Ethics for Functional Safety Engineering

Oh now we’re gonna go ahead and get started welcome to the exit of webinar series our weekly webinar on different interesting areas around safety and insecurity today we’re a little bit kind of off that crack just fractionally and we’re gonna talk a little bit about ethics and how those methods apply to safety engineers and just some interesting thoughts on the ethics from a safety perspective so all right so I’m Jean kmac I’m coming to you from Houston Texas in the u.s. I’ve been in the safety world for a long time I’m with nested I’m the director of the Gulf Coast region my main interest in this area comes from 30 years in safety automation and control systems been involved in various industries including chemical refining upstream oil and gas pulp and paper and so forth during my career and I’ve been to a lot of ethics seminars as well and for the most part you know they’re very generic and I’ve always wanted to do one that was a little bit more tailored to the things that I’m interested in which usually revolve around safety and particularly functional safety so I got my peanuts and that’s what we’re gonna do today so I hope you enjoy it and I hope it’s useful for you just really quickly a little bit about it set up we do a variety of things but this so you understand where we’re coming from a little bit and kind of the background first of all we do certification we’re a gratitude certification body we do create nation of automation equipment in particular typically to IEC 61508 standard for functional safety we also do certification of personnel in a lot of training and so forth around the certified functional safety experts and certified functional safety professional titles so the other thing we do is we do consulting when you consulting in functional safety and we do consulting in cyber security around industrial control systems and also an alarm management so those are the three main areas of our consulting practice and then we do a lot of educational activities we’ve written a lot of books we have a lot of information on functional safety in cybersecurity we do a lot of training in that area as well so education is one of our key areas and finally we’ve developed a set of tools around safety life cycles and alarm management our excelencia tool is our core product around how do you how do you do silver if occasions and so forth so just really quickly that’s excellent now you know kind of where we’re coming from there’s always a vise to every talk and now you know all right so we wanted to do today was to I had two objectives in putting this course together one was to look at epics through the eyes of a functional safety professionals like I said I’ve been to a lot of ethics seminars and they’re always very generic and we always talk about you know good value things they’re always useful but I always kind of put it through the glasses of okay I’m a functional safety person what does this really mean to me that’s why I wanted to do it specifically around that that area and then after we get through kind of just looking at ethics in general and some of the things that I think are important then we really look at a few of the areas where there’s specific issues around functional safety and so just kind of take two or three or four those and and look at them and talk a little bit about what the issues are why they were important and why from a safety standpoint they matter to us in terms of the ethics behind it so that’s my objectives for the course today have you interested in any feedback from you guys as to whether it’s effective or productive or not so here we gather when we talk about about functional safety in particular or we’re really talking about managing risk and that’s really what we’re we’re in the in the business for is to manage risk through our organizations and to our colleagues and to the people around us we’re the ones

that are tasked with that idea of make it make the risk go away so to speak companies in general have this legal moral and financial obligation to limit the risk that that we have in our operations so whether we’re a refinery or chemical plant or an offshore platform or whatever we have some obligations to say we’re going to operate that facility in as risk-free a manner as possible and the three areas that really apply there first of all a legal obligation we have to comply with the regulations as they’re written in some companies that’s as simple as it gets we comply with the regulation as I saw we do we can look at the financial side of things where we’re trying to do things as often optimally financial as we can get our lowest capital budget their lowest operating cost maximize our profits but then we also have this moral obligation and so where the ethics come in to make that plant as safe as possible we’re not taking any additional risk that we don’t have to take there’s nothing there’s no such thing that’s risk free and we understand that but we have this moral obligation to our fellow human beings for our color to our colleagues for our community at large into society to make that plant as safe as possible so as practitioners of functional safety the implementation of that risk mitigation is what we do that’s where our responsibility is and we’re the ones that the company looks to to say okay how do we deal with these risks and how do we make sure that we’re managing the risk in a manner that’s not only legal and financially viable but moral as well so all three of those things kind of come together to look at risk but also to look at the ethics behind the wrist it’s gonna seem a little bit off track for you at the beginning because I’m going to talk a little bit about the difference between prescriptive and functional standards and but bear with me a minute and I think we’ll get back to the ethics in this as we go so we’re all familiar with prescriptive standards because prescriptive standards tell us what to do it’s very specific so an example of that would be API there’s a 14c document this does it to pick one so that offshore document it tells you how to build safety systems in offshore environments