September 2017

Environment and Safety

Safety in design during I&C engineering

After process engineers complete their preliminary documents—process flow diagrams; material and energy balances; piping and instrumentation diagrams (P&IDs); process control philosophy; identification of the hazardous nature of raw materials, chemicals, byproducts and final products; process equipment layout drawings (plan and elevation); and unit plot plans—those documents are issued to engineers of other disciplines.

Kunte, V. A., Agarwal, S., TATA Consulting Engineers Ltd.

After process engineers complete their preliminary documents—process flow diagrams; material and energy balances; piping and instrumentation diagrams (P&IDs); process control philosophy; identification of the hazardous nature of raw materials, chemicals, byproducts and final products; process equipment layout drawings (plan and elevation); and unit plot plans—those documents are issued to engineers of other disciplines.

These engineers then become more involved in the design phase from their respective engineering points of view, and add value to these basic documents by including various safety design features to finalize them for further engineering.1

Whenever one speaks of safety, the first things that normally come to anyone’s mind are the safety precautions and personal protective equipment (PPE) being used during site construction and operation. However, various safety features must be incorporated by the design engineers during the conceptual, basic and detailed design development stages of the project. Some practical examples of safety features that need to be built into these design stages during instrumentation and control (I&C) engineering are discussed in this article. These features are based on codes and standards, good engineering practices and experience. I&C engineers need to work with the goal of improving:

  • Operational efficiency
  • Optimization
  • Stability
  • Plant reliability
  • Safety
  • Operational continuity.

What is safety in design?

Safety in design is the mitigation of identified risks and hazards early in basic and detailed design processes that will enable the plant to operate safely and reliably throughout its lifetime. Safety in design encompasses all components and aspects of plants, including layouts, materials, equipment, tools, controls, construction, products and environment.

The approach toward safety in design begins at the conceptual, basic and planning stages of a project, with a focus on the selection of the design, manufacturing and construction processes to enhance the safety of the plant and personnel. The design team must ensure that safety is embedded in every phase of the lifecycle of the project.

Role of I&C engineers

I&C engineers have an important role to play in all fields where there is automation. I&C engineers automate the processes, thus improving productivity, reducing the involvement of personnel and the possibility of inadvertent manual mistakes while improving data acquisition, reliability and trending patterns, which help in the creation of better and safer process control.

The I&C system plays an important role in plant safety. I&C engineers have to keep the process systems operating within their designed operating envelope or safe operating limits (SOL), as specified by the process engineer.

The process must be kept within its SOL for two reasons. The first reason is to ensure the welfare of operators and other persons who might be exposed to the hazardous materials. The second reason is to meet production targets and maintain financial profitability. In any petroleum, petrochemical or other chemical industry, I&C requires accurate measurement and control of key process parameters such as flow, pressure, level and temperature. Apart from this, analytical instruments are also required for online measurement of key process parameters, such as concentration of a particular component in process fluid based on which suitable control action can be taken for the safe and desired operation of the process.

Considering the aforementioned, I&C engineers must attend to the following aspects:

  • System dynamics
  • Process control
  • Control system development, including emergency shutdown (ESD) systems.

Some of the attributes necessary for I&C engineers to achieve the above aspects are indicated here, along with a few examples.

Knowledge of standards and industry practices

Design engineers are required to be familiar with the various requirements of standards and industry-specific practices (TABLE 1). These help ensure safety from the design stage onward, so risks are as low as reasonably practicable.

Hazardous area classification

Hazardous area classification drawings are among the most important documents for I&C design. To avoid any unsafe event and/or damage to personnel and/or property, it is mandatory to consider a hazardous area classification while selecting field instruments, junction boxes and control systems.

For hazardous areas of a process plant, the field instruments and junction boxes are specified as either explosion-proof or intrinsically safe for the area of hazardous classification. For intrinsically safe instruments, suitable barriers are provided at the control system end to limit the energy, avoiding generating sparks in the field. Explosion-proof instruments and junction boxes are provided so that energy is contained within the instrument/junction box to avoid explosions.

Safety in process engineering

To ensure the safety of a plant, personnel and the environment, an I&C engineer must understand, follow and implement various design considerations. I&C engineers need to study P&IDs thoroughly; understand the basic process control philosophy, process requirements and interlocks; and include suitable I&C features in P&IDs, ESD philosophies and other basic documents. Some common examples of safety in design envisaged by I&C engineers during process engineering include:

