• Alarm Management
  • Cybersecurity (IEC 62443) Certification
  • Cybersecurity (IEC 62443) Lifecycle
  • Failure Rate Data
  • FMEDA
  • Functional Safety Certification
  • Functional Safety Lifecycle
  • Operations & Maintenance

Alarm Management

  • Title
    Description
    Date Posted
    File Type
    Download
  • Layers of protection for abnormal event management can be modeled as slices of swiss cheese according to James Reason. An operator’s response to an alarm is one of the first layers of protection to prevent a hazard from escalating to an incident. This paper will present best practices for maximizing the operator’s reliability for understanding and responding to abnormal situations as adapted from the alarm management standards ANSI/ISA-18.2-2016 and IEC 62682.

    2022-04-08
    pdf
  • Some of the significant process industries incidents occurred by overflowing vessels, including BP Texas City and Buncefield.  This paper reviews several overflow incidents to consider the alarm management and human factors elements of the failures.

    2022-04-08
    pdf
  • Alarms and operator response to them are one of the first layers of protection in preventing a plant upset from escalating into a hazardous event. This paper discusses how to evaluate and maximize the risk reduction (or minimize the probability of failure on demand) of this layer when it is considered as part of a layer of protection analysis (LOPA).

    2022-04-08
    pdf
  • Recent industrial accidents at Texas City, Buncefield (UK) and Institute, WV have highlighted the connection between poor alarm management and process safety incidents. At Texas City key level alarms failed to notify the operator of the unsafe and abnormal conditions that existed within the tower and blowdown drum.

    2022-04-08
    pdf
  • Alarms and operator response are one of the first layers of defense in preventing a plant upset from escalating into an abnormal situation. The new ISA 18.2 standard on alarm management recommends following a lifecycle approach similar to the existing ISA84/IEC 61511 standard on functional safety. This paper will highlight where these lifecycles interact and overlap, as well as how to address them holistically.

    2022-04-08
    pdf
  • Poor alarm management is one of the leading causes of unplanned downtime, contributing to over $20B in lost production every year, and of major industrial incidents such as the one in Texas City. This paper will describe the new ISA-18.2 standard -“Management of Alarm Systems for the Process Industries”.

    2022-04-08
    pdf
  • Tackle distractions that impair operator performance and process efficiency.

    2022-04-08
    pdf
  • Process alarms, coupled with operator action, are frequently cited as a safeguard in a Process Hazard Analysis (PHA) and an Independent Protection Layers (IPL) in a Layer of Protection Analysis (LOPA), but does the alarm management system really support the safeguard/IPL?

    2022-04-08
    pdf
  • Apply the ISA-18.2 Standard on Alarm Management to design, implement, and maintain an effective alarm system.

    2022-04-08
    pdf
  • This article presents four practical tips for starting an effective and sustainable alarm management program that conforms to the tenets of a relatively new process industry standard for alarm management published by ISA.

    2022-04-08
    pdf
  • Alarm shelving provides a way for the operator to manage these nuisance alarms safely and securely. In this ebook, we will address the benefits of implementing alarm shelving, address common alarm shelving concerns, discuss the considerations for implementing shelving effectively, and compare important features provided by common control systems.

    2022-04-08
    pdf
  • This paper discusses current industry practices around the determination and application of safe operating limits as established by a recent benchmark survey of over 150 safety practitioners from around the world.

    2022-04-08
    pdf

Cybersecurity (IEC 62443) Certification

  • Title
    Description
    Date Posted
    File Type
    Download
  • There are many ways to produce a software product. The traditional Information Technology (IT) way of creating a product was to incorporate the waterfall model, where rigid requirements were laid out before development began. Over the years, an agile process where flexibility is paramount has become the norm. One of the now widely used agile processes for development is Scrum.

    2022-04-08
    pdf
  • A good product development process should ensure a good understanding of what is to be developed, how it is to be developed and that it was developed correctly. IEC 61508 and IEC 62443‑4‑1 both have development process requirements. These requirements overlap and separate efforts when assessing compliance to both standards would mean duplicating efforts to assess the common requirements.

