![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0277.jpg)
many years , the ability to maintain functional safety performance will be inextricably linked to the O&M
practices delivered within the facility.
Having discussed the implication for safety lifecycle compliance to the safety standards in this area, the
author believes that effective O&M practices will need to have considered the following key attributes:
List of Authorised Personnel
SIS operational anomalies should be dealt with in an organised way from within the end user
organisation and the requirements replicated into any supply chain provider perspectives. In doing so
any work activities related to SIS should only be undertaken by authorised and competent personnel.
It is a mandatory requirement for compliance with the safety standards that personnel both from the
end user and any service provider organisations, have the correct authorisation, knowledge and
experience to be able to deal with and evaluate O&M activities onto SIS, the impact of required actions,
the risks associated with certain actions and the delivery of such work requests.
Operations/system constraints
Note that any SIS scheduled maintenance or fault diagnosis may result in a system with limited
capabilities to perform its risk reduction functions, for example due to being taken off line for routine
maintenance, or loss of I/O-module(s), loss of redundancy of communications, redundancy of central
processor, or power supply, etc. Therefore on occasion, it may be necessary to stop operation of part
of the process during the period of scheduled maintenance or system diagnosis and repair. This
operational constraint should be considered as part of the O&M impact assessment process.
It should also be noted that the time between occurrence/detection of the SIS error/fault and resolution
of the error/fault may be restricted as the system is allowed to function in a “degraded mode” for a
limited period of time before a complete shutdown is required and in doing so additional risk reduction
measures may have to be implemented by the operations team to compensate for this event.
Referring back to the importance of O&M innovation at the development of the SIS safety requirements
specification (SRS), the MTTR requirements may also need to identify issues with automatic shutdown
of the system depending on how the diagnostics for the safety system controller have been configured
to react to system faults i.e. the shutdown timer may have been running well before the maintenance
request has been acknowledged i.e. avoidance of unnecessary spurious trips due to the lack of
communication and response between the plant operators and the maintenance team.
Getting the job done
Before any work starts, a method statement and impact assessment should be developed and included
within any preventative maintenance routine documentation. Separately, a similar system should exist
for corrective maintenance activities which will need to develop a bespoke method statement which will
be dependent on the nature of the faults identified. In addition an impact analysis shall always be
produced with respect to corrective action where functional safety performance could be affected by
direct intervention with the SIS hardware and software.