and so it says things like you must install a high pressure sensor to provide overpressure protection for vessel so a prescriptive standard in this sense tells you exactly what you have to do they even give you a safety analysis checklist go through do all of these things and those were really nice in some areas because they do tell us what we need to do and they kind of take so their responsibilities away from us on the other hand we have functional or performance-based standards an example of that as I see stat 1 511 which most of us are probably familiar with in the functional safety world with an instant safety instrumented systems for a process industry sector but based on six point 508 which is also a functional or performance-based standard in these standards rather than telling you exactly what you need to do they tell you what performance level you need to meet so they’ll have statements like we recognize that organizations will have their own procedures for verification and it does not require to always be carried out the same way what they’re saying is we don’t care how you do it as long as you do it in and it meets the standard that we’re setting for for that function or we’ll see something like the requirements for hazard at risk analysis or specified only in terms of the results of the task that’s the the really heart and soul of a functional or performance-based standard so the trend is we’re going through as we unfortunately as we have accidents and we start looking at you know what happened and they say well we followed this prescriptive standard the answer is always wait a minute that’s not good enough you really need to go back and look at a performance-based standard in order to to really implement safety in the way that would like you to so what are these limits to the prescriptions most like any prescription if you know the doctor and he says oh here’s some some prescriptive drugs that will help

you then he’s viewing those for a particular set of symptoms with a particular diagnostic that he’s done for you specifically that’s the prescription the problem with with prescriptive based standards is that as technology advances or we get outside that prescriptive envelope then we suddenly don’t have the ability to to say that prescription is still good and so we we end up not being able to meet the functional requirements for safety because we’re using different technology or we’re not able to use the best technology or outside of prescriptive envelope were you know into articles or developme or were you know in some environmental situation or you know we’re building a plant next to a residential area or a school and all of a sudden the prescription wasn’t really written for that the other two things that kind of bothers about prescriptions is that as we get more complex in systems and events that really adds to the difficulty of writing a prescription that will apply across the board to everything and if we have more sophisticated in management systems there becomes a lot of nuances that have to be taken into account it’s less really been driving us to these performance-based standards so as we move them from prescriptive standards where they tell us what to do to performance-based standards where we have to decide what we’re going to do to me that has a huge impact on how we deal with that ethically so if we look at it we’re moving from prescriptive based standards over to performance based standards so as we do that the nice thing about prescriptive a standards is there’s rules we follow the rules we check off the boxes and we’re done but we have two performance bays it’s not that easy those are analysis page we have to do an analysis that says here’s everything we took into account here’s you know how we made that analysis in functional safety it’s our hazard identification it’s our Lofa analysis on you know layers of protection that are going to protect us against those those adverts and we have to decide you know what really needs to be done in order to be as safe as we want to be and so what that really means is a prescriptive side we kind of left it to the standards committees and great guys but they’ve taken the responsibility for saying here’s how you do it and they’re written as a prescription it says if you do this you’ll be safe on a performance side they don’t do that they say you need to be safe there’s some methods for doing it here’s the things you need to take into consideration but ultimately responsibility is on our organization as a company if particularly on us as practitioners in functional safety – to really decide is that good enough does it meet what the requirements we need we need it to meet and we’ve done our analysis correctly so from an ethical standpoint that’s really a step move and how we look at things in to mean it’s kind of going from this idea of we’re compliant we met the rules we checked off all the boxes to a culture that says we really will want to be safe and we’re going to do everything in our power to get there so we’re trying to move from a compliance mindset to a culture of this is the things we need to do mindset as we move with those prescriptive based standards over to our new performance-based standards in cultural safety a book I would highly recommend everybody is it’s called the West Point way of leadership and it’s the US Military Academy commandant Larry at Donna thorn wrote I really was impressed with it from an ethics standpoint and how you develop concepts of leadership and he quoted a large Kohlberg the psychology of moral development which I’ve not read but I got this from the West Point way of leadership about three different stages of value internalization so these are they’re kind of the steps we go through as we look at the values that we hope the first one of that was self-serving we do things because it’s in our best interest to we we do it because that’s what it takes to survive the second one is a social contract it says oh this is going to be really good for the people that I know you know I’m gonna be really pleased

