ABB Limited
Please reply to:
Tel: +44(0)1642 372000
Website:
www.abb.comRegistration no:
Registered Office:
Pavilion 9, Byland Way
3780764 England
Daresbury Park
Belasis Hall Business Park
Fax: +44(0)1642 372111
E-mail:
info@gb.abb.comDaresbury, Warrington
Billingham TS23 4EB
VAT Reg No:
Cheshire WA4 4BT
United Kingdom
668 1364 13
United Kingdom
What is the silo factor?
The silo factor we are describing occurs when each party involved in the different phases of the
functional safety lifecycle take a ‘blinkered’ compliance approach with respect to the associated
functional safety standards. No longer challenging what has come before or concerned with the effect
of proceeding phases, and not looking at the effectiveness of the overall functional safety performance.
Effective functional safety performance, however, can only be achieved through integrated and
collaborative thinking and processes that encourage a constant focus on MAHs and the impact of the
Safety Instrumented Systems (SIS) will have on the operation and maintenance teams.
One way the silo factor can impact on FSM can be seen through an example of the maintenance
organisation; they play a very important role in ensuring that Safety Instrumented Functions (SIFs) are
appropriately tested and maintained, so that they work if they are called upon. The maintenance team
may see benefit from standardising test intervals and maintenance methods, in doing so the importance
of specific maintenance tasks can be lost within the numerous other activities that being performed on
less critical safety related equipment.
Another example of potential silo working is the transition between the SIL determination activity and
the creation of the Safety Requirement Specification (SRS). The development of the SRS is often
passed to the function safety engineer, however information from the SIL determination studies form
important input in to the SRS. This transition is particularly susceptible to silo working due to the
different functions involved in the two phases. This is compounded by time pressures that arise due to
the significant time that can be consumed from key plant personnel to determine the Safety Integrity
Level (SIL) and Probability of Failure on Demand (PFD) for each SIF. This can pressurize the team to
move onto the next risk assessment before the fully defining the requirement of each SIF.
Silo working at this stage of the lifecycle has the potential to result in the over or under specification
of the required safety systems. The following case study demonstrates one of those scenarios.
Functional Safety activity: Re-validation, Chemical Company, UK
Scenario:
Overpressure of a reactor, leading to potential of single fatality (two
identical reactors)
SIF Requirement:
Detect high pressure and close inhibitor valve with class VI shut-off.
SIL (PFDavg)
SIL 2 (0.0833)
Impact of Silo Working:
The target risk reduction was achieved through a 3 monthly end-to-end proof test, which tested that
the valve would travel to the closed limit. In addition, to demonstrate that the tight-shut requirement
could be achieved, an annual overhaul of the inhibitor valve was undertaken, where the valve was
removed and tested within the workshop.
The maintenance activities, including the subsequent pressure testing requirements associated with
reinstating the valve, caused significant maintenance costs and production interruptions for the two
reactors. In addition after reviewing the results from the annual leakage tests, only 1 valve from both
reactors had achieved the required tight shutoff from all the annual leakage tests performed in a six
year period. It was therefore not possible to demonstrate that the required functional safety was being
achieved.