Skip to main content

A Practical ‘Live’ Migration Strategy for Upgrading Safety Systems in the Oil and Gas Industry Pt.1.

LNG Industry,

Recent events in the oil and gas industry have substantially increased interest in maintaining the highest standards of safety at all times. These events have spotlighted the potential worker, environmental and business ramifications of a significant safety event. Oil and gas producers and the operators who manage their production facilities demand the highest level of safety in order to protect personnel, the environment and production assets while maintaining maximum uptime and minimal operational disruption.

Balancing these critical requirements often comes to a head when an oil and gas producer needs to upgrade a facility’s safety system. As safety systems age and become outdated or obsolete, they not only increase safety risks when compared to more contemporary systems, but can also cause lost production time due to unnecessary trips or shutdowns.

Contrary to popular belief, installing an upgraded safety system does not necessarily require a lengthy shutdown of the facility. With careful planning and detailed, thorough engineering, a safety system can be upgraded with minimal disruption to facility operations.

The Role of a Safety System

In oil and gas production operations, the distributed control system (DCS) manages the normal operation of the plant. The function of the safety instrumented systems (SIS) is to preserve life, the environment and the equipment being monitored.

The most common types of safety systems in oil and gas production are the fire and gas (F&G) and emergency shutdown (ESD) systems. The primary objective of the F&G system is to monitor for the presence of fire through smoke, heat and flame detection, as well as for potentially dangerous levels of hydrocarbons by “line of sight”, “point” and acoustic gas detection methods. If any of these conditions are detected, the system implements appropriate alarming, firefighting and suppression measures in order to minimise the impact to personnel, environment and assets being protected.

The core objective of the ESD system is to protect people, the environment and production assets against misuse, equipment failure and against catastrophic failure in the plant. When the ESD system is activated, it may require an orderly shutdown of the production process to protect personnel and the integrity of the plant.

Typically, the F&G and ESD systems are physically independent of each other and separate from the DCS.

Drivers for a Safety System Upgrade

Facility owners normally upgrade their safety systems for a variety of reasons, ranging from equipment obsolescence to the need to take advantage of the benefits of extended or more advanced functionality. Some of the major drivers include:

Prolonging field life. Many oil and gas reservoirs continue to generate viable quantities of product well beyond the intended life of the original field design. Consequently, the platform has to be upgraded – often on a rolling refurbishment basis – to accommodate these extended operations. These upgrades also can help reduce annual maintenance costs while simultaneously reducing unplanned downtime and unexpected repair costs.

Meeting current codes and standards. Currently installed safety systems were designed and built in accordance with the codes and standards in force at the time. Since then, the industry has moved forward and legacy systems have not been upgraded to current standards and technologies. For example, while IEC-61508 was introduced in 1999, many legacy systems have not yet been reassessed to determine if they comply with this standard.

Improving functionality. Operational requirements have changed in the last 20 years as technology has advanced to include capabilities such as remote operations, improved diagnostics and simplified interfacing between systems. For example, advanced asset management tools are available that can help gather and analyse vital data from across production facilities. While this may not be a prime driver for system upgrades, it is often a key factor in the cost-benefit analysis.

Safety System Obsolescence

Every piece of equipment or system will eventually come to the end of its useful lifecycle. Based on our experience, safety systems need to be upgraded some 15 to 20 years after initial installation. For safety systems, this can become apparent in a number of ways:

Equipment obsolescence. Equipment often becomes obsolete when the underlying components are no longer manufactured. While “last-buy” options from manufacturers can temporarily address this, the ongoing maintenance and support of these systems will no longer be viable once the supplier support infrastructure can no longer service the equipment.

Erroneous operation. As safety system components age and fall “out of tolerance,” no longer performing within their designed parameters, part of the system could begin to operate erroneously. Since safety systems are designed to fail to a safe state, this can often result in unnecessary and costly shutdowns.

Inability to expand or enhance the system. Legacy systems, particularly hardwired systems, are difficult to expand, beyond small changes. Therefore, expansion to accommodate new features – such as additional subsea tie-backs, artificial lifts or compression facilities – is often difficult to accommodate due to physical space and system interface constraints. In addition, older systems may not meet current industry standards.

Safety System Upgrade Strategies

Implementing a safety system upgrade requires an in-depth analysis and risk assessment of the existing technology, so you have a solid understanding of the requirements needed for a new system. A safety system upgrade should follow a systematic and well-documented process. We recommend the following approach:

  • Establish a baseline
  • Evaluate the current system architecture
  • Build and thoroughly test the new system in the factory
  • Meticulously plan and manage the system migration

Establish a Baseline

The first step in a safety system upgrade is to establish a clear understanding of the existing design, including the specific nature of the system’s core architecture and the functional operation. The “as-built” documentation status of many mature systems is poor, conflicting or non-existent. As a result, engineers often need to “reverse engineer” the installed system to either confirm that the existing documentation is correct or mark it up to determine how to proceed.

During this phase of the project, the safety integrity level requirements may need to be established or re-affirmed. In some instances, this may necessitate revisiting the original system design approach. Carrying out this assessment not only means the design of the upgraded system can be compared to current SIS standards, but also may significantly reduce the complexity of the system needed.

Once this baseline is firmly defined, you can determine which system upgrades, enhancements and improvements may be needed. While this preparatory work can take a considerable amount of effort, it is absolutely essential in helping ensure the functionality is correct and the design is traceable.

To be continued…

Author: Adam Howard, EPC operations manager, Rockwell Automation.

Read the article online at:


Embed article link: (copy the HTML code below):