Way 4 also includes some comments by yours truly, so I guess maybe I am doing a little self-promotion!
Here is the 4th installment********************
Redundancy is not equivalent to safety, and safety does not require redundancy. “People get the two confused,” laments ABB’s Huffman. “People get locked into thinking that if they’re going to have a safety system, it has to have full logic solver redundancy, often to 3x or 4x levels, in order to be safe.” That means they have to invest in a second set of equipment that is going to require regular testing and maintenance, and if all goes well they’re never going to use it.
“It’s not a true statement” Huffman says. “You can have single-element safety systems that can be certified up to SIL 3 levels.”
When a single-processor system detects a process problem that justifies tripping the plant, then it’s designed to lead the plant through a safe shutdown. In the case of an internal fault, it will also shut down the process safely, per SIL 3 safety requirements.
“In that case,” Huffman says, “I’ve lost the process, not because of a process problem, but because of a fault in the system. If you want to keep the process running, then redundancy is a matter of maintaining uptime, but not process safety.”
Sometimes, keeping the process running is important for personnel safety, Huffman says, because certain startups and shutdowns can put people at risk. But that’s a different decision than the process safety itself.
Huffman’s point is that companies pay for logic solver redundancy in cases where the investment might have more impact elsewhere, whether in other areas of safety or in operating efficiency.
His recommendation is that companies pay to put at least one person, who is respected at the executive level, through some level of basic safety education, such as the ISA’s EC50 course on Safety Instrumented Systems (SIS). Then use that education as part of the decision-making process around investments in safety and process automation. Having this knowledge can help with making system selections based on key performance requirements rather than the redundancy architecture of the logic solvers.
Check back next week for the fifthof the five ways. And as always, we look forward to your comments.