    2022-04-08
    pdf
  • After a significant number of well publicized cybersecurity attacks on automation systems, most plant owner/operators now recognize that a cybersecurity attack is a credible risk. The ICS owners/operators must improve cyber defenses if they want to even keep up in what has become an arms race of sorts. This effort may seem overwhelming, but it is not. There have been enough successful cyberattacks over the years that hacker attack patterns have been characterized and documented. With each attack pattern, a defense against the attack has been developed and these defense requirements can be found in cybersecurity standards.

    2022-04-08
    pdf
  • The exida IEC 61508 Certification Program was established in 2005 in response to demand primarily from end users in the process industries and manufacturers of instrumentation products. There was a need to provide a higher quality of technical expertise with effective and responsive service.

    2022-04-08
    pdf

Cybersecurity (IEC 62443) Lifecycle

  • Title
    Description
    Date Posted
    File Type
    Download
  • Cybersecurity is rapidly becoming something the process safety can no longer ignore. It is part of the Chemical Facility Anti-Terrorism Standards (CFATS). In addition, the President’s Executive Order 13636– “Improving Critical Infrastructure Cybersecurity,” has drawn attention to the need for addressing cybersecurity in our plants as it has been demonstrated that in our new world, they are now a source of potential process safety incident.

    2022-04-08
    pdf
  • This whitepaper will focus on the significance of cyber-attacks on industrial control systems (ICS) and how these attacks can be prevented by proper practice of the ICS Cybersecurity lifecycle.

    2022-04-08
    pdf
  • The past two years have been a wakeup call for the industrial automation industry. It has been the target of sophisticated cyber attacks like Stuxnet, Night Dragon and Duqu. An unprecedented number of security vulnerabilities have been exposed in industrial control products and regulatory agencies are demanding compliance to complex and confusing regulations. Cyber security has quickly become a serious issue for professionals in the process and critical infrastructure industries.

    2022-04-08
    pdf

Failure Rate Data

  • Title
    Description
    Date Posted
    File Type
    Download
  • This paper addresses the issues and details when and when not to use failure rate estimates based on cycle testing data.

    2022-04-08
    pdf
  • The discipline of Reliability Engineering depends upon a key metric, failure rate. In the past, it was practical to perform a “life test” (or an “accelerated life test”) where devices were operated in a defined set of conditions and failure times were recorded. This failure time data was analyzed to obtain the failure rate of the device.

    2022-04-08
    pdf
  • Functional safety standards provide definitions of two different categories of failures: random failures and systematic failures. These were created during the standards committee discussions of failure types to be modeled in the probabilistic failure analysis. It was decided that random failures are counted in the probabilistic failure rate analysis and systematic failures are not counted.

    2022-04-08
    pdf
  • Performance based functional safety standards like IEC 61511 offer many advantages including the opportunity to optimize and upgrade Safety Instrumented System (SIS) designs. But performance calculation depends upon realistic failure data for instruments used. A predictive analysis technique called Failure Modes Effects and Diagnostic Analysis (FMEDA) has been developed along with a component failure rate database that can predict failure rates of instruments based on their design strength and the expected stress environment. This method has been calibrated with over 150 billion unit operating hours of field failure data over the last 15 years.

    2022-04-08
    pdf
  • This paper presents some common field failure analysis techniques, shows some of the limitations of the methods and describes important attributes of a good field failure data collection system.

    2022-04-08
    pdf
  • This paper reviews a comprehensive, calibrated component reliability database that overcomes the limitations of component reliability handbooks and databases currently used in industry.

    2022-04-08
    pdf
  • This paper explains the motivation behind this project, summarizes the work performed, describes the findings, and presents the main conclusions. The paper also provides all necessary details required to ensure that the computations are transparent and reproducible while preserving the proprietary nature of certain data.

    2022-04-08
    pdf
  • Failure rates predicted by Failure Modes Effects and Diagnostic Analysis (FMEDA) are compared to failure rates estimated from the Offshore Reliability Data (OREDA) project for sensor and valve assemblies.

    2022-04-08
    pdf
  • This white paper describes the distinction between failure rate prediction and estimation methods in general and then gives an overview of the procedures used to obtain dangerous failure rates for certain mechanical equipment using exida FMEDA predictions and OREDA estimations.

