InstMC FS2016 (Rev 3.0)
Page
9
of
10
Nicol Instrument Engineering Limited
The analysis between expected behaviour and actual now includes the; demand rate on each SIF,
failures and failure modes of equipment forming part of the SIS (including normal operation,
inspection, testing or demand on a SIF), cause and frequency of any spurious trips, experiences from
normal or abnormal operation and from maintenance events.
Sub-clause added on identifying SIS spare parts, and that these are available, to minimize the any
bypass duration that is due to the unavailability of part for the SIS.
Proof testing
There’s a few wording changes and additional requirements on proof testing that clarify on
requirements. These include the; attention required to identify any failure causes that may lead to
common cause failures, test procedures emphasizing the need to avoid introducing common cause
failures, testing of the SIS can be performed either end-to-end or in segments (e.g. sensor to logic as
a segment, schedule for the proof tests be in accordance with the SRS, frequency of proof tests for a
SIF shall be determined through PFD
avg
or PFH calculation, proof test is repeated after the repair of
any deficiencies found during the proof testing, full validation and a proof test of any SIF impacted by
the changes to the application program requires, management procedures is applied to review
deferrals and prevent significant delay to proof testing, reporting of “as-found” condition includes all
faults found (including the failure mode).
Clause 17: SIS modification
This edition clarifies an analysis shall be carried out to determine the impact on functional safety prior
to carrying out any modification to a SIS (including the application program).
Additional requirements are for safety planning for the modification and re-verification, with these
carried out in accordance with the planning, and includes an FSA carried out, and updating of all
documentations affected by the modification.
Clause 18: SIS decommissioning
This edition clarifies the analysis to be carried out on the impact on functional safety as a result of the
proposed decommissioning activity for including an update of the H&RA to determine the scope of
impact to the SIS safety life cycle. With during decommissioning the subsequent SIS safety life-cycle
phases re-evaluated.
Proper documentation and authorization is required prior to any decommissioning activities.
Clause 19: Information and documentation requirements
Clarification that documentation required shall be available to personnel implementing the
requirements this standard, are kept up to date, in a maintainable and editable form, can be readily
and accurately identified, located, retrieved and revised.
This documentation shall be traceable to the functional and integrity requirements, including the
H&RA.
SUMMARY
In summary this edition:
Cancels and replaces the prior edition of 2003.
Introduced clarifications and tightening up on the requirements for functional safety systems.