March

2017

HYDROCARBON

ENGINEERING

102

competence of those involved, etc. At this stage, great

care is taken when verifying the competency of those

involved, as required by Edition 2 of the IEC-61508

standard.

Site validation

There is no reason to assume that the need for

competency checks reduces the availability of when the

system goes to site. Multiple suppliers have their

equipment shipped to site, where the safety and control

cabinets are manoeuvred into equipment rooms,

connected, and powered up. Equipment room floors are

open to allow cables to be laid, although the power

supply is not always guaranteed. The situation may be

best recognised as ‘chaotic’. Wiremen, engineers,

commissioning engineers, systems integrator supervisors

and co-ordinators, end-user operators and technicians

are all present, and all require attention.

Normally, however, the overall installation is validated

and started up, with a typical duration from HAZOP to an

overall site validation of four or five years. For the majority

of this time the requirement for competent personnel is

fulfilled, although at this stage there is no ‘live’ danger

from the process.

After the overall site validation is completed by

personnel who (depending on the highest SIL level) are

independent, a statement that verifies that the system is

ready to be started up (Figure 1) is formally handed over to

the end-user.

Operational phase

At this point the hazards are introduced, which is the most

dangerous phase of the project. Engineers may predict

how a process will behave, but to really experience how it

behaves it has to be started up for the first time. Now, the

end-users from the site become more involved. They will

remain with the system after all the suppliers and

contractors have left, when the system is operational and

the dust has cleared. This operational phase may last for

15, 20 or 25 years, and will only be interrupted by planned

shutdowns.

During the overall site validation, attention would

have been paid to the personnel involved and, assuming a

pro-active auditor, to the competence of the site staff.

However, the IEC-61508 standard clearly dictates that

‘(re)training and (re)assessing’ is required. So, do the

personnel involved on site actually obtain all the

background information about functional safety? Do they

understand that this is a system that will protect them,

the environment and the process installation? Or will

they only see it as a limitation for system availability?

Much attention is paid to competency during the SIS

realisation phase (five years), but not enough is paid to

competency during the operational phase (20 years or

more).

Training for the operational phase

TÜV Rheinland recognised this situation and asked the

various course providers to set up a training programme,

especially for the people involved in the operational

Figure 1.

Typical onshore installations involving

functional safety systems.

Figure 2.

Overall safety lifecycle stages: (a) to

IEC-61508 and (b) to IEC-61511.

a)

b)