Functional Safety: Protection Layers and Human Error

Questions and Answers

What was the primary issue with the IHLS?

It lacked a Functional Safety Management (FSM)

It had a faulty Hazard and Risk Analysis (H&RA)

It had an ineffective error culture

It required a padlock to retain its check lever in a working position (correct)

What is a key principle of process safety management?

Implementing a clear understanding of major accident risks and safety critical equipment (correct)

Reducing the number of Hazard and Risk Analysis (H&RA) executions

Removing pressure on staff and managers

Conducting frequent and effective assessments and audits

What was the consequence of the Deepwater Horizon Rig Accident?

The rig sank after 12 hours

11 people injured and 17 killed

A USD 10 billion relief fund was set up

11 people killed and 17 injured (correct)

What is a recommended approach to safety critical equipment?

Detecting signals of failure and responding to them quickly and effectively

What was the environmental consequence of the Deepwater Horizon Rig Accident?

A huge environmental pollution that lasted for 87 days

What is a key aspect of Functional Safety Management (FSM)?

Applying important process safety management principles

What was the duration of the fire on the Deepwater Horizon rig?

36 hours

What was the amount of the relief fund set up by BP?

USD 20 billion

What is the primary purpose of the Safety Integrity Level (SIL)?

To define the level of safety integrity required for a safety instrumented system (SIS).

How is the required SIL level determined?

Based on the severity of the potential hazard.

What is the role of the Safety Instrumented Function (SIF) in the safety system?

To directly mitigate the hazardous event.

Which of the following is an example of a technical requirement defined by SIL?

The average probability of failure on demand (PFDavg) for the SIS.

Which of the following is NOT a cause of human error as defined by IEC 61511-1?

Negligence

How does human error contribute to common cause failures?

All of the above.

How is the Risk Reduction Factor (RRF) related to the Probability of Failure on Demand (PFD)?

RRF is the ratio of the PFD before and after implementing the safety system.

Which of the following statements accurately reflects the relationship between hazard analysis and SIL?

Hazard analysis is used to determine the SIL level required for the safety system.

What is the primary purpose of protection layers in process safety?

To mitigate the effects of accidents and unintended events

Which layer is primarily responsible for providing active intervention during an emergency?

Safety Instrumented System (SIS)

Human error is categorized in hazard analysis as what type of failure?

Neither random nor systematic failure

What does the term 'process safety time' refer to?

The timeframe within which safety systems must respond to prevent incidents

Which of the following is an example of a passive protection layer?

Controlled relief valve

In the context of hazard analysis, what does a high-level alarm indicate?

An established safe operating limit has been exceeded

What type of protection layer involves human operator intervention?

Process control layer

What aspect should not be considered when evaluating systematic failures?

External environmental influences

Which protective device can be classified as an isolated protection layer?

Rupture disk

What is NOT a characteristic of the Safety Instrumented System (SIS)?

It prevents operator errors

Study Notes

Protection Layers (PL)

• Emergency response layer: Engages in plant emergency scenarios.
• Passive protection layer includes features like embankments and bunkers.
• Active protection layer features such as controlled relief valves and fire & gas (F&G) systems.
• Safety Instrumented System (SIS): Executes emergency shutdown actions.
• Alarm and operator intervention address process parameters out of control.
• Basic Process Control System (BPCS) manages normal process behavior.

Human Error

• Human error is categorized as neither random nor systematic failure.
• Acts of human error often lead to systematic failures.
• Recognized types of human error include mistakes, slips, and lapses.
• Human error can contribute to both common cause failures and security issues.

Deepwater Horizon Rig Accident

• Occurred on April 20, 2010, in the Gulf of Mexico.
• Resulted from hydrocarbon escape from the Macondo well, causing explosions and fire.
• Casualties included 11 fatalities and 17 injuries; a massive fire lasted 36 hours.
• Approximately 780 million liters of hydrocarbons leaked for 87 days, leading to significant environmental pollution.
• BP established a USD 20 billion relief fund in response.

Safety Integrity Level (SIL)

• SIL ranges from 1 to 4; higher levels indicate greater safety integrity.
• Required SIL is determined through hazard and risk analysis.
• SIL applies to Safety Instrumented Functions (SIF) within a Safety Instrumented System (SIS).
• SIL specifications include both technical (e.g., design parameters) and non-technical (e.g., independence in assessments) requirements.
• Defines target Probability of Failure on Demand (PFD) and Risk Reduction Factor (RRF).

Recommendations from Incident Analysis

• Implement key process safety management principles.
• Develop a comprehensive understanding of major accident risks and critical equipment.
• Quickly detect and respond to signals of failure in safety-critical equipment.
• Mitigate pressure on personnel and leadership.
• Conduct frequent and effective assessments and audits.

Description

Learn about protection layers, human error, and their impact on functional safety. Understand the difference between random failure and systematic failure.