Perspectives

How to make a digital twin of a bow tie

Safety Barriers
Adam Forbes
January 11, 2022

At Eigen, we build and deploy live data models as part of a digital twin for oil and gas facilities. One of the challenges in doing this is how to combine the physical and the abstract into a working data model. And a great example of this is the bow tie – a diagram showing all the protective measures against hazardous events and their potential consequences.

 

A bow tie is developed during the design phase of a facility and, when it goes into operation, there is a regulatory requirement on the operator to have a “Barrier Management Strategy” for monitoring and maintaining the effectiveness of these safety barriers.

How can we make these bow ties “live” during the operating phase of an asset so that the real-time health of all aspects is easily visible and understandable? How can we automate data capture, processing and aggregation of barrier health score in a reliable and auditable way?

In practice there are many layers to this challenge and, as can be seen from the diagram on the following page, the information on the health and status of all the various barrier elements comes from many different systems (and some elements cannot be made live).

At Eigen we have solved this challenge and our software is already live and in operation doing just this.

An example of a bow tie in practice showing the different sources of health and status information.

The bow tie method is a structured method to identify and manage risk. The left side shows the preventative measures which eliminate a threat. The right side shows measures which reduce the likelihood of the consequence, or mitigate the severity of the consequence.

Ingenuity builds a digital twin of your bow tie

Our Eigen Ingenuity platform architecture allows us to solve this challenge at all levels by breaking the problem down into the following three steps:

1. Create a data model or digital twin of all the aspects – ideally integrated as an extension to a full data model of a facility.

2. Link this model to the systems that store relevant information on the status of objects in the model.

3. Define the rules aggregating the health status throughout the model, from barrier safety elements and functions all the way up to Areas, Performance Standards, Systems and Major Accident Hazards (MAH).

A digital twin is a digital representation of a real-world entity or system; it uses real-world data to create simulations that can describe how that entity (or a product or process within) is performing – or could perform

Zooming in on the detail

Bow ties are a 37,000 feet view – they do not contain enough detail to make a digital twin on their own, but it is possible by using other information sources.

By way of example, below is an extract from a bow tie about preventing overpressure. Note that the descriptions of the preventative measures are very high level – “Platform ICSS” or “Operator Response”. If we use these as the basis for the model, we are going to hit problems very quickly because any problem with the status of the “Platform ICSS” object will affect (almost) every bowtie.

Instinctively one knows this is not right. An override on a smoke detector in say the flash gas compression area should not result in an impairment on the water injection overpressure protection system.

We need to zoom in on the details and narrow the scope of the object to be just those functions within the “Platform ICSS” relevant to this protective function.

Something like:

“Platform ICSS functions for the prevention of overpressure in the water injection system”

Now we can use things like the Safety Instrumented Functions (SIFs) to identify the specific control logic and instruments that are related to this particular hazard, and then add these to the model.

The bow tie is just one way at looking at the risk picture

Challenges with data quality

On facilities where the bowties are well maintained and stored digitally, creating the data model can be scripted and is a well understood problem. However, issues such as those listed below can make the things more complicated.

Bow ties not available in electronic format

Where bow ties are not available in electronic format, or are just images in documents, a data capture process needs to be run firstto digitise the source data using OCR and image recognition tools.

Bow ties are at a generic level and have not been created for each area

In some cases, the bow ties for a facility are at a very generic level (such as above) and knowledge of their actual implementation is in the heads of staff and a few documents. This is essentially a data gap that needs to be closed as part of the initial model build through a combination of interviews with key staff, going through documents and scripting the generation of an “as is” digital version
of the bow ties.

Making a comprehensive digital twin – adding other dimensions

The bow tie is just one way of looking at the risk picture – it is a specific arrangement of the information for the purpose of identifying the causes and consequences of an event. And there are other ways that are useful to consider on an operating asset as
well:
– Area – protected area or physical location
– System
– Performance standard

This information comes from sources such as the master tag database and is usually in a well-structured format meaning it can be added to the model relatively easily using scripts.

Underpinned by a domainspecific knowledge graph.

The extract below from Eigen’s Data Model in Neo4j shows an example of how a physical item is connected to both the bow tie model directly via the bow tie Element and also links to the Performance Standard. Existing relationships to documents, areas, systems etc. were already in place before the Data Model was expanded with the bow ties.

By using a graph database as the basis for our digital twin, an existing model can be easily extended to include more information. Or a barrier model can be added to an existing data model.

Next we’re looking at the challenge of assessing the health of protective functions not directly related to the physical SECEs (Safety and Environmentally Critical Equipment).

