Pervasive Situational Awareness – A Day in a Life
A Day in a Life of a Safety Manager; ‘Before’:
Let’s recall for a moment some of the threats and escalation factors (EF) in a plant. Or if you are short of time you can simply scroll down to the ‘after’ section if you only want to see the solutions. You may recognize some of these events, but it is fiction. No identification with actual persons (living or deceased), places, buildings, and products is intended or should be inferred.
Before: People in a high-risk area during high-risk activity
After arriving at work and having your coffee you meet up and discuss with the turnaround manager to plan the logistics of managing thousands of contract workers in the upcoming turnaround. During a turnaround in the past, several contractors were present in a plant unit during startup as they were not informed of the unit was about to be started up. When the hazardous event occurred this amplified the consequences.
Before: Fire hydrant and CO2 under-pressure
In the safety meeting the team discusses the inspection rounds for fire hydrant and CO2 pressure which is scheduled for today.
Before: Manual valve left in the wrong position
You walk over to the next building to meet with the operations manager to discuss a campaign focusing on the operation of manual valves. There have been some near misses similar to an event in the past where a manual valve not fully closed led to product freezing in cold weather, damaging a pipe, which in turn led to loss of containment, spill, fire, and explosion.
Before: PRV isolated
In a similar past case a standby heat exchanger that had been out of service for cleaning was left isolated from its PRV at startup which amplified the consequences to over-pressurization, rupture, explosion, and fire.
Before: No local gauges
Also on the agenda with the operations manager is an awareness programme about the dangers of field operators working on the wrong piece of equipment. In the past, a field operator manually opened a drain valve on the wrong reactor which caused a toxic chemical spill. The operator did not see the reactor was pressurized because there were no local pressure gauges.
Before: Critical information not conveyed in shift handover
Lastly, the meeting with the operations team you discussed the challenges of shift handover. In the past, the amount of feed which had been introduced into the reactor was not formally conveyed from the nightshift supervisor to the dayshift supervisor at the shift handover. As a result, the dayshift operator overfilled the reactor causing spill, fire, and explosion.
Before: Verbal communication of critical information
Moreover, the instruction to introduce feed had been given to the nightshift operator verbally so there was no written record for the dayshift operator to refer to. As a result, the dayshift operator overfilled the reactor causing spill, fire, and explosion.
Before: Incidents, near-miss, and hazards reporting
On the way back to your office you notice a leak from a valve which could be a hazard. You write down the valve tag in your little paper notebook you always carry in your pocket. Must remember to report this issue when you get back to your desk.
Before: Loss of containment
Next you get on a call with the integrity manager to review the corrosion and erosion monitoring program. In the past a corroded pipe elbow led to loss of containment, fire, and explosion. The corrosion had gone undetected because it had not been inspected for a long time.
Before: Return to office to get documents; safety procedures, safety checklists etc.
As you head for the canteen a colleague calls you on the walkie-talkie for an urgent clarification on one of the safety procedures. You must head back to the office to open the document and give a good answer.
Before: Valve passing
After a quick lunch you meet with the I&C manager to review the valve condition monitoring program. In the past, due to wear and tear over many years, a gate valve was passing internally even though it was closed which led to a runaway reaction and explosion.
Before: Level sensor failure undetected
The discussion continued on the topic of verifying the health and functionality of the sensors in the plant. In the past a blowdown drum level sensor had failed and the failure went undetected because the type of sensor was not intelligent and lacked self-diagnostics to detect and flag it had failed. Due to the erroneous level reading the alarm didn’t trigger so the operator did not stop the product feed which led to overfill, spill, fire, and explosion.
Before: Level sensor analog signal saturated
The validity of measurement signals was also discussed. In a similar case in the past, a tower level sensor signal was saturated because the level was above set range and because the signal is analog it had no dedicated status flagging the signal was saturated and therefore invalid. Due to the false level reading, the operator did not stop product feed which led to overfill, spill, fire, and explosion.
Before: Slow mustering headcount and rescue locating
Back at your desk you review a report from last week’s emergency evacuation drill. Mustering headcount for all personnel took too long to complete. Also, part of the drill included a man-down exercise, but the rescue party tool too long to find the person.
Before: No safety shower and eyewash activation awareness
Last week’s emergency drill also included activation of a safety shower but it was not detected by the operators so first responders where not informed as the safety shower tested was located in an older plant unit where the safety showers were not wired to the control system.
