Overwhelming as they were in many ways, hurricanes Katrina and Rita highlighted the inherent resilience of the chemical and oil-and-gas industries in the face of natural adversity. Although it might still take some time before all production facilities are up and running to their former capacities, the way most plants were safely shut down well in advance of the approaching storms reflects well, first, on their design and, second, on their operation. We know all too well what can be the consequences of failure in either as evidenced earlier in the year at BPs Texas City, Texas, refinery, for instance.
Assuming things will work when we want them to is, unfortunately, an all-too-common failing nowadays. Such is the reliability of most of our domestic appliances and services that we hardly need to repair anything around the home. Well before our refrigerator, television, stereo or, the most obvious example, computer starts showing its age, we generally have already traded it in for the latest model.
As recent Gulf Coast events showed, the chemical industry can certainly point to its own record on reliability but it does not indeed, cannot take such reliability for granted. For every process control system that was called upon to bring those plants down to a safe condition, there inevitably was a safety instrumented system (SIS) providing backup in case of any failure in the basic control system.
The SIS has become an important part of the traditional emergency shutdown (ESD) and fire-and-gas protection systems that are expected to have to work when all else, literally, fails. As discussed recently in CP, SISs are now subject to the wide-ranging IEC 61511 international standard (ANSI S84 in the U.S.), although this has not stifled the current debate among control system vendors and the traditional safety-system companies.
To put it altogether too simply no doubt, the debate centers on whether safety systems should be integrated into the process control system or should be physically separate from it, which has been the convention.
A flavor of the debate was to be found in a recent meeting I had with Bob Adamski, director of safety consulting with the Triconex division of Invensys Process Systems, Irvine, Calif. With 30 years operating experience of safety systems in the oil and petrochemical industries, and a contributing author to the ISA standard that was the forerunner to IEC 61511, Adamski questions the philosophy behind the current batch of integrated SISs from major distributed control system (DCS) companies.
In particular, he queries claims that these systems will still offer the physical separation of the traditional ESD systems that are based, admittedly like the Triconex systems, on triple modular redundancy (TMR) of the logic elements. Perhaps his views can best be summed up in the phrase proven systems, which he prefers to traditional or conventional to describe TMR systems.
For the moment, at least, such skepticism surrounding the latest integrated SISs is difficult to counter DCS companies seem more concerned at the moment about countering each others claims over whose system was certified to which standard at what time for the simple reason that TMR systems are, as Adamski says, undoubtedly proven in service.
Industry surveys, such as those of the ARC Advisory Group, Dedham, Mass., show a rising demand from operating companies for closer integration between their control and safety systems; so the tide does appear to be flowing one way. We must hope that the new breed of systems, for all their in-built self-diagnostics and certifications (and Adamski has some interesting views on that thorny issue, too) will prove as reliable as what now seem destined to really become the traditional systems.
Dr. Spear is editor of the U.K.s Process Engineering magazine.