A Comparison of Hazardous Scenarios in Architectures with Different Integration Types

Abstract

Whether or not to allow some integration between process control and safety systems has been an ongoing debate amongst safety researchers and practitioners. The principle of keeping it simple and the principle of having segregation between the two systems are often considered as equal. The current trend is that traditional hardware implemented functions are, to an increasing extent, replaced by programmed functions and that control and safety systems rely on standard communication technologies and devices. Despite the goal of having physical segregation, the systems are no longer simple and without dependencies. Some programmable controllers have inbuilt solutions that can logically separate safety and non-safety (software and hardware) functions inside a single programmable system. It is, therefore, of interest to explore if some of these technological advances can have a positive effect on safety compared to the complexity from duplication of hardware required with segregation. Before such alternative design concepts are selected, it is necessary to evaluate if they are as safe as with physical segregation. The main objective of this paper is to identify and compare the hazards and hazardous scenarios for some selected hardware architectures ranging from complete segregation of process control and safety systems to full integration. This analysis applies the Systems-Theoretic Process Analysis (STPA) method, which has been developed to analyze complex and software-intensive systems. The result from the analysis of the selected architectures indicates that having integration will increase the number of possible scenarios leading to hazards. These scenarios may cause both safety and availability losses. This research is part of Safety 4.0, a joint industry project on research-based innovation that aims to develop a framework for safety demonstration of novel subsea technologies