with how this thing what I get out of whatever it is I do it by the social contract to do things and then finally we move to what he calls an autonomous mode which we do things simply because it is the right thing to do its what our independent intellect tells us and we’ve really internalized those values and so beyond you know just ourselves and our immediate surroundings we’ve really looked at this is better across the board and it’s the right thing to do so we will look at those individually really quickly so let’s start with self-serving concept so the idea behind it is you know this standard this rule whatever it is this is good for me it’s me ahead it’s in my interest yes it’s all about me so if we look at in terms of safe seat belts that’s a safety issue right you get slogans like you know you either buckle up or pay up you know it’s the law click it or get a ticket or the one I particularly like is slowing down in the corner here don’t get caught dead sitting on their seat belt because my grandfather had that in his 1957 Chevy that we used to drive around and always thought of always sitting there it’s probably a gun left staring at that particular side as we drove around but the idea is you know we buckle up or we use seatbelts because it’s good for us right we don’t want to die we don’t want to get a ticket we don’t want to for it to cost us money but we take that to safety engineering and a facility we look at things like I work here I want things to be safe you know I don’t want to work in a plant that is not safe I could get killed it’s in my interest to make things safe if we’re doing it remotely we’re not actually at that facility but we’re an engineering company or something else the the self-serving part of it is Wow if I do a really good job on this and I design a really good system I could get promoted for that are things blow up because I designed a safety system that was not so as good as it could have been that I could certainly be fired or punished or whatever so that’s looking at it strictly from that self-serving standpoint but we when we see slogans like that in the workplace make your workplace safe you know this idea that it’s good for you to do that that’s the self serving aspect we move to a little higher playing we can look at the social contract aspects of this and this is where it’s better it’s good for everybody it’s better for society it’s in everybody’s interest so we would counted up all of the pluses and minuses and we say wow this is this is really good it’s good for not just me it’s good for us and so we’re going to do it because it’s good for us perfectly applauded Abul if we look at it from a from a seatbelt perspective again you know seatbelts save lives do it for you and do it for them I buckle up because of my wallet my friends my family safety like there’s your checklist of here’s the pros and cons of wearing your seatbelt swear it’s not wearing your seatbelts I’m not exactly sure what this the one down here are about alias making it harder for aliens to stuff you from your car is but I liked it so I included it anyway so the idea here is the safety is good for me my family my colleagues and it’s good for business so you know we have an accident at our facility that’s not good for business I could lose my job my family could go hungry or whatever but this is the idea that social contract that it’s it’s good for everybody it’s better for society I’ve done the math and I have come to the conclusion that that what I do is is what I should be doing and so we get two slogans for that to remember safety your families waiting for you at home no safety no business the idea that this is good for our business and our and ultimately for for society as a whole so the social contract then we move to the autonomous area where we’re looking at things again from I guess a higher plane but these are intellectual values where we’ve internalized the values themselves and we say we do this because it’s the right thing to do yes there’s a you know we’ve maybe done the math and we said you know this is better than not doing it but but inherently it’s because overall intellectually we understand that safety

is important and it’s the right thing to do so you go back to your seat belt you know it’s just become the way of life it’s the way you do things get in sit down and buckle up hold on that’s just the way we do things buckle up for the next million miles not tomorrow not today not because I you know I don’t want to tick it just because that’s the right thing to do okay that was not what I wanted there so we’ll skip that but the idea behind it is just do it right so we’ll do it right the first time we’ll we’ll do it right because it’s the right thing to do that’s the inherent internal values that I think as we move from those prescriptive formulas to these analysis formulas that’s really important for us to understand that it’s important to do things right all right so look at these three concepts self-serving to social contract hopefully over to the autonomous area where we’ve internalized those values if we look at that in terms of safety the self-serving in social contract if you did because those are following the rules we’re following the rules we’re doing the things that that you know we’ve decided we needed to do whereas when I get over here to the autonomous side we’re doing because of our internal values and that’s really where the ethics comes in we have a value set internally that says these are these are good things and again that moves us from this compliant follow the rules mindset over to a culture that says this is the way we always do things we do it because it’s it’s right you know you get in a meeting at your company and the only thing you have to say is guys that’s the way we do things anybody goes yeah we understand so I got a really quick example it’s a shameless pitch for a restaurant haven’t been through for about 10 or 15 years but in the early 2000s I was that I was in Kansas City on the job with a colleague of mine and we we visited the American restaurant there in Kansas City really nice place it’s the kind of place where the waiters are absolutely attentive there they’re there when you need them they’re not there when