This article explores the Safety Instrumented System (SIS) Lifecycle. Take a closer look into how you can tackle some of the challenges faced throughout the process. First, we introduce the Safety Instrumented System (SIS) Lifecycle and its three stages. The Safety Instrumented System (SIS) Lifecycle requires different disciplines and engineering processes, such as HAZOP, LOPA, SIF design, and SIF Proof Testing, to interact with each other’s data. We explore the potential issues that come with that and how they can be addressed.

Safety Instrumented System (SIS) Lifecycle: An Introduction

A Safety Instrumented System (SIS) is a critical system that consists of at least one automatic safety instrumented function (SIF). The Safety Instrumented System (SIS) Lifecycle combines all the stages of the given system’s life. In accordance with IEC 61511, this generally consists of three steps, as laid out below. Like a Plan-Do-Check-Act cycle, the stages listed below must be revisited continuously.

  1. Analysis Stage: Where hazards in designs are identified and further assessed.
  2. Implementation Stage: Where suitable engineering solutions to reduce the risk of these hazards to tolerable levels are implemented in designs and verified.
  3. Operation Stage: Where the engineering solution is commissioned and put into operational use. From here, it has to be periodically verified to check if the requirements set are still being met.

The stages outlined above each require a series of activities. For example, the Analysis Stage typically involves studies such as HAZOP, LOPA, and SIF Design. In the Implementation Stage, the SIS design is analyzed against the level of risk that it has been designed to mitigate.


The HAZOP process allows companies to map any hazards in their designs that can lead to adverse consequences on people, company assets, or the environment and rank those hazards by the severity of those consequences.


Once the hazards in a design have been identified and have had their severity ranked, the LOPA process can begin. The LOPA process analyzes whether these hazards are sufficiently mitigated in the design (e.g., by alarm or SIF barriers) or whether there are so-called risk gaps where the risk associated with a specific Hazard is deemed intolerable. In case of unacceptable hazards, further action must be taken to make the design safe for operation. The LOPA process is also where any SIFs in the design will be assigned their Safety Integrity Level (SIL) ranking.

SIF Analysis

Once a SIF has been assigned a Safety Integrity Level (SIL) from the LOPA process, the SIF Analysis process can begin to ensure that the SIF design can achieve the level of risk reduction (as indicated by SIL or RRF) that it has been assigned. This ensures the design for the operation is safe. A SIF Design typically consists of three elements: sensors (e.g., a flowmeter), a logic solver (e.g., a safety PLC), and a final element (e.g., a trip valve).

HAZOP, LOPA, and SIF Analysis: How are they connected?

HAZOP, LOPA, and SIF Analysis are all processes that produce a lot of documentation and leave an extensive trail of data that often goes through the hands of various disciplines and engineering processes. These processes are interlinked, as laid out above. A modification in any of these three processes will also influence the other two. For example, adding a cause/consequence pair to a HAZOP will change the LOPA for that cause/consequence pair and subsequently may change the SIL ranking of any SIF that was SIL ranked previously on that LOPA.

The Safety Instrumented System (SIS) Lifecycle documentation challenge

Any project, from its conception to de-commissioning, produces several different types of documents and interacts with several different disciplines. Looking at the Safety Instrument System (SIS) Lifecycle, you can think of HAZOP study reports, LOPA study reports, SIF design verification reports, SIF test procedures, and so on.

Since the Safety Instrumented System (SIS) Lifecycle processes and process outcomes are interlinked the way they are, this introduces a lot of complexity for document revision management for any project or production site. As stated before, the entire Safety Instrumented System (SIS) Lifecycle is a loop, which means that once additions or changes are made to the original design, previous study documents will become outdated. Projects and production companies are dynamic places where design changes are common and result in documentation piling up. This results in revision management becoming a headache. Furthermore, the various disciplines involved in these changed processes may struggle not only to access the information they need to get their jobs done but also to ensure they are looking at the most up-to-date documentation.

Your Safety Instrumented System (SIS) Lifecycle processes and documentation, all in one place.

The Safety Instrumented System (SIS) Lifecycle is exposed to complications of dynamic engineering processes in ever-changing environments. The optimal solution for this struggle is to provide a single source of truth for all the relevant disciplines involved throughout the lifecycle.

What does this mean? It means evaluating your choice of software for the various processes in the Safety Instrumented System (SIS) Lifecycle (HAZOP, LOPA, SIF design/analysis, Proof Test Scheduling) and finding one that allows for the disciplines involved to work stronger together. Having a single source of truth for your safety studies comes with a lot of benefits.

The benefits of having a single source of truth for your Safety Instrumented System (SIS) Lifecycle

1. Smooth collaboration between different disciplines

It has been established that the various disciplines involved require access to each other’s studies. Having a single source of truth will provide all relevant disciplines with a single location to access all the documentation for their specific needs.

2. Ensure documentation is always up-to-date

By having a single source of truth, you eliminate the confusion between different versions of the hefty documentation created throughout the studies. Regardless of your role, a single source of truth will ensure you are looking at the most up-to-date information.

