Bring Back the Basics-A deeper Dive to Practical Field Instrumentation in Process Safety Service (Part 2)

Bring Back the Basics-A deeper Dive to Practical Field Instrumentation in Process Safety Service (Part 2)

Bring Back the Basics – A deeper Dive into Practical Field Instrumentation in Process Safety Service

(Blog Series Part 2)

 

General Requirements 

When it comes to specification of field instrumentation used for Process Safety related applications, designers are often left on their own to specify the instrumentation. SIF input and output performance may be specified in a Safety Requirements Specification, but all too often I’ve observed that these specifications are minimal or go directly to specifying a manufacturer and model number without defining what the performance requirements actually are. I’ve also observed some level of carelessness in specifying field instrumentation for Process Safety related applications. Engineers, being Engineers are often attracted to shiny things. This doesn’t really have a role in selecting field instruments for Safety Related Services. I’ve seen quite a few instances where inappropriate selections were made in pursuit of the bright and shiny.

Field instrumentation must be specified and installed so that it meets the requirements of the IPL or the SIF Safety Requirements Specification. Some of the considerations to include when selecting the field instrumentation and its installation are:

  • Ability to make the required measurements with the required accuracy and response time
  • Independence of the measurement from IPL Initiating Causes and from other IPL’s
  • Ability of final elements to execute the required Safe State actions with the required response time and performance
  • Availability of the instruments and the ability to deliver performance that meets the IPL or SRS Integrity Level requirements
  • Reliability of the instruments and their installation to deliver the SIF Spurious Trip Rate specified in the SRS.
  • Maintainability and Testability of the instruments

 Making the Measurement

Quality input measurements are critical to a SIF’s or other instrumented IFPL’s successful implementation. Selection of input field instruments must be reliable and provide the level of accuracy of the measurements needed to provide a well performing IPL or SIF.

Input measurement instruments should be selected based upon a User Organization’s experience with the measurement methods and the devices specified. They also only need to perform well enough to meet the requirements. Over specifying accuracy or attempting to use measurement methods that don’t have an established track record can result in poor IPL performance. This isn’t always obvious to a lot of SIS engineers or to the engineers specifying the field instrumentation. Specification of new, untried measurement techniques has gotten more than one engineer in trouble in the pursuit the new, bright and shiny. A few applications where this has resulted in problems are highlighted below

  • A Site was moving towards greater use of guided wave radar level measurements. Early experience in a few test applications had been limited, but positive. A decision was made to apply them to a retrofit of a set of reciprocating compressor protective shutdowns. The designs proved to be unreliable for shutdown applications as the measurements would frequently drop out for short periods, but which the shutdown systems saw and shut down the compressors repeatedly. Since then, guided wave instrument manufacturers have refined their designs to address the problems that were causing the instrument signals to drop out.
  • A Site was moving towards the use of vortex shedding flow meters as an alternative to traditional orifice plate and DP transmitter flow measurements. A decision was made to apply them to a process heater low feed shutdown. Further, to save the cost of multiple flow meters a two-head vortex shedder design was specified. During an FSA for the SIS, the selection of this flow meter was questioned. After some investigation it was determined that the two-headed design was a prototype for the manufacturer, and that there was no data at all on its performance. The design had not even been flow tested in the lab. The FSA report recommended that this device not be used in SIF applications.
  • A Process Licensor specified a feed gas specific gravity analyzer be used in correcting a feed flow measurement, and that the corrected value be used in the unit master shutdown. The system was installed as specified by the licensor, and within the first week of operation a spurious trip occurred due to a brief power interruption to the analyzer. It was suspected that a technician had mistakenly shut off power and then turned it back on after realizing their mistake. The shutdown system saw the dip and tripped the unit on low flow. As a result, the analyzer was taken out of the flow correction calculation.

 Some general thoughts on specification of input instrumentation

  • The SRS for SIF’s should specify functional requirements for input instrumentation such as the basic instrument type, required accuracy of the instrument and the trip point, and the measured range. The SRS should also identify the service severity of the process measurement (high temperature, high pressure, corrosive, high vibration, etc.).
  • Input instrumentation should be selected from types for which the User has significant experience and be as basic as possible. Process Safety related instrumentation is not a place to try out new stuff. Complex instrumentation, especially analyzers should be kept out of any shutdown applications. Where possible, the User should have a list of qualified instrumentation, either due to prior use experience or vetting though manufacturers service data or third party certification.
  • Input instrument ranges should be selected to provide a live measurement at normal operating conditions and have sufficient signal margin around the trip point to provide a reliable indication of a trip condition. This can be a problem in some applications such as low flow trip that uses an orifice plate and DP transmitter. There is a square relation between signal and flow, so a trip set point of 10% of the instrument’s flow range is actually only 1% of the DP transmitter signal. This is generally too low of a signal to reliably indicate a trip condition so either the trip point needs to be raised or a flow measurement method that doesn’t have this behavior should be considered.

It should be noted that many times a trip point is specified based upon maintaining a comfortable margin between normal operation and trip conditions, and that sometimes a too wide of a margin is specified. There is a balance between maximizing this margin and specifying a trip point that is too low to reliably measure.

Final Element Design

Final elements need to be carefully considered for their availability and reliability in being able to bring a process to a safe state. Shutdown valves need to be selected based upon high reliability so they should be of a design where critical parts are not overly subjected to severe process conditions.

For SIF’s the allowable leakage across closed shutdown valves needs to be specified and needs to recognize the realities of how valves behave in real services. Those with operational experience know that no leakage specification survives the first day in process service.

Dedicated shutdown valves with open flow paths and whose critical seating surfaces are protected during the 99.99% of the time the valve is open should be considered. Standard control valve designs typically should not be used where plugs and seats may be subjected to process wear and high pressure drop. Sharing of control valves in shutdown designs is often considered in order to save the cost of a trip valve but in my view doing so to avoid an extra trip valve is usually false economy

Stroking speed needs to be carefully considered and oversized actuators that can break any sticking forces that develop over time are not a bad idea. Actuator designs should be fail-safe and use of double acting actuators or motor actuators should be avoided. Where non fail-safe actuator designs are used, the loss of motive power such as air supply or motor power must be included in PFD calculations and the motive power sources fall under the testing and MOC requirements for SIF’s.

Most shutdown valves use a solenoid valve to vent air off the actuator. Single solenoid valves are subject to spurious trips should a coil burn out or a circuit problem occur. A common application is to use 2oo2 solenoid valves for shutdown valve services. This provides high reliability and allows for frequent online testing. Some of the original home-grown designs with which I was involved were fairly expensive to implement but justified considering the costs of spurious trips. Since then commercial packages with full diagnostic and testing functionalities are now readily available on the market.

Shutdown services may include shutting down of motor driven equipment. Usually a SIF or Interlock that shuts down a motor uses 1 or 2oo2 interposing relays, but often the designer doesn’t consider the reliability of the motor starter itself. This is a particular issue with high voltage, high power motors that use full blown switchgear to operate the motor. These applications usually have an energize to trip motor trip coil, so the performance of this SIF is often dominated by the availability of switchgear power. When a energize to trip motor controller is used, the power systems for that system now fall under the testing and MOC requirements that apply to any SIF.

Independence

The design needs to be independent from other IPL’s or from the IPL’s Initiating Causes. For example, a high-pressure alarm that warns of failure of a pressure control loop requires its own pressure transmitter and process connection.

Instruments associated with a SIF should not share services with BPCS functions, although some organizations allow for minimal sharing, such as allowing one of three transmitters in a 2oo3 voting scheme to share inputs with a BPCS loop. This requires some special attention as now there are two functions involved when maintaining or testing the field instrumentation. In these designs, the transmitter should directly drive SIS inputs using SIS power. The input to the BPCS should be taken from an isolator that will not affect the SIS loop performance if the BPCS circuit is broken

Reliability

While HAZOP’s and LOPA’s concentrate on the required availability of protective functions, in most real plants, reliability is every bit as important. IEC 61511 says almost nothing about reliability and leaves it to the User to figure it out. A key part of specification of any protective function is determining the effect of spurious trips upon a process unit. A spurious trip introduces both process safety risks and commercial risks. It is an adage in the process industries that the highest risk periods are during a unit startup or shutdown. When a unit experiences a spurious trip, the lost production while the unit is secured and restarted, even if no damage has occurred, can be significant. Some processes can take days to restart, and loss of production is measured in the hundreds of thousands to millions of dollars. When an SRS is prepared for SIF’s, the costs and safety risks associated with spurious trips should be identified and specific reliability requirements included.

Process Safety risks are even more of an issue when the shutdown is a crash induced by a protective system’s spurious trip. When a unit is crashed, all sorts of bad things can happen. Hot joints that cool down too quickly can leak or even cause significant loss of containment. Equipment can also be damaged. Some process types are especially intolerant of unit crashes, such of Fluid Catalytic Crackers. A sudden shutdown can result in damage to refractory damage or plugging systems with catalyst or heavy oil. It’s bad enough that an FCC may take days to restart, but if refractory damage occurs, that interruption can spread to weeks and the repair costs can be significant.

The net result is that the costs associated with spurious trips can justify a lot of reliability features in field instrument design. The most common method is the use of voting logic that tolerates a level of faults in the field instrument. Schemes such as 2oo3 or 2oo2d can provide high availability and are tolerant of failures in field instrumentation. I’ve seen places where it was decided to not provide robustness in order to save a transmitter or reduce SIS programming. Those kinds of decisions are usually false economies. Usually the cost of adding robustness to a trip function is covered in the first few minutes after a false trip occurs.

Another aspect of selection of instrumentation for Process Safety Services is to avoid the use of switches. At one time process switches such as float levels, pressure and DP switches, etc. were very common. Their long service history has demonstrated their unreliability. A process switch sits dormant for extended periods and there is no way other than frequent testing to verify whether a process switch is operable or not. As a result of the many improvements made in continuous process measurements and of programmable logic solvers, the justification to use what were perceived as cheaper instruments has become moot. Almost every current standard or recommended practice discourages, or even forbids the use of process switches in Process Safety Services.

Spurious trips can also be significantly reduced by selecting the proper field instrumentation. As discussed above, the field instruments should be a simple and robust as possible. Where an orifice plate and DP transmitter will do, it’s far preferable to use these relatively simple and tried design vs. a complex flow transmitter that may experience signal drop-outs or failure modes that are not well understood.

Accuracy is another area where instrumentation in shutdown services gets over specified. The basis for the specification of a trip point in a SIF or Interlock needs to be clearly understood when field instrumentation is being specified. If the trip point is specified to protect against a specific equipment limit, high accuracy may be required. But if the trip point is needed only to detect when a process has had a failure that can result in hazards, such as a low flow caused by the failure of a pump or compressor, the trip point may be specified only to provide a comfortable operating margin. In these cases, accuracy may not be such a big deal. Attempting to provide highly accurate field instrumentation in a situation where that accuracy isn’t needed can result in designs that are not as reliable as they should be.