Before: Personnel fatigue
After the afternoon coffee break you meet with the HR manager to review plans for personnel fatigue management during the upcoming turnaround. In the past an operator worked shifts without enough rest which led to fatigue causing lack of attention and critical thinking. Mistakes were made resulting in an explosion.
Before: Insufficient training
The discussion with the HR manager continues with learning and development of control room operators, but also field operators. In the past, one of the operators had insufficient experience in handling abnormal situations and was therefore unable to handle an overfilled reactor resulting in spill, fire, and explosion.
Before: Hydrocarbon Liquid Leaks and spills
Together with your team you review another report, this one from the safety case audit. Gaps identified include the need to deploy monitoring equipment to detect hydrocarbons in sewers and discharges to water.
Before: Toxic gas leaks
A second safety case audit finding is the need to deploy monitoring equipment to detect toxic gas in air.
Don’t get me wrong. The systems that exist in a plant today were state-of-the-art, best of their kind, logical choices, at the time the plant was built. Likewise, the established maintenance practices were also top notch then. Decades may have passed since the plant was built, technology has evolved, and systems are now available that didn’t exist only a few short years ago. But nobody can be called a laggard for not buying what was not yet available. The good news is, plants can now deploy a second layer of automation to keep up with newer plants. The DCS remains the same, historian platform remains the same, and the process equipment and machines remain the same - retrofitted with add-on sensors. Additional software is deployed. Its adding, not replacing. Protecting the existing investment. Engineers have a knack for this sort ofimprovements step-by-step.
A Day in a Life ‘After’
Imagine instead what a day would be like in a plant where these tasks have been digitally transformed along the lines of the Fourth Industrial Revolution (4IR). Not only the uneventful day with meetings, but especially those days when the events discussed occurred. The most interesting fact is that plants already have many preventive barriers and recovery barriers (as in bow-tie diagram), but some may not be very effective, or bypassed, or may be broken – escalation factors. Monitoring the state of these barriers is therefore important. Imagine what those days could perhaps have been like if some new digital controls had been in place. Probably much safer and uneventful days thanks to the new digital ways of working because digitalization creates bettersituational awarenessfor personnel to do their job better. The ‘after’ below match the ‘before’ above one to one.
Existing barriers may not be very effective, or bypassed, or may be broken
After: Always aware
After arriving at work, while sipping the coffee, you open up the personalized HS&E dashboard on an industrial grade tablet that you carry all day wherever you go just like other people in the plant. There is no need to cross over to the next building to check on a computer there. Or, you can check from your own computer at your desk if you prefer a larger screen. This saves time. Your dashboard contains an overview of the risk profile for the plant. You get the information so you are always aware of what is going on and can make any adjustments to the plans for the day. Anyway, your dashboard indicates there are several contractors present in a plant unit which is about to startup after a unitturnaround; a high-risk activity. You call the operators in the control room. They have also gotten the same notification and have informed the people which are not involved to leave the high-risk area to reduce consequences should an event occur.This is possible becausethe plant has alocation awareness system with geofencingfeature in the software alarming when people are present in a part of the plant where they are not supposed to be, and the plant personnel, contractors, and visitors wear personnel tags. The software displays where people are on a plot plan so you can see if they are on their way in or out.
After: Automatic data collection
Your safety dashboard also shows the fire hydrant water pressure and CO2 pressure is OK,without the need for manual inspection rounds.This is possible becausethe fire hydrant and CO2 fire suppression systems have been fitted with wireless pressure gauges.
After: Enhanced monitoring
You chat with the operations manager who tells you about how one of the field operators closed a manual valve, but it didn’t shut off completely because there was debris trapped inside the valve. The operator couldn’t tell, but fortunately there was an alarm in the CCR telling the valve was not shut tight. It was fixed by maintenance, thus avoiding freeze damage and loss of containment.This is possible becausethe manual valve was fitted with a wireless position sensor.
After: Permanent sensing
The operations manager also tells you of a similar “save” just the other week. Operators got an alarm flagging a heat exchanger they were about to startup was still isolated from its Pressure Relief Valve (PRV) by a closed manual valve. They rectified it before proceeding. A potentially hazardous situation was avoided.This is possible becausethe manual valve was fitted with a wireless position sensor.
After: Positive confirmation
Next you head out with the operations manager to one of the process units to inspect thewireless pressure gaugeswhich have just been installed on the reactor tanks which did not have local pressure gauges before. This local indication will help reduce the risk of operators inadvertently draining a pressurized vessel manually, thus avoiding incidents. The reading is also integrated with the historian and recorded, available for any investigation should need arise.
