System response to safety transmitter signal error

Large and complex process facilities are dependent on a well-functioning safety and automation system for safe and reliable asset operations. It is the asset owner’s responsibility to ensure that all requirements for the individual safety barriers/-systems, and performance standards for the different safety barriers are taken into account. Safety instrumented systems (SIS) are specifically designed to protect personnel, asset and the environment by reducing the frequency or the impact severity of the credible hazard scenarios. On the other hand, a SIS may also cause spurious shutdowns and significant downtime. This is partly due to the “fail-safe” nature of subcomponents. In order to avoid downtime, asset operators must have a clear overview of the safety system and its responses/actions in case of a signal failure.

ORS has recently supported a client with the assessment of the preferred system response/action(s) upon signal failure between the safety transmitters and the safety system for an offshore asset. The main objective of the study was to review the current actions of safety transmitters failure in input/output (IO) cards on the final safety barrier, typically a shutdown valve or trip of rotating machinery.

As a part of the assessment, a workshop was also facilitated by ORS with participation of multiple specialists in order to evaluate the safest actions for IO failures either on a single IO transmitter, or on an IO card with several IO transmitters connected.

The intention of the workshop was twofold as following:

  • To review the desired response/action on a system level. I.e. what is the safest resulting action for the system/EUC in case of signal failure from multiple safety transmitters, e.g. due to loss of an IO card.

  • To review the desired response/action per safety transmitter upon signal failure from each individual safety transmitter.

This assignment has benefited our client in a way that they can strengthen their safety support as well as ensuring that all applicable requirements (ISO, NORSOK etc.) are adequately addressed in the design of the system response. Finally, this assessment has also provided valuable input on a detail level about the system actions/response to avoid unnecessary production downtime.