(65b) Demonstrating Separation and Independence of Automated Systems

Layers of Protection Analysis (LOPA) exposes the role that automation plays in causing initiating events and in responding to the resulting abnormal operation. Automation that is specifically designed to achieve or maintain a safe state of a process in response to a hazardous event is now referred to as safety controls, alarms, and interlocks (SCAI). Guidelines for Safe Automation of Chemical Processes addresses the use of process control systems and SCAI to ensure safe operation of process equipment. A key requirement is that the equipment implementing the SCAI functions are independent of those supporting the process control functions that potentially initiate the event that the SCAI functions are designed to stop. Sufficient independence can be achieved using various physical and functional means. Unfortunately with modern integrated control and safety systems, sufficient independence may be difficult for anyone other than automation specialists to demonstrate and understand. To assist practitioners with the independence assessment, this paper presents 5 generic architectures and discusses the advantages and disadvantages of each in managing hardware failures, software errors, and human factors.