you don’t need them just absolutely impeccable service you can tell they’ve got you know the Four Diamond Awards and the four-star Awards and so forth and suppose we sit down and realize we’re just a couple of Engineers they bring out this basket with a clear glass bottle full of water and they fill up our water glasses and then kind of faded away waiting for us to look at the menu my colleague turned to me he said you know I bet they just go in the back and they fill that water bottle of with tap water yeah so no they don’t hey it looks at me kind of quizzically and says you know how do you know they talked I said look around you I said you know this place has absolutely impeccable service the the waiters are trained there they’re diligent they’re doing exactly the things they need to do is absolutely Liz everything is functioning exactly the way it’s supposed to I said you don’t get that culture without it being ingrained into their value system and if you say oh well we’ll just make the water bottle and fill it up out of the tap water and make everybody think it’s bottled water then you violated that trust you violated that integrity and you violated those internal values and you’ve driven so hard to ingrain and people on a sadistic you can tell just by looking at the culture that that’s not the way they do things and so to me that was a really telling point in understanding what a culture means to whether that’s a culture of a really good service done in a dining establishment or whether that’s really paying attention to what we’re doing our safety analysis it’s really the same thing all right so just kind of in conclusion of this section functional safety is based on individual analysis that we do as practitioners and in everything that we’re doing in functional safety these days with our performance-based standards it’s based on the idea that we’re doing that analysis and we’re doing it correctly so that responsibility for getting that analysis done right in the overall risk mitigation that comes with it lies with each one of us doing that analysis and so it’s very very important that each one of us has that core set of values

and therefore we as an organization we as a company develop a culture of safety that says this is the right thing to do we don’t have to question it anymore we don’t have to do an analysis of whether it’s right or not we understand that it’s right and we’re going to take that responsibility and we’re going to do it correct so those of us who practice functional safety really have that moral obligation to get it right do the analysis do the things we need to do so with that in mind well that’s why we juggle all these different tasks and all of our different competing things that day-to-day take us away from things we have to stop every once in a while as I wait a minute you know are we doing the right thing or we cruise our internal values and you know it’s really difficult to sometimes in the high paced world you live in but that’s why we have ethics classes right all right so now we’re going to kind of jump into different issues in functional safety and kind of relate those back to how we deal with them and why they’re important the first thing I want to talk about is life cycles we’re all aware that functional safety today is based on a life cycle concept we tried the idea of you know just seeing a hazard and fixing the hazard that didn’t work very well and with our analysis of that after a good design that didn’t seem to work any better and we suddenly realized that we’ve got to not only design it well we’ve got to install it well we got to come visit if we’ve got to make sure everybody understands it we got to take care of it through its maintenance of operations stage and we all know that the functional safety live side what’s really important about that life cycle is each phase of it depends on the proper execution of the previous phase I’m looking to design a safety instrumented system my criteria for doing that contained in my safety requirements specification which is the result of the analysis phase if I don’t do a good job on the analysis phase my design is not going to be adequate either even though I may do a perfectly good travel of his eye so this life cycle is really important to understand that even the part that we’re doing is important to the entire lifecycle piece of it so there’s really two things one is we have to a good job on each phase that’s the first thing but secondly we also have to to understand the bigger picture here that we have to communicate what we’re doing in one phase to the other phases and you know obviously that’s that’s documentation but it’s just making sure that whatever we do in one phase of it is peering from one page to the next so they’ve got the ability to do a good job in the phase that they’re doing because that may or may not be the same people doing it so there’s really a moral and ethical obligation there as well that you know whatever you do in your phase of the life cycle it gets communicated it gets passed down at the other and it’s just food as you can possibly do so they can do as good a job as they can possibly do at their face it’s a functional safety requires continually thinking about a whole problem a whole lifecycle issue not just you know exactly what we’re doing so oh I got this guy checked it off my managers happy today I’m going to go home without thinking about wait a minute the guy tomorrow’s got pick it up and do the next day as the life cycle he needs to understand it as well so we have to kind of think about it as a whole not crank it into the different phases independently all right that’s thing I’m going to talk about with personal personnel competency if we look at I you see six one five eleven really all that says the beauty of a performance-based standard right is that persons departments organizations involved in safety life cycle activities shall be competent to carry out the activities for which they are accountable it doesn’t really tell us what that means it doesn’t you know say you have to have a degree from an accredited university it doesn’t say you have to be certified it doesn’t say you know you have to read certain books all that says is you need to be competent