In our example extract from a bow tie about preventing loss of containment due to overpressure, we have a couple of elements that are not related to individual SECEs; “Design Factor for Overpressure” and “Operator Response”.

The “Design Factor for Overpressure” is a discrete thing that happened in the past. It was either done or not done and there’s nothing you can do about it now (or at least not without a major refit!). There will be no live updates to the health of this element*.

One can either include it in the model or not and it will have no bearing on the current health of the overall system. We like to include it for completeness as it means the model is accurate and can be a useful teaching aid as well.

*There are cases where the health of this element might change over time – for example, if the Design Factor results in a corrosion allowance being added to the wall thickness of pipework and hence the monitoring of the thickness of this corrosion allowance over time (as part of an Inspection programme) will inform the calculation of the ongoing health of this protective aspect.

Then we have “Operator Response”. The health of this element can be digitised and is based on the information from at least three other systems (four if one also includes Operational Risk Assessments as part of this element).

If we expand the bow tie to show the protective elements preventing Degradation of Operator Response we can see we have Alarm Management, Process Surveillance and Operator Procedures/Competence.

Alarm Management

Alarm Management here refers to the design and continuous improvement of the Alarms from the control system such that the operator is not overloaded and is able to take the correct action within the required timeframe – usually 10 mins otherwise the action should be automated. (See EEMUA 1911 , ISA 18.22 and API RP 11673 for the full details).

This in itself is a detailed subject but it is mature and specialist systems are available for Alarm Management such as Honeywell’s Dynamo or PAS which, when properly configured, generate live KPIs of performance against the guidelines. For example, the maximum number of alarms in a 10 minute period – target = 10 or less.

Most oil and gas facilities have such systems already in place and, by connecting to these existing systems and leveraging their capability, Alarm KPI data can be used to inform the health of the Alarm Management protective functions.

Process Surveillance

This again is a broad subject so the principle will be demonstrated with an example, with the intention of sparking the reader’s imagination as to how this could be expanded to other situations.

Let’s take the example of transmitter pairs – most transmitters performing a safety function are separate from an equivalent transmitter performing a process control function. One useful surveillance operations is to compare the readings from these two equivalent transmitters and check that they are within x% of each other – say 5%. If they begin to disagree significantly then a check is required to find which transmitter needs to be recalibrated. Otherwise the likelihood of either an unintended trip, or operation beyond safe limits, is increased.

These checks are easily configured in the realtime historian and the results can be used to inform the health calculation of the protective functions.

Operator Procedures & Competence

Tracking the completeness of Operating Procedures and the training of operators is necessary to assess the health of the barrier elements here. Active Operational Risk Assessments may also be relevant.

Assessing Operating Procedures, and also possibly Operator Competence, is likely to include more qualitative elements and is hence harder than the qualitative nature of the two examples above. But it is possible none-theless, and even if it does involve an element of human judgement, by including it in the overall model a complete picture is gained. And this visibility can also improve the accuracy of the human judgement as an awareness of the impact of such judgements becomes more widely understood.

Information from a Competency Management System (CMAS) system, Operational Risk Assessments and Direct Manual Input of impairments can be incorporated in an online calculation of barrier health.

If a CMAS is available then direct, qualitative, information can be taken from these for the specific Operators and also workers that will be performing other tasks. This can be extended to a more advance level later that takes account of the competencies required for different maintenance activities and assesses these against the competencies of those people offshore available to perform these activities.

Active Operational Risk Assessments may be available from a system such as DNV’s Synergi. If so then they can also be used directly in the calculation of barrier health.

Written by
Adam Forbes
Posted on
January 11, 2022

You may also like

DCOM

Distributed Component Object Model (DCOM) is a Microsoft remote communication protocol at the heart of many real time data links.

Knowledge Graphs

Context and clarity through dynamic monitoring and visualisation

Knowledge Graphs

Glowing net and spirals
There is definitely something intuitive about building knowledge graphs, after all, they mirror the way we as humans acquire knowledge and retain it through connections and context.

Digital Transformation

The trend in many mature basins, just like the UK and Norwegian continental shelves, has been one of steady divestment by the supermajors and a new generation of smaller oil and gas operators.

Electric cars

The running cost of an electric car depends on where you charge it and can vary from 3p to over 35p per mile.
In short, electricity prices vary hugely compared to petrol or diesel; you can pay anywhere from 5p/kWh to 70p/kWh so it costs me anywhere from 3p/mile to 35p/mile depending on where I charge.

