The different functional safety guides and standards such as IEC61508/511, which impose formal schemes for the safety instrumented functions (SIF), have brought significant safety gains to the process industry over the last 30 years.
Still, we can observe a drift in the application of those standards, which often leads to increased costs, loss of operability, and, more worrying, a false perception of reduction of process incident risk.
Use of too few instrumented safety loops can be insufficient to “compensate” the low reliability of human actions as there are insufficient checks to reliably identify deviations.
But use of too many instrumented safety loops can compromise the operability of a plant. A classical consequence is that the operators will end up bypassing the serious injury or fatality (SIF) that is spuriously tripping too often, leading to a shutdown of the unit. We often see that for explosion suppressors, which ultimately question the very reason for selecting, installing, and maintaining them.
Too many SIFs also increase the likelihood that some (or many) will be poorly or too rarely tested, leading to risk reduction factors (RFF) much smaller that what was thought and specified.
In some cases, the SIF is used to operate the process in the “redzone” instead of the SIF being the ultimate barrier. It is common to see operators waiting for the high-level trip when filling a tank. This turns the high-level trip into an operational control rather than a safety barrier. One day, the safety loop will fail and the tank will overfill.
Use of too many SIFs contribute to an overflow of data in the control room, which has become such an issue that it is has led to a new discipline: alarm management. Operators are flooded by alarms from the automatic systems, and this obviously compromises their ability to pay attention to the important and critical ones.
Overall it is not uncommon to see these elements leading to smaller installed RFFs (and thus higher risks of (major) accidents) than thought by management or even tolerated by corporate policies.
The causes of this situation are multi-fold, but one is linked to the fact that too many organisations leave this topic to the maintenance department because it revolves around sensors, transmitters, actuators, etc. Functional safety is by definition a topic for all and getting it right requires strong process safety competence. This is critical to optimize safety investments and orientate them to barriers and controls with the most impact on process risk reduction.