Subscribe and listen to AW’s podcast!
Subscribe and listen to the Automation World Gets Your Questions Answered podcast!
Listen Here

Integrating Safety and Control in a Digital World

The blending of safety and control systems is still the major thrust of process safety developments after a decade of progressive integration.

Aw 5120 Process01

The major trend in process safety continues to be the integration of safety and control systems. The advantages of user ease and cost savings still outweigh concerns about the “church and state” divisions between safety and control that are necessary to make sure neither system is corrupted by the needs of the other. Many believe standards from the International Electrotechnical Commission (IEC) such as IEC 61508 (Functional Safety of Electronic Safety-related Systems) and IEC 61511 (Functional Safety: Safety Instrumented Systems) have effectively ended the safety questions about integration. But others in the process industry warn that safety and control have become too close for comfort. Meanwhile, terrorism and cybersecurity have moved onto the process safety stage, making the landscape more complicated.

In the vendor and end user communities, integration of safety and control systems is gaining steam. “There is a trend to look favorably on tighter integration between safety and process control,” says Ged Farnaby, manager for safety systems at ABB North America, in Norwalk, Conn. “Some customers like the traditional barrier between safety and process control, but overall, we’re seeing greater integration.”

One of the reasons for increased acceptance of using safety systems that are on the same vendor platform as the control systems is that plant systems have become more sophisticated. Digital technology is at the heart of these advances. “Messy and risky integration schemes of the past are being replaced with technologies that are natively designed to provide simple, effective and reliable integration of the control and safety systems,” says Duncan Schleiss, vice president of process systems for Emerson Process Management, in Austin, Texas. “Digital communication is the enabler from the ground up, providing health diagnostics within the smart field devices, and then enabling networks of field devices to send data on to the plant-wide network.”

Digital improvements

Schleiss believes the widespread adoption of digital-based systems has significantly improved overall plant safety. “Digital plant architecture is providing smart safety technology that enables users to implement safer plants,” says Schleiss. “Digital technology enables centralized operations and maintenance that help operators minimize trips and helps maintenance reduce risky visits to the field. It also enables online instrument diagnostics and partial stroke valve testing to ensure that passive components are ready to act when needed, and it also provides modular logic solvers that reduce the impact of any single failure and enable appropriate redundancy only where it is needed to protect plant availability.” Digital technology has also provided a data backbone that allows plants to run the duel functions of safety and control on the same backbone of wires and software.

International standards such as IEC 61508 and its later spawn, IEC 61511, have given plant managers the confidence to integrate safety systems with control. The standards separate the function of safety from the function of control. Once this clear firewall is established, plants can integrate the information flow, since it’s being used for distinct functions. Because the functions of safety and control are discrete—per the IEC standards—the possibility of mixing safety and control is greatly reduced.

“Following the world standards of IEC 61508 and IEC 61511, the safety instrumented function needs to be separated from the control function,” says Jan de Breet, technical consultant, safety systems, at Yokogawa Corp. of America, in Houston. “So where the functions are separated, the information can be integrated, since the information is not part of the safety loop.”

de Breet believes this distinction, provided by the standards, sufficiently ends the concern over integrating safety and control. “I don’t think that safety and control functionality will be integrated in one system in the future,” says de Breet. “The separation is not only because of the standards, which do not permit it, but because the functionality of the two is too different.”

The integration of safety and control systems has made continual progress over the past decade for a few simple and compelling reasons: it’s cheaper, it’s more efficient and it cuts down on personnel and training costs. With constant pressure from the need to run a more efficient system with fewer resources, the temptations of integration are irresistible. Plus, the major safety and control system vendors are ready and eager to deliver safety and control systems in combined packages. So adopting an integrated safety and control system is quite easy. “All of the costs of engineering are reduced if you go in the integration direction,” says Asish Ghosh, research director of batch and safety systems at ARC Advisory Group Inc., an analyst firm in Dedham, Mass. “The disadvantage is with system architecture. There are challenges to make sure one system doesn’t corrupt the other.”

Another benefit of integration is the ability of an operator to see all of the moving parts from one interface—one station on one common platform, and one screen. “With integrated information, the operator has a comprehensive view of what is happening in the plant, and the operator can take better action on any process condition, whether it is for production control or to avoid an unsafe situation,” says Yokogawa’s de Breet.

Ultimately, it’s the pocketbook that pushes the move to integration. “The benefit of integration is procurement costs—it’s cheaper to buy,” says Charles Fialkowski, national process safety manager at Siemens Energy and Automation Inc., in Norcross, Ga. “Then there is the operation cost—one operator can serve both of the systems. And there is also the commonality of parts.”

With integrated information,the operator has a comprehensive view of what is happening in the plant.

Risk data corruption

Not everyone likes the idea of mixing safety systems with control systems. Called “traditionalists,” these skeptics believe it is far too easy to take integration into dangerous territory, especially in a corporate world of cutbacks and staff trimmings. These skeptics warn of a time when the information content and operational function of safety and control systems will blend to the point that control operators will run safety on the side. They won’t have proper training, yet they will have an undesirable degree of access.

These skeptics predict that plant managers will be tempted to collapse the safety team into the control team. If the safety and control systems are running the same software and hardware, who needs separate teams with individual training? If integration reaches this point, say the skeptics, safety will be compromised.

“Integrating control and safety with one single vendor and platform is really causing uncertain response,” says Robin McCrea-Steele, senior safety consultant at Invensys Premiere Consulting, in Irvine, Calif. “It’s a trend being pushed by vendors. Traditional safety systems were separate—independent from a design point of view. If you try to integrate them into one platform, you’re mixing two design philosophies.”

Others believe failsafe measures can be designed into an integrated system that will prevent one system from corrupting the other. “You have to use separate controllers when you use similar applications with safety and control systems,” says ARC’s Ghosh. “You can design it so one can read the other but can’t write to it. That gives you protection from operators changing functions.

A growing number of vendors insist that integration of safety and control can be implemented with no additional risk as long as the plant adheres to the IEC standards and keeps functionality separate. Yet Invensys’ McCrea-Steele disagrees. “In practical terms, it’s difficult to implement a firewall and separate sensors using the same platform. The systems have to be physically separate and diverse in order to be foolproof.”

The world of process safety has been has been shaken by the twin developments of Internet connectivity and terrorism. Though they are separate dangers requiring individual strategies and solutions, they both draw attention to a frightening new reality: there are bad people over the plant’s wall who would love to do great damage to the plant and its surroundings. This new reality has prompted new developments in process plant security. “9/11 was really important. Before 9/11, we wouldn’t have thought about people driving trucks into chemical plants to blow them up,” says Scott Hillman, manager for safety solutions at Honeywell Process Solutions, in Phoenix.

Some believe cybersecurity dangers increase the need for physically distinct safety and control systems. “The concern over cybersecurity goes together with the concern about integrating safety and control,” says Invensys’ McCrea-Steele. “If you don’t have a proper physical separation, your system is vulnerable.”

Even so, the march toward integrated safety and control systems will not likely slow, even with worries that the two competing systems threaten each other’s purity. The gains from reduced staff, operator ease, lower system costs and reduced training needs are just too compelling. But you can look for new advances in the safety system’s protection against terror attacks and invasions from Internet hackers.

For more information, search keyword “safety systems" at www.automationworld.com.

See sidebar to this article:Clear Rules Allow Integration

Test Your Machine Learning Smarts
Take Automation World's machine learning quiz to prove your knowledge!
Take Quiz
Test Your Machine Learning Smarts
Discover New Content
Access Automation World's free educational content library!
Unlock Learning Here
Discover New Content