Engineering designs for functional safety systems used in the process industry sector are typically thorough, detailed, and follow a stringent safety life-cycle process. In a non-digitized execution model, the valuable information needed to enable an efficient safety process is not always readily available.
Consider the following example: A refining plant has had an unplanned trip in one of its process units, and operations and maintenance personnel are looking to find and understand the cause. Upon investigation, they observe the activation of a high-temperature interlock in one of the distillation columns, but the root cause is not yet clear.
While management requires a restart to production immediately, the operations team needs to review the latest Process Hazard Analysis (PHA) report to understand what the associated risks are and assess the options available to restart production in a safe manner. The operations team does not have immediate access to the latest PHA but to make a timely decision, the operations team should consider the following:
- Was the process unit trip based on a real demand or a spurious trip?
- If they bypass the safety interlock, what is the risk gap that will be created?
- When was the last time all the instruments related to the safety interlock were calibrated?
- When was the last time a similar demand occurred?
- When was the last time the inputs to this safety interlock were bypassed and why?
Safety engineering and process automation companies see many operators frequently wrestle with these challenges. When the same situations are further considered, senior management may also want to know:
- How safe is the process unit in general?
- How many of the safety interlocks are in good working condition and how many have been bypassed?
- Are there recurring demands of safety interlocks that were not accounted for, and if so, why?
Functional safety standards may recommend a safety lifecycle to analyze process risks, design and implement Independent Protection Layers (IPLs) to mitigate risks, and maintain the IPLs during plant operations to manage potentially unmitigated risks.
The objective of the International Electrotechnical Commission (IEC) 61511 standard is to manage functional safety throughout the lifecycle. Traditionally, the engineering and operational data would be within disconnected software tools or documents. The aim of digitalization is to simplify the ability to manage the data, and not to produce stranded deliverables only reused every revalidation cycle. The benefit of digitizing the data management is to enable a sustainable design basis through which compliance to regulations can be quickly demonstrated at a moment’s notice.
Users can also access the data regardless of physical location, which allows for the sourcing of relevant data and the ability to access features like key performance indicators (KPIs). One way to meet these objectives is a comprehensive software toolset that can access and mine the data providing analytics and generating KPIs.
A digital twin is an example of a comprehensive software package that can import existing engineering documentation for any of the phases of the safety lifecycle, as well as have the capability to execute the steps of the safety lifecycle. Using the previous scenario, a digital twin would facilitate safety lifecycle implementation using features such as:
- Analysis modules such as Hazard and Operability (HAZOP) and Layer of Protection Analysis (LOPA) to examine the process unit’s risk and recommend IPLs to reduce the risk to acceptable levels.
- Engineering modules to design and implement IPLs such as Safety Integrity Level (SIL) calculation engine, cause and effect chart generation, and functional test plans to validate the Safety Instrumented Functions (SIF).
- Operational modules to consolidate relevant operational data related to the IPLs on a real-time basis including IPL demands with timestamps, stroke time of valves during a demand, time in bypass for each IPL, and others.
- Maintenance and inspection modules to record test results and “as-found” and “as-left” information for IPL components.
The digital twin produces a centralized platform to digitize the data, execute the life-cycle steps while providing user/role-based access for Process Safety, Functional Safety, Operations and Maintenance Engineers, and Management.
Why Digital Twins?
The digital twin provides a simplified and consistent method to realize the following benefits:
- Dashboards are generated by comparing design assumptions with operational data to generate relevant KPIs, which can be used to repair bad actors either in the running plant or on the drawing board. KPIs can be developed for normal plant operation and maintenance, management reporting, and incident investigation.
- All phases of the safety lifecycle are digitized and easily available for user access rather than document sets collecting dust in the classical method. Digitized and evergreen data also means that all the steps of the safety lifecycle are current.
- Creates and models offline “what-if” scenarios in any part of the safety lifecycle and sees the effect of a modification ripple down.
- Provides an automated interface to other industry design packages such as Computer Maintenance Management Systems (CMMSs). Automated interfacing helps reduce both systematic and human error in data transfer.
- Enables digitized data entry, which creates potential monetary savings through all phases of the lifecycle through man-hour reduction and improved data accuracy.
- Continually validates design assumptions to actual performance, which leads to enhanced confidence among all users for successful risk management.
The digital twin creates an ability to focus on the design rather than creating design deliverables. It seamlessly connects the basis of design to the source of truth (the operational performance of the IPLs) on a continuous basis allowing generation of real-time KPIs.
—Jason Urso is Chief Technology Officer with Honeywell Process Solutions.