Safeguard
A safeguard is a safety instrumented system or any other safety device that prevents a risk from occurring or lowers the probability or severity identified by the risk assessment. Safeguard can also be an action performed by a person (e.g., operator response to an alarm). In GE Digital APM, Safeguards can be linked to an asset.
Independent Layer of Protection
When a safeguard is independent of the performance of other Safeguards, or the initiating event, the safeguard is considered as an Independent Protection Layer (IPL). An independent layer of protection is external to any other layer of protection or safety instrumented system. All independent layers of protection are safeguards, but not all safeguards are independent layers of protection. To be specified as an IPL, a Safeguard must satisfy a set of criteria.
The effectiveness of an independent layer of protection is quantified in terms of its probability of failure on demand (PFD), which is a numeric value that represents the probability that the independent layer of protection will fail to perform its specified safety function when required.
The following three types of IPLs are defined in the GE Digital APM:
Active IPL: An active IPL is a device or system that changes from one state into another in response to a change in process activity. For example, a pressure relief device is an active IPL that opens when there is an abnormal change in the pressure inside a vessel and remains open until the pressure in the vessel reduces to a value below the settings in the pressure relief device.
Passive IPL: A passive IPL can achieve its risk reducing function without the requirement to take any action or change the state of the system. For example, detonation arrestors and blast-walls are passive IPLs that reduce the risk.
Human IPL: Human IPLs involve the dependence on operators or other staff to take action to prevent an undesired consequence, in response to alarms or following a routine check of the system.
Active, Passive, and Human IPLs are further classified as IPL Sub Types, and are defined in the Active IPL family, Passive IPL family, and Human IPL family, respectively. For each subtype defined in the Active IPL, Passive IPL, and Human IPL families, the probability of failure on demand (PFD) value is also defined. Based on your selection of the IPL Type and the IPL Sub Type, the PFD for the Safeguard is determined from the Active IPL, Passive IPL, or Human IPL records.
The PFD values for each of Safeguard that is an IPL is multiplied to populate the Total IPL PFD field in LOPA. These values also modify the unmitigated and mitigated consequence frequency values in the LOPA.
Copyright © 2018 General Electric Company. All rights reserved.