ipl-qualification-assessor

star 1

Evaluate whether a safeguard qualifies as an Independent Protection Layer (IPL) per CCPS (2001) criteria. Use this skill when the user asks to assess IPL qualification, evaluate safeguard independence, determine if a control measure can be credited in LOPA, check for common cause failures, assess BPCS independence (Approach A vs B), evaluate human action IPL criteria, or review an IPL register. Also trigger when users provide a list of safeguards and ask which can be credited as IPLs in a LOPA study.

teddychenfeiyang-png By teddychenfeiyang-png schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: ipl-qualification-assessor description: > Evaluate whether a safeguard qualifies as an Independent Protection Layer (IPL) per CCPS (2001) criteria. Use this skill when the user asks to assess IPL qualification, evaluate safeguard independence, determine if a control measure can be credited in LOPA, check for common cause failures, assess BPCS independence (Approach A vs B), evaluate human action IPL criteria, or review an IPL register. Also trigger when users provide a list of safeguards and ask which can be credited as IPLs in a LOPA study. version: 0.1.0

IPL Qualification Assessor

Purpose

Provide structured assessment of whether a safeguard qualifies as an Independent Protection Layer (IPL) per CCPS (2001) Chapter 6 criteria. This skill applies the three qualification rules, checks for common cause failures, and assigns appropriate PFD values from the verified CCPS reference data.

Dependencies

  • ccps-2001-checker — Section s04 (Tables 6.1–6.5, IPL qualification rules, Approach A/B)

The Three IPL Qualification Rules

Every candidate IPL must satisfy ALL THREE rules. Failure on any single rule disqualifies the safeguard as an IPL.

Rule 1 — Effective

  • Can the device/system/action prevent the specific consequence in this scenario?
  • Is it sized appropriately ("Big Enough")?
  • Can it respond within the available time ("Fast Enough")?
  • Can it withstand the process conditions ("Strong Enough")?

Rule 2 — Independent ("Big I")

  • Is performance unaffected by the initiating event?
  • Is performance unaffected by failure of any other IPL in the same scenario?
  • Is it free from common cause failures with other protection layers? (Check Table 6.2)
  • For BPCS: Is it independent per Approach A or Approach B?

Rule 3 — Auditable

  • Is there a defined performance target (PFD)?
  • Is it subject to testing, inspection, and maintenance?
  • Are records maintained to demonstrate claimed performance?

Assessment Workflow

Step 1 — Identify the Scenario Context

  • What is the initiating event?
  • What is the consequence?
  • What other IPLs are already credited in this scenario?

Step 2 — Screen Against Table 6.1

Check whether the safeguard type appears in Table 6.1 (safeguards that usually do NOT qualify as IPLs):

  • Training
  • Procedures (general)
  • Normal testing and inspection
  • Communications
  • Signs, labels, and warnings
  • Fire and gas detection (detection only)
  • Emergency response by plant personnel (general)
  • Operator supervision
  • Safety awareness programmes
  • UPS
  • Check valves
  • Administrative controls (general)
  • PPE
  • Redundant equipment (general)

If the safeguard appears in Table 6.1, it is presumptively disqualified unless the user can demonstrate it meets all three rules under specific circumstances.

Step 3 — Apply the Three Rules

For each candidate safeguard, systematically evaluate:

IPL QUALIFICATION ASSESSMENT
═══════════════════════════════════════════
Safeguard:     [description]
Scenario:      [scenario number/title]
Initiating Event: [description]
Consequence:   [description]

RULE 1 — EFFECTIVE
□ Can prevent the specific consequence?     [Yes/No/Uncertain]
□ Sized for the demand?                     [Yes/No/Uncertain]
□ Response time adequate?                   [Yes/No/Uncertain]
□ Withstands process conditions?            [Yes/No/Uncertain]
Rule 1 Assessment: [PASS / FAIL / REQUIRES FURTHER INFORMATION]

