Unified Risk Framework Across MI, RCM, PHA, and SILSIS

Unified Risk Framework Across MI, RCM, PHA, and SIL/SIS

We have the problem of managing facilities with fewer resources and a much lower risk tolerance from boards of directors, company personnel, the general public, and a 24-hour news cycle with everyone possessing a video camera.

To address this problem, Management of Integrity (MI), Reliability-Centered Maintenance (RCM), Process Hazard Analysis (PHA), and Safety Instrumented Systems (SIL/SIS) are symbiotic because they each describe different aspects of the same reality: how systems fail, what happens when they do, and how we prevent or mitigate that failure.

The failure in most organizations is not a lack of technical capability; it is fragmented risk governance. Below are the requirements to minimize risk in facilities.

1) One risk matrix and not four interpretations

All recommendations, regardless of origin, should be evaluated using a common risk matrix. These basic initiatives need to be managed holistically:

• PHA → scenario risk ranking
• SIL/SIS → risk reduction requirements (LOPA, SIL targets)
• RCM → functional failure risk
• MI → degradation-driven probability and consequence

If each program uses a different scale or philosophy, then the following happens:

• SIL targets become disconnected from real conditions
• RCM optimizes maintenance for a different definition of risk
• MI prioritizes based on condition, not consequence

Result: conflicting priorities and diluted risk reduction

2) Recommendations must compete in the same system

Every output should enter a single risk-ranked action system, including:

• PHA recommendations
• SIL verification gaps (e.g., proof test intervals, SIF deficiencies)
• RCM task requirements or redesigns
• MI findings (e.g., corrosion excursions, damage mechanism changes)

This forces alignment by design:

• A corroding pipe, a failing SIF, and a PHA scenario are directly comparable
• Resources are allocated based on true risk, not program origin

3) Strategies must be defined by risk level and not by program

Instead of program-driven actions, define risk-tiered strategies that apply across all PSM equipment:

High Risk (Intolerable / ALARP breach)

• Immediate mitigation or shutdown consideration
• Verified safeguards (including independent protection layers)
• Increased inspection and monitoring frequency
• SIL validation and proof test confirmation
• Temporary barriers if permanent fix is delayed

Medium Risk (ALARP region)

• Planned corrective actions with defined timelines
• Condition-based monitoring (CBM)
• Optimized PM tasks (via RCM logic)
• Inspection interval adjustment based on degradation

Low Risk (Acceptable)

• Run-to-failure where appropriate
• Code-compliant inspection intervals
• Minimal intervention unless conditions change

This removes ambiguity, and the risk level determines the action, not the program that identified it.

4) Equipment-type strategies must be pre-defined

For each major equipment class, define approved strategies by failure mode, component, and risk level:

• Static equipment (pressure vessels, piping, tanks) - corrosion monitoring, NDE, thickness tracking, RBI

• Rotating equipment - vibration analysis, lubrication programs, performance monitoring
• Relief devices - set pressure verification, interval testing, redundancy validation
• Instrumentation / SIS - proof testing, diagnostics, failure rate tracking, bypass management
• Valves / mechanical safeguards - functional testing, leak testing, partial stroke testing

These strategies should be:

• Derived from recognized standards, practices, public methodologies, and good engineering judgement (experience)
• Validated against PHA consequences
• Verified through MI execution
• Aligned with SIL performance requirements

5) Failure modes must be standardized across all programs

A single failure mode library should underpin:

• PHA initiating events
• RCM analysis
• MI inspection plans
• SIS failure modes (dangerous detected/undetected)

Without this:

• Data cannot be aggregated
• Trends cannot be trusted
• Risk cannot be consistently evaluated

6) SIL/SIS must be grounded in MI reality

SIL targets and SIF assumptions depend on:

• Failure rates
• Proof test effectiveness
• Demand rates

These are not theoretical; they are MI-driven.

If MI does not confirm:

• Test coverage
• Actual failure modes
• As-found conditions

Then SIL compliance is paper-based, not risk-based.

7) Closed-loop feedback is mandatory

The system must continuously reconcile:

• MI findings → update failure probabilities and PHA assumptions
• RCM results → refine maintenance strategies and intervals
• SIL performance → adjust proof testing and design assumptions
• PHA revalidation → incorporate real degradation and failure data

This is what converts four programs into a living system rather than static studies.

8) MOC is the enforcement mechanism

Any change in one domain must propagate to all:

• New damage mechanism → MI, RCM, PHA, SIL review
• Equipment modification → reassess SIFs, inspection plans, failure modes
• Interval changes → validate against risk and SIL assumptions

Without disciplined MOC, the system fragments almost immediately.

Bottom line

• PHA defines risk scenarios and consequences
• SIL/SIS defines required risk reduction
• RCM defines how to preserve function
• MI proves the condition and effectiveness of controls

But none of that matters unless:

All outputs are evaluated, prioritized, and executed within a single risk-based framework, with predefined strategies tied to risk level and equipment type. AOC has a high-level workflow for this, which is shown on the link below.

That’s the difference between:

• Programs that coexist
• And a system that actually manages risk

Core Foundational Standards

• Occupational Safety and Health Administration, 29 CFR 1910.119 – Process Safety Management
  → Establishes requirements for PHA, MI, MOC, and their integration
• International Electrotechnical Commission, IEC 61511 – Functional Safety (Process Industry Sector)
  → Defines SIL determination, lifecycle, proof testing, and performance validation
• American Petroleum Institute, API RP 580 / 581 – Risk-Based Inspection
  → Formalizes risk as probability × consequence, bridging MI and PHA
• SAE International, JA1011 / JA1012 – Reliability-Centered Maintenance (RCM)
  → Defines functional failure, failure modes, and task selection logic

Other Core Recommended Standards & Practices

• Center for Chemical Process Safety, Layer of Protection Analysis (LOPA)
• Center for Chemical Process Safety, Guidelines for Risk Based Process Safety
• Center for Chemical Process Safety, Guidelines for Management of Change
• Health and Safety Executive, Reducing Risks, Protecting People (R2P2)
• Energy Institute, Guidance on Risk Tolerability and ALARP
• American Petroleum Institute, API 580/581
• American Society of Mechanical Engineers, ASME BPVC
• International Organization for Standardization, ISO 14224
• SAE International, RCM JA1011
• Occupational Safety and Health Administration, PSM – Incident Investigation & PHA Revalidation

https://assetoptimization.sharepoint.com/:b:/s/SharedData/IQACLsNw3cPySpI3WFNpIOT8Adu-dPEk82lTsaQlwimp_-4?e=3i3PtQ

Be the first to comment

There are no comments for this article.