it’s not on an ethics standpoint okay so if an ethics point standpoint the first obligation you have is to know what you know that is you know you’re obligated for the areas that you’re responsible to be competent so that means you need to learn about it you need to ask the questions you need to be able to go to the right people and understand everything you need to know about that piece to which you’re responsible you can say well uh put something down I hope that works morally that’s not correct and it doesn’t meet the standard you need to be competent in that activity so you need to know what you know probably just as important to that is was to know what you don’t know know when you’re outside your limits that you don’t have the experience you really need to make those decisions and in stop and say wait a minute I don’t know that I need to go get help I need to go find somebody who does know it I need a little more input into this I need to go study the issue for a while and conclusions so it’s important from a personnel competency that we know what we know and it were confident to carry out the activities that were responsible for but it’s also imperative that we know what we don’t know we know our limitations and we go and we get the help that we need when we need it time one of the things that always gets us into trouble with with safety systems is management pressure we talked about at the first slide these three circles at the bottom of the moral legal and financial aspects of of how we manage risk but what happens when you come up with an idea here’s the way I’m going to deal with this and management says you know your boss says whoa too expensive too complex those are using the two reasons they give before whatever reason that they’ve decided that you know whatever you’ve come up with is not something we’re going to implement so we see that all the time we see a lot of people struggle with now what do I do I want to do the best that I possibly can but management’s saying no we’re not going to allow that so how do you deal with that let’s look at some techniques that that we could use in that role my first recommendation is to go back and look at it again make sure your analysis is correct I know it doesn’t happen very often but everyone so long manage but this might be right it might be too expensive we may be spending too much money on one area that we need to spend at another or it may be too complex it sounded really good when we put it together it’s really clever but in a real-world sense does it make sense sometimes management’s a touchstone for that to look at it and say okay wait a minute you understand that and it is really clever but when I get to the field and I’ve got other people needing to you to manage it see and they really be responsible for that is it too complex for them to to make sure it works all the time so that’s the first thing is to kind of go back and do a double check on yourself know what you know know what you don’t know and say well maybe I don’t know that and use that as an input to refine your thinking but assuming you come back and you say no I was right this is what the standard says this is the way I did my analysis I I believe in these numbers then first of all go back with the documented analysis if you sit down with management and you say okay but here’s the analysis here’s the consequences we’ve come up with here’s the the mitigation we’re putting around it here’s what our caller or risk guidelines face or whatever or here’s what the standard says were required to do and you can make that argument at a very business a professional like manner and you hope management goes along with it sometimes they will sometimes they want so the next thing I would do is argue an economic case because management’s usually more concerned with this bubble in the corner of the financial side yes I know they’ve got to go to legal and maybe it’s the moral part they’re having struggle but argue the economic case you can make a good economic case that this makes sense based on the consequences and your analysis and so forth you can put that in economic terms maybe that’s something that me agent will understand and say okay we understand to go forward with

this the next thing you can look at it’s look at alternative methods to it there’s always more than one way in the design safety systems I remember in my early career the opportunity but flame scanners on boiler and the management manager ours working for the time he said no that’s too complex they would they don’t work for whatever reason we’re not putting them in there they’ll just get tougher doubt they’re not going to be effective we’re not going to pay the money to do those and I was really upset with that I argued a lot but what we finally ended up doing is looking for some alternative methods of meeting the standard that were not as complex that didn’t require of that particular piece of hardware and we were able to put in a system that I felt really satisfied with so you might look at alternative methods that would would give you the same level of protection but the easier to get your management to agree to and then finally you can ask for their sign-off say ok but I need your signature on this it says this is ok and a lot of times that will stop management and I said well wait a minute you’re the guy that’s supposed to be doing their well yes that I filter I’m not so now it’s up to you so those are kind of ways to techniques of handling it it’s always a very very difficult position to be in particularly as you know safety engineers do to say yours want to come up with in management say no we’re not going to do that you you really wrestle with this moral obligation versus the legal and financial obligations that are coming into play so I don’t want to make it sound like it’s an easy task this is one of the ones that we see most most stressed around it’s where this happens so all right the next issue I want to talk a little bit about is that data and bad assumptions first go off on the end-user perspective so