  • Providing the proper sizing calculations in pressurized and atmospheric storage tanks/vessels for safety relief valves, pressure/vaccuum relief valves (PVRV), rupture discs and emergency vents. Pressure transmitters with the proper type of process connection should be provided to reliably monitor pressure and generate alarms/tripping signals.
  • Safety integrated level (SIL)-rated and fire-safe remote operated shutoff valves (ROSOVs) should be provided for hydrocarbon storage tanks to isolate the tanks in case of a gas leak or fire. A dedicated level switch is provided to detect high-high levels and automatically close the ROSOV.
  • A fire-safe box should be provided to enclose the ESD valves to ensure that they operate even during a fire.
  • Control valves should be provided with a volume bottle to ensure that these valves achieve a fail-safe position in the required closing time under air-failure conditions.
  • Thermal relief valves (TRVs) should be provided if a line filled with fluid with low-vaporization temperature is likely to have a blocked outlet and is expected to receive heat to avoid damage of the line due to overpressurization.
  • In addition to a plant’s distributed control system (DCS) and programmable logic controller (PLC), an independent SIL-rated PLC ESD should be provided to ensure safe shutdown of a plant in case of emergency.
  • Control logics should be programmed into the DCS and PLC based on cause and effect and logic diagrams to ensure safe process performance. Moreover, alarms with guidance messages are provided, which also contribute to the safety of the plant and operator.
  • Actuated valves should be designed to automatically achieve a fail-safe position in case of air or power failures.
  • Fire and gas detectors should be provided to detect fire and gas leakage, and provide alarms for the operator to initiate prompt action.
  • Wake frequency calculations should be carried out to finalize insertion length of a temperature element; this, in turn, avoids breakage of a temperature element due to high pressure and velocity in the process.
  • Pull-chord switches should be provided along the conveyors, so that the conveyor can be stopped in case of any emergency.
  • For tank truck filling loading arms, an overfill detection switch, an earthing relay for the tanker and a switch for the loading arm in position should be provided for safe filling of tankers.
  • Designing redundant configurations for field instruments, such as 1 out of 2 (1oo2), or 2 out of 3 (2oo3), as per process safety requirements.

Based on the inputs from the I&C engineer, the process engineer can revise the process engineering basic documents mentioned.

Safety in instrumentation system design

Upon receipt of the preliminary basic engineering documents from a process engineer, the I&C engineer also initiates instrumentation design activities, such as the selection of the type of control systems (DCS, PLC, ESD, and fire and gas); the value for the mean time between failures (MTBF); and the value for the mean time between repairs (MTBR). Past track records (PTRs) and redundancy requirements are suitably checked and specified, and selections are made for field instruments, cables, junction boxes, tubing and fittings, and appropriate I&C systems that play key roles in the safe and efficient operation of the process. One wrong selection of an I&C component can cause major catastrophe in a plant.

Inputs for safe I&C system design and procurement

Based on the basic details provided by the process engineers and the mechanical and piping engineers, I&C engineers initiate the development of specifications for various I&C equipment and hardware. Some of the basic inputs that I&C engineers must take into consideration include: process data (i.e., temperature, pressure, flow and density), the type of process, the type of fluid (explosive/toxic), hazardous area classifications (ATEX/FM/UL/PESO approvals), environmental conditions, the mounting location, line size and process connection details, and piping material specifications.

Further in the selection of a proper I&C system, close examination during the procurement phase is equally important for a safe and efficient operation of the process. To ensure the quality and reliability of the I&C system, it is necessary to evaluate, short-list and select a competent supplier; prepare a quality assurance plan (QAP); and carry out intermediate/final-stage inspections and testing. It is worth noting that a single, poor-quality instrument can lead to a major safety hazard.

Safety in general I&C engineering

Various safety features are generally adopted to ensure safe operations and functioning instrumentation and control systems. These features are generally termed as good engineering practices and often go unnoticed. However, all of these features play a major role in the safe and efficient operation of a plant. These features are also important for safe operation for the complete designed lifecycle of a plant:

  • Appropriate process connections are provided for instruments to avoid leakage of corrosive or hazardous process fluids.
  • Instrumentation low-voltage signal cables are laid at a safe distance from electrical cables to avoid electromagnetic interference; otherwise, it will cause inadvertent tripping and can lead to unsafe process conditions.
  • For hydrocarbon tank terminals, the branch cables from ROSOVs to junction boxes mounted outside dykes should be fire-survival cables; hence, in case of a fire in the dyke, the cable can withstand the fire for a certain period and ensure closure of the ROSOV.
  • For hydrocarbon storage tanks, SIL-rated and fire-safe ROSOVs should be provided to ensure isolation of the tank during ESD.
  • The cable trays, junction boxes and local panels should be suitably grounded to avoid electric shock to plant personnel and provide safe operation of the equipment.
  • Lightning protection units should be provided near field instruments to protect them from high-voltage lightning strikes.
  • Surge protectors should be provided in the power circuit so the instruments can be protected from high-voltage surges.
  • Dual/triple/quadruple redundancies should be provided in the control system to ensure its availability during emergency conditions.
  • A hardwired console should be provided in the control room with emergency push buttons for operating the shutdown valves quickly during emergency conditions.
  • Instruments such as analyzers must be located near the process tapping so that process samples do not travel long distances, which avoids lag in process measurements. It also reduces the chance of leakage and damage to sample lines.
  • The control valves should be generally located in horizontal lines to ensure efficient performance of control valves. Care must be taken in the orientation of control valves to ensure proper access to the positioner, hand wheel, solenoid valves, etc.
  • Straight runs should be maintained in the upstream and downstream of a flowmeter to achieve the desired accuracy, as per process requirements.
  • Various aspects must be considered while designing cable tray routing, as well as junction box and instrument layouts. In general, I&C cables carry low-voltage signals, and proper care must be taken to protect the cables from physical damage and electromagnetic interference, as well as ensure easy accessibility for maintenance. The instrument cable trays must be located away from hot surfaces and electrical power cables, and not be located below pipes.
  • Junction boxes and field instruments should be located where ease of operation exists, and where the risk of damage due to leakage from process equipment or pipes is low. They should also be located away from hot surfaces. Proper design of the cable tray, field instrument and junction box layouts enhances the safety and availability of a plant.
  • Access platforms should be provided for safe operation and maintenance of instruments in the field.
  • Spare cable entries should be plugged to avoid ingress of hazardous/toxic gases. Cable entries are always located at the bottom and sides of the junction boxes to avoid entry of rainwater.