Maintain and Test 

All field instrumentation in Process Safety Services needs to be periodically tested. The frequency of testing is based upon the failure rates of the types of devices being used and the performance requirements of the service. Intervals can vary from quarterly to several years apart. In many instances, the test interval is more frequent than the Unit turnaround or outage frequency and provisions must be made for testing while the Unit is in operation.

 Testing provisions can take a number of forms, including

  • Provisions for bypassing of Input signals within the Safety Function logic
  • Provisions for bypassing of commands to final devices
  • Provisions for bypassing of final devices themselves
  • Other on-stream testing provisions such as partial stroke testing

My preference has always been to design testing systems so that the final elements such as valves or motor starters can be bypassed for testing, and that the SIS logic includes detection of when a system is properly isolated and safe for testing. This isolates the trip functions from the inputs and allows for full testing from end to end without running the risk of false trips. Motor starters are difficult to test as generally they can’t be tested without shutting down the motor. Fortunately, the failure rates of motor controllers are low relative to other devices and seldom does the motor controller (other than power for energize to trip switch gear) factor into test interval calculations. However, testing of motor starters at every unit shutdown should be part of any testing program.

Voting systems are usually used in SIF services to provide both availability and reliability. Voting systems can also simplify maintenance of field instrumentation while the SIF and its process are in service. My preference has always been to use 2oo3 voting on inputs, with degradation to 2oo2 during the periods when one of the input instruments has failed. The 2oo3 scheme allows for one instrument to fail and allows one instrument to be removed from service for maintenance with minimum risk of a spurious trip occurring. The fall back to 2oo2d tends to protect against maintenance errors that might take out a second transmitter. In any event, detailed procedures for working on Safety Related instrumentation should be developed during their design.

I also prefer that physical bypass piping and a bypass valve be used with trip valves. In most installations the cost is nominal compared to the costs of a false trip caused during testing. The bypass valve should be equipped with position indication that allows the logic solver to verify that the valves are in bypass before allowing testing to proceed, and which provides an alarm whenever the bypass valve is not fully closed.

Many valve manufacturers offer functionality to support partial stroke testing during ongoing operations. This function results in the valve being commanded to move to some partially closed position, typically 10 to 20% of stroke (90 to 80% open) and then return to a full open position. This hasn’t been a real attractive alternative for me. It complicates the installation, often requiring an expensive smart valve positioner to facilitate the testing in addition to trip solenoid valves. Partial stroke testing also makes life harder for instrument technicians who require special training to partial stroke tests. Newer designs do allow for partial stroke tests to be automatically scheduled and executed, which reduces the probabilities of human error.

There are installations where partial stroke testing is justified, such as a requirement for very frequent testing or for large or very high-pressure valves where installation of a bypass for testing is impractical or just too expensive (that high-pressure piping takes up a lot of space). Some organizations have embraced partial stroke testing, but his requires commitment to fully understanding how these functions work and owning and using the additional software required to set up stroke testing and analyze the results.

Conclusions

The performance and reliability of field instrumentation is critical to the safe performance Process Safety Protective Functions. Proper and complete performance requirements need to be clearly defined in documents such as Safety Requirements Specifications. This includes specification of all set points and the basis for the selection of those set points.

The selection of field instrumentation should be based upon proven performance and well-known characteristics and failure mechanisms. The designs must include provisions for maintenance and testing over the life cycle of the instrumentation. Overall designs should be simple as possible but include provisions for high reliability and simple and safe maintenance and testing. Overly complex selections, or systems not designed for high reliability typically result in poor performance, excessive spurious trips and the accompanying high costs of operation and overall reduced safety of operation.

 

Rick Stanley has over 40 years’ experience in Process Control Systems and Process Safety Systems with 32 years spent at ARCO and BP in execution of major projects, corporate standards and plant operation and maintenance. Since retiring from BP in 2011, Rick formed his company, Tehama Control Systems Consulting Services, and has consulted with Mangan Software Solutions (MSS) on the development and use of MSS’s Safety Lifecycle Management software.

Rick has a BS in Chemical Engineering from the University of California, Santa Barbara and is a registered Professional Control Systems Engineer in California and Colorado. Rick has served as a member and chairman of both the API Subcommittee for Pressure Relieving Systems and the API Subcommittee on Instrumentation and Control Systems.

Bring Back the Basics – Practical Field Instrumentation in Process Safety Service (Part 1)

Bring Back the Basics – Practical Field Instrumentation in Process Safety Service (Part 1)

Bring Back the Basics- Practical Field Instrumentation in Process Safety Service

(Blog Series Part 1) 

The selection of field instrumentation in Process Safety Service can make or break the performance of safety instrumented functions. Poor selection and design can result in unreliable and costly failures and unscheduled shutdowns. In some processes, an unscheduled shutdown can cost millions of dollars as well as expose operating personnel and the community to hazards associated with equipment failure or damage caused by uncontrolled shutdowns. This discussion is directed towards the more practical aspects of specifying and owning field instrumentation that is used in IPL services such as Alarm, BPCS functions and Safety Instrumented System (SIS) Safety Instrumented Functions (SIFs).   

Get a demo of Safety Lifecycle Manager  

The Safety Lifecycle for Process Safety applications runs from the initial conceptual designs for a process unit throughout its life to decommissioning. 

  • The first part of the Safety Lifecycle involves the Hazards Analysis that identifies the need for specific Protective Functions that act as Independent Protection Layers (IPLs). Most of these are instrumented functions that have specified availability requirements. 
  • The second part of the Safety Lifecycle is the detailed specification and design of the field instrumentation sensors and final elements that implement the IPL functions.
  • The third part, and longest duration, of the Safety Life Cycle is the ownership phase where the devices selected are operated, maintained and tested over the life of a process.

 

 Click here to Read Part 2 of this blog series: 

Rick Stanley has over 40 years’ experience in Process Control Systems and Process Safety Systems with 32 years spent at ARCO and BP in execution of major projects, corporate standards and plant operation and maintenance. Since retiring from BP in 2011, Rick formed his company, Tehama Control Systems Consulting Services, and has consulted with Mangan Software Solutions (MSS) on the development and use of MSS’s Safety Lifecycle Management software.

Rick has a BS in Chemical Engineering from the University of California, Santa Barbara and is a registered Professional Control Systems Engineer in California and Colorado. Rick has served as a member and chairman of both the API Subcommittee for Pressure Relieving Systems and the API Subcommittee on Instrumentation and Control Systems.

 

Process Safety Data for Pressure Relief Systems

Process Safety Data for Pressure Relief Systems

Process Safety Data for Pressure Relief Systems

Pressure Relief Systems have been around a long time, but the documentation of their Process Safety Data has a pretty tortured past. Due to the relatively long history, dating back to the early boilers in locomotives and steamboats, there are lots of regulations that grew a bit haphazardly in response to early incidents.

Most States in the US have regulations for pressure relief devices, however those regulations are all over the place in defining Process Safety Data requirements. Some are focused on Relief Device Inspection, Testing and Repair while others attempt to address other aspects of Pressure Relief System Process Safety Data. Some states hardly address Pressure Relief Systems, while others have provisions that focus on single applications in great detail. Some cities have their own rules independent of State rules.

The National Board of Boiler and Pressure Vessel Inspections has published a summary of the various US and Canada regulations. These regulations are inconsistent from jurisdiction to jurisdiction, are usually incomplete, and often are well out of date.

 Click here to review The National Board Synopsis

 While most jurisdictions address basics such as identifying ASME Section I and Section VIII Code (often an obsolete, dated version and not the current version), they generally address only a few of the things an owner should be doing to properly administrate the design, installation, operation and maintenance of Pressure Relief Systems. They can focus on the oddest aspects of relief systems and not address other critical requirements. This can result in organizations deciding they only have to comply with a few requirements, when really, they should be doing much more. 

The overall structure of a robust Pressure Relief System Process Safety Data program is illustrated in the figure below. Each of these items is described in the sections below.

 Pressure Relief System Definition

The first consideration in maintaining Process Safety Information is to have a definition of the scope of a Pressure Relief System. A single Pressure Relief System consists of one or more pressure relief devices, the equipment and piping that the Pressure Relief System protects, and any other relevant equipment such as block valves or supplemental devices. Some jurisdictions require this to be clearly documented but others do not specifically address this requirement.

The Process Safety Information for a Pressure Relief System should include material that clearly defines the scope and boundaries of each System. This may take the form of a sketch that shows all relevant equipment, piping and pressure relief devices or a list that contains the same information.

However, an issue with sketches or lists is that it can be difficult to verify that all equipment in a facility is adequately protected from over pressure. The sketches and lists can effectively document what is protected, but it is a much more difficult task to find what may have been left out. Ideally, a database that allows linking of Pressure Relief System definition to a complete equipment data base should be used. Query of this database can rapidly identify equipment that may not have over pressure protection.

Process Sizing Basis

When a Pressure Relief System is designed, a large number of potential Pressure Relief System sizing scenarios, usually based upon the descriptions contained in API RP-521, are evaluated by a Process Engineering group. The case that requires the largest pressure relieving device sizes is recorded as the sizing case. This is the process data that makes it to the pressure relief device data sheets. The full process analysis often then goes into a box that gets sent to the owner with all of the other design documentation. Often this box goes into long term storage somewhere and is seldom seen again.

Processing facilities are dynamic things, and modifications and improvements often affect the required pressure relief capacity. If the original Relief System sizing calculations are stored in an inaccessible box, every change requires a full re-evaluation of the Pressure Relief System from scratch. This is something that becomes prohibitive and the required evaluations often don’t get done, are highly inefficient, or are inconsistent with the initial evaluations.

Pressure Relief System sizing evaluations and calculations for all of the pressure relief causes should be retained in records that are readily available when the Pressure Relief System needs to be re-evaluated. These can take the form of paper records or scanned records stored digitally, but the key point is that a complete, progressive and up to date set of Pressure Relief System sizing evaluations and calculations needs to be kept in a format and location that allows for efficient recall, review and update.

Relief Device Specifications

The physical specifications for Pressure Relief Devices are typically contained on data sheets used to purchase the devices. These sheets contain physical requirements such as manufacturer, model number, materials of construction, body and process connection ratings, required relief area and the process conditions for the relief device sizing case. Often these data sheets are the only Pressure Relief Process Safety data that is readily available to a Site’s staff and are often erroneously considered to be full documentation.