3. Remain accountable and compliant with proper traceability and auditability

A single source of truth for your entire Safety Instrumented System (SIS) Lifecycle will keep you accountable and compliant. This is due to the software’s ability to keep the process traceable and auditable.

4. Automatic updates to relevant processes when studies are revised

Single source software, such as IMS SIS, can be used to synchronize between the different modules (HAZOP, LOPA, SIF Analysis, Scheduling) to ensure that a change in one module affects the outcome of another module. This type of software will keep your documentation updated automatically. Furthermore, it will make sure the various disciplines are always looking at the right data.

5. Lower Costs

A single source of truth solution will correspond to needing a single software license. This will ultimately reduce costs compared to using multiple software suites to cover the entire Safety Instrumented System (SIS) Lifecycle requirements.

6. Reduce workload and time required

The flow of information between the different modules of a single source of truth solution reduces engineering time and costs. Additionally, accessibility to all Safety Instrumented System (SIS) Lifecycle information for all disciplines increase engineering efficiency.

Risk Management with a Single Source of Truth

With a single source of truth, the question may arise on whether there are risks in allowing various disciplines to interact and get access to the same data. The answer is that there is no risk if proper user management is enforced by the database owner. Having distinct “Editing” and “Viewer” rights for the adequate modules will make all the difference. For example, a SIF designer can be given editing rights for the SIF Analysis module of a certain unit while having viewing rights only for the HAZOP and LOPA modules. Therefore, when choosing single-source software for your Safety Instrumented System (SIS) Lifecycle, it’s important to select a tool that allows proper user management.

Learn More About IMS SIS: Safety Instrumented System

IMS SIS offers maximum flexibility for users. It offers fully integrated HAZOP, LOPA, and SIF design verification modules. This means that data from one module will flow flawlessly into the downstream module. Therefore, any project using IMS SIS for their safety studies will benefit from saving precious time.

Ready for a Demo?

Are you ready to see the IMS Suite in action? Fill out the form below to book a demo!

Pressure Equipment Inspections take up valuable time, can cause incidents, and often require downtime. That’s why most organizations could save thousands to millions of dollars a year, just by optimizing their pressure equipment inspection strategy. How do you do that? You collect and analyze your data, to improve the effectiveness and efficiency of your inspection process.

The very compelling reasons for optimizing your Pressure Equipment Inspection strategy

Let’s further explore why you should be optimizing your inspection process using data. There are some very compelling reasons: 

Reduce costs and downtime

By optimizing your inspection strategy you’ll be able to expand your inspection interval and minimize the number of inspections. That means a significant reduction in downtime, which saves you lots of time and money.

In just one year we found ways to save 100 million dollars for a global oil and gas company, only by optimizing their inspection strategy.

Improve safety

In the past years, there have been some bad incidents during intrusive inspections, since they often require confined space entries and exposure to toxins. Data can help you limit the needed number of intrusive inspections and improve safety.

More easily comply with local regulations

You need to comply with (sometimes very strict) local safety regulations. To show compliance you may need to open up vessels and pipelines, which can be a lot of work. You can use data to more efficiently show compliance to authorities. How? Let’s say you wanted to demonstrate the integrity of your facility. This would become much easier if you could prove all conditions were within limits (the PH for example).

Are you struggling? You’re not the only one

Unfortunately, a lot of companies struggle when it comes to using data for optimizing their Pressure Equipment Inspection strategy.
You might recognize these common problems:

  • You miss a proper strategy and don’t know where to start
  • You don’t collect the necessary data
  • Your data is not reliable
  • You miss the knowledge and/or tools to interpret the data
  • You can’t find correlations, because your data is not properly structured

So how can you tackle these problems?

The next steps in optimizing your Pressure Equipment Inspection strategy

Risk-Based Inspection (RBI)

The first step in optimizing your strategy is implementing Risk-Based Inspection. This means you use data to predict the risk of corrosion and degradation for each area of your equipment. You then use this to create an effective inspection program, in which you focus your attention on the most critical areas.

Minimum Intervention Strategy for Inspection (MISI)

The next step is the Minimum Intervention Strategy for Inspection (MISI). You can reach up to a 50% cost reduction for your turnarounds, by limiting the number of intrusive inspections. Smart technology, such as robots, sensors, and drones can help you achieve this.

Machine learning and AI

A lot of organizations ask us about the use of machine learning and AI, but most organizations aren’t ready. Do you have your risk-based inspection strategy in place? Then it could be the right moment to look into these more advanced tools.

Don’t go too fast, or you will fail

Do you want to start optimizing your Pressure Equipment Inspection strategy? A lot of organizations want to go too fast, which usually causes them to fail. It’s important to take this step by step and to first build a solid foundation.

Know your problem

First of all, it’s important to understand your problems and pain points. These should always be the starting point. Maybe you want to increase the interval between inspections? Or maybe you have too many leaks? That is what you’ll try to solve by collecting and analyzing data.

Collect the data

Once you know the problems you want to solve, you can decide which data you need to collect and start collecting them. There are lots of potential data sources.

