IOW and the Power of One Parameter, One Barrier

At the recent Cenosco Reliability, Integrity & Functional Safety Summit, Seçkin Dabi took the stage to explore one of the most overlooked yet crucial aspects of asset integrity, the gap between defined safety measures and living safety systems. Through powerful examples and a deeply human perspective, his presentation, One Parameter, One Barrier, reminded the audience that true reliability doesn’t come from rules written on paper, but from a culture that continuously questions, monitors, and adapts. In a talk that blended technical depth with heartfelt experience, Seçkin walked participants through the anatomy of inspection scopes, the meaning of Integrity Operating Windows (IOWs), and the devastating consequences of letting risk-based strategies become static. His message was clear: if our systems don’t evolve, neither does our safety.

In asset integrity management, one question echoes louder than any alarm when something goes wrong:
“When was the last inspection, and why didn’t we catch this?”

It’s a question that tests technical competence and exposes the culture behind how we manage integrity. At Cenosco, we often emphasise that asset integrity is about equipment and system integrity. A true culture of integrity exists when teams, processes, and technologies operate in harmony, all aligned toward preventing failure before it occurs.

Seçkin illustrated this with a memorable anecdote during a recent discussion at the Reliability, Integrity & Functional Safety Summit. After a small fire at a facility, the team urgently searched for a stainless-steel valve. It turned out the valve had already been sitting unused in the warehouse, but no one knew. “It’s funny now,” he said, “but it reminds us how fragile our systems can be if they don’t talk to each other.” The story, though simple, carried a profound truth: integrity is not a checklist; it’s a mindset built into every action and decision.

Traditionally, inspection programs were time-based, driven by regulatory schedules, codes, and compliance expectations. These programs ensured discipline, but they often lacked flexibility. They didn’t consider how equipment conditions changed between inspections or how operating parameters evolved under real-world conditions.

As technology advanced, so did our understanding of degradation mechanisms and operational variability. Modern inspection strategies began shifting toward risk-based approaches, focusing resources where they matter most. Instead of asking when to inspect, engineers began asking why and where inspection would deliver the greatest reduction in risk.

This transition marks a fundamental shift from reactive maintenance to proactive reliability. But even today, many inspection scopes, including those created through sophisticated RBI (Risk-Based Inspection) analyses, remain static long after the conditions they were based on have changed. The question every operator must ask is: Are our inspection scopes dynamic enough to reflect the real behaviour of our assets?

At the heart of a dynamic inspection strategy lies the Integrity Operating Window (IOW), a set of parameters defining equipment’s safe, reliable operating limits. These parameters can be physical, such as wall thickness, pressure, temperature, or chemical, like pH levels, acid concentration, or chloride content in process fluids.

When operations remain within these defined windows, the system performs as designed. But when parameters drift beyond the limits even slightly, degradation mechanisms accelerate, setting the stage for long-term damage or sudden failure. Each parameter is categorised by risk:

Managing these parameters effectively turns IOWs into living safeguards, invisible but powerful barriers that maintain the equilibrium between safe operation and potential loss of containment.

In process safety management, barriers represent the last line of defence between a hazard and its consequence. Using the well-known bow-tie model, threats appear on one side, consequences on the other, and barriers, preventive and mitigative, connect them.

For mechanical integrity, IOWs function as safety-critical barriers. They prevent threats such as corrosion, overheating, or chemical attack from progressing into a Loss of Primary Containment (LOPC) event. But for this to be effective, barriers must be visible, monitored, and dynamic. A barrier that exists only in a report or spreadsheet is no barrier at all.

This mindset reflects the evolution from static compliance to continuous assurance. Determining safety-critical parameters is no longer enough; organisations must also implement real-time monitoring, alerting, and governance systems that ensure those limits are respected in daily operations.

During the session, a real refinery incident shared by Seçkin vividly illustrated the importance of live monitoring. The unit had been newly commissioned, equipped with RBI studies, clearly defined damage mechanisms, and well-documented integrity operating windows. On paper, it represented a model of risk-based integrity management.

Yet, only nine months after startup, a major leak occurred. Operators noticed a pressure drop in a separation drum and discovered a heat exchanger shell leaking liquefied petroleum gas (LPG), a Tier 1 process safety incident. By sheer luck, wind direction prevented ignition, avoiding what could have been a catastrophic explosion.

Investigators later found that the shell wall initially designed for minimal corrosion had deteriorated by 18 mm due to hydrochloric acid corrosion, at a measured rate of 27 mm per year. The cause wasn’t unknown damage mechanisms or flawed design; it was the absence of a monitoring system. The IOWs were perfectly defined but not actively tracked. No alarms were triggered, no alerts were sent, and no corrective actions were taken.

The insight was sobering: even the most advanced RBI studies mean little without a mechanism to detect and respond to parameter deviations in real time. Integrity limits that aren’t monitored are theoretical and cannot prevent incidents.

Seçkin’s closing message was clear and urgent: inspection and integrity studies must be kept alive. Industrial plants are dynamic by nature, influenced by feedstock changes, operational shifts, and environmental conditions. A study conducted once and left untouched quickly loses relevance.

Maintaining living integrity systems means regularly updating corrosion loops, damage mechanisms, and parameter limits. It requires continuous feedback loops where monitoring data informs inspection planning, and inspection results refine operational awareness. Integrating these insights into digital platforms, such as Cenosco’s IMS Suite, ensures critical information is always accessible, analysed, and actionable.

This approach turns integrity management into an active, evolving discipline rather than a static compliance exercise. It helps organisations transform raw data into decision-ready intelligence enabling early intervention, reducing downtime, and protecting people and assets.