What is often not appreciated, is that the information contained on a Pressure Relief Device data sheet is only a subset of the full information required to own and maintain the Pressure Relief Devices. These data sheets are used as tool for procurement and contain only the information needed to procure a specific device. They are an integral part of the Relief System Process Safety data, but only a small part. In addition to the Pressure Relief System evaluation records described above, a complete set of manufacturer’s manuals need to be available to identify key parts and dimension tolerances.

Relief Device Installation

The proper functioning of Pressure Relief Devices requires that they be properly installed, and the systems around them such as inlet and output piping, block valves and other support devices be properly designed. For example:

Section VIII spring opposed pressure relief valves have rather narrow requirements for the dynamic inlet losses (the 3% rule) and have similar requirements for both static and dynamic back pressures. Inlet and outlet block valves also have size and design restrictions, such as requirements that all block valves be at least full ported valves that do not restrict flow to the pressure relief device. There are also specific limitations of the static and dynamic piping loads that can be imposed upon pressure relief device bodies.

The Process Safety Data for a Pressure Relief System should include full installation specifications and support calculations. Support calculations should include inlet and output pressure losses and imposed back pressures and piping load calculations, including both relieving and non-relieving conditions. These calculations should be kept in a readily accessible format and locations similar to the requirements for Process Sizing evaluations and calculations.

Associated Relief System Equipment

The design of a pressure relief system dependent upon the capacity of other equipment requires that certain equipment be in service at all times the pressure relief system may have a demand placed upon it.  This equipment and other functions must be identified. Some examples are:

  • The capacity of process equipment such as fired heater duties, pump impeller sizes, etc.
  • Relief systems subject to fire cases require that the assumed vessel insulation is in place and of a design that can withstand external fire
  • HIPPS or other equipment installed to reduce the required relief load are in service
  • Block valve locks and required block valve positions

Pressure Relief System Procedures

Any Pressure Relief System Process Safety Data system includes the procedures required to safely operate the systems. This includes items such as:

  • Safe Operating Limits within which the Pressure Relief System is properly sized
  • Lock Lists and Lock/Car Seal status
  • Permissible line-ups for system with multiple relief devices and installed spares
  • Other operating restrictions required to safety operate the Pressure Relief System

Relief Device Inspection, Testing and Maintenance

Almost all jurisdictions require that Pressure Relief Devices be inspected, tested and repaired at regular intervals, and that the results of these activities be kept in a progressive record. The National Board of Boiler and Pressure Vessel Inspectors VR stamp program defines a set of minimum qualifications, procedures and documentation for the inspection, testing and repair of pressure relief devices. Some jurisdictions make it mandatory that any organization doing inspection, testing and repair of pressure relief devices hold a VR stamp. Other jurisdictions may have other requirements. In any event, a pressure relief system management program should include a robust device inspection, testing and repair program including complete documentation of all events associated with the Pressure Relief System and its devices.

Management of Change

All Pressure Relief Systems are subject to Management of Change procedures whenever modifications are made to process equipment or to the Relief System components. Often de-bottlenecking projects will increase equipment capacity, which then can impact the sizing criteria for the Pressure Relief Systems. Modifications to the pressure relief devices can also affect pressure relief system performance or affect the physical installation of the devices and their associated piping and equipment. Even apparently small changes such as modifying a pump impeller or vessel insulation can result in an improperly sized Pressure Relief System. Therefore, it is imperative that whenever a change is made to a process that its effect on Pressure Relief System design be fully evaluated and the required changes to the Pressure Relief System also be implemented and documented.

 

Rick Stanley has over 40 years’ experience in Process Control Systems and Process Safety Systems with 32 years spent at ARCO and BP in execution of major projects, corporate standards and plant operation and maintenance. Since retiring from BP in 2011, Rick formed his company, Tehama Control Systems Consulting Services, and has consulted with Mangan Software Solutions (MSS) on the development and use of MSS’s Safety Lifecycle Management software.

Rick has a BS in Chemical Engineering from the University of California, Santa Barbara and is a registered Professional Control Systems Engineer in California and Colorado. Rick has served as a member and chairman of both the API Subcommittee for Pressure Relieving Systems and the API Subcommittee on Instrumentation and Control Systems.

How Accurate Are Safety Calculations

How Accurate Are Safety Calculations

How accurate are safety calculations: If you have ever sat in a LOPA, inevitably there is someone that questions the accuracy of one factor or another. Usually they are trying to justify making an initiating cause less frequent or take more credit for an Independent Protection Layer (IPL).

As unsatisfying as it is, assessment of Process Safety Systems is a statistical adventure. And when you get down to it, people just don’t like, or understand statistics. They find it a playground in which to argue that their number is the “right” number. Statistics are real, but people don’t like to believe them. Otherwise casinos would not be in business.

Evaluation of protective function performance requirements and performance of the designs for those functions requires establishment of probabilities for things like how often an initiating event may occur and how effective mitigating functions are likely to be. Deciding what probabilities to use is the hard part. The problem when it comes to Process Safety Systems is that these probabilities are very fuzzy numbers. How accurate are safety calculations, unlike a pair of dice, which have very precisely defined odds of 7 or snake eyes coming up, real process related risk and failure data is less than precise.

The Process Safety Standards and Practices used by the Process Industries have developed over the past 20-30 years and the various factors used in Process Safety analysis have tended to converge on consensus values. The AIChE CCPS publication, Layers of Protection Analysis, provides a fairly complete set of values for LOPA related factors, and various publications on Safety Instrumented Systems provide representative failure rates for commonly used devices. In these instances, the publications note that the factors actually used are up to the User.

One of the things these publications generally state, is that absent any hard data supporting another value, all of the factors used should be no more accurate than a power of 10. So, factors used are values of 10, 100, 1000, or their inverse (10-1, 10-2, etc). Attempting to use any values that have more precision is usually an exercise in self-delusion. Even the factor of 10 practice is only an approximation. However, the recommend values in reputable publications are based upon the collective experience and judgement of some very experienced and pragmatic people. Unless you have lots of actual in-service data, you don’t really know anything better. Use the expert’s numbers.

When working with input data that only has a precision of powers of 10, you also have to be cognizant that the answer you get after stringing a bunch of them together in a Risk Reduction or PFD calculation, isn’t going to be any more precise than the input data. So that RRF calculation that tells you need a SIF with an RRF of 186 is giving you a false sense of precision. It’s not actually 186, it could be 100 or could be 1000.

This is why ISA 84 ed.2 and IEC 61511 only recognize Safety Integrity Levels (SIL) specified in decades – RRF’s 10, 100, and 1000.   When you are calculating a PFD of a SIF design, that 186 is often used as a hard requirement, when in reality it is a very, very fuzzy target. There is absolutely no basis to say that that a calculated SIF RRF of 130 doesn’t meet the requirements of a LOPA target RRF of 186. Given the accuracy of the input values used, 130 and 186 are the same number.

This doesn’t say that a practice of requiring a SIF design to meet a higher (but not precise) target is wrong.  It does give a design target and tends to result in more thought about the SIF designs. However, you shouldn’t fool yourself into thinking that you are being very precise. If it’s a major expense to get a SIF from 130 to 186, think about whether that really is making a difference.

 

 Want to learn more about  SLM®?

Click here to download the free white paper!

Slminfo
Rick Stanley has over 40 years’ experience in Process Control Systems and Process Safety Systems with 32 years spent at ARCO and BP in execution of major projects, corporate standards and plant operation and maintenance. Since retiring from BP in 2011, Rick formed his company, Tehama Control Systems Consulting Services, and has consulted with Mangan Software Solutions (MSS) on the development and use of MSS’s Safety Lifecycle Management software.

Rick has a BS in Chemical Engineering from the University of California, Santa Barbara and is a registered Professional Control Systems Engineer in California and Colorado. Rick has served as a member and chairman of both the API Subcommittee for Pressure Relieving Systems and the API Subcommittee on Instrumentation and Control Systems.

Mangan Software Solutions Announced Winner of the Best Places to Work Award 2019

FOR IMMEDIATE RELEASE                      

Contact: Michelle Smith                                                                                 

Mangan Software Solutions  

msmith@manganinc.com 

281.402.2641 ext. 514  

mangansoftware.com  

   

Houston, TX // November 12, 2019 – 

 

Mangan Software Solutions (MSS) was announced a winner of the Best Places to Work Award on October 31, 2019. The Houston Business Journal hosts an annual award ceremony to recognize companies in the Houston area that demonstrate a positive company culture and employee appreciation. 

Once a company is nominated, that company is then scored based on anonymous surveys taken by the employees themselves.  Click here to see a listing of the 2019 Best Places to Work Award winners.

MSS takes pride in maintaining their purpose driven culture and company values which are: Safety, Entrepreneurial Spirit, Innovative, Honesty & Integrity, and Quality. These set the standards that are upheld by the employees. Management ensures that all decision-making is consistent with these values and the strategic direction of the company. “By living according to our values, we will improve the quality of our services, products & our client’s experiences.

The overall sense of care MSS has for their employees’ health and happiness is a huge part in what drives the loyalty and comradery of the team. The culture and values of the company are portrayed through the product and delivered to the clients as well. 

“This award is a testament to the incredible teammates that make MSS the company it is. It is an honor to be a part of such an amazing team and to celebrate the victories that they have accrued.“ – Steve Whiteside, President of Mangan Software Solutions.

ABOUT Mangan Software Solutions: MSS is a wholly owned subsidiary of Mangan, Inc. that leverages technology and software services to automate, implement, and execute functional and process safety engineering processes for the energy and chemical industries. Headquartered in Houston with offices in Atlanta and London, MSS has over 20 years of experience developing powerful products and solutions to create value and drive process improvements for clients. MSS deploys its innovative software products, the SLM software suite and SPInspector, to industries that require reliable high-performance automation solutions.

For more information, visit www.mangansoftware.com

 

Assessing SIF and IPL Performance using SLM

Assessing SIF and IPL Performance using SLM

Assessing SIF and IPL Performance using SLM 84.01.00 and IEC 61511 Part 1, require that the performance of Safety Functions be assessed at regular intervals. The Operate-Maintain Module in Mangan Software Services’ SLM application can provide the user with real time performance data through availability and Probability of Failure on Demand (PFD) calculations performed on a daily basis. This eliminates the need to manually pull records periodically (or spend excessive time hunting, and perhaps not even finding them) and calculate performance.

Performance data is presented in reports Assessing SIF and IPL Performance using SLM displays at the Enterprise, Site, Unit and Function levels.

  • At the Enterprise Level, data is rolled up by Site
  • At the Site Level, data is rolled up by Unit
  • At the Unit Level, data is rolled up by the SIF or IPL Function

Why use Views and Reports?

