Safety World Tour vol.2
Safety Loops in Industrial Processes
Hello, everybody. I’m Maxima from the Global Safety Solutions Center.
This second round of my essay is about safety loops.
Similarly to process control loops, there are three fundamental elements in safety loops, which are SEE, KNOW, and ACT. In the IEC* standards, safety systems must be independent of control systems. If a control loop component were to be shared with the safety loop, its failure could lead to a process control malfunction and an inability to perform a safety shutdown.
Therefore, the IEC requires emergency shutdown systems to have unique elements separate from the control systems. Transmitters and switches are adopted to SEE, logic solvers to KNOW, and emergency shutdown valves to ACT. Unless these components are healthy and function as designed, the safety of the loop cannot be guaranteed. This is often expressed as “Safety is pipe to pipe.” The following drawing shows the simple idea of this “pipe to pipe.”
IEC has established the Safety Integrity Level (SIL) as a standard reference item in process safety management. The SIL varies from SIL1 to SIL4, and a higher number implies that there are greater risks in the loop. The SIL is determined for individual loops by quantitatively investigating the implicit risks according to the process characteristics and the facility design.
A HAZOP study is done to assess the risk level. Plant owners are requested to organize the HAZOP study to determine the SIL level by identifying possible human, asset, and economic risks, then design the safety loops to meet the required level of risk management.
A higher SIL number covers all the risks of the lower SIL numbers. If the risk is considered higher than SIL4, the IEC recommends that the process (facility) be reconsidered, as it may be too dangerous. For instance, a large-scale facility could be distributed among smaller scale facilities.
At the same time, applying SIL4 when nobody really knows where the risks are seems absurd. It is something like wearing a space suit to ride a bicycle because you don’t know what dangers you may encounter.
The most important issue here is to clarify where potential risks exist, and to apply appropriate countermeasures. Otherwise, you may end up doing nothing about high risks or make an excessive investment for something that is not harmful.
By the way, what are the hazards in your home? There are things like gas appliances, water and sewage related systems, furniture, nearby buildings, and other things all around you. The risk evaluation changes when we start thinking about the risks of earthquakes. It also depends where your house is built, and on the makeup of your family.
We have to have appropriate and sufficient measures against predictable risks, make sure that the designed measures will function when the need arises, and check them periodically.
I visited my grandparents’ house when I was a child. While I was playing there I fell off a terrace and into their yard because the handrail was rusted. Don’t you have similar experiences? The fundamental thought in industrial process safety is not too far from it.
IEC safety standards can be described as follows: SIL0 (risk lower than SIL1) is “tolerable risk”; SIL1 is “countermeasure recommended”; SIL2 is “good countermeasure against the risk is required”; SIL3 is “appropriate countermeasure required”; and SIL4 is “unable to maintain safety without countermeasures.”
This interpretation is not sufficient to explain what the SIL in the IEC standards exactly defines quantitatively. We still need to understand what the SIL means in terms of the safety loop, select appropriate components (sensors, control valves, etc.) to meet the classified safety level, and realize a safety system that complies with the targeted SIL. This is what the IEC really asks you to do.
Yokogawa offers sensors to SEE and logic solvers to KNOW that are certified to meet the IEC’s requirement for use in a safety system. Our industrial sensors provide highly capable self-diagnostic functions as a standard feature and many of them are SIL2 certified for single use and SIL3 certified for redundant use. Our ProSafe-RS logic solver is SIL3 certified, covering all the SILs required for the safe operation of ordinary industrial processes.
We also offer a ProSafe-SLS logic solver with SIL4 certifications, which is required for extreme high pressure HIPPS applications (e.g. wellheads in offshore fields).
Our latest logic solver, the ProSafe-RS, has been ordered in more than 300 projects since its introduction to the market just three years ago, and more than a half of these systems are already in operation.
Lastly but not least, when we refer to an SIL3 certified logic solver, it means the system can be applied to loops that are up to SIL3; it does not mean that the whole plant is covered under SIL3 safety. In order to make the entire plant safe, it is necessary to allocate sensor and control valve safety components per the designed safety loops at the targeted SIL.
The IEC also standardizes checkpoints in various engineering processes for designing and configuring safety systems. Next time, I would like to talk about the safety lifecycle and functional safety as they relate to these engineering processes.
*International Electrotechnical Commission
Gourmet@France
I recently made a business trip to France. After I finished my job in Lyons, my colleagues and I drove three hours to Marseilles, and dined there at a restaurant that is popular with locals. It was on a hill overlooking a bay. 
I had an appetizer that was a local specialty. A tiny octopus was
boiled and sautéed with garlic in olive oil. It was extremely
delicious.
I asked if it was baby octopus, but the answer was negative.
The size was tiny but it was a "mature"octopus.
I thought it was like ProSafe-RS, which is small in size but full of
valuable functions.
On top of the octopus was something like a pastry or crisp pie
crust and they were delicious together. As an amuse bouche,
they served a small escargot baked inside a small tart, which also was rather amusing. I ordered white fish for the main course and this was served in a rich French sauce.
I certainly enjoyed the fromage along with some good French wines. All of us enjoyed the dinner and our friendly conservation about safety topics. But business hours were over and we loosened our ties.
At the end of my trip, I had an opportunity to go to a Japanese restaurant in Paris. We invited our safety system customers to a sushi bar there and one of them tried this for the first time.
When I pointed out the "green Japanese mustard" to him, he swallowed it in one gulp! Alas!
Facing an "unknown risk", he downed his miso soup without stopping once for air. I noticed then that even soup could be used to fight a fire! 
Here's the sushi platter I had. Parisians love salmon and sushi platters always come with it. A Japanese sushi master prepared it.
It wasn't cheap, but it was quite tasty.