SIL identification and implementation

Once the P&IDs are developed, they are subjected to a hazard and operability (HAZOP) study. Both process and operational safety are ensured by taking adequate measures as per the outcome of the HAZOP study, during which the critical process control closed loops that can cause process disturbances or unsafe operations are identified, and these critical loops are taken up for the SIL identification study.

SIL is defined as a relative level of risk reduction provided by a safety function. SIL is determined based on a number of quantitative factors in combination with qualitative factors as defined in IEC 61508 and IEC 61511 standards. A safety instrumented system (SIS) is one of the most important layers of protection against accidents and hazards in the process industries. Based on the SIL identification study, the SIL level for each critical loop is identified. Safety requirement specifications are prepared, and before finalizing procurement and implementation at the site, SIL verification of the identified SIL level is carried out, as per IEC 61508. Furthermore, SIL validation is carried out at the site for all SIL-certified loops.

Human factors engineering (HFE)

Many human factors need to be considered while designing I&C systems, as some of these factors may also lead to unsafe operations or failures. Examples include:

  • ESD systems must be designed as failsafe, and ESD valves must be designed so that they are energized to open. If cables are damaged during excavation, then the power supply to ESD valves will be lost and the valves will close or open, as per process requirements.
  • The control system’s input/output (I/O) channels must be provided with proper isolation to avoid damage of I/O channels in the case of a short circuit occurring during maintenance work by plant personnel.
  • Control rooms must be ergonomically designed to ensure ease of operation, and to include proper visibility of the complete process information, as well as to keep temperature, humidity and illumination levels regulated for the comfort of operators. The height of the operator stations and provision of adjustable chairs must also be included.
  • Adequate alarms should be provided as reminders to operators and maintenance staff so that equipment and interlocks, which are bypassed or taken out during maintenance, are put back into service.
  • A preventive maintenance system should be adopted to provide reminders to the maintenance team about the equipment that is due for maintenance.

3D modeling

Most plants are now designed using 3D modeling. The suitable selection of the location and modeling of various instrumentation items, such as cable trays, junction boxes and inline instruments (flowmeters, control valves, on-off valves, PRVs, field instruments, etc.) must be carried out with safety, accessibility and efficient operation in mind.

The 3D model is reviewed by an I&C engineer at 30%, 60% and 90% completion of the model. The I&C engineer must verify all safety aspects during the review of the model.

During each review, details that should be considered include the space provided around the instruments, control valves and on-off valves for ease of accessibility during operation and maintenance; straight-distance requirements for flowmeters; and locations of junction boxes and field instruments.

Safety aspects during installation of an I&C system

Although this article focuses on safety in design, safety aspects must be followed during installation and commissioning to ensure the safety and availability of a system. Examples include:

  • Personal protective equipment (PPE) should be used during erection and commissioning at the site.
  • The materials received at the site must be verified with design documents to ensure compliance with the design.
  • Proper sequencing of various activities during installation will ensure that the instruments are not damaged or disturbed, and that they perform as designed.
  • Proper care should be taken during calibration and loop checking to ensure that the right instrument is connected to the right destination, and provides the correct information at the assigned locations.


Many safety aspects should be included during the design of an I&C system for process plants. For an experienced engineer, these examples may look so common and obvious that they are not worth mentioning, as they are amalgamated with the routine design.

Consideration of safety aspects for the design and specification of instruments is important for the safety of the process, and any ignorance of these aspects may lead to a major disaster in the plant. HP


  1. Ralph King and Ron Hirst, Safety in the Process Industries, 2nd Ed., 1998.

The Authors

From the Archive



{{ error }}
{{ comment.comment.Name }} • {{ comment.timeAgo }}
{{ comment.comment.Text }}