you’re putting a facility in that functional safety analysis that you’re doing one put a lot of effort into and that first analysis phase of the safety life cycle it’s very very dependent upon what data were using and what assumptions were making as we go through our analysis and so in particular the functional safety is dependent on the failure rate data a little magic picture there in the corner is you know failure rates aren’t based on magic they’re based on real-life research they’re based on realized statistics and so forth and you have an obligation to make sure if your analysis which is going to be correct you have an obligation to look at the data you’re using in an analysis and make sure that it makes sense and that it’s good data if you go through your analysis you’re making certain assumptions for example why do a local analysis we’re looking at you know is this does it meet the criteria for a layer and independent layer of protection is it independent is it specific is it audible and so forth and you’re making assumptions to the various stages of that as to business meet the standard does it not and so forth as a practitioner that application that obligation is clearly on you to do that analysis in a correct manner that you’re at the core responsibility to do it so look at some areas of concern around around this first of all is that failure rate data is it real there’s always two things we look at in failure rate that data is there enough to to be realistic so these are real data it is it in this a similar function you know an example we always use is if you’re looking at transmitters for sensor elements for example and and we look at that we say well we’ve got a lot of really good failure rate data based on transmitters but most of that is in our control systems not in our safety systems your question is is that a similar function well for transmitters and sensing elements typically the control function is very similar to a safety system function so we would say yes that data is probably good in a lot more data to go on it improves our Thunder Inc data on the other hand when we look at valves and we say oh well we’ve got a lot of experience with this valve but most of it is in control applications we would have looked at that and say well but control is continually operating valve and whereas in safety I put it in one position I leave it and leave it for a long time it’s not realistic to think that those were similar failure rate data failure rates method through modes are going to be different and the failure rate information is going to be different

from those two so you have to look it is do you have enough data is it realistic it is it a similar function one of the areas that really this comes up a lot is the proven and used concept and you know a valid way of looking at things is this equipment been in use long enough that we’re comfortable using it in a safety application but again you have to look at do I have good data on it you know proven is in use it’s not that magical part that says oh I made up some stuff and and we’ve used it a couple of times and nobody nobody has ever said anything you know the standard says that you know you need to have a proven documented failure rate data for that information if you don’t have that then proven use was really not a valid concept the other thing is to use a consistent approach in it we see you know a lot of companies that kind of do it very ad hoc you need to define up frog what what really constitutes proven use and what does it what are we as an organization going to do there and again is that proven in use data in a similar function so always the same question do I have enough data incidence of our application a useful life when we start talking about failure rates we all understand the bathroom tub curves and at some point we we get to the end of a useful life is defined by either the product vendor or our experience what we’re really saying there is after the useful life our failure rate data ceases to be applicable that we’ve entered that area of wear out where our failure rates are going to suddenly start to climb and all the analysis we did at the beginning of our safety life cycle is no longer valid and so we really have to to really pay attention to the useful life and make sure that we’re not assuming things are ok just because we haven’t broken yet local credits is another area where we see those assumptions we talk about that a little bit it’s really easy to say oh I’ll take a loaf of bread for this but you really need to look at that and make sure it meets the criteria that it really gives you the layer the order of magnitude types of credit figure taking for it then that’s kind of go quickly to these these others proof test we see a lot of issues around proof test is the proof test integral realistic if you’re telling me you’re going to do it to prove test every two weeks in a chemical plant that have a shutdown over seven years I don’t think you can be very realistic on that so first of all make sure the intervals realistic and that it’s something that the facility actually can accomplish and then secondly make sure the proof tests are actually done you know it’s nice to do in the analysis that analysis says this is the production we’re taking the cause of that but if we’re not actually doing the fruit test in the field then they don’t really serve their purpose common cause is one of those make assumptions on common cause it’s really easy to say well I don’t know what I’m really doing in common cause there’s guidelines for it it’s easy to put in a beta factor that’s very low common cause that’s one of those and you really need to be more concerned about because it can take a very conservative safe approach doing it or you can move that whole system to the one-ders that’s not very safe at all the demand moment we have a real assumption in the process industries of assuming that we’re in low to the end mode and it’s generally a good assumption but not always you really need to look at that assumption and say am I really in a load of lien mode or it says something right I can’t really use our previous concepts that we’ve gotten to you know is harbor fault tolerance their guidelines in it those guidelines were put in the standards to meet certain criteria and we can’t ignore Hardware fault tolerance we need to include that and then finally in the safety manual if you’re using accredited certified equipment they always come with a safety manual your obligation there is to make sure that you’re using that within the proscription that they’ve given you within that safety manual so they did their analysis they said this is a good piece of equipment to use in this application but that only is is applicable when it’s installed according to the safety manual and so you need to make sure you’re reading those safety manuals and making the assumptions in your analysis that are consistent with