Electric cars

The range of an electric car is less important than how quickly you can recharge it
Would I recommend an electric car? Yes, definitely. They are nicer to drive, much cheaper to run and need less maintenance. Range isn’t the issue, maybe the real question is “are you prepared to change your habits?”.

Electric cars

reliable destination charging is key to making electric car ownership work for most people.
When you say you own an electric car everyone’s first question is about that magic word “Range” – “How far can it go on a charge?”. Having owned an electric car for over six years now I can tell you that range is much less important than the ability to recharge at your destination. Let me explain why.

Knowledge Graphs

The automobile and industrial designer Freeman Thomas said “We were promised a simpler life, and technology has only complicated our lives.” In complex domains, like oil and gas, technology may well have simplified some things but it has certainly complicated others, particularly where data is concerned.

Decision making

Death and taxes may historically have been the only two certainties in life, but we might consider a third – increasing volumes of data. With ubiquitous sensing, unlimited cloud storage and insatiable demands from every walk of life, data is growing exponentially.

Digital twin

Much of the focus of digital transformation is given to big data, clever systems and game-changing innovations, like robotics, AI and IoT. But what is often missing is the focus on people, who have been irrevocably transformed by digital.

Digital twin

We formed Eigen almost fifteen years ago, although the original founding team had all been working in oil and gas for the previous decade. As individuals, then later as Eigen, we worked with bp to deploy its breakthrough Field of the Future programme in Azerbaijan, and have since been part of many oil and gas operators’ digital transformation journeys.

Digital twin

There’s a lot of hype about digital twins in oil and gas. Much is well-founded, since the integration of the underlying technologies that make digital twins possible have potential to accelerate much needed digital transformation in the sector. But you can’t believe everything you read.

Digital twin

The concept of digital twin has a futuristic quality at a time when robotics and artificial intelligence also are coming of age. But whilst there’s no disputing the transformative impact of digital twins, in industries as wide-ranging as construction, marine, agriculture and oil and gas, what makes up a digital twin is technology of now.

Decision making

One of the problems of asset-heavy industries, including Oil & Gas and Petrochemical operations, is decision-making for maximum impact, under resource constraint conditions. These industries typically manage an array of highly interconnected assets and relationships which bear on the impact of the decision.

Digital twin

When it comes to digital transformation and learning how to discover insights hidden in data, one question that regularly arises is whether we should copy all of our data into a data warehouse or data lake, or alternatively connect directly to the source systems.

Digital twin

In this blog series we’re looking at how you turn a bowtie diagram into an online Digital Twin showing live barrier health information. The previous part looked at the level of detail required to make a working data model in practice. In this instalment we’re looking at the challenge of assessing the health of protective functions not directly related to the physical SECEs (Safety and Environmentally Critical Equipment).

Digital twin

In this blog series we’re looking at how you turn a bowtie diagram into an online Digital Twin showing live barrier health information. In this instalment we’re considering the level of detail required to make a working data model in practice.

Digital twin

How do you turn a bowtie diagram into an online Digital Twin showing live barrier health information?

Complex Subsea Hydraulic System

Imagine the situation: Hydraulic fluid pressure is dropping fast; supply tank levels are also dropping. You are pretty sure there is a big leak in the system, but you have no idea where it is. Pretty soon the operation will be compromised: The pressure will be below the minimum required and you may be forced to shut down the field. It is a scary picture.

What makes a good datamodel?

Wireframe rendering of turbojet engine and mirrored physical body on black background. Digital twin concept. 3D rendering image.
There is a lot of buzz nowadays about “Digital Twins”, and every Digitalisation Director out there is thinking they need to have a Digital Twin of their assets. It makes sense: If you have a digital representation of your assets; you can simulate, test scenarios, plan operations and visualise data within the context afforded by the twin, without having to visit or “be present” in the real asset, especially if these assets are remote.

Agile

Agile development software business web computer agility nimble quick fast start up concept
Ah, the old ones still the best ????. But such questions can sometimes be worth considering. For example, when is Agile not Agile?

Open Source

Two months ago I switched my phone from an Apple iPhone 7 to an Android based POCO X3 NFC. At the same time one of my daughters upgraded their phone to an iPhone XR so we’ve been comparing experiences. So what’s it been like??

Uncategorized

2021 futuristic tehcnology trend concept, hand man pointing in concept futuristic in 2021 coming year the year of artificial intelligence ,big data, iot, augmented reality, machine learning
As the COVID-19 pandemic hit us round about March 2020 and the Oil prices crashed, all of us working for the Oil & Gas industry panicked and prepared for the worse. In previous market downturns, budgets had been slashed and projects cancelled, but this time something quite different happened, at least in the Digitalisation space.

