PID, ProSafe and the License to Operate
PROSAFE 2016 is on next week. The context setter is the following quote by Douglas Adams:
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
The by-line takes a less diplomatic tone:
Recent incidents which include the Texas City Refinery explosion and BHP’s dam disaster have taught us the importance of constant process safety, regardless of economic circumstances.
This year, Meercat has taken on a business development sponsorship role at PROSAFE which means that we’ll be:
- expanding our understanding of the breadth and depth of the challenges being faced by organisations in managing their risk, compliance and assurance obligations;
- listening to a range of problems and proposed solutions from industry experts; and
- subtly sharing the Meercat RiskView story with anyone prepared to stand still for 25 seconds.
While thinking how coalesce the best parts of the Meercat RiskView story from client experiences, I remembered the start of my working life with Honeywell in their industrial controls division as an apprentice Scientific Instrument Maker and/or Repairer (a title that still makes me smile and/or wince).
Honeywell’s TDC2000 distributed control systems were starting to take off in Australia back in 1980 and I was fortunate to be part of the implementation teams at BP Kwinana, Worsley Alumina, Woodside, and other sites.
To ensure I was making the most of my practical experience, the weekly technical college classes introduced us to pressure gauges, a resistor colour coding mnemonic I still cherish, and, the majestical PID (Proportional/Integral/Derivative) control loop theory, shown below:
I imagine that most of you would know PID better than I ever could, but for those of you who don’t know PID, imagine DNA, but simpler and cooler; suffice it to say that it is essential to the modulation of life as we know it (it was developed by mathematically modelling what the best helmsmen did while trying to keep ships on course).
As I understood it, PID applies three sensing and acting mechanisms in a closed loop system that, if appropriately sized and tuned, will optimally control a process to achieve a given goal or set point. The elements include:
- The ability to determine the offset between the set point and the process value and apply a proportional corrective force.
- The ability to aggregate the persistent offset between the set point and the process value, over time, and to apply a corrective force to eliminate the offset.
- The ability to determine the rate of change between the set point and the process value, and to use that rate to apply a dampening force to eliminate overshoot.
In summary, they worked in a very common-sense way, to apply the right amount of correction to keep things on-track: no delay, no offset and no overshoot.
In those early days I learnt how to tune PID loops to control furnace temperature, heat-treat car springs, destroy biohazard waste, or maintain turbine speed in a coal-fired power station. And while they can perform stand-alone for simple things, they are marvellous at working together, assuming that every one operates within its operating envelope.
Where they get really good is banding together with PLC’s to create a fully integrated plant control system that can theoretically go from start-up to shutdown and back again, automagically, with all loops maintained within their tolerable operating parameters.
When the entire plant is lock-stepped together like this, when sensors are monitoring input and output conditions for each part of the process and modulators are managing within normal deviations, then the plant can be tweaked to achieve other objectives: like run more efficiently, on different feedstocks, etc. But when a loop goes outside of its operating envelope, then it can spit the dummy, trigger a shutdown or isolation process, and refuse to cooperate until things are put right.
In this context, operating safely is a bottom-up process, where the whole system can only function when every one of the constituent parts is operating safely. This could be thought of as similar to inherent safety, in the risk context.
The human body is one such system where one only feels ready to perform when all the parts are working properly. Industrially, this approach is used in mission, flight, project or even batch operations but becomes difficult, expensive, and some would say nigh-on-impossible to implement and sustain in continuous operations.
In continuous operations, the concept of the “whole system” goes far beyond the plant control system as it includes soft (difficult to quantify, measure or control) interactions with a range of external factors like culture, leadership, macro and micro-economic management, competition, laws, skills, people, etc., becoming more like a loosely-coupled eco-system that resembles the internet: a range of providers that variously and opportunistically interact to provide a somewhat reliable service.
Obviously sensors and modulators can’t be put on those soft elements, so PID, the mathematical formula, is at a loss. This is why we need risk and control assurance processes. But wouldn’t it be great if our risk and control assurance processes would be more PID-like?
If you recall from whence it was derived—PID the concept—is simply motivated human goal-seeking behaviour.
So to stick with the same catchy and glamorous acronym, I’d like to suggest that risk and assurance processes should be:
- Proportional, in terms of assessment, treatment, monitoring and investment, to the risk being managed
- Indefatigably persistent, to ensure that all activities are carried out as they were designed and when scheduled
- Discerning, to identify and assess changes to the characteristics surrounding the risk being managed
When you’re at the helm, be PID.
If you’ve got any thoughts on this piece or suggestions from your own PID-like experience, we’d love to hear them.