Some examples of data sources:

  • Asset hierarchy
    • Equipment type
    • Specifications
    • Surface conditions
    • Year of manufacturing
    • Compliance code
  • Data Historian, to manage your Integrity Operating Window (IOW)
  • Inspection findings
  • Inspection plans
  • Maintenance plans
  • Wall thickness measurements

Important things to keep in mind:

  • You will need to structure all this data, to make them usable for data analysis.
  • You need very accurate data to do a purely quantitative analysis, which is almost never possible. Therefore, it’s usually better to take a semi-quantitative or qualitative approach.
  • IMS PEI can help with the data collection and structuring, as well as the RBI (quantitative, semi-quantitative, or qualitative).

Crunch the data

Now it’s time to crunch the data you’ve collected. Analyze the available data and look for possible correlations. Tools like IMS PEI can help you do this.


Learn More About IMS PEI: Pressure Equipment Integrity software

IMS PEI helps you manage equipment integrity, by defining when and what to inspect or repair using Shell’s RBI methodology and advanced corrosion calculations while keeping an audit trail. When an inspection is completed, the data will be used to automatically update your calculations and define the Next Inspection Date (NID).

Ready for a Demo?

Are you ready to see the IMS Suite in action? Fill out the form below to book a demo!

Powerful equipment, flammable chemicals and high-pressure processes can all easily lead to hazardous or even deadly incidents. The process industry, especially the oil, gas and chemical sector, is hazardous and it is crucial to ensure the safety of our assets and of our workers. Therefore, it is essential to identify and prevent potential hazards on site.

“Successful engineering is all about understanding how things break or fail.” ~ Henry Petroski, America’s failure expert

Many plants rely on Safety Instrumented Systems (SIS) to help address these potential failures to, in turn, prevent the hazards from occurring. (A hazard is a potential source of harm or adverse health effect on a person or persons.)


Safety Instrumented System (SIS)

To understands what a Safety Instrumented System (SIS) is and how it helps to prevent Hazards, we first need to understand the different Lines of Defence (LOD) / Layers of Protection (LOP) and where Safety Instrumented Systems (SIS) fit in.

These Lines of Defence (LOD) / Layers of Protection (LOP) are independent layers that serve to either prevent an initiating event (e.g. loss of cooling) from developing into an incident (e.g. a release of a dangerous substance), or to mitigate the consequences of an incident once it occurs.


Figure 1: Lines of Defence (LOD) / Layers of Protection (LOP)

The first layer is the Basic Process Control System (BPCS). The Basic Process Control System (BPCS) controls pressure, level, temperature, flow, etc.

However, the problem is, Process Control Systems (BPCS) can fail! Designers and engineers cannot foresee every possible hazard and design control systems to prevent all of them. If so, we would not need alarm systems, relief valves, flares systems, etc. But since it is not so, process facilities need multiple layers of protection…

When a BPCS fail, the next layer of protection, after operator intervention, is the Safety Instrumented System (SIS), independent from the BPCS.

A Safety Instrumented System (SIS) does not control anything. It monitors many of the same variables as the BPCS, but only takes action when a variable is outside its normal range, which generally means the Process Control System (BPCS) has failed.

Each SIS performs one or more Safety Instrumented Functions (SIF).


Safety Instrumented Function (SIF)

Safety Instrumented Functions (SIF) comprise out of three elements: sensors (e.g. a flowmeter) and logic solvers (e.g. a safety PLC) that detect dangerous conditions, and final control elements (e.g. a valve) that are manipulated to achieve a safe state.

Safety Instrumented Functions (SIF) respond to specific, defined hazards, by implementing specific actions to put the equipment into (or maintain) a safe state to provide a defined degree of risk reduction. The risk reduction required from a Safety Instrumented Function (SIF) is characterized by the Safety Integrity Level (SIL).

This is related to the probability that the Safety Instrumented Function (SIF) will NOT work when required.


Safety Instrumented Level (SIL)

Safety Integrity Level (SIL) indicates the degree of risk reduction, provided by an Instrumented Safety Function (SIF), implemented by a Safety Instrumented System (SIS), within a given process. In other words, SIL is a measure of the SIF’s performance, in terms of Probability of Failure on Demand (PFD).

When designing a SIF, the appropriate SIL is crucial for achieving the required level of safety.

IEC 61508 defines four SIL levels, with SIL 4 providing the highest level of safety performance. For example, SIL 1 corresponds to a Risk Reduction Factor (RRF) of at least 10, and SIL 4 to a Risk Reduction Factor (RRF) of at least 10,000.

The table below shows the associated Average Probability of Failure on Demand (PFDAvg) and Average Risk Reduction Factors (RRFAvg) for each SIL.



SIL 1 0.1 – 0.01 10 – 100
SIL 2 0.01 – 0.001 100 – 1000
SIL 3 0.001 – 0.0001 1000 – 10000
SIL 4 0.0001 – 0.00001 10000 – 100000

So, the higher the SIL level, the higher the associated safety level, and the lower probability that a system will fail to perform. Normally, a higher SIL level means a more complex system and higher installation and maintenance costs.

