Protection systems have been around for a long time, going back to having a canary in the mine, and throughout the Industrial Revolution; so they are not a new thing. Various stakeholders were involved in business enterprises: owners, suppliers, consumers, community members, and workers. Usually the business owners held the most power because of their financial stake. While owners had the financial risk, the workers risked much more, often their lives. But governments and industry groups stepped in to help workers avoid injury and death. More recently, in the last 50 years or so, risk analysis started to enter the equation. Monitoring systems were put in place to protect people and equipment. These systems were external to the basic process control equipment.
Safety Evolution – 1960’s
The first of these systems used hardwired relays and interlock systems, and appeared in the 60s. While they were in wide use, it was usually only employed where the need for avoiding catastrophe was the greatest. Electromechanical devices were mainly used because electronic systems were still expensive, large, and consumed a lot of energy.
Safety Evolution – 1970’s
As more solid state electronics became available in the 70s, they were integrated into the process control systems and protection systems. Solid state began to replace the old relay systems. Engineers began to think more about process hazards … what hazards existed and how they could be controlled. Although reliability seemed better at the outset, solid state systems were more complex, and had more complex failure modes. These failure modes were not well understood, and little failure history had yet been collected or analysed.
Safety Evolution – 1980’s
Availability of microprocessor systems in the late 1980’s led to more cost effective control systems: Programmable Logic Controllers… the modern PLC was invented! They were configurable to meet whatever the end-user had in mind. This is where diagnostic capability began to increase. However the software design techniques to make these systems work was not well-defined. Poor quality crept in. Industrial accidents were not decreasing, and may have been increasing because of the system complexity. To help address this, more effective risk analysis techniques were developed, like the HAZOP tool: Hazard and Operability analysis.
Safety Evolution – 1990’s
As we entered the 90s, Safety PLCs started to appear. Engineers started to investigate the risk by looking at systems at the lowest level and identifying failure modes and consequences. This occurred for both Hardware and Software.
Hardware Component failure rates, failure modes, and failure distributions were established for use in quantitative analysis. It was a very structured and systematic approach, and was based on sound probabilistic methods.
80/90’s Safety Design Process
Here is a summary design process for a SIS as a result of the work in the 80s and 90s. The activities on the left produced a deliverable on the right. These were formal activities and documents that were now available to review for future designs as well as system modifications. These were most often considered company proprietary processes, but many of these processes found widespread use as industry groups pushed for best practices and guidelines.
80/90’s Company Design Rules
The design process incorporated some prescriptive methods to deal with risk. In this example, if a serious injury or fatality could result from a system failure, it must be designed with 2oo3-voted transmitters and a safety rated PLC so a single failure does not prevent the safety function from operating when needed. In some cases this meant over-design and higher cost, but it was a conservative approach to safety.
Most Influential Documents
The diagram above makes reference to the “Application Class” AK6 from the old VDE 0801 German standard. This was perhaps the first functional safety standard available and was considered law in Germany. It became widely used in many other countries. Industry groups, like AIChE and ASME, also began to publish guidelines. ANSI/ISA 84 committee, along with VDE 0801, provided mush input for the IEC 61508 standard, first approved by vote in 1998.
The UK Health and Safety Executive guidelines and regulations also had some influence, and their studies of “accident causes” promoted the idea of a safety lifecycle.
So, while the evolutions we spoke about in the 60s to 90s were happening in the industry for control and safety systems, committees were busy trying to establish better guidelines and standards that could be followed.
Safety Evolution – 2000’s
By the 2000s, equipment intended for the safety applications were getting certified to the 61508 standard by third party agencies, like exida. This included the development process used to design the equipment as well as the project deliverables and equipment metrics. Certifications meant that the product user did not have to do so much work in analysing product failure risk… it was already done! The safety lifecycle, a graphic flowchart included in IEC 61508, was getting used! Design engineers were looking at failure modes and failure rates and mitigation steps to lower the risk of failure in their systems. Better diagnostic capability meant that the system could detect its own problems to a large degree, and put the system into a safe state to avoid an accident.
Safety Evolution – 2010’s
In 2010, the 2nd edition of 61508 was published. It filled some gaps that had remained in the 1st edition. It enhanced some areas of Functional Safety Management (FSM), like personnel competency, and strengthened the analysis and calculation of some metrics, like Safe Failure Fraction (SFF). HW technology and SW design process continued to improve and advance, but the safety lifecycle was still a key ingredient to provide mitigation for risk of failure.
By this time, exida was the dominant safety agency, providing more individual equipment certifications than any other agency. As part of the certification scheme, exida publishes this information on the SAEL webpage. This includes both certificate and assessment reports. We’ll even publish other agency certifications if they are available, so this webpage can offer ‘one stop shopping’ for those interested in certified products. It’s one of the ways we make safety easier.
Cybersecurity Evolution
No current discussion of functional safety would be complete without mentioning how cybersecurity has changed the playing field for Industrial Control Systems (or ICS). This was also an evolutionary journey from the 80s, when no one really thought about it, to today when it’s on everyone’s mind. Identifying vulnerabilities is a key to understanding the risk involved. By mid-2000s, ISA had a committee to draft the ISA99 standard, and this work ultimately was incorporated into the IEC 62443 standards.
exida has been and continues to be involved on cybersecurity committees.
Cybersecurity Evolution – 2010’s
When Stuxnet was discovered in 2010, it really made the process control industry take notice. No one had seriously considered the possibility of a configured control system getting hacked. It also prompted other industries to re-think ways that cybersecurity vulnerabilities could occur. A number of agencies, industry and user groups, businesses and even individuals gained a sense of urgency about protecting assets and information. There are a number of certification and proficiency programs that allow individuals to demonstrate their knowledge. exida offers such programs and more information appears on the webpage.
- NERC is North American Electric Reliability Commission.
- NEI is National Energy Institute
- ISA is International Society for Automation
- WIB is a process instrumentation evaluation- and assessment services group for user member companies, sponsored by the Process Automation Users' Association (mostly chemical and petroleum organizations)
Tagged as: Safe Failure Fraction John Yozallinas IEC 61508 Functional Safety Management Functional Safety