After: Digital shift handover
Speaking of investigation and audit trails, the operations manager pulls out an industrial tablet and shows you the shift change dashboard which provides a shift summary of critical information like events and on-going procedures to the next shift with digital shift handover signoff. This helps avoiding incidents due to personnel not being aware of actions taken by the prior shift.This is possible becausethe operator logbook is digital software, not hardcopy paper. The operators and supervisors digitally post notes on events, actions initiated, and observations etc.
After: Digital logbook
The operations manager also showed how the notes in the digital logbook app such as instructions are legible, complete, and easy to find because they are in digital form. That is, operators can refer to instructions given earlier if need be. There is anintegrated app for every part and purpose. This helps avoiding incidents that could otherwise happen as a result when relying on verbal communication.This is possible becauseby the digitization of communication. Sure, you can still discuss before or after when you need to go back and forth, but you also capture the notes.
After: Digital notes
On the way back to your office you notice a leak from a valve which could be a hazard. You open the mobile message app on your tablet selecting the tag from a dropdown list, set the priority, type in a short message, and take a photo which is attached for clarity. You click send and the message automatically makes its way to the people responsible. You don’t have to remember to do it later. This saves you time and drives continuous improvement: kaizen. Since the message is digital, it is also searchable. Reporting and investigating “near misses” is as important as investigating and incident because often the only difference is luck.
After: Early warning
Next you pull out your tablet to check the HS&E dashboard. You zoom into corrosion and erosion. All positions are OK except one pipe elbow which is wearing thin. The integrity manager and team get the same information on their integrity dashboards. They can act before the pipe fails. This helps avoiding loss of containment and consequences that could otherwise happen as a result of pipe failure.This is possible becauseat many pipe elbows, low points, and other pipe sections, advanced wireless UT sensors have been permanently installed for continuous wall thickness monitoring todetect and predict corrosion and erosion. When the remaining useful life for the pipe section is nearing the end, an early warning alarm is triggered.
After: Information at your fingertips
As you head for the canteen a colleague calls you on the walkie-talkie for an urgent clarification on one of the safety procedures. For this procedure and other documents, instantly open the file in the tablet computer. No time is lost running back to the office. That is, you have the information at your fingertips.This is possible becausethe site has plant-wide industrial Wi-Fi infrastructure to support document access and many other functions.
After: Real-time inspection
With time available after lunch you open up your dashboard on your tablet again. It flags a closed valve is showing signs of internal passing so you send an instant message to the I&C manager to be sure it gets addressed. This too helps avoid incidents with passing valves plants have had in the past.This is possible becausethe valve has beenfitted with advanced wireless acoustic sensorto detect passing; internal leaks. Similarly, the analytics also detect problems with other equipment like fire water pumps etc.making maintenance inspection easier.
Your dashboard also flags a critical blowdown drum level sensor has failed. You send a mail to the shift supervisor to make sure the operators are aware and take extra precautions. This helps avoid incidents due to erroneous level reading.This is possible becausethe level sensor has built-in self-diagnostics. However, an intelligent level sensor alone is not enough. Intelligent Device Management (IDM) software to manage the diagnostics is also required. And, the intelligent sensor must be integrated with the IDM software and this integration must be maintained throughout the life of the system. That is,the digital communication must be maintained healthy, and the IDM software setup kept up to date.
After: Digital trust
Your dashboard also flags a tower level is so high the measurement has reached the sensor limit; above the normal operating range which is a safety concern. The level is higher than indicated, but you can’t tell how high. You call the CCR to ask why so much feed is put into the tower. This helps avoid incidents due to operators being misled by an erroneous level reading.This is possible becausethe measurement signal comes with an associatedstatus signal including validitysince this sensor usesstandard digital communication, not 4-20 mA. It could be a radar level sensor withfieldbusor thefuture Ethernet-APL.
After: Desktop safety
Back at your desk you review a report from last week’s emergency evacuation drill. Mustering headcount for all personnel assembled across multiple stations was completed very quickly. The man-down exercise was also a success as the person acting injured was found and given first aid very quickly by the rescue team. This helps limit the consequences of events as people are brought to safety.This too is possible becausethanks to the same location awareness system, and the plant personnel, contractors, plus visitors wear personnel tags. The software displays how many persons have mustered at each mustering station, and it shows where people are on a plot plan so you can see if they are on their way towards a mustering station or if they are not moving. They are identified by name so you can call them on the radio to see if they respond, and dispatch rescue team if not.
