2.1. Relationship of the Safety Analysis and the Design Process
Safety properties are set during the design process. This is ensured by applying a special development lifecycle-focused on safety. At the same time, the safety analysis process takes place in parallel with the development of the main documents. As a result of this approach, an array of protective measures is formed, some of which can be transferred from previous successful projects and applications.
A risk-based approach is used to ensure safety requirements, which consists of close integration of equipment development and safety analysis processes. Below is a detailed description of the basic safety analysis steps during design.
Safety lifecycle planning: the first and foremost step of the safety analysis is collection of input data, formulation of technological process (TP) safety criteria and objectives. The selection of standards that will be applied to prove the safety level is justified in the frames of safety lifecycle planning.
Preliminary safety analysis (PSA): All functions of technological process equipment are assessed to discover potential functional failures, and hazards connected with particular failure states are classified. The preliminary safety analysis systematizes requirements and criteria laid down in the contract (tender documentation) and provides a preliminary proof of that the proposed technological process equipment architecture can ensure fulfillment of these requirements, justifies the necessity of introducing protective measures, additional assemblies and functionality. The PSA is updated throughout the entire duration of the development process.
Technological process safety analysis: collection, analysis and documenting the results, proving that the design, control system architecture, and selected components meet the safety requirements and objectives.
Common cause analysis sets requirements for physical and functional separation, isolation, and independence of technological process elements.
The relation of the design process and the safety analysis is shown in Figure 1
2.2. Risks Classification and Safety Barriers Design
Preliminary risk analysis is based on an assessment of potential hazards. Potential risks (the risk means a hazard containing a quantitative assessment of the frequency and severity of consequences) can be divided into different groups which are related to operational and technical (functional) hazards. The general list of risks necessary for the analysis is provided in ISO 12100 [5
]. The risks can be considered as hazards associated with the equipment itself, with its failures and external hazards associated with the actions of operators, and the loss of electricity and power supply.
Reducing the risk and achieving the necessary level of safety is achieved by using a system of safety barriers. A recommended way to classify barrier systems is shown in Figure 2
. However, note that active barrier systems are often based on a combination of technical and human/operational elements. Even though different words are applied, the classification in the fourth level in Figure 2
is similar to the classification suggested by Hale [6
]. A safety barrier is a physical and/or non-physical means planned to prevent, control, or mitigate undesired events or accidents As regards the continuous time aspect, some barrier systems are available (functioning continuously), while some are off-line (need to be activated). Further, some barriers are permanent, while some are temporary. Permanent barriers are implemented as an integrated part of the whole operational life cycle, while temporary barriers only are used in a specified time period, often during specific activities or conditions.
] note that identifying technical (physical) safety barriers, usually, is quite simple, but in the case where the safety barrier includes an action, for example, the operator’s response to an alarm, you should be careful and distinguish between the action itself, which performs the barrier function, and the factors that help the operator in making the correct decision (technological instructions, training, precise information presentation, etc.) [9
] offers a somewhat different approach classification of safety barriers based on evaluating their effectiveness in the event of a potentially dangerous situation. The degree of efficiency (high, medium, low) distinguishes the following types of safety barriers. Technical (high efficiency) barriers can prevent the spread of risk factors, reduce the risk of a situation, mitigate the consequences, or reduce the likelihood of risk factors [9
]. Various technical barriers provide selective action against possible failures and external threats. The same applies to further escalation from the triggering event to consequences. The following subcategories are distinguished technical barriers: technical barriers that are triggered on demand (emergency cut-off valve, drencher system, emergency tank); technical passive, operate on a permanent basis, perform barrier function by its mere presence (safety valve, collapse, fire-proof and explosion-proof partitions etc.); technical control barriers that activate other barriers that prevent or mitigate the consequences of a dangerous event (gas detectors, fire alarm system, accident notification system, etc.).
shows how to develop requirements for safety barriers.
The process of designing safety barriers takes place using [5
Barriers of this type cannot prevent the development of the accident, but can activate other barriers that will do this. Human (organizational) (average efficiency) barriers contribute to the control of a process or activity. This type of barrier can reduce the probability of the triggering event by strengthening other barriers or preventing them from being weakened, but if a potentially dangerous event has already been initiated, then this type of barrier can prevent its development or reduce the consequences. The following subcategories are distinguished: types of barriers: procedural (inspections and observations, control tools, process management, work risk assessment, work permit system etc.); human (operational) (control by the operator, supervision, periodic detours, etc.); and fundamental (low efficiency in the immediate vicinity of the event). Their effect is divided in time from the occurrence of the threat to the implementation of the factor risk.
2.3. Risk Reduction and SIS
Risk reduction of Equipment under control (EUC) or technological process is shown in Figure 4
However, fundamental barriers make a significant difference and an important and effective contribution to the safety of the system by providing checks and controls for vulnerable systems and the original causes of failures. The following subcategories are distinguished by these types of barriers: fundamental procedural (analysis of the project, assessment of commissioning, checking the internal regulations, analysis of operation, confirmation of qualification); and fundamental human (good health of workers, etc.) [11
]. A number of standards and guidelines have been issued to assist in designing, implementing, and maintaining reliable SISs. The most important of these is the international standard [2
], which is a generic standard that outlines key requirements to all phases of the SIS life-cycle. The approach to developing safety functions related to a computer instrumental safety system is shown in Figure 5
For some specific computer systems such as cluster computing systems, especially real-time, the key is to ensure reliability and fault tolerance while maintaining the continuity of the computing process. The achievement of high and stable performance indicators, reliability, fault tolerance [13
] and security of computer systems is facilitated by the use of technologies for consolidation of clustering and virtualization resources [14
], accompanied by replication and migration of virtual machines between physical servers. Migration and replication of virtual machines speeds up the reconfiguration process after failures of physical resources and contributes to supporting the continuity of the computing process required for managing cyber-physical systems and real-time technological processes.