Process plants typically only require SIL 1 and SIL 2 SIFs. SIL 3 and SIL 4 SIFs are very rare and normally not economically beneficial to implement since they require a high degree of duplication. In most of these cases, one should reconsider the fundamental design of the process.

Here it is also important to mention that SIL levels only apply to SIFs. Individual products or components do not have SIL ratings. However, they can be marked suitable for use within a given SIL environment.


Functional safety standards: IEC 61508/61511

Let’s just talk a bit about the IEC 61508 and the other standards out there.

In 1998 the International Electrotechnical Commission (IEC) published IEC 61508, the first international standard to quantify the safety performance of an electrical control system and introduce the concept of lifecycle. The main goal of this standard is to minimize the failures in all electrical/electronic/programmable electronic safety-related systems.

The IEC 61511 standard was developed as a process sector implementation of IEC 61508 and gives requirements for the specification, design, installation, operation and maintenance of Safety Instrumented Systems (SIS).

In the U.S. ANSI/ISA-84.00.01 is used. This is the same as the international standard IEC 61511, with the addition of a grandfather clause to accommodate existing SIS installations.

These standards represent current good practice in the management of SIFs at process plants across the world. Adopting these standards will ensure suitable management of risk. Thus, SIL Assessment Software / SIL Calculation Software should also be aligned with these standards.


Calculating the Safety Instrumented Level (SIL)

To determine a SIF’s SIL level, the SIF’s overall PFD must be calculated. This SIL calculation basically combines the Failure Rate data for each of the individual SIF components (i.e. the sensors, logic solvers and control elements) and accounts for test frequency, redundancy, voting arrangements, etc.

Failure Rate data for each component can be obtained from the equipment manufacturers. But, even with this available, the calculation is quite sophisticated. Therefore, it is recommended to use good SIL assessment software / SIL calculation software to determine the SIL. Also, user competency and experience are essential, and the input of many disciplines are required.


But how does the SIL calculation fit into the bigger picture? For that we need to understand the Safety Life Cycle.


Safety Life Cycle

The IEC standards define a concept known as the Safety Life Cycle. This is a cyclic process where all hazards are identified and analysed to understand which hazards require a SIS.

The Safety Life Cycle can be outlined in a few steps to show where the SIL calculations fit in:

  1. First identify the hazard and its frequency.
  2. Determine if this frequency is acceptable (with no SIS). If so, no SIS is needed, else:
  3. Determine the hazard’s SIL level by calculating the target RRF of each SIF.
    Determine the SIF’s minimum RRF. This is the hazard’s frequency (without SIS) divided by the acceptable frequency. When the minimum RRF is known, the SIF’s target SIL level can be obtained from the SIL table. SIFs may have different target SIL levels.
  1. Design an SIS so that each SIF has a PFD corresponding to the target SIL level.
The SIF’s overall PFD is determined with SIL calculations. The SIF’s RRF can then be compared to the minimum required RRF (remember RRF = 1/PFD.). If greater than the minimum required RRF, the SIF is sufficient.

SIL determination requires care. Thus, one should also take care when choosing SIL assessment software / SIL calculation software. Ideally the software should not only focus on the SIL calculation but assist with the whole Safety Life Cycle analysis.


SIFpro software: An effective SIL tool

SIFpro is a powerful, yet easy to use, comprehensive software tool that offers facilities to create and edit Hazard & Operability (HAZOP) studies and Layers of Protection Analyses (LOPA) with risk reduction factors (RRFs).

It also facilitates the design of SIFs with SIL verification, and proof test interval scheduling and optimization. In truth it supports the whole Safety Life Cycle analysis to reduces the risk to ALARP (As Low as Reasonably Practical), while ensuring good engineering practices by complying with IEC 61508/61511.

Furthermore, SIFpro includes a failure rate database and an extensive library for initiating event safeguards. The solution also documents the system’s design, logic and history to provide a consistent and defensible approach to safety system designs. Data analysis and reporting features allow users to make informed decisions.

Ready for a Demo?

Are you ready to see SIFpro in action? Fill out the form below to book a demo!




Safety Integrity Level (SIL), Safety Instrumented System (SIS), Layers of Protection (LOP), Layers of Protection Analysis (LOPA), Lines of Defence (LOD), Hazard & Operability (HAZOP),  ISA 84, IEC 61511, IEC 61508, SIL Assessment Software, SIL Calculation Software, Risk Reduction Factor (RRF), Probability of Failure on Demand (PFD), Safety Life Cycle, Basic Process Control System (BPCS)



Elsa Tolsma-de Klerk, Masters in Electronic Engineering
Niveta Rathore, B.Tech in Electronics, Instrumentation & Control
Elsa and Niveta work for Cenosco. For over 20 years Cenosco has been involved in many large energy, oil and gas projects worldwide, developing world class tools in the field of asset integrity risk management, health, safety, environment and quality (HSEQ), geomatics engineering and statistical analysis.



