The real issue is will your SIL 2 SIF lower the risk of the final consequence by a factor of 100 and similarly will your SIL 3 SIF lower the risk by a factor of 1000.  If not, and if a SIL 2 or 3 SIF was required for your scenario to reach tolerable risk, then you have not accomplished your duty to lower the risk to tolerable levels.  One way to see the problem is to consider the system boundary illustration below:

Currently, more than 95% of the SIL Verifications we have reviewed, and nearly ALL of the internal company standards for the calculations of SIL Verification miss the systemic error nd the specific human errorr and especially miss the huge contribution of human errors during maintenance and process startups after outages.  Because of these omissions, the End Users (owners) have bought and installed supposedly high integrity systems that will in practice perform no better than a BPCS loop or SIL 1 SIF.  Some companies now realize this, but the standards and technical reports (guidance) from the international committees for SIS have not yet been amended to account for such human errors.  Of the systemic and specific human errors, the major ones that degrade the SIL is the time zero probability of leaving an entire SIF in bypass (intentionally or unintentionally) and the probbability of leaving a root valve on a sensor/transmitter in bypass.  Given normal baseline human error rates, such probabilities are greater than 0.01 and so the PFD of the entire SIF is greater than 0.01 and so a SIL 2 (let alone a SIL 3) cannot be achieved in actual use of the SIF.

On the other hand, if the SIL Verification protocol required specific (descrete) consideration of systemic error, and especially human error probability for interventions, then it is likely that some of the errors can be made detectable and therefore minimized.  But note in many applications, it has Not Been Possible to a achieve a SIL 3 (with a PFD < or = 0.001) when there is a system bypass (soft or hard bypass) available to the end users.

You can download a free paper on this issue, with a couple of worked examples, from:

http://www.process-improvement-institute.com/_downloads/Accounting_for_Human_Systematic_Error_During_SIL_Verification_website.pdf

In addition, the very new book  from CCPS/AIChE, Guidelines for Initiating Events and Independent Protection Layers, 2012 (at the publishers now) notes the same issue with high integrity safety systems (such as SIL 2 and higher and such a relief systems) and demotes the PFD available from such systems, unless the systemic error has been accounted for and addressed. 

To learn more, see the courses and consulting services from PII.   www.piii.com

Process safety is mostly about controlling direct human error (like operator errors), indirect (latent) effects of human error (main reason parts fail), and compensating for human error. There is also a lot of basic chemical engineering to learn to understand how PSM is controlled and what leads to process hazards. Many folks say that "hands-on" experience is key... there is NO replacement for that... make sure the hands-on PSM activities are always addressing the questions: "how can this __xx___ best optimize human factors and control or compensate for human error," where xx is any procedure or tool or equipment interface or training module. If you are new to process safety, there is a lot of reading materials that can help you learn more about process safety. For instance, the papers on our website are free and are good starting resources; some for beginners and some for experienced process safety staff. You should also start a library of the 40 or so unique textbooks from the Center for Chemical Process Safety (CCPS), the division of American Institute of Chemical Engineers (AIChE), which controls the international definitions and standards for Process Safety. All of the books are developed by committees of experts (and some novices) and many of the textbooks are excellent (some are Not that as strong). A good starting book is "Risk-Based Process Safety", 2007. This is the current process safety definition by CCPS/AIChE. It is well written. After that, get the current revisions of the textbooks on the core process safety elements, such as "Guidelines for Hazard Evaluation Procedures", 3rd edition, 2008 (adding the new text in Chapter 9 is the key improvement brought out by the 3rd edition). The "Guidelines or Mechanical Integrity" is also good and well written. The upcoming book (early 2011) on Independent Protection Layers and Initiating Events will also teach you a lot (even if you do not need LOPA right now). From there, you need to decide where you want to go next. Go to www.aiche.org/ccps to see a list of the books; but the current editions are now sold through the publisher used by AIChE, which is Wiley; Amazon carries many of the titles.

PSM takes about 3-4 years to learn the basics and 10+ to get good at it. This does not account for closing a knowledge gap, if one exists, on the engineering principals involved (how well do you understand PSV sizing, SIS specification and calculations, LOPA and IPL principals, metallurgy and material of construction sensitive issues, Joules-Thompson effects, chemical reaction kinetics, etc.).

Related to training, there are several worthy providers of PSM-related training. You can do a Google search for such courses; most offer public courses. Our courses are highly praised and attended.

Visit PII at www.piii.com to find out more about effective implementation of process safety and human factors optimization.

Saving time is not the same as efficiency; in fact that is why we wrote the paper "Efficient Hazard Evaluation" which you can download from our website's home page. Since our staff (combined with the previous staff I managed at another company) have led more than 10,000 HAZOPs, and run more documented experiments during these HAZOPs than others, we have had a chance to see what works and does not work to increase effectiveness and efficiency.  In the case of PHA/HAZOP, effectiveness and efficiency are tied together for many of the best-practice rules that we follow.

For effectiveness during PHA/HAZOP of any mode of operation, one KEY focus is to make sure Brainstorming is Maximized; because if brainstorming is diminished, then accident scenarios are missed and therefore IPLs are not there when you need them.  Take just one small item in the paper on this topic of maximizing brainstorming.  Implementing that item will increase brainstorming (and usually saves times), since keeping the brain from burnout or boredom increases brainstorming ability.  For instance, take the rule:  "Do Not use an LCD projector for team meeting notes during the meetings" (only do so on confusing points, as an exception); this can save 20% or more of team meeting time and also increases the brainstorming effectiveness because the team is not reading and editing what is on the screen.  Also: "Use Linking between Consequences and Causes to build scenarios more thoroughly" ...  this also happens to be faster, once you practice it a few times.

For effectiveness overall, MAKE SURE that the Non-Routine modes of operation are PHA/HAZOPed.  This requires a 2 guideword HAZOP or What-if (and in some cases a 7-guideword HAZOP) of the step-by-step procedures for startup and shutdown and lighting furnaces and online maintenance.  This will enhance HAZOP results/outcomes tremendously since 75% of the major accidents occur during these modes of operation.  The same paper discusses using the savings in wasted time (dulled brainstorming) to analyze these non-routine modes of operation.  Also note that the new section 9.1 of the CCPS/AIChE textbook, Guidelines for Hazard Evaluation Procedures, 3rd edition, 2008, was added for the purpose of giving this part of the hazard analysis (i.e., non-routine modes of operation) the Focus; that chapter of the newest edition also explains how to effectively and efficiently perform this analysis of non-routine modes of operation.

If you have questions, feel free to send me an e-mail at:

wbridges@piii.com