In reviewing current maintenance practices at three companies, it was interesting to see how the maintenance reporting structure was put together to track history on these particular assets. There were also the criticality assessments that prelude the development of the strategy and the subsequent coding of “CRITICAL ASSETS.”
Without entering into a discussion on critical assets, it is safe to say that right off the bat, safety devices are “Number One” on the list.
Safety Device: Its Function
There appears to be varying definitions for safety devices across the board, from the Canadian Standards Association (CSA) , Health and Safety Executive (HSE) in the United Kingdom and the U.S. Chemical Safety Board, however, the intent is the same:
- To alert operators to abnormal conditions(e.g.,warning lights,etc.).
- To shut down equipment in the event of a failure.
- To eliminate or relieve abnormal conditions(e.g.,rupture discs,safety valves,etc.).
- To take over as a backup (e.g.,redundancy, standby,etc.).
- To prevent dangerous circumstances from arising.
You probably know all too well what can happen if these devices are not maintained, or if even the awareness that they actually exist on your systems is not known. For example, the following disasters come to mind:
- Piper Alpha
- Texas City Industrial disaster
Figure 1: The Piper Alpha oil production platform disaster – July 1988
Figure 2: The Texas City industrial accident – March 2005
History is cataloged with the reminder that things actually do happen and will happen with the most horrific consequences. The knock-on effect is usually far greater than the short-term impact. Families are devastated for years, communities are impacted financially and emotionally, environmental issues, and the company’s reputation is irretrievably damaged.
With this in mind, there is still a desire to either ignore the warning signs or feel unable to do something about it.
One thing that is easy to include in your 100 percent compliant PM program is regulatory maintenance. The code makes it easy for you to dictate what should be done over what is less important. The regulatory PM is the minimum requirement and should be the building block for all maintenance strategies. You can communicate regulatory PMs easily with your staff as they are non-negotiable, the law of the land. Some examples of the governing bodies and the regulation are:
- Overpressure Protection Systems - CSA Z662, API, etc.
- Pressure Vessels - Alberta Boilers Safety Association (ABSA),Approved Code of Practice Safety of Pressure Systems (United Kingdom),API, ASME
- Pressure relief devices - ABSA, API, etc.
- Fire protection equipment inspections - National Fire Protection Association (NFPA), British Standards Specification, etc.
If these are considered first level protection not just for the equipment, but for the company, the second level of protection would be your existing safety devices, which are non-regulatory, but by no means any less important.
This level of protection can be considered not only for the company, but for the manager of the assets and the safety of the personnel. In Canada there is Bill C45, in the United Kingdom the corporate manslaughter bill was passed in 2007, for the first time companies and organizations can be found guilty of corporate manslaughter, in the United States it is known as the collective knowledge doctrine. These legislations establish new legal duties for workplace health and safety, and a good Occupational Health and Safety (OH&S) code, which states that management is responsible for including these listed examples:
- Providing a safe and healthy workplace, including the necessary equipment systems and tools which are properly maintained.
- Providing information, training, instruction and supervision, and facilities to protect the health and safety of workers.
Fitted on most systems are myriad protection devices, ranging from ultimate highs to overspeed trips, from low-low level switches to lower explosive limit (LEL) detection. The list is large, so how can you identify what they are, where they are fitted and what they do?
In reference to the Reliability-Centered Maintenance (RCM2) publication by John Moubray, it was stated that approximately 33 percent of protection devices are not maintained properly, 33 percent of operators are unaware of what maintenance to carry out and 33 percent of crews aren’t sure of the safety device’s function or existence.
Assess your equipment on a system by system basis or by a criticality ranking of the system, whichever is more suitable to your needs or the company. Equally, if there is the process for reporting incidents, you could go back through old reports involving safety devices (e.g., emergency shutdown (ESD) devices). These can be used to build the starting point of the device you want to analyze first. It also may be part of a greater asset management improvement strategy.
Another area to consider is documentation. Do you have relevant and up-to-date piping and instrumentation diagrams (P&IDs), process flow diagram’s (PFDs), control narratives, shutdown keys? During the process of collecting the information, it may flag other areas of opportunity. Even by updating or redlining drawings and you will begin to put together a more reliable source of information that will lead to a safer workplace.
With the information gathered, look at which devices fall into which category.
- Devices that will let you know they have failed.
- Devices that do not alert the user that they have failed while in service.
- Devices that are covered by a regulation.
Decide which process you will use to determine the frequency of the inspection and the task to be performed.
There are many products on the market or information available to assist supervisors or asset owners with determining their maintenance program for these particular types of assets. The key is finding a methodology that allows you to determine the minimum maintenance requirements of your safety devices. The focus should be on ensuring the devices are functionally tested at an interval where the probability of failure is reduced to a tolerable low level to the likely victim.
Reliability centered maintenance (RCM) provides a solution to derive such failure finding intervals based on set equations that are applicable to the asset being analyzed.
The failure finding interval is like a P-F curve, but it determines the frequency at which a safety device can be functionally tested to ensure a probable level of protection to the user. The P-F interval, on the other hand, is used to determine the detectability and degradation of an asset over a period of time in order to detect the onset of a potential failure condition.
With the intervals calculated, look at the impact they will have on your system to carry out the functional test. There always will be a compromise between management and operations as to what is practical. Equally care must be taken when testing the device that it’s not left in a failed state or may compromise the safety of the system during testing. These hazards must be identified upfront prior to carrying out the work.
As an example, the interval may be calculated as three months to test the emergency shutdown devices; however, the plant is on a four month shutdown program, so it makes sense to move the frequency to four months. But, the reason for doing this has to be documented as to why the frequency has changed. It is important to communicate with the Operations, Engineering, Reliability, Planning and Scheduling group the frequency calculated in order to reach a consensus to limit the impact on operations, with respect to production loss and risk of changing to the frequency to fit.
Implementation and Validation
Be sure to implement the new maintenance tasks and frequencies, and communicate them with the staff at all levels. Ensure that they understand what has been done and why.
Track the devices on the PM program and code the PM type to reflect the work being carried out. This will help in terms of follow-up work and scheduling priority.
Failure coding on follow-up work can be reclassified to reflect failure effect and failure mode. Reports can be run in the computerized maintenance management system (CMMS), which looks at any asset of a safety type that has been found to have functionally failed while in service.
When developed this way, the maintenance program also can be used as information for insurance companies when documentation is required to prove what measures are in place to ensure the safety of the equipment and personnel. The documented safety device program can be easily printed, along with a report on associated work orders.
When evaluating systems to determine what maintenance to carry out, it is important that the ‘safety devices’ are assessed using a defensible and rigorous program, such as RCM. Ensuring the basics of functionally testing and inspecting safety devices will, at the very least, give the user, the asset owner and management the knowledge that they have done everything possible to ensure their devices function as required and may only be in a failed state for a reasonably tolerable period of time. In doing so, this may well save lives, reduce impact to the environment and limit damage to the company’s public image.
1. Moubray, John. Reliability Centered Maintenance II. Second Edition. South Norwalk: Industrial Press,Inc., 1997.
2. U.S Chemical Safety Board - http://www.csb.gov/investigators-present-final-report-on-first-chemical-corp-explosion-cite-inadequate-safety-systems-lack-of-warning-devices/
3. Center for Chemical Process Safety - http://www.aiche.org/sites/default/files/docs/embedded-pdf/Piper_Alpha-case-history.pdf
Gordon Mains , CMRP, is the Supervisor for Operations Engineering and Reliability for Inter Pipeline in Calgary, Canada. He has been involved in asset management strategies, with a focus on safety awareness and improving reliability to ensure safe operation.