    2022-04-08
    pdf
  • This paper describes an effective, alternative in-service testing protocol, known as valve stroke testing, which verifies whether or not the solenoid valve is stuck in position. It recommends a best practice procedure for implementing the valve stroke test.

    2022-04-08
    pdf
  • This paper reviews the methods utilized to determine mechanical reliability for components utilized in safety systems and provides a recommendation for the most appropriate methodology.

    2022-04-08
    pdf
  • In this paper, we present a methodology to derive component failure rate and failure mode data for mechanical components used in automation systems based on warranty and field failure data as well as expert opinion.

    2022-04-08
    pdf
  • Probabilistic calculations that are done to verify the integrity of a Safety Instrumented Function design require failure rate and failure mode data of all equipment including the mechanical devices. For many devices, such data is only available in industry databases where only failure rates are presented. The failure mode information is rare, if available at all. Many give up and just say 50% safe and 50% dangerous thinking this is conservative. In some cases this is not a conservative assumption. In other cases it can be an over-kill.

    2022-04-08
    pdf

FMEDA

  • Title
    Description
    Date Posted
    File Type
    Download
  • Failure rates predicted by Failure Modes Effects and Diagnostic Analysis (FMEDA) are compared to failure rates estimated from the Offshore Reliability Data (OREDA) project for sensor and valve assemblies.

    2022-04-08
    pdf
  • This white paper describes the distinction between failure rate prediction and estimation methods in general and then gives an overview of the procedures used to obtain dangerous failure rates for certain mechanical equipment using exida FMEDA predictions and OREDA estimations.

    2022-04-08
    pdf
  • The letters FMEDA form an acronym for “Failure Modes Effects and Diagnostic Analysis.” The name was given by Dr. William M. Goble in 1994 to describe a systematic analysis technique that had been in development since 1988 by engineers now at exida to obtain realistic, accurate reliability metrics that match field failure results. These metrics include device / product level failure rates, failure modes, diagnostic capability, proof test effectiveness, and useful life.

    2022-04-08
    pdf
  • Safety deviation is a term used in functional safety. Safety deviation (formerly safety accuracy) is the change in output due to (internal) component failures not analyzed in a Failure Modes, Effects, & Diagnostic Analysis (FMEDA). Safety accuracy is an input to the FMEDA analyst to advise the level of analysis detail for critical analog components. The term is defined, some of its history is described, the reasoning for its existence is given, and its application is presented.

    2022-04-08
    pdf

Functional Safety Certification

  • Title
    Description
    Date Posted
    File Type
    Download
  • This paper explains what a diagnostic test interval (DTI) is, how it is measured, and how it impacts the safety performance of a safety instrumented function (SIF).

    2022-04-08
    pdf
  • According to the basic functional safety standard IEC61508:2010 Part 2, when assessing the safety performance of a safety instrumented function (SIF) operating in high demand mode, full credit can be given for the positive effects of automatic self‐diagnostics (ASD) in SIF devices provided the frequency of ASD execution is 100 times (100X) or more the demand rate on the SIF and the SIF is configured to convert dangerous failures into safe failures via an automatic shutdown. However, no credit may be given for the positive safety effects of ASD if the frequency of ASD execution is less than 100X the demand rate.

    2022-04-08
    pdf
  • This paper explains how exida applies the requirements of IEC61508:2010 Route 2H to its process of certifying devices for use in safety applications.

    2022-04-08
    pdf
  • An updated version of IEC 61508, Functional Safety of Electrical/Electronic and Programmable Electronic Systems was issued in September 2010.  This Second Edition is generally thought to clarify common interpretations of the first edition and add some refinements that had accumulated in the ten years since the first edition. The fundamental concepts and requirements did not change.

    2022-04-08
    pdf
  • Electromagnetic Interference (EMI) is just one of the environmental stresses that can stop a system from performing its safety function. It is important for a functional safety system to be immune from the EMI levels that are likely to be present. Unlike other environmental stresses, like temperature and vibration, EMI is more difficult to sense and is more likely to be transitory. Still, the effects can be catastrophic.