  • “Functional Safety of Electrical, Electronic and Programmable Electronic Systems,” IEC 61508, Intl. Electrotechnical Comm., Geneva, Switzerland, 2000.
  • “Functional Safety: Safety Instrumented Systems for the Process Industry Sector,” IEC 61511, Intl. Electrotechnical Comm., Geneva, Switzerland, 2003.
  • “Functional Safety: Safety Instrumented Systems for the Process Industry Sector,” ANSI/ISA-84.00.01-2004 (IEC 61511 MOD), Intl. Soc. of Automation, Research Triangle Park, N.C., 2004.
  • Generowicz, “Functional safety: the next edition of IEC 61511”, 6th Safety Control Systems Conference, Melbourne, 2016.
  • King, “Do You Really Need SIL 3?”, Chemical Processing, 2010
  • Health and Safety Executive, “Lines of Defence/Layers of Protection Analysis in the COMAH Context”, Vectra 300-2017-r02, 2017.
  • Gruhn, S. Lucchini, ”Safety Instrumented Systems: A Life-Cycle Approach”, International Society of Automation, USA, 2018.

New developments in sensors, the Industrial Internet of Things (IIoT), and smart software enable you to collect large amounts of valuable data on your assets. That data can help reduce downtime, improve efficiency, and reduce risk. But for data to serve you, it needs to be managed and converted into action. A digital twin can help you with that. In this article, we’ll explain what a digital twin is, when it’s useful for asset integrity management, and why sometimes a 3D model is enough.

What is a digital twin?

A digital twin is a virtual image of your asset. It’s a source in which all asset information can be combined, such as process data, conditions, physical properties, results of inspections, leaks, temporary repairs, risk levels, and remaining life estimates. It also incorporates (near) real-time data collected from your assets. A digital twin can combine the data with a 3D model, to simulate how the asset would be affected in real-life conditions. It is fundamental to have real-time data attached to the twin, allowing it to change along with its physical counterpart.

Let’s explore what a digital twin does, using the example of a boiler. Your process requires you to produce a specific amount of heat during defined hours. What if you need to run that boiler for longer periods of time, during a peak season or in severe cold conditions? How much extra fuel would you need? Would the boiler need extra maintenance? What are the chances of failure in these different conditions? By simulating these situations with the digital twin, you can discover vulnerabilities and mitigate them. Without having to damage the (expensive) asset itself.

Organizations worldwide are already using digital twins.

The benefits of digital twins within oil & gas

The interest in digital twins is growing within asset-intensive industries, such as oil and gas. That’s no wonder since these industries also deal with significant risks. A digital twin can help you manage those risks.

With a digital twin, you can:

  • Forecast potential outcomes of decisions
  • Compare possible scenarios
  • Optimize maintenance schedules
  • Detect vulnerabilities and mitigate risks
  • Monitor changes in the degradation mechanisms
  • Optimize your inspection and test activities

Often a 3D model will be enough

Depending on your use case, a 3D model may be enough to achieve your goals. With Cenosco’s IMS Suite, you can use 3D models of your assets and use them to visualize your data. You can then use the model to highlight specific sections based on properties, such as ‘overdue inspection’, ‘high risk of failure’, or ‘leaks within the last 5 years. It’s also possible to add pictures to these sections, to create an even more complete image of your asset.

With a 3D model, you can:

  • Visualize data and make it more actionable
  • Pinpoint areas that require attention
  • Optimize maintenance schedules
  • Detect vulnerabilities and mitigate risks
  • Generate inspection results

As you can see, there is some overlap between what digital twins and 3D models can do for you. That’s no surprise since a 3D model is actually the foundation of a digital twin. A digital twin can start as a 3D model that visualizes data and grow into a mature tool, that monitors risks, predicts failure, and eventually even initiates interventions.

Use data from the IMS Suite to feed your digital twin

When you use our IMS Suite, you collect a lot of valuable data about your equipment and assets. If you want to create or optimize a digital twin, you can feed it with that data. In combination with data from your other systems, this will enable you to create a realistic simulation.

Are you interested in using 3D models or digital twins for your business? We’d love to tell you how our software can help.


Learn More About our Integrity Management Software: The IMS Suite

IMS is an end-to-end asset integrity management suite. It consists of unified solutions, which operate across all your equipment types and processes. Furthermore, our solutions support users in making smart inspection and maintenance decisions. Therefore, these ultimately lead to increased safety, asset availability, and lower asset management costs. Our solution was created together with multinational oil and gas leader, Shell. Therefore, with our solutions, you can benefit from years of direct industry experience.

Ready for a Demo?

Are you ready to see the IMS Suite in action? Fill out the form below to book a demo!


When purchasing Integrity Management Software, you may need to choose between perpetual licensing or a subscription (also called ‘Software as a Service’ or ‘SaaS’). So, what’s the best option? At Cenosco we offer subscription-based integrity management software and frequently get asked about the differences between these two models. In this article we’ll try to answer your questions and explain why we think SaaS is the best choice.

