Safety and environmental standards for fuel storage sites

Final report

27

Operation, maintenance and testing

61 Arrangements should be in place for the operation, maintenance and system testing and

inspection for the whole system and subcomponents. Written procedures should be agreed by

those the dutyholder has identified as responsible and competent for these functions. Procedures

and competency arrangements should be based on adequate consideration of human failure

potential in carrying out inspection, maintenance and testing activities. Reference should be made

to Appendix 5 for general guidance on procedures and competence assurance.

62 The initial test interval should be determined by the calculation of probability of failure on

demand during the design process, and this should be assessed and amended periodically based

on real operational data.

Functional safety assessment

63 Functional safety is the part of the overall safety arrangements that depends on a system or

equipment operating correctly in response to its inputs (BS EN 61508).

11

Procedures for functional

safety assessment and auditing should be in place. A functional safety assessment is an

independent assessment and audit of the functional safety requirements and the safety integrity

level achieved by the SIS.

64 At least one functional safety assessment should be performed on each system, typically at

the design stage before the system is commissioned. The functional safety assessment process

should be performed by an assessment team which includes at least one competent person

independent of the project design team. A functional safety assessment should be performed and

revalidated after any modifications, mal-operation or failure to deliver the required safety function

(a spurious trip which caused the safety system to action its functions successfully would not

be considered a failure). The depth and scope of the functional safety assessment should be

based on the specific circumstances, including the size of the project, complexity, SIL and the

consequences of failure. Further guidance is given in BS EN 61511 Section 5.

Modifications

65 Where changes or modifications to an SIS are planned then the changes should be subject

to a management of change process. The procedure should identify and address any potential

safety implications of the modification.

66 Software changes and system configuration changes should also be subject to a

management of change process.

Documentation

67 The associated documentation should be maintained, accurate and up-to-date with all

necessary information available to allow operation and lifecycle management.

68 The documentation should include but not be limited to process and instrumentation

diagrams, system design and testing requirements, and a description of maintenance activities

for the various components of the SIS from sensors to final elements inclusive. Documentation

of the design should include risk assessment for SIL determination, design specification, factory

acceptance testing, installation specification, and commissioning tests.

Probabilistic preventative maintenance for atmospheric bulk storage tanks

69 EEMUA 159

12

probabilistic preventative maintenance approach, or a suitable and

demonstrable risk-based system, when referenced together with the standards signposted for

integrity management of atmospheric bulk storage tanks, provides the benchmark standard which

will enable the dutyholder to have a suitable maintenance strategy and policy underpinning their

systems and procedures. Dutyholders should assess their current tank integrity management

systems against EEMUA 159, or equivalent, and draw up an improvement plan, as necessary, to

ensure arrangements meet this standard.