OSHA PSM Citation Summary


		AcuSafe Home Page -> October 2001 Newsletter
		AcuSafe Feature: Comparing PSM and S84.01

The Relationship of ISA S84.01 to Process Safety Management
by Michael Hazzan, Senior Principal Engineer, AcuTech Consulting Group.

The Instrument Society of America's (ISA) issued standard ISA-S84.01-1996 (S84.01), Application of Safety Instrumented Systems for the Process Industries several years ago. This standard is the American implementation of the international standard published in final form in 1998 by the International Electrotechnical Committee (IEC), IEC-61508-1, Functional safety of electrical/electronic/programmable electronic safety-related systems. IEC works closely with many organizations, including the International Organization for Standardization (ISO), to produce consensus international standards on many different topics. S84.01 has been co-adopted by the American National Standards Institute (ANSI) and it was re-published in March 1997 as ANSI/ISA-S84.01-1996.

This collection of domestic and international standards work on safety-related controls and instrumentation (henceforth referred to as safety instrumented systems, or SISs) recognizes the historic lack of good engineering practices (GEP) for this type of equipment, in particular for the chemical and process industry. Accordingly, in March 2000 OSHA recognized S84.01 as a good engineering practice for safety instrumented systems. However, it should be emphasized that S84.01 does not provide any guidance on what risks or hazards warrant a SIS in the first place. It does provide guidance on "how much" SIS should be provided once the need has been established, and it does provide guidance on how implement and maintain a SIS once the scope of the SIS has been determined. The PSM Standard does not specify level of risk or hazard that must be reached to trigger the Standard. The basic presumption in the regulation is that the presence of certain toxic or flammable materials above threshold quantities represents a level of risk (i.e., the potential for a catastrophic event) that must be prevented or mitigated. Therefore, it should be assumed that facilities with PSM-covered processes should provide SISs for those processes. S84.01, or an equivalent process will provide a method for determining what level of SIS is appropriate and how to implement them properly.

What does a GEP mean and how does it relate to the PSM Standard? A GEP is a generally recognized and acceptable way of accomplishing a technical goal. GEPs usually take the form of consensus codes and standards published by trade groups and professional organizations that specify design, operational, and maintenance guidance for certain types of equipment or processes. Except where they have been incorporated into or referenced by law or regulation (e.g., the ASME Boiler and Pressure Vessel code), they are not mandatory as written. This is particularly true where GEPs are used or are expected to be used in complying with performance-based regulations, such as PSM. The regulators (OSHA in the case of PSM) will expect that facilities will follow the relevant GEPs or have an equivalent process in place that achieves the same level of safety. Therefore, if a company declines to follow the guidance in S84.01 for SISs, then it should have an equivalent set of guidelines that specifies how SISs should be designed, installed, commissioned, operated, maintained, modified, and decommissioned. Some companies (mostly large companies) have developed, usually over many years, detailed engineering and operational specifications that provide some or all of the necessary guidance. Smaller and medium-sized companies often times have no such established guidance and rely heavily on contractors and others who provide services with respect to their SISs, particularly for design and maintenance activities. Therefore, in evaluating whether an employer's engineering practices with respect to SIS complies with PSM, OSHA would consider, among other factors, whether the employer meets the requirements of S84.01. OSHA has also indicated that they may cite the General Duty Clause if SISs are utilized which do not conform to S84.01 and hazards exist related to the SIS that could seriously harm employees.
There is a close relationship between the policies, practices, and procedures implemented to manage SISs and many PSM-related activities. The S84.01 standard recognizes that SIS functions and the equipment that provides those functions must be managed as a set of life cycle activities. IEC-61508 reinforces the life cycle nature of managing SISs. In essence, S84.01 establishes a PSM program for SISs, particularly Mechanical Integrity. Therefore, there are many parallels between the requirements of S84.01 and the contents of a Mechanical Integrity (MI) Program, particularly the quality assurance requirements in 1910.119(j)(6). There are also parallel requirements between the other elements of the PSM Standard and S84.01. Some of the most important and direct parallels are:

The Process Safety Information (PSI) element of the PSM Standard requires that equipment covered by the PSM Standard follows applicable GEPs and that the design codes and standards used to design the equipment be documented. Clearly, S84.01 is an applicable GEP for SIS equipment.
The applicability section of the MI element of the PSM Standards requires that "emergency shutdown systems" and "controls (including monitoring devices and sensors, alarms, and interlocks)" be included in the MI program. This is precisely the type of equipment addressed in S84.01.
The MI element of the PSM Standards requires that "…equipment as it is fabricated is suitable for the process application for which it will be used." S84.01 contains guidance on how to determine what controls and instrumentation are required for a given safety function (i.e., "how much" SIS), and how to specify and design the required SISs to reliably achieve that function.
The MI element of the PSM Standards requires that "Appropriate checks and inspections shall be performed to ensure that equipment is installed properly..." S84.01 contains guidance on the installation, commissioning, and pre-startup acceptance testing of SISs.
The MI element of the PSM Standards requires that "Inspections and tests shall be performed on process equipment." and "Inspection and testing procedures shall follow recognized and generally accepted good engineering practices." S84.01 contains guidance on periodic SIS maintenance.
S84.01 specifies that SISs be designed, including their levels of redundancy, based on the Safety Integrity Level (SIL), and also specifies that process hazard analysis (PHA) techniques that are typically performed as part of a PSM program (e.g., HAZOP) be used to determine the target SIL for each SIS function.
S84.01 specifies that operating procedures be issued for the SISs, or that the operating instructions for the SISs be included in the process unit operating procedures that are required by the Operating Procedures of the PSM Standard.
S84.01 specifies that the personnel to operate and maintain the SISs be properly trained to do so, as also required by the Training and MI elements of the PSM Standard.
S84.01 specifies that the changes to SISs be controlled by procedure, as would be required by the management of change (MOC) element of the PSM Standard.
Both S84.01 and the PSM Standard require a Pre-Startup Safety Review (PSSR) that contains the same provisions.

In many of its clauses, S84.01 refers directly to the PSM Standard. IEC-61508 provides more detailed guidance on a number of items that are covered by the PSM Standard in the U.S. such as PHAs, MOC, personnel certification, and training.

Although there are many parallels between PSM and S84.01, parallel programs are not required. If a facility has a well designed and functional PSM program, in particular MI, and includes within its scope those instrumentation and controls components that provide SIS functions, then many aspects of S84.01 are already in place. The most significant effect of S84.01 on PSM-covered facilities may be the guidance in the standard that specifies "how much" SIS is required. This will vary depending on the target SIL required for each SIS function, the redundancy already provided in the total control system, and the age and nature of the control system/equipment that fulfills SIS functions. Those responsible at a process facility that must comply with S84.01 must be knowledgeable about instrumentation and controls but also about PSM, so that separate programs are not established that waste resources.

Go to AcuSafe.