What is a perpetual license?

For a long time, perpetual licensing was the default method for purchasing software. It means you pay for a license up-front and get the right to use the software forever. That sounds very simple but is often more complicated in reality. That’s because software needs to be updated regularly. Usually, software developers update their software at least once a year. Purchasers of perpetual licenses need to pay to upgrade their software if they want to access the latest functionalities. If you decide not to upgrade, it often means you’ll no longer receive technical support and it may pose safety risks as well. Sometimes you will also be required to pay a yearly maintenance fee, which can cost between 15-30% of the initial licensing costs.

What is SaaS or a subscription-based license?

SaaS stands for Software as a Service. It means you purchase the right to use the software, for as long as you pay the recurring subscription fee. Monthly or yearly subscription options are most common. Software updates are included in the price and don’t need to be paid for separately. All users automatically get access to the latest functionalities and safety updates. SaaS solutions are typically hosted in the cloud, which means you don’t need to worry about installing, updating, or maintaining them. This makes SaaS solutions hassle-free and cost-effective. Even though the software is hosted in the cloud, options to use the software offline are often still available. Our software also has this functionality.

Why we offer subscription-based integrity management software

At Cenosco, we previously offered perpetual licenses, but we’ve now shifted to a subscription model. Why did we decide to change our model? In short – because it enables us to offer our customers the best solution possible. We’ll explain why.

Lower costs

The initial investment for SaaS solutions is usually a lot lower than for a perpetual license. That’s because you pay a monthly or yearly fee, instead of a bigger amount up-front. This means our software is now more accessible to businesses with a lower budget. Sometimes people think a perpetual license will be cheaper in the long run, but often that isn’t the case. There are a couple of reasons for that:

  • You don’t pay fees for support and upgrades (which can be significant).
  • You only pay for what you use. If you require fewer functionalities, you can downgrade your subscription.
  • You don’t have to hire someone to install, update, and maintain the infrastructure – since everything works from the cloud and is updated automatically.

We’ll host the software for you

With a perpetual license, you’ll have to host the software yourself. This means you need to buy or lease servers and maintain them. You’ll probably also need employees to install, update, and maintain the infrastructure. As a SaaS subscriber, you won’t have to worry about hosting. We take care of that and you can simply access the software through the cloud. This can save you a significant amount of money, (human) resources, and time. We can also boost your virtual machines during times of intensive use, such as during turnarounds, improving the performance when needed.

Automatic updates

A perpetuated license may allow you to use the software in perpetuity, but this doesn’t include updates. If you want to upgrade your software (a new version often comes out every year) you will have to pay again, generally around 25% of the initial price. Because our SaaS solution works from the cloud and updates are included in your subscription, you receive updates without having to do or pay anything. The SaaS model actually encourages us to continuously improve our solution, because customers can leave us whenever they choose to. Therefore, to prevent churn, we have to make sure our software keeps matching your needs. Another big benefit of SaaS.

Lower security risks

To keep software safe, software developers need to update their software regularly. That way they make sure vulnerabilities, which could cause security breaches, are patched. A major problem with perpetual licenses is the fact that the software usually is only updated once a year. Furthermore, businesses need to install these updates themselves, and often neglect to do so. SaaS solutions are updated much more frequently, and the updates are immediately available to all users. Therefore, SaaS solutions are safer.

CapEx or OpEx?

Perpetual licensing is typically a capital expenditure (CapEx), while SaaS is an operational expense (OpEx). They both come with advantages and disadvantages. CapEx gives you greater control over your assets and can be cost-effective. However, it does come with high upfront charges and more complex accounting. It also locks you into a certain level of capacity that is hard to change. Many companies prefer the OpEx model over the CapEx model because of lower costs, reduced risk, and improved business agility.


Learn More About our Integrity Management Software: The IMS Suite

IMS is an end-to-end asset integrity management suite. It consists of unified solutions, which operate across all your equipment types and processes. Furthermore, our solutions support users in making smart inspection and maintenance decisions. Therefore, these ultimately lead to increased safety, asset availability, and lower asset management costs. Our solution was created together with multinational oil and gas leader, Shell. Therefore, with our solutions, you can benefit from years of direct industry experience.

Ready for a Demo?

Are you ready to see the IMS Suite in action? Fill out the form below to book a demo!


A well-implemented Reliability-Centered Maintenance (RCM) program can bring your company a wide range of benefits. RCM focuses on maintenance planning. In other words, making sure that systems or processes are operating efficiently and effectively. This is an important practice that can be costly and dangerous if not properly addressed. In this article, we will cover seven benefits an effective RCM program can help you achieve. Furthermore, we will share tips from industry experts from Shell and Cenosco on how to get an effective RCM program up and running.

The Benefits of Reliability-Centered Maintenance (RCM)

1. Setting Realistic Expectations

A well-implemented RCM program can help set realistic expectations on various levels. Since it will provide you with insights on the maintenance needed throughout your equipment’s lifecycle, you can create an optimal maintenance plan. In return, this also keeps your budgeting activities realistic and keeps you ahead of the curve for planning necessary replacements down the line.