    2022-04-08
    pdf
  • The exida IEC 61508 Certification Program was established in 2005 in response to demand primarily from end users in the process industries and manufacturers of instrumentation products. There was a need to provide a higher quality of technical expertise with effective and responsive service.

    2022-04-08
    pdf
  • This document is intended for readers who are familiar with the international safety standard IEC 61508 in general and with that document’s Part 7: Annex D in particular.

    2022-04-08
    pdf
  • International safety standard IEC 61508‐7 Annex D prescribes sampling sizes of safety critical software (SW) inputs needed to be consecutively processed correctly in order to ascertain that the SW meets a certain safety integrity level (SIL) with a certain statistical confidence level. The sample sizes in Annex D Table D.1 are derived from a Bernoulli sampling model which requires that the sampled inputs be uniformly distributed.

    2022-04-08
    pdf
  • In today’s world many potentially dangerous pieces of equipment are controlled by embedded software. This equipment includes cars, trains, airplanes, oil refineries, chemical processing plants, nuclear power plants and medical devices. As embedded software becomes more pervasive so too do the risks associated with it. As a result, the issue of software safety has become a very hot topic in recent years.

    2022-04-08
    pdf

Functional Safety Lifecycle

  • Title
    Description
    Date Posted
    File Type
    Download
  • According to the basic functional safety standard IEC61508:2010 Part 2, when assessing the safety performance of a safety instrumented function (SIF) operating in high demand mode, full credit can be given for the positive effects of automatic self‐diagnostics (ASD) in SIF devices provided the frequency of ASD execution is 100 times (100X) or more the demand rate on the SIF and the SIF is configured to convert dangerous failures into safe failures via an automatic shutdown. However, no credit may be given for the positive safety effects of ASD if the frequency of ASD execution is less than 100X the demand rate.

    2022-04-08
    pdf
  • This paper will discuss the impact of multiple initiating events on demand frequency, discuss methods to evaluate the effectiveness of IPLs, and determine which may be considered to reduce the demand on a Safety Instrumented Function (SIF) and Safety Integrity Level (SIL) targeting. Finally, the impact of demand frequency and proof test interval on SIF demand mode will be illustrated.

    2022-04-08
    pdf
  • The three constraints (systematic capability constraint, architectural constraint, and probabilistic performance metric constraint) that are implied by requirements per international safety standards IEC 61511 and IEC 61508 to determine the safety integrity level (SIL) of a safety instrumented function (SIF) are described and discussed. 
    2022-04-08
    pdf
  • This paper identifies the key variables that need to be included in a PFDavg calculation and provides some simplified equations showing the impact of most variables. An example showing two sets of variables reveals an entire SIL level difference in PFDavg calculation results.
    2022-04-08
    pdf
  • This paper will discuss some of the particular roadblocks found at the plant site in trying to meet Prior Use guidelines in the ISA84.01-2004 (IEC 61511 MOD.) standard. This paper will not discuss the process for assessing the equipment.
    2022-04-08
    pdf
  • The functional safety standards, IEC 61508, IEC 61511, and ANSI/ISA 84.01 each specify the Safety Integrity Level performance parameter for Safety Instrumented Functions. For a Safety Instrumented Function to meet a specific Safety Integrity Level the sum of the average Probability of Failure on Demand (PFDavg) of all components, part of that Safety Instrumented Function, needs to fall in the PFDavg bandwidth related to that Safety Integrity Level.
    2022-04-08
    pdf
  • Fault tolerant systems have been designed for safety critical applications including the protection of potentially dangerous industrial processes. These systems are typically evaluated and certified to functional safety standards with IEC 61508 by agencies like exida Certification.
    2022-04-08
    pdf
  • The ARC Advisory Group recently met with exida to discuss the our safety lifecycle management solution, exSILentia. The product is exida’s response to the pressing need for comprehensive safety lifecycle management tools to manage the increasingly mandated safety regulations and standards. End users across a variety of industries are rapidly recognizing the need for better solutions to manage safety systems to reduce compliance costs and risk.
    2022-04-08
    pdf
  • In this paper, the benefit of using exSILentia versus use of excel spreadsheets or other in-house tools is quantified. The intent is to show how users of the software reduce the number of engineering hours, and therefore dollars spent, for each safety lifecycle task.
    2022-04-08
    pdf
  • Accurate Modeling of Shared Components in High Reliability Applications
    2022-04-08
    pdf
  • A properly designed combination combustion control and combustion safeguarding system can enhance the Safety Lifecycle by reducing engineering, operations and maintenance errors and improve combustion safety.
    2022-04-08
    pdf
  • At first glance, one might assume that Liquified Natural Gas (LNG) processing is simply a compression and cooling process. Deeper observation reveals unique process challenges of flammable and explosible materials, high-pressure rotating equipment, and cryogenic conditions. This paper will highlight some of the project management and design concerns when working with packaged equipment through a study of some specific Safety Instrumented Function (SIF) examples.
    2022-04-08
    pdf
  • This paper will discuss some of the significant challenges that Operations and Maintenance teams face, and recommend techniques to incorporate as good engineering practices.
    2022-04-08
    pdf
  • The purpose of this paper is to provide managers with an overview of their role and responsibility with regards to Process and Functional Safety, as defined within the IEC61511 standard. Experience has shown that many companies management teams have little or no understanding of functional and/or process safety requirements.
    2022-04-08
    pdf
  • This paper outlines how KPIs based upon Leading and Lagging Indicators can help in maintaining performance and to help prevent potential future incidents from occurring. 
    2022-04-08
    pdf
  • This paper explains how process plants can benefit through proper and careful adoption of the IEC 61511 safety standard.
    2022-04-08
    pdf
  • The release of IEC 61508 2010 has led to several discussions on how certain new, updated, and unmodified definitions need to be interpreted. The controversy relates to the determination of the required minimum hardware fault tolerance / architectural constraints interpretation. This position paper explains the position that exida has taken with regard to this issue.

