February 2018

Environment and Safety

Use your data to its full potential to prevent outages

In a process plant, the safety system is responsible for the protection of personnel, resources and the environment, by taking the plant to a safe state in the event of a fault. However, is the system capable of contributing more to the plant’s uptime and profitability?

Creef, B., HIMA Americas, Inc.

In a process plant, the safety system is responsible for the protection of personnel, resources and the environment, by taking the plant to a safe state in the event of a fault. However, is the system capable of contributing more to the plant’s uptime and profitability? Opportunities for modern safety systems to make such contributions do exist; they are based on the large amount of process, diagnostic and instrument data that these systems contain. If this data can be extracted in real time and converted into beneficial information, then it can be used to allow plant personnel to act quickly and confidently. This can reduce downtime, increase safety and potentially prevent outages. Safety systems can contribute to a plant’s efficiency and profitability. The following examines how these benefits can be achieved, specifically by using data related to sequence of events (SOE), critical alarms and diagnostics.

From safety to smart safety

During normal operations, a safety system continuously receives data from the process it is monitoring, but that data remains captive in the safety system. Only when a process parameter crosses a critical threshold does it act appropriately; shutting down the faulty process, diverting suspect product to a suitable waste storage facility and/or fulfilling any other programmed response. Production time is lost and product may be wasted, but the overriding consideration is that personnel, equipment and the environment have been protected. Those actions are the main functions of a safety system. By taking the programmed action when an event occurs, the safety system has accomplished its job of keeping the plant safe. However, at this point, all the data it has been collecting throughout the normal and abnormal phases of its operation is usually lost. Extracting this data to obtain the described productivity and safety benefits will add considerably to the value of any safety system, transforming it into a smart safety system that contributes to the profitability of the plant.

When an event occurs, the immediate concern is to understand what caused the shutdown, and to bring the plant back into operation. Almost every safety system has a first out indication, which means that the system stores information on the safety instrumented function (SIF) that triggered the shutdown. A smart safety system highlights the SIF that triggered the shutdown to help operators take quick action. This benefit allows plant personnel to move directly to the cause of the shutdown, correct the situation and get the unit back up and running as quickly as possible.

SOE and alarm rationalization

Once the plant is back in normal operation, the next question is: How did this happen? The smart safety system provides SOE data, which can be used to conduct a root cause analysis. Traditional safety systems can provide limited SOE, but this is difficult to configure and to use. In the smart safety solution, the SOE data is presented to the user and can be scrolled through and replayed so that the triggering event can be analyzed. This operation allows the user to decide on the necessary actions, and helps prevent the recurrence of this event in the future.

The smart safety solution also includes an alarm application. Every control room has an alarm screen, but they often track so many alarms that it is difficult for the operator to determine which alarms require action. For many years, users have struggled with alarm rationalization. Many companies have begun to develop priority alarm systems by segregating critical alarms from the myriad of alarms that are routinely generated. These systems assist the operator in knowing when an action is critical.

These critical process values often already exist in the safety system. A critical alarm system, fed by the safety system, fulfills several needs. The operator can clearly see critical alarms. The operator can use this information to prevent process upsets that can cause downtime. This can be done without the cost of creating a totally separate critical alarm system. While the level of diagnostics may vary, all safety systems constantly perform tests to ensure that the system is operating properly. If this information is available to the user, it is usually in the form of an error code. In the event of a detected fault, either in the safety system or in the sensors or actuators attached to it, the user receives an error code. Before a technician or engineer can begin to correct the issue, they must consult the documentation to interpret the error code. If that information is available, the user can immediately know the issue and it can be corrected more quickly to prevent or reduce downtime.

An intelligent safety system can eliminate this problem if it includes diagnostic software. This software can convert an error code into a human-language message that an operator can understand. As 95% of alarms are related to the failure of connected devices rather than to the safety system, the user will be able to begin a repair immediately. This speed of action can reduce or prevent downtime. Diagnostic software also allows for the further exploitation of the measured data. Engineers reviewing a fault message can drill down in the data to reveal more detailed information about the fault condition.

HART protocol

HART diagnostic information exists in almost all plant instrumentation. It is a powerful, information-rich protocol, yet safety systems typically do not use the information available from their connected sensors and actuators. The HART capability is more likely to be restricted to using handheld devices for configuration. The existence of the HART protocol can cause issues. First, there is a risk that a transmitter could be reconfigured. If that happens and the safety system is unaware, it can render the safety system ineffective and the plant unprotected. Every user implements passwords and/or dual inline package (DIP) switches that prevent such reconfiguration. However, can plant personnel rely on these measures?

If the HART information is used, it is often connected via a HART multiplexer to an asset management system (AMS). While this makes the information available to the user for maintenance and reliability purposes, it still leaves the safety system vulnerable since an operator at the AMS system can modify all devices connected to the AMS. The vulnerability of the safety system has been increased. These factors mean that HART-enabled instruments represent a risk to plant safety. However, these instruments are, and will remain, an integral part of most installations. This presents both a challenge and an opportunity for smart safety system design.

Is it possible to mitigate the risk posed by HART, while also benefiting from the information it carries? One solution lies in following a step-by-step approach. The first step is to allow data tunneling to the AMS, but to prevent the AMS from writing to an instrument unless permission is granted—this would be done on a point-by-point basis. However, this still leaves the possibility of unauthorized writing from a handheld device.

This risk can be countered by reading the HART information into the application of the safety system. The safety system will then receive a HART diagnostic message if an instrument is reconfigured. While it may be unaware of what the new configuration is, the system can take corrective action to prevent that reconfiguration from making the safety system ineffective.

This approach has multiple benefits. For example, HART diagnostics will flag if an instrument has a fault. The value of this information can be highlighted by the experience of a refiner where a safety system repeatedly detected a fault within the plant instrumentation that did not exist. The safety system initiated a series of shutdowns. Each event cost the refiner hundreds of thousands of dollars. These shutdowns could have been prevented if HART data had been available in the application program. Some instruments can also indicate when they are going to fail, so preemptive and/or preventive maintenance becomes possible. Additionally, instrument configuration data can be uploaded to a smart safety system, and then downloaded to a new instrument after installation. This ensures that the configuration remains consistent even after instruments are changed. Equipping safety systems to handle HART in this way is an attractive approach, as it provides protection from the protocol’s risks while unlocking its advantages.


Much valuable data is contained within plant safety systems. Previously, this data has not been readily available to users. A smart safety solution should be able to convert the data that exists—or could exist—in the safety system to actionable information to help prevent outages, reduce downtime, improve safety and security, and increase profitability. HP

The Author

Related Articles

From the Archive