2. Providing Insights on Business Risks

Your RCM program will provide a lot of data, especially on risk levels. If this information is used correctly, it can be useful for a variety of tasks. In particular, it can help you identify where you need to increase or decrease your maintenance, based on risk. This is an important practice that can help you make sure that you focus your attention on the right processes and equipment. This can have a significant impact in larger processes, where it is not realistic to invest the same amount of time and budget for maintenance on each part of the system.

3. Managing Environmental, Health, and Safety Risks

There are various benefits related to health and safety. For example, a well-implemented RCM can reduce your company’s carbon footprint. It will also help reduce health hazards for your employees. By effectively monitoring and maintaining your equipment and processes, you prevent leaks that could harm the environment and other failures which could be catastrophic for your team.

4. Improving Relationships

If your maintenance plan adheres to the company’s mission and vision, then you can expect to see improved relationships with clients, neighbors, and even the government.

5. Providing Quantitative Risk Reduction Data

By comparing the risk reduction with the cost of maintenance, the value of preventive maintenance can be quantitatively assessed. This is valuable data that you can use for a range of further analyses.

6. Preventing Loss of Essential Knowledge

RCM requires the documentation of degradation in a scenario, which results in employees gaining a better understanding as to why certain maintenance is needed. This helps prevent important knowledge from being lost, while also educating your staff further.

7. Overall Cost Reductions

Through identifying where your efforts need to be focused, you avoid overspending on unnecessary maintenance, while still preventing costly malfunctions and keeping your employees safe.

Industry Expert Tips to Implement an Effective RCM Program

We brought together two subject matter experts, Dilip Morje (Reliability Engineer, Projects and Technology at Shell) and Harry van Teijlingen (Reliability Engineer at Cenosco), to deep dive into the value of Reliability-Centered Maintenance (RCM) for a webinar. You can submit the form below to watch the full webinar now, or continue reading for a quick overview.

According to the experts, an effective implementation of an RCM Program starts with good preparation, for example, a workshop to guide the main process. The process will require consistent revisions of what has already been established and what can still be done to improve. During each revision, it is important to always keep in mind the ultimate goal: improving the maintenance strategy. Establishing a business process with clear steps will facilitate this process. With it, you ensure that the entire process has repeatability.

You will need to build your business case based on unscheduled deferment and bad actors. Your efforts should be focused on the critical equipment. The pre-work is a crucial step as it will help you identify which areas need more attention. Build your (multidisciplinary) dream team and use your current data to start preparing, for example, through data mining. Make sure that the facilitator and participants are properly trained. Then you can get into the preliminaries, choosing the right tool to record and analyze RCM studies will have a major impact on the smoothness and quality of the process. The final stage is to evaluate and repeat the entire process, i.e., plan-do-check-act-repeat. Continuous improvement is a large success factor in the effective implementation of an RCM program.


Looking for a Reliability-Centered Maintenance (RCM) Solution?

Cenosco’s IMS RCM Solution can help you optimize your preventative maintenance plans based on risk. With it, you can create a risk profile to drive the maintenance strategy for your equipment either based on a full RCM2 analysis or through our library of Preventative Maintenance (PM) tasks based on 30 years of Shell’s industry experience.


People often want to know how qualitative and quantitative risk assessments differ from each other. This is a good question in today’s world of digitalization where there are many different RBI (Risk-Based Inspection) software packages available.

Let’s rewind a little bit and first have a look at the risk assessment standards that are out there.


What standards are there?

There are several International engineering standards and recommended practices that outline requirements, methodologies and the implementation of RBI. Examples are ASME PCC-3, RIMAP, DNV-RP G101, API 580, API 581, API 571, etc.

The different standards are often applicable to specific sections of the industry. For example: ASME is an American standard specifically developed for fixed pressure containing equipment; API is also an American standard that has been specifically developed for the oil and gas sector; and RIMPA is a European standard that’s more applicable to power plants.

People sometimes confuse the different types of recommended practices. For examples, API 580 outlines requirements (e.g. conceptual approaches and necessary elements to be included in an RBI assessment), whereas API 581 outlines a methodology aligned with API 580. RBI software packages can thus be aligned with a best practice that outlines requirements (e.g. API 580), without implementing an associated methodology (e.g. API 581).


What do the standards recommend?

The standards typically do not recommend just one (e.g. only quantitative) approach. For example, API 580 gives guidance for RBI implementations, using either Level 1 (qualitative) or Level 2 (semi-quantitative) or Level 3 (quantitative) methods. (API 581 falls under the Level 3 RBI methods.)  

However, what is typically recommended is that the RBI methodology and RBI team study method must be defendable, user-friendly, detailed, documented, transparent and auditable. For example, to be aligned with API 580, software should implement a user-friendly RBI methodology that the responsible plant inspection engineers and operations engineers fully understand. Otherwise it can lead to an increase in equipment risk rather than a risk reduction.