    2022-04-08
    pdf
  • This paper presents some common field failure analysis techniques, shows some of the limitations of the methods and describes important attributes of a good field failure data collection system.
    2022-04-08
    pdf
  • This paper discusses current industry practices around the determination and application of safe operating limits as established by a recent benchmark survey of over 150 safety practitioners from around the world.

    2022-04-08
    pdf

Operations & Maintenance

  • Title
    Description
    Date Posted
    File Type
    Download
  • This paper will discuss some of the significant challenges that Operations and Maintenance teams face, and recommend techniques to incorporate as good engineering practices.
    2022-04-08
    pdf
  • This paper introduces a benchmarking technique we call Predictive Analytics (PA).
    2022-04-08
    pdf
  • The purpose of this document is to report on our successful efforts to validate statistically certain random equipment failure rate data used in a mechanical parts failure rate and failure mode database and, by extension, to validate the techniques used to derive the data.
    2022-04-08
    pdf
  • In order to assign a SIL to equipment in low demand applications, we must be able to compute PFDavg. To compute PFDavg, we must first have a model for λD(t), the failure rate of the equipment in the dangerous failure mode.
    2022-04-08
    pdf
  • Safety Instrumented Systems (SIS) are designed to provide automatic protection functions. A typical design includes a sensor to detect the potentially dangerous condition, a safety PLC and a remote actuated valve capable of taking action to prevent an accident. In a well designed chemical plant the potentially dangerous conditions occur very infrequently. Hence these equipment sets may be idle for long periods of time and operate only once every few years. In such a situation failures of the equipment that prevent a safety response may go undetected for years without a periodic “proof test.”
    2022-04-08
    pdf
  • How can a company establish a baseline measurement of its safety culture against which to gauge improvement? The Site Safety Index (SSI) quantifies in part (on a scale of 0 – 4) the degree to which a company’s end-user practices support the attainment and retention of an appropriate safety culture for operations and maintenance. Further, the SSI can be used to appropriately adjust parameters that directly impact measures of safety such as probability of failure on demand (PFDavg). Thus, the impacts of safety culture can be further quantified and the effects of changes to safety culture can be assessed.
    2022-04-08
    pdf
  • This paper describes how the Site Safety Index (SSI) is used to adjust safety metrics, computed under the assumptions that human factors play no part in safety system performance, to reflect the effects of human factors on safety system performance on a site by site basis. 
    2022-04-08
    pdf