Table of Contents Table of Contents
Previous Page  135 / 648 Next Page
Information
Show Menu
Previous Page 135 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

133

Lifecycle maintenance

20 To assure the continued effective operation of an overfill protection system appropriate

maintenance will be required over its lifetime. Key elements in planning such lifecycle maintenance are:

The principal activity of maintenance is proof testing to identify any dangerous un-revealed

failures. See ‘Proof testing’ in this appendix.

System hardware should be inspected to check the mechanical integrity of system

components; this may be performed at the same time as the testing.

Manufacturers’ recommended installation and maintenance activities should be carried out to

ensure that all system components are correctly installed, in good working order, lubricated,

adjusted and protected.

Calibration, where necessary, should be checked when systems are tested or more frequently

if required.

Modifications should be subject to a management of change procedure to check that the

safety function is not affected by the modification (see section on management).

Further guidance on the management of instrumented systems for fuel storage tank installations is

given in response to Recommendation 2.

Overrides

21 Overrides should not be used during tank filling. However, if an override is deemed to be

necessary then management control is required. As a minimum the override management controls

should include:

override management process;

a method for risk assessing and identifying appropriate measures before applying override;

time limit for the override;

authorised signatory;

override information handed across shift changes;

time limit for review of an override;

no output overrides allowed;

the status when an override has been applied (eg alarmed);

an audit process.

Manual shutdown push-buttons

22 A manual means should be provided to terminate the transfer of product into the tank. This

does not form part of the automatic tank overfill instrumented function. Periodic testing of this

function is recommended.

Proof testing

Testing overfill protection systems

23 Overfill protection alarms or shutdown systems using high level switches or other two-state

detectors may be inactive for long periods and may develop unrevealed faults. Such faults cause

the system to fail to danger when required to operate.

Proof testing

24 All elements of an overfill prevention system should be proof tested in accordance with the

validated arrangements and procedures frequently enough to ensure the specified safety integrity

level is maintained in practice.

1 130 131 132 133 134 135 136 137 138 139 140 141 648 P & I Design Ltd