The standards also emphasise that the RBI technology method (whether it is Level 1, Level 2 or Level 3) must be robust. The selected methodology must reliably assess the Probability of Failure and the Risk Profiles of each of the DMs / FMs (Degradation Methods / Failure Modes) applicable, otherwise there cannot be confidence in the optimum inspection interval. Furthermore, the team study method must ensure identification of all FMs, operating limits, maintenance activities, and other risk mitigation actions. 


What is qualitative, semi-quantitative and quantitative risk assessments?

So, now we know that qualitative, semi-quantitative and quantitative risk assessment software can all be acceptable according to the standards, but what’s the difference then?

Let’s start by looking at the definitions. Quantitative data is designed to collect cold, hard facts. Numbers. Quantitative data is structured and statistical. Qualitative data collects information that seeks to describe a topic more than measure it. Think of impressions, opinions, and views. Semi-quantitative data has a bit of both. Some parts of the data are qualitative and other parts are quantitative

Thus, quantitative risk assessment methodologies give quantitative estimates of risks, given the parameters defining them. In contrast, in a qualitative assessment, probability and consequence are not numerically estimated, but are evaluated verbally using qualifiers like high likelihood, low likelihood, etc.

If we now assume that reliable data is readily available, a full quantitative risk estimate should give the most precise and accurate results. Here, we must however note the following. The type of data to perform a good quantitative assessment is hard and time demanding to get, which often leads to data of less quality, which means less accurate results.

Accuracy is a function of analysis methodology, data quality and consistency of execution. Precision is a function of the selected metrics and computational methods. So, we need to be careful when looking at risk assessments, since the result could be very precise, but if there is still a lot of uncertainty inherent within the probabilities and consequences, then the result is still not accurate.


What are the benefits and limitations of qualitative and quantitative RBI software?

So, which is better then? There is no easy answer, since qualitative, semi-quantitative and quantitative risk assessments can all be successful. Let’s first try to compare typical qualitative and quantitative risk assessments:

  1. User-friendliness: This is probably the greatest benefit of qualitative These are typically easier to make user-friendly, since they are less complex.
  2. Transparency: For the same reason a qualitative methodology is typically much easier to fully understand. Due to the complexity of the quantitative calculations, quantitative methods tend to be implemented as black boxes.
  3. Precision and Accuracy: If good data can be obtained quantitative methodologies should win this one, since they involve rigorous quantitative assessments of the PoF (Probability of Failure) and the CoF (Consequence of Failure) associated with each equipment item. We must just remember that the accuracy will depend on the inherent uncertainty in the probabilities and consequences.
  4. Data Dependency: A qualitative analysis requires less data.
  5. Speed: Since a qualitative RBI analysis require less data, it is typically much faster. For a quantitative RBI analysis can be hard and time demanding to gather all the data.
  6. Objectivity: Results of a qualitative RBI analysis are heavily dependent on the team and their expertise in performing the analysis and thus more subjective. A quantitative analysis is more objective. However, one should not be fooled that a quantitative method is fool proof, for good results experienced RBI and inspection personnel are still needed.
  7. Automation: Since quantitative methods require less team input, they are easier to automate.


Best of both?

It is obvious that neither the qualitative nor the quantitative methodology is perfect. To increase the benefits and reduce the limits, one needs to combine these two methods.

Hence, semi-quantitative risk assessment! This methodology tends to be easy to understand and user-friendly, but also more accurate. Off course it must be supported by an experienced multi-discipline team study to ensure confidence in the results. One would then do a qualitative analysis in some sections of the risk assessment and in other sections (selected based on a confidence / sensitivity analysis) one would do a quantitative risk assessment.  

Another approach to get the best of both, would be to first do a (faster) high-level qualitative RBI analysis to select the high-risk facilities in one’s plant. Then one can do quantitative RBI analyses only on these high-risk facilities. Remember, for accurate results, good data and an experienced multi-discipline team study remains a requirement.


What RBI methodology does IMS PEI implement?

So, you may ask, what does IMS PEI implement? The IMS PEI software implements S-RBI, a Shell-developed Risk-Based Approach, compliant to API 580, API 581 and to API 571’s damage mechanisms. The software implements qualitative, semi-quantitative, and quantitative methodologies. For the semi-quantitative and quantitative methodologies, it uses specific calculators (e.g. liquid release, CUI, SSC and other corrosion prediction models) and detailed questionnaires, to calculate StF (Susceptibility to Failure) and CoF (Consequence of Failure), based on the most relevant failure modes.

Based on its configuration, IMS PEI allows users to swap between methodologies for each RBI Analysis. The default is a semi-quantitative methodology, since this is preferred by most customers. However, with some customization to the software, the quantitative approach can be setup to comply fully with API 581.

Also, IMS PEI is not a standalone RBI tool. It integrates the RBI results with inspection results, wall thickness measurements / calculations and, schedules.  The RBI results can thus be used to define next inspection dates that feed into the IDMS part of the tool, which can, in turn, interface with the site’s CMMS (Computerized Maintenance Management Software) (e.g. SAP).