“When we talk about integration, it’s not the same as integration on the machine safety side, where the machine control can be combined and integrated into one element,” says Pietrzyk. In machine safety, a hazard is kinetic energy, motion—something that can cause motion. The right thing to do is bring it to a safe state and stop. In the process world, you have flammable elements, toxic components— things you don’t want to release into the environment. There is potential energy that can become kinetic, and the purpose of the SIS is to prevent that.
“What does integration mean to the customer?” asks Pietrzyk. When users are looking for tighter integration, they’re not looking to put all the eggs in one basket. They’re looking for common databases, common tools, and in some cases, common components. In the past, a separate and independent safety system was the standard, so components were required to be diverse.
“Today, that’s not necessarily the case,” says Pietrzyk. “Customers are looking for common components where it makes sense—power supplies and chassis, for example—but they wouldn’t use a SIL 3 certified component for what an uncertified component could do, because of the cost.”
A BPCS is always going to be tweaked; engineers are constantly changing algorithms and control strategies, adding instruments, or changing the process to improve it and hopefully gain a competitive advantage. So change, or the ability to make changes, is a requirement for process control.
“Conversely, “says Pietrzyk, “the SIS is not something that’s going to be changed at all because it has been validated. It’s certified. It’s gone through a proof test. So companies don’t make changes to a safety system the way they make changes to process control.”
Therefore, when it comes to common components, companies can use them where it makes sense (e.g., using a controller such as ControlLogix as the process control system, but because that component is SIL 1 and SIL 2 rated, using it only for SIS elements that need those requirements). They are also looking for ease of integration between the BPCS and SIS. Today, when a consumer products manufacturer buys a SIS, they want it to work and communicate easily with its BPCS, because it needs the data (i.e., information and alarms) from the SIS. So the need is for common networks, common databases, and also some common tools.
Before some of the newer standards evolved, the approach for meeting SIS requirements—if you had a SIL 3 or what was perceived as a high SIL application—was to use a very safe but very expensive TMR (Triple Modular Redundant) controller. “In effect, they’d throw a battleship at the application,” says Pietrzyk. That is a very expensive approach because of the native cost and that only part of the problem is solved with the logic solver.
Today the practice is to do more and more detailed risk analyses to reduce higher-level SIL requirements to more manageable ones. “The need for SIL 3 requirements has been diminishing, because people are taking a closer look at the requirements,” says Pietrzyk. “They’re finding out that what they thought was a SIL 3 really wasn’t, or that they can reduce the risk some other way, perhaps by using a relief valve, dike, or containment measure.”
According to Pietrzyk, implementing a SIL 3 controller doesn’t make the system any safer. It just makes the controller more reliable and fail-safe or fault-tolerant, as the case may be. Making the process safer or the process safety system safer has to include both the actuators and the sensors.
“So the trend now is to use the horsepower, risk reduction, equipment, and controls to reduce the risk to an acceptable level,” says Pietrzyk. By taking this holistic approach that includes a close analysis of the safety function, the application of technology is more precise and battleships aren’t used where skiffs are adequate.
Because many consumer product applications do not have the scale of industrial facilities such as refineries or chemical plants, companies are improving cost effectiveness through scalability. “That’s where new technologies such as AADvance and scalable technologies such as ControlLogix come to play,” says Pietrzyk. “This is an area where you don’t have thousands of I/O.”
As for common components, the mantra is to use them where they make sense, such as chassis, power supplies, networks, and in some cases, programming and development tools.
Does it make sense to use the same controller for BPCS and SIS systems? It does—when you can use the same costs effectively without losing the overriding requirements for the particular system. In the case of the BPCS, it offers flexibility and changeability; in the case of the SIS, security.
Pietrzyk traces the current emphasis on lifecycle support services back to the early 1990s, when market forces created corporate consolidation that drained internal systems expertise. “A lot of the guys with gray hair who knew how to run the processes retired,” he says. “They could help with safety analysis, risk assessment, and studies that identify hazards and operability problems.”
With this loss of knowledge assets, companies turned increasingly to vendors such as Rockwell Automation for support beyond implementation to training and maintenance over the life of a system. This trend has continued, with users looking to vendors for certified expertise on an ongoing basis.