 They allow users to easily monitor and identify trends such as unusually good or poor performance in a Unit or Site and bore down to the bad actors. The API Tier 3 Management View/Report provides a summary of Independent Protective Layer (IPL) performance by IPL type using values calculated from Events. Values such as Demand Rates, Failure Rates on Demand or Test, Overdue or upcoming tests, and the overall availability of SIF and IPL’s are presented. SLM also provides performance reports at each level for categories of Bad Actors (items with poor performance indicators), and the Top 5 Highest Risk SIF’s or HIPPS (functions with the worst performance indicators). All these reports are driven by the powerful SLM Event capture capability. Every Safety Instrumented System (SIS), SIF, IPL or Device contained in the SLM database may have many Events of various types recorded against it. For example, A SIF may have Demand, Bypass, Fault/Failure and Test Events recorded for it. A Device may have Test, Fault/Failure, Maintenance, Calibration and Demand Events recorded for it.

Event Entry

 Events are entered into SLM using a guided approach that simplifies the Event Entry Process. Events are usually entered at the Function or Test Group level and the User is guided to identify any Devices associated with the Event and whether or not a failure was associated with the Function or Device. Usually data for Events that did not involve a failure are automatically entered by the system to reduce repetitive data entry tasks. SLM is also capable of accepting data from a Process Historian to automatically generate Events such as Demands, Faults/Failures, and Bypasses. The system is designed to allow Users closest to an Event to record the Event.

 

For example:

  • Operators may be assigned Event entry responsibilities for Demand, Fault/Failure, and Bypass Events
  • A Maintenance Technician or Supervisor may be assigned Event Entry responsibilities for Testing and Maintenance Events
  • Engineering may handle other events such as Status changes or Test Deferrals

 

SLM allows the User to define whether an Event requires Approval before being used in performance calculations. For Event types that require Approval, the primary and secondary Approvers for each Event Type can be independently defined at the Site or Unit levels.

 

Each Event record has a check box which is used to identify if an Event that had a failure was a Safety Related Failure. For example: On a test of a SIF, a shutdown valve was found not to close when it was commanded to do so. When the Test data is entered into SLM, the test on the SIF would be identified as a failed test and the Device Event for the valve would also be identified as a failed test. Both Events would be identified as being Safety Related Failures.

All of this provides the user with a continually updated view of the performance of Safety Functions at whatever granularity the user needs. Event entry provides an efficient way to assure that performance information is captured at the source. The overall result is an unprecedented level of continuous, highly efficient Safety Lifecycle monitoring.

How to Manage Bypasses Using SLM

How to Manage Bypasses Using SLM

IEC 61511 Part 1, contains extensive discussions of the design and operating procedures for SIF bypasses. Clause 16.2 describes operational requirements such as:

  • Performing a hazard analysis prior to initiating a bypass
  • Having operational procedures in place for when a protective function has been bypassed
  • Logging of all bypasses.

How to Manage Bypasses Using SLM – through a robust Bypass management and logging function that meets all of the requirements of IEC-61511 and integrates with the performance analysis and reporting functions of the SLM Operate-Maintain (OM) Module. SLM OM Module uses the Bypass Authorization object and Work Flow to initiate, approve and record the execution of Protective Function Bypasses. SLM does not limit the use of Bypasses to just SIFs. In SLM, any protective function may have a Bypass Authorization associated with it.

Read more about the Benefits of Effective Bypass Management 

The figure below illustrates how the Work Flow supports the tasks required on how to manage bypasess using SLM:

A Bypass Authorization is initiated by any authorized SLM user. In practice this will usually be a member of the Operations Staff for a Unit, often a shift foreman or Operations Engineer. The originator is guided to enter the information required to support the Bypass Authorization. This includes:

  • Basic Bypass information such as the reason for the Bypass, the anticipated start date and time and the maximum time which the Protective Function is to be Bypassed
  • Hazard Assessment information – this includes an identification and assessment of the potential severity of hazards that may occur while the Protective Function is Bypassed and the corrective measures that should be taken if the hazard occurs
  • Operation Procedures that are required to be used to mitigate potential hazards that may occur while the Protective Function is Bypassed
  • Identification of the Devices associated with the Protective Function that will be Bypassed

Once this information is provided, the user then may submit the Bypass Authorization for Approval. The Bypass Authorization is submitted to the designated Approver, typically an Operations Supervisor of Manager. The Approver reviews the Bypass Authorization and either Approves or Disapproves the request.

Once the Bypass Authorization is Approved, the Operations team may execute the Bypass as planned. The originator or other authorized user may then record the start date and time of the Bypass in the Bypass Authorization. If a Bypass is expected to exceed the time requested in the original Bypass Authorization submittal, the user may request approval for a Bypass Extension by filling in the data in the Bypass extension section of the Bypass Authorization object. When approved, this will update the authorized Bypass time and prevent the Bypass from being reported as exceeding its authorized time.

When the Bypass is completed, the originator or other authorized user then enters the date and time when the Protective Function is returned to service and then close the Bypass Authorization. Closing of the Bypass Authorization results in the Bypass data being added to the SLM Events that are used to analyze Protective Function and Device performance.

SLM contains performance views that capture all Bypasses for a Function, Unit and Site. The analysis functions include reporting on the number of bypasses, time in bypass and identification of Bypass Events that exceeded the authorized bypass time. SLM will also compute the effect of Bypasses on a Protective Function’s in-service performance, such as computing the in-service reduction in the Functions’ RRF or PFD. Functions that have excessive Bypasses will also show up on the Unit and Site bad actors lists.

 

Rick Stanley has over 40 years’ experience in Process Control Systems and Process Safety Systems with 32 years spent at ARCO and BP in execution of major projects, corporate standards and plant operation and maintenance. Since retiring from BP in 2011, Rick formed his company, Tehama Control Systems Consulting Services, and has consulted with Mangan Software Solutions (MSS) on the development and use of MSS’s Safety Lifecycle Management software.

Rick has a BS in Chemical Engineering from the University of California, Santa Barbara and is a registered Professional Control Systems Engineer in California and Colorado. Rick has served as a member and chairman of both the API Subcommittee for Pressure Relieving Systems and the API Subcommittee on Instrumentation and Control Systems.

Mangan Software Solutions to Attend 2019 ISA Process Industry Conference

 

 FOR IMMEDIATE RELEASE                     

Contact: 

Michelle Smith                                                                                

Mangan Software Solutions 

msmith@manganinc.com

281.402.2641 ext. 514 

mangansoftware.com 

  

Houston, TX // October 21, 2019 – 

  

Mangan Software Solutions (MSS) and its innovative safety lifecycle software, SLM® will be present at the 2019 International Society of Automation (ISA) Process Industry Conference. The event will take place Nov 4-6. The event features a program that combines the technical expertise, knowledge, and experience of ISA along with the leading experts across critical areas covering: process instrumentation/control, cybersecurity, and safety systems, open architecture and infrastructure, and operational excellence as well as robotics and subsea automation. 

 

Mangan Software Solutions (MSS) is a major leading supplier in the Process Safety Lifecycle Software industry, recently recognized for “commanding over half the market.  For the past decade, MSS has been leading the market in innovative technologies for the Refining, Upstream Oil & Gas, Chemicals, Pipeline, and Bio-Pharmaceutical Industries, transforming Process Safety Information into Process Safety Intelligence. MSS’ engineers and programmers are experts in the fields of Safety Lifecycle Management and Safety Instrumented Systems. With a scalable software platform and years of experience working with the premier energy companies in the world, MSS has established itself as the leader in software solutions engineered specific to the clients’ needs. 

 

Our approach has been to proactively work to not only meet, but exceed the evolving requirements of both, industry and clients.  Combining this approach with our organizations focus on delivering value through innovation, has enabled SLM to become an industry standard when it comes to a proven Process Safety Lifecycle Management technology platform. “ – Ronak Patel, Vice President – Sales & Marketing 

   

ABOUT Mangan Software Solutions: MSS is a wholly owned subsidiary of Mangan, Inc. that leverages technology and software services to standardize and automate business processes for the energy industry. Headquartered in Houston, with offices in Atlanta and London, MSS’ engineers and developers are experts in the fields of Safety Lifecycle Management and Safety Instrumented Systems and deploy their industry best practice flagship SLM platform suite to industries that require reliable high-performance automation solutions.  

 For further information, visit www.mangansoftware.com

                                           

Click here to see ISA Event programming and details.                                              

 

 

 

 

STANDARD END USER LICENSE AGREEMENT

MANGAN SOFTWARE SOLUTIONS, Inc. STANDARD LICENSE (EULA) TERMS

FOR INFORMATION ONLY

© Copyright MSS All rights reserved

Title in and to this document and all information contained herein remains at all times with Mangan Software Solutions, Inc.

  1. DEFINITIONS.
  1. a)”Authorized User” means the following individual persons authorized to use the Software pursuant to the license granted under this Agreement, as set forth in the Order Form.
  1. b)”Documentation” means user manuals, technical manuals and any other materials provided by Licensor, in printed, electronic or other form, that describe the installation, operation, use or technical specifications of the Software.
  1. c)”Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction.
  1. d)“Licensed Materials” means Licensed Software, Documentation, and other licensed materials, individually and collectively
  1. e)”Person” means an individual, corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association or other entity.
  1. f)“Representatives” means, with respect to a Party, that Party’s and its Affiliates’ employees, officers, directors, agents, and legal advisors.
  1. g)”Software” means the software programs for which Licensee has purchased a license, as expressly set forth in the Order Form.
  1. h)”Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
  1. i)”License Fees” means the license fees, including all taxes thereon, paid or required to be paid by Licensee for a license granted under this Agreement.
  1. j)“Support Fees” means any fees excluding License Fees, including but not limited to, software maintenance fees paid or required to be paid by Licensee.
  1. k)”Order Form” means the order form filled out and submitted by or on behalf of Licensee, and accepted by Licensor, for Licensee’s purchase of the license for the Software and associated services granted under this Agreement.
  1. l)“Software Maintenance Services” means the services provided to Licensee by Licensor as set forth in Schedule A.
  1. m)“Third Party” means any Person other than the Licensee or Licensor.
  1. LICENSE GRANT.

Subject to and conditioned upon Licensee’s payment of the License Fees and Licensee’s strict compliance with all terms and conditions set forth in this Agreement, Licensor hereby grants to Licensee a non-exclusive, non-transferable, non-sub licensable, revocable, limited license during the Term to use, solely by and through its Authorized Users, the Software and Documentation, solely as set forth in this Section2 and subject to all conditions and limitations set forth in Section 2 or elsewhere in this Agreement. This license grants Licensee the right, exercisable solely by and through Licensee’s Authorized Users, to:

  1. a)Download, install in accordance with the Documentation one (1) copy of the Software on each of the designated computers set forth on the Order Form owned or leased, and controlled by, Licensee. Unless the Order Form expressly states that Licensee is purchasing a network license, each such computer shall be for a single Authorized User. In addition to the foregoing, Licensee has the right to make one copy of the Software solely for archival purposes and a reasonable number of copies of the Software solely for backup purposes, provided that Licensee shall not, and shall not allow any Person to, install or use any such copy other than if and for so long as any copy installed in accordance with the preceding sentence is inoperable and, provided, further, that Licensee uninstalls and otherwise deletes such inoperable copy (ies). All copies of the Software made by the Licensee:
  1. i)     will be the exclusive property of the Licensor;
  2. ii)     will be subject to the terms and conditions of this Agreement; and

                                              iii)     must include all trademarks, copyright, patent and other Intellectual Property Rights notices contained in the original.