what the information is there all right then I want to look at bad day they have an assumption from a supplier and certification stand it’s a little bit different you see the bathtub curve in the bottom because a lot of these issues are around failure rates and useful life same problem we had before problem with bad data in bad assumption it’s not limited to our end user assist of analysis it’s also can apply over on the supplier side particularly in the certification bodies so same problem we had with him users so though is the data good but we have enough data is it applicable it is it in a similar function so for example one of the issues that’s been kind of in the news lately is cycle testing for things like solenoids cycle testings are perfectly acceptable method for getting failure rates but unfortunately as we all know that’s not the way we operate solenoids typically do a safety function we put them in place we don’t cycle them for years at a time and also we want to know if it’s going to work or not it’s not a similar function to a failure rate that’s been developed out of cycle testing so is the data good and is it a similar function this comes down to really an ethical issue in my mind with the suppliers and the certifiers who have to understand what they’re really trying to get across here and when they’re picking those failure rates and they’re looking at how their equipments being used it isn’t consistent with what they’re putting in their safety manual they have an ethical obligation to make sure that they’re they’re using good data and that they’re communicating to their users what has to be done in order to meet that requirement ultimately though the end user is the one who has to to be aware of this and to use judgment and looking at those certifications and not just blindly looking at it and saying but also many certified it must be okay look at how that was actually done because they’re not always perfect so in some areas of concern in this area or the failure rate data is it realistic is it a similar function same thing we’ve been looking at one of the areas we have a concern with this we call failure rate shopping if you have a set of failure rate data and you as a supplier decide oh I’m going to go shop around till I find one it’s going to be give my product of the very best light weather or whether or not that’s realistic when we see failure rate so mechanical equipment that’s lower than you know resistors on a circuit board we look at it we think that’s just not realistic you know solenoid or mechanical device certainly is probably not going to have the same failure rate as a resistor used in its proper manner so the idea that you can shop around and find people that will give you a lower failure rate even though it may not be applicable or what you’re doing is to be you know ultimately an ethical issue with the suppliers and to someone with the certifiers they’re willing to do that the other piece is the useful life component of that all of our calculations are based on a specific useful life the part where I would say there’s some concern is if we look at partial components so you know when they say this particular device overall is a 15-year like but that’s only if you change out these pieces every three years because they’re seals or they’re high wear parts or whatever the reason is they’re they have a shorter useful life we need to be really clear on what that useful life is and what maintenance has to be done on the components of it in order to be coachable eyes so those are areas our concern that we have with on the supplier and certifier side of things so distance summary ethical behavior and these thrown core values we talked about these autonomous concepts a really essential safety as we’ve moved to performance-based standards and we move these lifecycle concepts where we have to have analysis to support what we’re doing it’s really inherent and really critical that we understand what has to be done that we know what we know we know what we don’t know and if we perform those to the absolute best of our ability but we as practitioners we

have an obligation to be confident to make the decisions and his organizations we have an obligation to support encourage and even demand a culture that understands these ethical choices and highly effective and functional safety so like I said I just kind of wanted to give everybody a an overview from a safety perspective of what ethics can be and appreciate you guys attending we will be posting this webinar on our website so you can get a download of it and if you want a record of it or if you have a colleague that would be interested in it I know for something pulling on professional engineering at hours they would like a certificate we typically don’t do that on webinars but if you won’t want you see my email address in red copy that down real quick or their little depsite tune and look me up if you’ll send me an email message I’ll send you a professional development our certificate for that so again I appreciate you guys attending I mean do a quick tip of questions and answers I think the main question that’s been asked is is there going to be a copy of this presentation it is being recorded and will be posted on our website as our webinar series and you can download it from there we will be able to get a copy of the webinar all right with that I