Agile

What has Agile ever done for us?
In an earlier blog, I wrote about what Agile is. And that’s all well and good, but what has Agile ever done for us?

Open Source

Using Open Source to avoid lock-in to expensive proprietary technologies
I’ve been using Apple products since 2007. Every smart phone I’ve had has been an iPhone but yesterday I ordered a new Android phone. I’m so fed up with shelling out around £1000 every couple of years but I’ve been trapped because all my music is in iTunes, all my family have iPhones and we run Macs*. Man, I hate being locked in! I wouldn’t mind if it was still value for money, but it’s not – I feel like I’m being taken for a ride now.

Perspective

In November (this month as I write this) we have not long closed out possible two of the best custom software projects we have done. Sure there were bugs in the testing and there will be more found by the users I’m sure, but what made them so good? We hit the schedule to within a week on both of them and there were no scope changes over the entire project, so we hit the budget as well. This is particularly impressive for one of them because it was a completely new piece of software, written from scratch; taken from powerpoint to in production in 5 months.

Uncategorized

percent sign on screen. interest rate
This picture makes me laugh and if it makes you laugh too then you’ve probably been involved in purchasing or project delivery at some point.

Is your Oil field being exploited at its best?

A man holding a flask of oil. Oil rigs in the background. Oil production in Russia. Sunset. Oil pumping
Production Well Testing is an essential part of managing an Oil & Gas field if the field has more than one well and production measurement resources are limited, as is generally the case.

Agile

Agile Software Development Business Internet Techology Concept
You have probably heard software developers talk about being Agile, and maybe wondered what they mean. Perhaps they do star jumps and touch their toes before breakfast, or write code while limboing under desks? Well, it’s nothing like that… read on to find out more!

Uncategorized

Eigen and Wintershall Dea partnership
I’m really excited about the long term partnership we have recently signed with Wintershall Dea for a number of reasons not least because it’s a great team and we have a lot of fun working together!

Decision Bridge Technology

eigendbt2
Back in July I asked myself the question “Why are we still in business after 11 years?”. A small specialist company in a big competitive industry. We’ve been through 3 downturns now and we continue to develop longstanding relationships with some of the most innovative operators in the business. Clearly we are doing something right but what is it?

Decision Bridge Technology

Young musician playing acoustic guitar and singing,
Did you ever learn to play “Sweet child of mine” on the guitar? Like almost every other teenager who had a guitar I learned the opening riff to “Sweet child of mine” and I remember playing it in a guitar shop when I was testing out an amp, only to have one of the staff point to a sign on the wall that said anyone playing “sweet child of mine” would be thrown out the shop and told never to return!

Is your Oil field being exploited at its best?

Smart city and abstract dot point connect with gradient line and aesthetic Intricate wave line design , big data connection technology concept .

In our previous blog, the discussion was centred on assessing how well an asset is exploited, as a key concern for the field manager and the asset team. The Integrated Choke Model (ICM) was proposed as a model to identify opportunities for improving the free cash flow as the fundamental objective during periods when the oil price is low.

Uncategorized

Businessman holding tablet and showing holographic graphs and stock market statistics gain profits. Concept of growth planning and business strategy. Display of good economy form digital screen.
The world was shocked to learn about the massive explosion in the port of Beirut: This has been a terrible tragedy with an astronomical cost in terms of lives lost and damage to property; one could even argue, to the whole country, as even the strategic grain reserves were hit.

Is your Oil field being exploited at its best?

Is your Oil field being exploited at its best?
A typical question for a Petroleum Field Manager is how well the asset is being exploited and if this exploitation is efficient and generates enough value for Operator and Partners. This article explores some answers based on our understanding of the challenges that appear throughout the life of the field, and to how to be prepared to transform them into opportunities.

What makes a good datamodel?

What makes a good datamodel?
Now we are potentially getting right in amongst the weeds and many a data model gets stuck in the weeds because this issue is not understood.

What makes a good datamodel?

What makes a good data model? | Eigen
Once upon a time, in a land far far away, hard disks and memory were small and really expensive. In 1969 the computer that landed man on the moon only had 4k of RAM and 72k of ‘disk’ (ROM) storage.

What makes a good datamodel?

What makes a good data model? | Eigen
Having the best datamodel in the world won’t help you grow your digital capabilities if the only way to access it is through proprietary drivers.

What makes a good datamodel?

What makes a good data model? | Eigen
Google search is not a validated datamodel. Nor is it comprehensive, but it’s good enough for most of us.

What makes a good datamodel?

What makes a good data model? | Eigen