  1. b)Use and run the Software as properly installed in accordance with this Agreement and the Documentation, solely as set forth in the Documentation and solely for Licensee’s internal business purposes.
  2. c)Download or otherwise make one (1) copy of the Documentation per copy of the Software permitted to be downloaded in accordance with this Agreement and use such Documentation, solely in support of its licensed use of the Software in accordance herewith.  All copies of the Documentation made by Licensee:
  3. i)     will be the exclusive property of Licensor;
  4. ii)     will be subject to the terms and conditions of this Agreement; and

                                              iii)     must include all trademarks, copyright, patent and other Intellectual Property Rights notices contained in the original.

  1. d)Transfer any copy of the Software from one computer to another, provided that:
  2. i)     the number of computers on which the Software is installed at any one time does not exceed the number permitted under Section 2 (a); and
  3. ii)     Licensee notifies Licensor in writing of each such transfer, including in such notice the information required under this Agreement for each computer on which the Software is installed.
  1. USE RESTRICTIONS. Licensee shall not, and shall require its Authorized Users not to, directly or indirectly:
  2. a)use (including make any copies of) the Software or Documentation beyond the scope of the license granted under Section 2.
  3. b)provide any other Person, including any subcontractor, independent contractor, affiliate or service provider of Licensee, with access to or use of the Software or Documentation;
  4. c)modify, translate, adapt or otherwise create derivative works or improvements, whether or not patentable, of the Software or Documentation or any part thereof;
  5. d)combine the Software or any part thereof with, or incorporate the Software or any part thereof in, any other programs;
  6. e)reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain access to the source code of the Software or any part thereof;
  7. f)remove, delete, alter or obscure any trademarks or any copyright, trademark, patent or other intellectual property or proprietary rights notices provided on or with the Software or Documentation, including any copy thereof;
  8. g)except as expressly set forth in Section 2 (a) and Section 2 (c), copy the Software or Documentation, in whole or in part;
  9. h)rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make available the Software, or any features or functionality of the Software, to any Third Party for any reason, whether or not over a network or on a hosted basis, including in connection with the internet or any web hosting, wide area network (WAN), virtual private network (VPN), virtualization, time-sharing, service bureau, software as a service, cloud or other technology or service;
  10. i)use the Software or Documentation in, or in association with, the design, construction, maintenance or operation of any hazardous environments or systems, including:
  11. i)     power generation systems;
  12. ii)     aircraft navigation or communication systems, air traffic control systems or any other transport management systems;

                                              iii)     safety-critical applications, including medical or life-support systems, vehicle operation applications or any police, fire or other safety response systems; and

  1. iv)     military or aerospace applications, weapons systems or environments;
  2. j)use the Software or Documentation in violation of any law, regulation or rule; or
  3. k)use the Software or Documentation for purposes of competitive analysis of the Software, the development of a competing software product or service or any other purpose that is to the Licensor’s commercial disadvantage.
  1. COMPLIANCE MEASURES.
  2. a)The Software contains technological copy protection or other security features designed to prevent unauthorized use of the Software, including features to protect against any use of the Software that is prohibited under this Section 4. Licensee shall not, and shall not attempt to, remove, disable, circumvent or otherwise create or implement any workaround to, any such copy protection or security features.
  3. b)On Licensor’s written request, Licensee shall conduct a review of its and its Authorized Users use the Software and certify to Licensor in a written instrument signed by an officer of Licensee that it is in full compliance with this Agreement or, if Licensee discovers any noncompliance:
  4. i)     Licensee shall immediately remedy such noncompliance and provide Licensor with written notice thereof. Licensee shall provide Licensor with all access and assistance as Licensor requests to further evaluate and remedy such noncompliance.
  5. ii)     If Licensee’s use of the Software exceeds the number of copies or Authorized Users permitted under the license, Licensor shall have the remedies set forth in Section 4 (d).
  6. c)During the Term, Licensor may, in Licensor’s sole discretion, audit Licensee’s use of the Software at Licensor’s expense to ensure Licensee’s compliance with this Agreement, provided that (i) any such audit shall be conducted on not less than thirty (30) days’ prior notice to Licensee, and (ii) no more than 2 audits may be conducted in any 12 month period except for good cause shown. Licensor also may, in its sole discretion, audit Licensee’s systems within 3 months after the end of the Term to ensure Licensee has ceased use of the Software and removed the all copies of the Software from such systems as required hereunder. The Licensee shall fully cooperate with Licensor’s personnel conducting such audits and provide all reasonable access requested by the Licensor to records, systems, equipment, information and personnel, including machine IDs, serial numbers and related information. Licensor shall only examine information directly related to the Licensee’s use of the Software. Licensor may conduct audits only during Licensee’s normal business hours and in a manner that does not unreasonably interfere with the Licensee’s business operations.
  7. d)If the audit determines that the Licensee’s use of the Software exceeds or exceeded the use permitted by this Agreement then:
  8. i)     Licensee shall, within thirty (30) days following the date of such determination by Licensor, pay to Licensor the retroactive License Fees based on Licensor’s price list in effect at the time the audit is completed for such excess use and, unless Licensor terminates this Agreement pursuant to Section 4 (d) (iii), obtain and pay for a valid license to bring Licensee’s use into compliance with this Agreement. In determining the Licensee Fee payable pursuant to the foregoing, (i) unless Licensee can demonstrate otherwise by documentary evidence, all excess use of the Software shall be deemed to have commenced on the commencement date of this Agreement or, if later, the completion date of any audit previously conducted by Licensor hereunder, and continued uninterrupted thereafter, and (ii) the rates for such licenses shall be determined without regard to any discount to which Licensee may have been entitled had such use been properly licensed prior to its commencement (or deemed commencement).
  9. ii)     If the use exceeds or exceeded the use permitted by this Agreement by more than 10%, Licensee shall also pay to Licensor, within thirty (30) days following the date of Licensor’s written request therefor, Licensor’s reasonable costs incurred in conducting the audit.

                                              iii)     If the use exceeds or exceeded the use permitted by this Agreement by more than 50%, Licensor shall also have the right to terminate this Agreement and the license granted hereunder, effective immediately upon written notice to Licensee.

Licensor’s remedies set forth in this Section 4 (d) are cumulative and are in addition to, and not in lieu of, all other remedies the Licensor may have at law or in equity, whether under this Agreement or otherwise.

  1. RESPONSIBILITY FOR USE OF THE SOFTWARE.

Licensee is responsible and liable for all uses of the Software and Documentation through access thereto provided by Licensee, directly or indirectly. Specifically, and without limiting the generality of the foregoing, Licensee is responsible and liable for all actions and failures to take required actions with respect to the Software and Documentation by its Authorized Users or by any other Person to whom Licensee or an Authorized User may provide access to or use of the Software and/or Documentation, whether such access or use is permitted by or in violation of this Agreement.

  1. TERM AND TERMINATION.
  2. a)This Agreement and the license granted hereunder shall remain in effect for the term set forth on the Order Form or until terminated as set forth herein (the “Term”).
  3. b)Licensee may terminate this Agreement by ceasing to use and destroying all copies of the Software and Documentation.
  4. c)Licensor may terminate this Agreement, effective upon written notice to Licensee, if Licensee, materially breaches this Agreement and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after Licensor provides written notice thereof.
  5. d)Licensor may terminate this Agreement, effective immediately, if Licensee files, or has filed against it, a petition for voluntary or involuntary bankruptcy or pursuant to any other insolvency law, makes or seeks to make a general assignment for the benefit of its creditors or applies for, or consents to, the appointment of a trustee, receiver or custodian for a substantial part of its property.
  6. e)Upon expiration or earlier termination of this Agreement, the license granted hereunder shall also terminate, and Licensee shall cease using and destroy all copies of the Software and Documentation and certify in writing to Licensor it has complied with this provision. No expiration or termination shall affect Licensee’s obligation to pay all Licensee Fees and Support Fees that may have become due before such expiration or termination, or entitle Licensee to any refund, in each case except as set forth in Section 24 (c) (ii).
  1. MAINTENANCE AND SUPPORT.
  2. a)Subject to Section 7 (c), the license granted hereunder entitles Licensee to the basic Software Maintenance Services described on Schedule A:
  3. i)     for one (1) year following the date set forth on the Order Form (“Initial Term”); and
  4. ii)     unless terminated by the Licensee upon thirty (30) days’ notice to the Licensor shall automatically renew for a successive period of one calendar year (“Renewal Term”), starting on the Annual date (based on the purchase date of the Software as set forth in the Order Form).

Such Software Maintenance Services shall be provided on the terms and conditions herein and as set forth in Schedule A.

  1. b)Software Maintenance Services will include provision of such updates, bug fixes, patches, enhancements, modifications, improvements or other changes to the user interface, functionality, compatibility, capabilities, performance, efficiency or quality of the Software and other Error Corrections (as defined in Schedule A) (collectively, “Maintenance Releases“) as Licensor makes generally available free of charge to all licensees of the Software then entitled to Maintenance Services. Licensor may develop and provide Maintenance Releases in its sole discretion, and Licensee agrees that Licensor has no obligation to develop any Maintenance Releases at all or for particular issues. Maintenance Releases may be installed by Licensor (at no additional cost) or by Licensee as determined by Licensee. Licensee further agrees that all Maintenance Releases will be deemed Software, and related documentation will be deemed Documentation, all subject to all terms and conditions of this Agreement. Licensee acknowledges that Licensor may provide some or all Maintenance Releases via download from a website designated by Licensor and that Licensee’s receipt thereof will require an internet connection, which connection is Licensee’s sole responsibility. Licensor has no obligation to provide Maintenance Releases via any other media. Maintenance Releases and any associated support services do not include any new version, new release or upgrade (collectively “Upgrades”) of the Software that Licensor may issue as a separate or new product, and Licensor may determine whether any issuance qualifies as an Upgrade in its sole discretion.
  2. c)Licensor has no obligation to provide Maintenance Releases:
  3. i)     for any but the most current or immediately preceding version or release of the Software;
  4. ii)     for any copy of Software for which all previously issued Maintenance Releases have not been installed;

                                              iii)     if Licensee is in breach under this Agreement; or

  1. iv)     for any Software that has been modified other than by or with the authorization of Licensor, or that is being used with any hardware, software, configuration or operating system not specified in the Documentation or expressly authorized by Licensor in writing.
  2. COLLECTION AND USE OF INFORMATION.
  3. a)Licensee acknowledges that Licensor may, directly or indirectly through the services of Third Parties, collect and store information regarding use of the Software and about equipment on which the Software is installed or through which it otherwise is accessed and used, through:
  4. i)     the provision of Software Maintenance Services; and
  5. ii)     security measures included in the Software as described in Section 4.
  6. b)Licensee agrees that the Licensor may use such information for any purpose related to any use of the Software by Licensee or on Licensee’s equipment, including but not limited to:
  7. i)     improving the performance of the Software or developing Maintenance Releases; and
  8. ii)     verifying Licensee’s compliance with the terms of this Agreement and enforcing the Licensor’s rights, including all Intellectual Property Rights in and to the Software.
  9. EXPORT REGULATION.