After: Pinpoint safety
Also included in the report from the emergency drill was the result from a timed safety shower and eye wash station exercise. First responders were able to reach the correct safety shower in less than the 4-minute target to assist. This will help reduce extent of injury in a real case.This is possible becausethe safety showers and eye wash stations in the plant are fitted with wireless sensors so both operators and first responders get an alarm when a safety shower or eye wash station is activated, and the exact location is displayed on a plot plan. There is no need for the person rinsing their face or body to also call for help on their radio set.
After: Fatigue alert
After the afternoon coffee break you once again look at your safety dashboard and zoom in on fatigue management. You are alerted to the fact that one of the operators currently on duty have worked several long shifts not compliant with company policy as the associated fatigue is an element of risk. You give a call to the HR manager to review. This helps reduce the risk of fatigue leading to incidents due to lack of attention and critical thinking.This is possible becausethe plant has a location awareness system integrated with fatigue management software, and the plant personnel, contractors, and visitors wear personnel tags.
After: Digital learning
The HR manager told you about the ongoing training of both new control room operators and field operators so you decide to drop by to take a look. These new hires are practicing control room responses to abnormal situations like recovering from process upsets or human error etc. But manual field operator procedures like startup and shutdown of a unit, feed change, grade change, loading and unloading, charging, dispensing, and cleaning are also practiced. This is all practiced in the safety of a classroom in the admin building. This will build experience and help reducing mistakes and unwanted consequences.This is possible becausethe plant has a “Digital Twin”; meaning modelling and simulation of the process as well as 3D model of the plant environment. This is then used with the Operator Training Simulator (OTS) for control room operator practice andVirtual Reality (VR)for field operator practice. The VR system is also used to practice emergency escape routes.
After: First to know
You again open up your safety dashboard, yes the same one, to check the status of leaks around the plant. Currently there is no alarm for leaks of hydrocarbon into the stormwater drains. Should hydrocarbon be detected, it will be flagged. This helps reduce discharges to water as well as reducing the risk of fire.This is possible becausethe plant has installed wireless hydrocarbon leak detectors in the stormwater drains. These sensors are integratedusing the same wireless sensor network infrastructureas all the other sensors such as toxic gas detectors, acoustic leak detectors, corrosion/erosion UT wall thickness sensors, pressure, temperature, and vibration sensors etc.
After: Digital canary
The dashboard also tell you there is no toxic gas leak alarm. If H2S or CO is detected there will be an alarm. Same in case of oxygen depletion.This is possible becauseadvanced wireless H2S, CO, and oxygen sensors have been installed in strategic locations.
The day in the digital plant is not over yet. Many manual tasks have been eliminated, but there are a few new tasks, albeit very fast and simple. For instance, wireless sensors are battery powered. Most of these safety applications, but not all, do not require fast update periods; usually 1 minute, 1 hour, or even half a day. This maximizes the battery life for the wireless sensors. Batteries will last from a few years up to ten years. Nevertheless, at some point batteries will have to be replaced. This is easy, because Intelligent Device Management (IDM) software gives advance notice for which devices battery replacement should be scheduled, and for which devices it should be done immediately. Most devices have intrinsically safe power modules that can be replaced in the hazardous area without gas sniffing. Lastly, you can useAugmented Reality (AR)or RFID to quickly locate devices to speed up the work.
Excellence in safety
The future is digital. Schedule a meeting for 28 April, or today, to discuss a digital overhaul of safety. It starts with adiscovery workshop. Digital transformation is not an attempt to blame or completely eliminate the operator. Instead it provides personnel the information, tools, and skills they need to do their job better – to make the plant a safer place to work. HS&E such as human factor, near miss kaizen, personnel safety, safety availability, and threat prediction is an essential part ofholistic digital transformation. Digital transformation is an additional approach to tackle gaps to help make the safety case. PlantI&C departmentsaregraduallydeploying a Digital Operational Infrastructure (DOI) based on theNAMUR Open Architecture (NOA)to support the deployment of these new digital solutions as part of Industrie 4.0 (Industry 4.0) initiatives. Andwhen done right, it is not expensive.
Schedule (online) safety digitalization meeting for 28 April, recurring every year
And remember, always ask for product data sheet to make sure the product is proven, and pay close attention to software screen captures in it to see if it does what is promised without expensive customization. Forward this essay to your safety manager. Well, that’s my personal opinion. If you are interested in digital transformation in the process industries click “Follow” by my photo to not miss future updates. Click “Like” if you found this useful to you and “Share” it with others if you think it would be useful to them.
by Jonas Berge, Senior Director, Applied Technology at Emerson Automation Solutions