ABB Limited

Please reply to:

Tel: +44(0)1642 372000

Website:

www.abb.com

Registration no:

Registered Office:

Pavilion 9, Byland Way

3780764 England

Daresbury Park

Belasis Hall Business Park

Fax: +44(0)1642 372111

E-mail:

info@gb.abb.com

Daresbury, Warrington

Billingham TS23 4EB

VAT Reg No:

Cheshire WA4 4BT

United Kingdom

668 1364 13

United Kingdom

What is the silo factor?

The silo factor we are describing occurs when each party involved in the different phases of the

functional safety lifecycle take a ‘blinkered’ compliance approach with respect to the associated

functional safety standards. No longer challenging what has come before or concerned with the effect

of proceeding phases, and not looking at the effectiveness of the overall functional safety performance.

Effective functional safety performance, however, can only be achieved through integrated and

collaborative thinking and processes that encourage a constant focus on MAHs and the impact of the

Safety Instrumented Systems (SIS) will have on the operation and maintenance teams.

One way the silo factor can impact on FSM can be seen through an example of the maintenance

organisation; they play a very important role in ensuring that Safety Instrumented Functions (SIFs) are

appropriately tested and maintained, so that they work if they are called upon. The maintenance team

may see benefit from standardising test intervals and maintenance methods, in doing so the importance

of specific maintenance tasks can be lost within the numerous other activities that being performed on

less critical safety related equipment.

Another example of potential silo working is the transition between the SIL determination activity and

the creation of the Safety Requirement Specification (SRS). The development of the SRS is often

passed to the function safety engineer, however information from the SIL determination studies form

important input in to the SRS. This transition is particularly susceptible to silo working due to the

different functions involved in the two phases. This is compounded by time pressures that arise due to

the significant time that can be consumed from key plant personnel to determine the Safety Integrity

Level (SIL) and Probability of Failure on Demand (PFD) for each SIF. This can pressurize the team to

move onto the next risk assessment before the fully defining the requirement of each SIF.

Silo working at this stage of the lifecycle has the potential to result in the over or under specification

of the required safety systems. The following case study demonstrates one of those scenarios.

Functional Safety activity: Re-validation, Chemical Company, UK

Scenario:

Overpressure of a reactor, leading to potential of single fatality (two

identical reactors)

SIF Requirement:

Detect high pressure and close inhibitor valve with class VI shut-off.

SIL (PFDavg)

SIL 2 (0.0833)

Impact of Silo Working:

The target risk reduction was achieved through a 3 monthly end-to-end proof test, which tested that

the valve would travel to the closed limit. In addition, to demonstrate that the tight-shut requirement

could be achieved, an annual overhaul of the inhibitor valve was undertaken, where the valve was

removed and tested within the workshop.

The maintenance activities, including the subsequent pressure testing requirements associated with

reinstating the valve, caused significant maintenance costs and production interruptions for the two

reactors. In addition after reviewing the results from the annual leakage tests, only 1 valve from both

reactors had achieved the required tight shutoff from all the annual leakage tests performed in a six

year period. It was therefore not possible to demonstrate that the required functional safety was being

achieved.