The Software and Documentation may be subject to US export control laws, including the US Export Administration Act and its associated regulations as amended and the International Traffic in Arms Regulations as amended. The Licensee shall not and shall not permit any Third Parties to, directly or indirectly, export, re-export or release the Software or Documentation to, or make the Software or Documentation accessible from, any jurisdiction or country to which export, re-export or release is prohibited by law, rule or regulation. The Licensee shall comply with all applicable federal laws, regulations and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing or otherwise making the Software or Documentation available outside the US.

  1. PAYMENT.

All License Fees are payable in advance in the manner set forth in the Order Form and are non-refundable, except as may be expressly set forth herein. Any renewal of the license or Software Maintenance Services hereunder shall not be effective until the License Fees and/or the Support Fees as applicable for such renewal have been paid in full.  All amounts payable to Licensor under this Agreement shall be paid by Licensee to Licensor in full without any setoff, recoupment, counterclaim, deduction, debit or withholding for any reason (other than any deduction or withholding of tax as may be required by applicable Law).

  1. TAXES.

Licensee agrees to pay in addition to the License Fees and Support Fees all applicable duties, tariffs and similar charges which may apply or be charged under applicable laws and regulations as well as all taxes at the appropriate rate resulting from any transaction under this Agreement including, without limitation, sales, use, excise, value-added, goods and services, consumption business and other similar taxes, except taxes based on Licensor’s income or property. Should the payment of the License Fees or Support Fees be subject to withholding tax by any government owed by Licensee for any reason including but not limited to Licensee’s failure to pay taxes to such government when due, Licensee shall reimburse Licensor for such withholding tax upon request. Licensee will reimburse Licensor for any deficiency relating to taxes and other charges that are the Licensee’s responsibility under this Agreement. Each Party shall provide and make available to the other Party any exemption certificates, treaty certification or other exemption information reasonably requested by the other Party.

  1. LICENSEE INDEMNITY.

Licensee agrees to protect, indemnify, defend and hold harmless Licensor, and its officers, directors, employees, agents, subcontractors, guests, invitees, successors and assigns, from and against any or all costs, losses, damages, claims, suits and other liabilities, including attorney’s fees and other expenses of litigation or defense associated with any injury or death to persons or damage to or loss of property resulting therefrom; provided that such claim or damage is not due to the sole negligence of Licensor.

Licensee shall protect, indemnify, defend, and hold harmless Licensor and its officers, directors, employees, agents, subcontractors, successors and assigns, from and against any or all costs, losses, damages, claims, suits and other liabilities, including attorney’s fees and other expenses of litigation or defense (“Losses”) resulting from any action by a Third Party:

  1. a)that any Intellectual Property Rights or other right of any Person, or any Law, is or will be infringed, misappropriated, or otherwise violated by any:
  2. i)         use or combination of the Software by or on behalf of Licensee or any of its Representatives with any hardware, software, system, network, service, or other matter whatsoever that is neither provided by Licensor nor authorized by Licensor in this Agreement and the Documentation or otherwise in writing; and
  3. ii)         information, materials, or technology directly or indirectly provided by Licensee or directed by Licensee to be installed, combined, integrated, or used with, as part of, or in connection with the Software or Documentation;
  4. b)relating to facts that, if true, would constitute a breach by Licensee of any representation, warranty, covenant, or obligation under this Agreement;
  5. c)relating to negligence, abuse, misapplication, misuse or more culpable act or omission (including recklessness or willful misconduct) by or on behalf of Licensee or any of its Representatives with respect to the Software or Documentation or otherwise in connection with this Agreement; or
  6. d)relating to use of the Software or Documentation by or on behalf of Licensee or any of its Representatives that is outside the purpose, scope or manner of use authorized by this Agreement or the Documentation, or in any manner contrary to Licensor’s instructions.
  7. LICENSOR INDEMNITY.
  8. a)Licensor shall indemnify, defend, and hold harmless Licensee from and against any and all Losses incurred by Licensee resulting from any Third-Party claim, suit, action, or proceeding that the Software or Documentation (not including any Third-Party materials), or any use of the Software or Documentation in accordance with this Agreement, infringes or misappropriates such Third Party’s Intellectual Property Rights, provided that Licensee promptly notifies Licensor in writing of the claim, cooperates with Licensor, and allows Licensor sole authority to control the defense and settlement of such claim.
  9. b)such a claim is made or appears possible, Licensee agrees to permit Licensor, at Licensor’s sole cost and expense, to (i) modify or replace the Software or Documentation, or component or part thereof, to make it non-infringing, or (ii) obtain the right for Licensee to continue use. If neither of these alternatives are possible notwithstanding Licensor’s commercially reasonably efforts, Licensor may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Licensee, provided that Licensor shall refund or credit to Licensee all amounts paid by Licensee in respect of the Software or Documentation that Licensee cannot reasonably use as intended under this Agreement.
  1. c)This Section 13 does not apply to the extent that the alleged infringement arises from:
  2. i)     use of the Software in combination with data, software, hardware, equipment, or technology not provided by Licensor or authorized by Licensor in writing;
  3. ii)     modifications to the Software not made by Licensor;

                                              iii)     use of any version other than the most current version of the Software or Documentation delivered to Licensee; or

  1. iv)     Third-Party claims or Losses for which Licensee is obligated to indemnify Licensor pursuant to Section 12.
  2. d)Notwithstanding any other provision in this Agreement, the maximum liability of the Licensor under its indemnity obligations in this Agreement shall be limited to 100% of the Order Price, as adjusted pursuant to this Agreement.
  3. e)The remedies stated in this section 13 are the sole and exclusive remedies of Licensee and Licensor’s entire liability and obligation with respect to any actual, threatened, or alleged claims that this Agreement or any subject matter herein (including the Software and Documentation) infringes any intellectual property rights of any Third Party.
  1. LIMITATION OF LIABILITY. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW:
  1. a)EXCEPT FOR ANY REFUND LICENSOR OR DISTRIBUTOR MAY PROVIDE, IN NO EVENT WILL LICENSOR OR ITS REPRESENTATIVES, OR ANY OF ITS OR THEIR RESPECTIVE LICENSORS OR SERVICE PROVIDERS, BE LIABLE TO LICENSEE OR ANY THIRD PARTY FOR ANY USE, INTERRUPTION, DELAY OR INABILITY TO USE THE SOFTWARE, LOST REVENUES OR PROFITS, DELAYS, INTERRUPTION OR LOSS OF SERVICES, BUSINESS OR GOODWILL, LOSS OR CORRUPTION OF DATA, LOSS RESULTING FROM SYSTEM OR SYSTEM SERVICE FAILURE, MALFUNCTION OR SHUTDOWN, FAILURE TO ACCURATELY TRANSFER, READ OR TRANSMIT INFORMATION, FAILURE TO UPDATE OR PROVIDE CORRECT INFORMATION, SYSTEM INCOMPATIBILITY OR PROVISION OF INCORRECT COMPATIBILITY INFORMATION OR BREACHES IN SYSTEM SECURITY, OR FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL OR PUNITIVE DAMAGES, WHETHER ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT THE LICENSOR WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. This limitation applies to: anything related to the Software, services, content (including code) on Third Party internet sites, or Third Party programs; and claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable Law. It also applies even if: repair, replacement or a refund for the software does not fully compensate Licensee for any losses. Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to Licensee. They also may not apply to Licensee because Licensee country may not allow the exclusion or limitation of incidental, consequential or other damages.
  1. b)IN NO EVENT WILL LICENSOR’S AND ITS AFFILIATES’, INCLUDING ANY OF ITS OR THEIR RESPECTIVE LICENSORS’ AND SERVICE PROVIDERS’, COLLECTIVE AGGREGATE LIABILITY UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, EXCEED THE TOTAL AMOUNT PAID TO THE LICENSOR PURSUANT TO THIS AGREEMENT FOR THE SOFTWARE OR (ii) UP TO TWELVE (12) MONTHS OF THE SPECIFIC SERVICES, THAT IS OR ARE THE SUBJECT OF THE CLAIM. The exclusions and limitations in this Section 14 (b) shall not apply to claims pursuant to Section 13.
  1. c)THE LIMITATIONS SET FORTH IN SECTION 14 (a) and SECTION 14 (b) SHALL APPLY EVEN IF THE LICENSEE’S REMEDIES UNDER THIS AGREEMENT FAIL OF THEIR ESSENTIAL PURPOSE.
  1. CONFIDENTIALITY.

From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media/in written or electronic form or media, and whether or not marked, designated or otherwise identified as “confidential” (collectively, “Confidential Information“). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the date on the Order Form and will expire five (5) years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.

  1. APPLICABLE LAW.

Terms of Use are governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule (whether of any other jurisdiction) that would cause the application of Laws of any jurisdiction other than those of the State of Texas. The applicability of the UN Convention on Contracts for the International Sale of Goods, including any domestic law of Licensee’s state or country that implements such UN Convention, is hereby excluded.

  1. NOTICES.

All notices, requests, consents, claims, demands, waivers, and other communications hereunder shall be in writing and shall be deemed to have been given: (i) when delivered by hand (with written confirmation of receipt); (ii) when received by the addressee if sent by a nationally recognized overnight courier (receipt requested); (iii) on the date sent by email (with confirmation of transmission) if sent during normal business hours of the recipient, and on the next business day if sent after normal business hours of the recipient; or (iv) on the third day after the date mailed, by certified or registered mail, return receipt requested, postage prepaid. Such communications must be sent to the respective parties at the addresses set forth on the Order Form.

  1. LEGAL EFFECT.

This agreement describes certain legal rights. Licensee may have other rights under the laws of Licensee state or country. Licensee may also have rights with respect to the party from whom Licensee acquired the Software. This Agreement does not change Licensee rights under the laws of Licensee state or country if the laws of Licensee state or country do not permit it to do so.

