeed we have a policy of reducing the reliance on safety instrumented systems as far as possible.
In this months 'The Chemical Engineer' magazine, published by the IChemE in the UK, there is a quote by Clive de Salis (md of Rowan House and chair of the 61508 association's education working group).
RE: SIS and LOPA
HAZOP at www.curryhydrocarbons.ca