Contact me



A lifeline for the layman










Back to home page






Functional Safety for real world dwellers

 Back to technical version

An operator is sitting in the control room of a major oil refinery. It's a normal day, and the plant is running smoothly, all processes nicely controlled under the operator's watchful eye.


Suddenly, a pump overheats and trips. This is a common occurrence, and the operator knows exactly what to do when the alarm flashes up on his panel: call the field operator to prepare the standby pump, and start it when it's ready.




Unfortunately, the standby pump is under maintenance today. A tank that the pump should be pumping from starts to fill to danger level. Then, a cascade of other problems crop up: the level control valve in the tank jams open; and a heat exchanger normally fed by the pump starts to overheat. One by one, more alarms pop up on the operator's screen, demanding attention. The trickle of alarms starts to become a flood, and soon the whole screen seems to be full of angrily flashing red text. The operator begins to get overwhelmed: which problem should he tackle first? Where is the greatest danger? Can the situation spiral into a major incident?




Some years earlier, the plant's designers anticipated such an emergency. They included trip systems in the control equipment, so that the plant would automatically protect itself. Vulnerable items of equipment will shut themselves down in an orderly way. These trip systems are obviously critical for preventing small upsets from turning into small disasters. But the designers face a big dilemma: How can they decide what trips are required? Should they spend $200,000 on a really high performance trip, or is $20,000 enough and the leftover money better spent elsewhere? How much protection is enough? What's more, how can they know the equipment they buy is reliable?


Safety by design


These types of issue—workable alarm systems that inform the operator without overwhelming him, and effective trip systems that protect without being unfeasibly cumbersome and expensive—form the essence of my work. In a typical day, I could be working with a client company to

  streamline their alarm system,

  specify appropriate trip systems based on analysis of the risks they are handling, or

  confirm that the trip systems they have designed will provide enough protection.





A non-technical description of what a Functional Safety Consultant does


















Back to home page


Was it clear? Please contact me with your feedback.