  1. EQUITABLE REMEDIES.

Licensee acknowledges and agrees that a breach or threatened breach by of any of its obligations under Section 3, 12, and 15 of this Agreement would cause Licensor irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, Licensor will be entitled to equitable relief, including in a restraining order, an injunction, specific performance and any other relief that may be available from any court of competent jurisdiction, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

  1. SEVERABILITY/WAIVER.

If one or more of the provisions of this Agreement are held to be unenforceable under applicable law, the balance of the Agreement shall be enforceable in accordance with its terms. No failure of Licensor to exercise or enforce any of its rights under this Agreement will act as a waiver of such rights or of any other rights hereunder.

  1. HEADINGS.

The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.

  1. AMENDMENTS.

Licensor expressly reserves the right to amend or modify this Agreement at any time and without obligation of prior notification.

  1. INTELLECTUAL PROPERTY RIGHTS.

Licensee acknowledges that the Software is provided under license, and not sold, to Licensee. Licensee do not acquire any ownership interest in the Software or Documentation under this Agreement, or any other rights to the Software or Documentation other than to use the Software and Documentation in strict accordance with the license granted under this Agreement, subject to all terms, conditions and restrictions. Licensor shall retain its entire right, title and interest in and to the Software and all intellectual property rights arising out of or relating to the Software, subject to the license expressly granted to the Licensee in this Agreement. Licensee shall use commercially reasonable efforts to safeguard all Software (including all copies thereof) from infringement, misappropriation, theft, misuse or unauthorized access by any Person. Licensee shall promptly notify Licensor if Licensee becomes aware of any infringement of the Licensor’s Intellectual Property Rights in the Software and fully cooperate with Licensor in any legal action taken by Licensor to enforce its Intellectual Property Rights.

  1. WARRANTY.
  1. a)Solely with respect to Software for which Licensor receives a License Fee, Licensor warrants that, for a period of ninety (90) days following the purchase date set forth on the Order Form the Software as delivered to Licensee will substantially contain the functionality described in the Documentation, and when properly installed on a computer meeting the specifications set forth in, and operated in accordance with, the Documentation, will substantially perform in accordance therewith. This warranty is expressly conditioned on Licensee’s compliance with each of the operating, security, and data-control procedures set forth in the Documentation as well as maintaining the Designated Equipment in the configuration specified in the Documentation.
  1. b)EXCLUSIONS FROM WARRANTY. The warranties set forth in Section 24 (a) exclude any failure in the operation of, or access to, Licensee’s or a Third Party’s system or network and (b) any Software that Licensor makes available for testing or demonstration purposes, temporary software modules or software for which Licensor does not receive a License Fee. The warranties set forth in Section 24 (a) will not apply and will become null and void if Licensee breaches any material provision of this Agreement, or if Licensee, any Authorized User or any other Person provided access to the Software by Licensee or any Authorized User, whether or not in violation of this Agreement:
  2. i)         installs or uses the Software on or in connection with any hardware or software not specified in the Documentation or expressly authorized by Licensor in writing;
  3. ii)         moves or transfers the Software from the device on which it was originally installed;

                                         iii)         allows alteration, modification or repair of the Software by anyone other than Licensor or those specifically authorized by Licensor in writing;

  1. iv)         fails to install promptly install all Maintenance Releases that Licensor has previously made available to Licensee;
  2. v)         modifies or damages the Software, or the media on which it is provided, including abnormal physical or electrical stress; or
  3. vi)         misuses the Software, including any use of the Software other than as specified in the Documentation or expressly authorized by Licensor in writing.
  4. c)If, during the period specified in Section 24 (a), any Software covered by the warranty set forth in such Section fails to perform substantially in accordance with the Documentation, and such failure is not excluded from warranty pursuant to the Section 24 (b), Licensor will, subject to Licensee’s promptly notifying Licensor in writing of such failure, at its sole option, either:
  5. i)         repair or replace the Software, provided that Licensee provides Licensor with all information Licensor reasonably requests to resolve the reported failure, including sufficient information to enable the Licensor to recreate such failure; or
  6. ii)         refund the License Fees and Support Fees paid for such Software, subject to Licensee’s ceasing all use of and, if requested by Licensor, return to Licensor all copies of the Software.

If Licensor repairs or replaces the Software, the warranty will continue to run from the initial date specified on the Order Form, and not from Licensee’s receipt of the repair or replacement. The remedies set forth in this Section 24 (c) are Licensee’s sole remedies and Licensor’s sole liability under the limited warranty set forth in Section 24 (a).

  1. d)NO OTHER WARRANTIES.

EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 24 (a), THE SOFTWARE AND DOCUMENTATION ARE PROVIDED TO LICENSEE “AS IS” AND WITH ALL FAULTS AND DEFECTS WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, LICENSOR, ON ITS OWN BEHALF AND ON BEHALF OF ITS AFFILIATES AND ITS AND THEIR RESPECTIVE LICENSORS AND SERVICE PROVIDERS, EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SOFTWARE AND DOCUMENTATION, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND WARRANTIES THAT MAY ARISE OUT OF COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE. WITHOUT LIMITATION TO THE FOREGOING, THE LICENSOR PROVIDES NO WARRANTY OR UNDERTAKING, AND MAKES NO REPRESENTATION OF ANY KIND THAT THE LICENSED SOFTWARE WILL MEET THE LICENSEE’S REQUIREMENTS, ACHIEVE ANY INTENDED RESULTS, BE COMPATIBLE OR WORK WITH ANY OTHER SOFTWARE, APPLICATIONS, SYSTEMS OR SERVICES, OPERATE WITHOUT INTERRUPTION, MEET ANY PERFORMANCE OR RELIABILITY STANDARDS OR BE ERROR FREE OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED.

  1. Force Majeure.

Licensor will not be responsible or liable to Licensee, or deemed in default or breach hereunder by reason of any failure or delay in the performance of its obligations hereunder where such failure or delay is due to strikes, labor disputes, civil disturbances, riot, rebellion, invasion, epidemic, hostilities, war, boycott, terrorist attack, embargo, natural disaster, acts of God, flood, fire, sabotage, fluctuations or non-availability of electric utilities or communication, heat, light, air conditioning or Licensee equipment, loss and destruction of property or any other circumstances or causes beyond Licensor’s reasonable control.

  1. No Third Party Beneficiaries.

This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.

  1. Access by Contractors.  Licensee may only disclose the Licensed Materials (excluding any source code) to third parties performing services for Licensee and with a need to know, provided the Licensee is responsible for third parties’ full compliance with the terms of Section 15 herein (Confidentiality). Any use or access by such third parties shall be solely for the purpose of conducting, or assisting Licensee with the conduct of, its internal business. Licensee shall be jointly and severally liable with any such third party contractors for any loss, misuse, or misappropriation of the Licensed Materials or Licensor’s Confidential Information. Any such loss, misuse, or misappropriation shall be deemed a material breach of this Agreement and shall be just cause for termination of this Agreement and any License(s) granted hereunder.Under no circumstances may Licensee disclose the Licensed Materials or any other Licensor Confidential Information to a known Competitor of Licensor.
  1. Survival.

Section 3, 12, 13, 14, 15 and 28 and any provisions which by their nature are intended to survive termination shall survive any termination or expiration of this Agreement.

  1. Relationship of the Parties.

Nothing in this Agreement is to be construed as creating an agency, partnership, joint venture, or other form of joint enterprise, employment or fiduciary relationship between the Parties hereto, and neither Party shall have the authority to contract for or bind the other Party in any manner whatsoever.

  1. Order of Precedence.

In the event of any conflict between this Agreement and a Schedule, the terms of the Schedule shall prevail, but only as applies to that individual Schedule.

  1. Assignment.

Licensee shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance, under this Agreement, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without Licensor’s prior written consent, which consent Licensor may give or withhold in its sole discretion. For purposes of the preceding sentence, and without limiting its generality, any merger, consolidation, or reorganization involving Licensee (regardless of whether Licensee is a surviving or disappearing entity) will be deemed to be a transfer of rights, obligations, or performance under this Agreement for which Licensor’s prior written consent is required. No delegation or other transfer will relieve Licensee of any of its obligations or performance under this Agreement. Any purported assignment, delegation, or transfer in violation of this Section 28 is void. Licensor may freely assign or otherwise transfer all or any of its rights, or delegate or otherwise transfer all or any of its obligations or performance, under this Agreement without Licensee’s consent. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective permitted successors and assigns.

  1. Conflict of Terms.

If there is any inconsistency between the terms of this Agreement and those in the Purchase Order Form (or any similar document contemplated by or delivered under or in connection with this Agreement), the terms of this Agreement shall prevail.

  1. Costs.

If any action at law or in equity (including arbitration) is necessary to enforce or interpret the terms of this Agreement, the prevailing Party shall be entitled to reasonable attorney’s fees, costs and necessary disbursements in addition to any other relief to which such Party may be entitled.

  1. Entire Agreement.

This Agreement, together with the Order Form, all schedules attached hereto and all other documents that are incorporated by reference herein, constitute the sole and entire agreement between Licensee and Licensor with respect to the subject matter contained herein, and supersedes all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to such subject matter.

Schedule A 

  1. Software Maintenance Services:

The “Software Maintenance Services” are as follows:

  1. a)Maintenance Releases.

Licensor will make accessible to the Licensee by electronic delivery periodic Maintenance Releases of the Software which Licensor releases generally to its licensees at its discretion.

  1. b)Technical Support.

Licensor shall provide technical support to the Licensee for the Software as follows (“Technical Support”):

Technical support is helping the Licensee make the Software run as documented. If and when technical issues are identified technical support is provided to isolate and remedy the issues. Technical support is to also provide simple end user guidance, but is not intended to be End User training. This precludes that type of assistance that requires intimate knowledge of the Licensee’s particular data set, objectives, or non-licensed software related restrictions.

Licensor will correct Errors (as defined below) according to the following schedule:

Severity Description
Critical Fatal:  Software is down or effectively unusable as a result of the problem.  Problem causes mission-critical impact on the Licensee’s operation with no acceptable workaround or functionality used to perform tasks considered to be essential to Licensee operations, project completion or normal productivity of end-user.
High Severe Impact: Software is up and running, but the problem causes significant impact and has no acceptable workaround. High impact problem where operation is proceeding, but in a significantly impaired fashion or functionality used to perform tasks considered to be important but not primary to immediate.
Medium Degraded Operation:  Software is up and running and the problem causes only limited or insignificant impact. Important to long-term productivity, but is not causing any work stoppage during normal work hours.
Low Minimal Impact:  Problem does not have significant impact to the Licensee, is intermittent, or pertains to functionality that is not important and infrequently used.