RULE 2 — INDEPENDENT
□ Independent of initiating event?          [Yes/No/Uncertain]
□ Independent of other credited IPLs?       [Yes/No/Uncertain]
□ No common cause with other layers?        [Yes/No/Uncertain]
  (Check Table 6.2 causes)
□ BPCS independence (if applicable)?        [Approach A / Approach B / N/A]
Rule 2 Assessment: [PASS / FAIL / REQUIRES FURTHER INFORMATION]

RULE 3 — AUDITABLE
□ Defined PFD target?                       [Yes/No/Uncertain]
□ Subject to testing/inspection?            [Yes/No/Uncertain]
□ Records maintained?                       [Yes/No/Uncertain]
Rule 3 Assessment: [PASS / FAIL / REQUIRES FURTHER INFORMATION]

OVERALL QUALIFICATION: [QUALIFIES AS IPL / DOES NOT QUALIFY / REQUIRES FURTHER INFORMATION]
RECOMMENDED PFD:      [value from Tables 6.3–6.5 or site-specific]
PFD SOURCE:           [Table reference or basis]
NOTES:                [conditions, limitations, dependencies]

Step 4 — BPCS Independence Assessment (if applicable)

When the candidate IPL involves the BPCS and the initiating event is a BPCS failure:

Approach A (Conservative — recommended): No BPCS function is credited as an IPL when the BPCS is the initiating event.

Approach B (Less conservative): A separate BPCS function MAY be credited if it uses:

  • Different sensors
  • Different logic solvers (or demonstrably independent logic)
  • Different final control elements
  • No common cause with the failed BPCS function

Document which approach is applied and the basis for the decision.

Step 5 — Human Action IPL Assessment (if applicable)

When the candidate IPL is a human action, verify:

  • Available response time (from onset of abnormal condition to point of no return)
  • Indication: Is the abnormal condition clearly indicated to the operator?
  • Independence: Does the indication come from a source independent of the initiating event?
  • Training: Are operators trained on this specific response?
  • Procedures: Is a written procedure in place?
  • Workload: Can the operator reasonably perform this action under stress conditions?

Assign PFD per Table 6.5:

  • ≤ 10 min response time: PFD 1.0 to 1 × 10⁻¹ (screening: 1 × 10⁻¹)
  • ≥ 40 min response to BPCS alarm: PFD 1 × 10⁻¹ (screening: 1 × 10⁻¹)
  • ≥ 40 min independent response: PFD 1 × 10⁻¹ to 1 × 10⁻² (screening: 1 × 10⁻¹)

Step 6 — Common Cause Failure Check

Review all credited IPLs in the scenario against Table 6.2 common cause factors:

  1. Common utilities (instrument air, power, cooling water)
  2. Common sensors, signal paths, or logic solvers
  3. Common final control elements
  4. Common maintenance practices or personnel
  5. Common environmental conditions
  6. Common software/firmware
  7. Common calibration errors
  8. Shared process connections
  9. Same operator for multiple protection actions

If common cause is identified, the affected IPLs cannot both be credited at their independent PFD values.

IPL Register Format

When producing an IPL qualification register for a LOPA study:

Scenario Safeguard Description Type (Passive/Active/Human) Rule 1 Rule 2 Rule 3 Qualifies? PFD Source Notes
[ID] [description] [type] [P/F] [P/F] [P/F] [Y/N] [value] [ref] [notes]

Language and Tone

  • Use factual, structured assessment language
  • Present qualification decisions as findings, not opinions
  • Australian English spelling throughout
  • Reference specific CCPS (2001) tables and sections for all PFD assignments
  • When a safeguard does not qualify, state the specific rule(s) it fails and the factual reason
Install via CLI
npx skills add https://github.com/teddychenfeiyang-png/safetysure-plugins --skill ipl-qualification-assessor
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
Occupations
Occupational Health And Safety Specialists
More from Creator
teddychenfeiyang-png
teddychenfeiyang-png Explore all skills →