Licensor’s Response Time:

Severity Acknowledge Receipt of Incident Report Provide a Fix, Workaround Document correction pages, or Notice of Non-Coverage Provide an Error Correction, Maintenance Release and/or updated Documentation
Critical 2  Business Hours 3 Business Days Next Maintenance Release
High 8 Business Hours or next Business Day 5 Business Days Next Maintenance Release
Medium 2 Business Days 15 Business Days As Licensor deems reasonably appropriate
Low 7 Business Days 45 Business Days As Licensor deems reasonably appropriate

“Business Days” means Monday – Friday, 8:30 a.m. to 5:30 p.m. Central Standard Time, excluding Licensor-observed holidays.

Licensor observes the following holidays:

  • New Year’s Day
  • Presidents’ Day
  • Memorial Day
  • Independence Day
  • Labor Day
  • Veterans Day
  • Thanksgiving Day
  • Christmas Day

Error” means a failure of the Software to operate under normal use in material conformance with its Documentation.

Error Correction” means a permanent modification or addition that, when made or added to the Software, brings the operation of the Software into material conformance with its Documentation.

Fix” shall mean a temporary Software patch designed to mitigate the impact of an error, notwithstanding that the Error still exists.

“Field Fix” shall mean any on-site Maintenance Services requiring Licensor personnel or Licensor Affiliate personnel to provide Maintenance Services at the client site for which travel and living expenses will be billed at cost + 10% in the event that such Maintenance Services are not due to an Error.

Workaround” means a temporary set of procedures that users may follow to circumvent or mitigate the impact of an Error, notwithstanding that the Error still exists.

Technical Support may take the form of support via email, telephone or an online web-based support desk where questions can be posted for response.

  1. c)Licensor will from time to time provide the Licensee with information regarding scheduled releases, updates and program enhancements regarding the Software in the form of publications on the web page referred to above, a product newsletter and, if necessary, ‘Required Action’ update (“Information”).
  1. License to use Maintenance Releases.

Any Maintenance Releases developed and made available by Licensor shall be subject to the license terms and restrictions set forth in the Agreement.

  1. Exclusions.

Except as specifically provided for herein, Maintenance Services do not include, inter alia, the following services (“Excluded Services”):

  • custom programming services or deliverables;
  • training;
  • hardware and related supplies;
  • Upgrades
  • Database management or data migration
  • Local and wide area network support and troubleshooting
  • Third-party Software, supplied or not supplied by Licensor
  • Software customized by Licensor, the Licensee, or third-parties

The Licensee and Licensor may separately agree that Licensor shall render some or all of such Excluded Services under the terms of a separate agreement.

  1. Disclaimer.

Without limiting the exclusions in Section 3 above, Licensor will not be responsible for and will not render any Maintenance Services regarding Errors that, in whole or in part, arise out of or result from any of the following:

  • Any Errors in the Software resulting from misuse, negligence, revision, modification or improper use or operation or modifications to the Software or any portion thereof (or the media on which the Software is embedded) by the Licensee or any person/entity other than Licensor;
  • Maintenance of any hardware;
  • The operation of, or access to, Licensee’s or a Third Party’s system or network;
  • Any breach or non-compliance with any material provision of this Agreement by Licensee or any of its representatives;
  • Any Force Majeure event (including abnormal physical or electrical stress).
  • Software that is:
  • installed on systems not specified by Licensor in the functional specification for the Software or otherwise approved in writing by Licensor with specific reference to this Agreement;
  • used in conjunction with other Software not specified in the Documentation or otherwise approved in writing by Licensor with specific reference to this Agreement;
  • where the Licensee subjects the Software (or the media on which the Software is embedded) to improper use, non-conforming environment or infrastructure;
  • any Licensee failure, including, but excluding Maintenance Releases installed by Licensor, to promptly install any Maintenance Releases that Licensor has previously made available to Licensee.
  1. Consideration.
  1. a)Maintenance Fee. The Licensee agrees to pay Licensor the annual Maintenance Fee as set out in the Order Form for the Initial Term and for any Renewal Term plus taxes pursuant to Section 5 (c) below. If Licensee requests Licensor to invoice an affiliated entity of Licensee and Licensor agrees to do this, Licensee shall nevertheless remain fully liable for payment of the Maintenance Fee. Technical support provided to remedy any breach of warranty with respect to the Software will not be charged to Licensee or otherwise reduce the number of support hours paid for by Licensee.

The Maintenance Fee for the Initial Term is due within 30 (thirty) days from the Maintenance Commencement Date. The Licensee will be notified by a letter or proposal 30 days prior to the annual Maintenance Fee Renewal date.

The Maintenance Fee for a Renewal Term (as defined in the Order Form) is due and payable in the 1st month of the annual period of the Renewal Term.

In the event that the Maintenance Fee (regardless of type) is not paid in accordance with the terms of this Section 5, Licensor may at its option (and without limiting its other remedies) suspend provision of the Maintenance Services until payment is made in full and without any extension of the Term and/or charge interest and collection costs on the outstanding sum until paid.

  1. b)In the event the Licensee fails to pay any amount when due, the Licensee agrees to pay interest on the unpaid amount at a rate of one and one-half percent (1½%) or the highest rate allowed by applicable law, whichever is less, for each month that the payment is overdue.
  1. Performance and responsibilities of Licensor.

Licensor shall exercise reasonable professional skill and care in performing Software Maintenance Services.

  1. Licensee’s Responsibilities.
  1. a)Installation. The Licensee agrees to promptly install all Maintenance Releases in accordance with Licensor’s instructions and in the order specified by Licensor. In the event that the Licensee does not do so, Licensor at its option may:
  1. i)         Suspend (without refund of the Maintenance Fee) provision of Maintenance Services under this Agreement until the Licensee has done so; or
  2. ii)         If Licensor is nevertheless willing to provide support, charge Licensee an additional fee (subject to prior notice) to carry out such work for Licensee.

Prior to installing any Maintenance Releases, the Licensee shall ensure that its IT systems are in an adequate state to receive the Maintenance Releases by maintaining its IT systems in accordance with good industry practice, including without limitation, virus searches and regular data backup.

  1. b)Facility and Personnel Access. The Licensee agrees to grant Licensor access, subject to Licensee’s safety and security policies, to the Licensee’s facilities and systems and where required by Licensor, to its premises and access to, and assistance from, appropriately skilled Licensee personnel concerned with the operation of the Software, to enable Licensor to provide the Software Maintenance Services.
  1. c)Error Documentation. The Licensee agrees to notify Licensor in writing following the discovery of any Error in the Software for which it requires Software Maintenance Services, and to provide Licensor with all information and materials necessary for the purpose of investigation, diagnosis and correction of any reported Error, in particular a listing of output and any other data, including databases and backup systems, including any other information that Licensor may request in order to reproduce operating conditions similar to those present when the Error occurred.
  1. d)Information.The Licensee shall provide Licensor with an application support manager for the purpose of updating and/or patch installation of the Software planning and execution. Any actions agreed upon by Licensee and Licensor shall be executed per the agreed action plan. The Licensee agrees to receive from Licensor communications via email, telephone and other formats. The Licensee agrees to receive certain communications that are considered an essential part of the Software Maintenance Services, including but not limited to communications concerning an Error or other technical issue and the availability of Maintenance Releases.
  1. e)Software Transports. Licensee shall access and install Software patches per Licensee guidance and instructions and on a schedule agreed to by Licensor and Licensee.
  1. Limitation of Liability.
  1. a)Licensee agrees to protect, indemnify, defend and hold harmless Licensor, and its officers, directors, employees, agents, subcontractors, successors and assigns, from and against any or all costs, losses, damages, claims, suits and other liabilities, including attorney’s fees and other expenses of litigation or defense associated with any injury or death to persons or damage to or loss of property resulting therefrom; provided that such claim or damage is not due to the sole negligence of MSS. EXCEPT FOR LICENSEE’S INDEMNITY OBLIGATIONS SET FORTH HEREIN, EACH PARTY’S LIABILITY TO THE OTHER UNDER EACH SPECIFIC SCHEDULE ATTACHED TO THIS AGREEMENT SHALL BE LIMITED TO AN AMOUNT EQUAL TO THE MAINTENANCE FEE PAID (LICENSOR’S LIABILITY LIMIT) OR THE MAINTENANCE FEE OWED (LICENSEE’S LIABILITY LIMIT) BY LICENSEE FOR THE THEN CURRENT TERM (OR RENEWAL TERM, AS THE CASE MAY BE) FOR THAT SPECIFIC SCHEDULE.
  1. b)Licensor will not be liable under any legal or equitable theory (whether in contract, tort (including negligence) or otherwise) for any loss of production, loss of profits or of contracts, loss of business or of revenues, loss of operation time, wasted management time, loss of goodwill or reputation, in each case whether caused directly or indirectly, or to give an account of profits to the Licensee, or for any indirect, incidental, punitive or consequential loss, damage, cost or expense whatsoever. The foregoing limitation applies notwithstanding the failure of any agreed or other remedy of its essential purpose.
  1. c)Licensor will not be liable for any loss, damage, cost or expense whatsoever and howsoever caused by, or arising from any fraudulent or unauthorized act or statement, misrepresentation or default on the part of the Licensee, its directors, employees, agents and other contractors.
  1. d)The express obligations and warranties made by Licensor in this Schedule A are in place of and to the exclusion (to the fullest extent permitted by law) of any other warranty, condition, term or undertaking of any kind, express or implied, statutory or otherwise, including (without limitation) as to the condition, performance, fitness for purpose or satisfactory quality of the services provided hereunder.
  1. e)No action, regardless of form, arising out of this Agreement may be brought by the Licensee more than one (1) year after the cause of action accrues.
  1. f)The allocations of liability in this Schedule A represent the agreed and negotiated understanding of the parties and Licensor’s charges for services reflect such allocations.
  1. g)The Licensee may not recover the same loss or damage twice, under this Schedule A and under the Agreement between the parties.
  1. h)Sections 8 and 10 survive the termination of this Schedule A for any reason.
  1. Collection and Processing of Data.

In connection with the performance of Licensor’s obligations under this Schedule A, Licensor may request and collect data from the Licensee, in person or remotely through electronic collaboration regarding any circumstances which may be relevant for the rendering of the Software Maintenance Services, such particulars regarding configurations and hardware used by the Licensee to operate the Software. The Licensee agrees to provide such data to Licensor without delay upon Licensor’s request.

  1. Data Privacy.

Both parties will comply with all relevant data privacy legislation. If Licensor receives personal data, in connection with this Schedule A, in relation to Licensee and Licensee’s employees, directors and other officers, Licensor may use this data solely for purposes connected with this Schedule A and the provision of the Software Maintenance Services to the Licensee.