Table of Contents Table of Contents
Previous Page  491 / 975 Next Page
Information
Show Menu
Previous Page 491 / 975 Next Page
Page Background

many years , the ability to maintain functional safety performance will be inextricably linked to the O&M

practices delivered within the facility.

Having discussed the implication for safety lifecycle compliance to the safety standards in this area, the

author believes that effective O&M practices will need to have considered the following key attributes:

List of Authorised Personnel

SIS operational anomalies should be dealt with in an organised way from within the end user

organisation and the requirements replicated into any supply chain provider perspectives. In doing so

any work activities related to SIS should only be undertaken by authorised and competent personnel.

It is a mandatory requirement for compliance with the safety standards that personnel both from the

end user and any service provider organisations, have the correct authorisation, knowledge and

experience to be able to deal with and evaluate O&M activities onto SIS, the impact of required actions,

the risks associated with certain actions and the delivery of such work requests.

Operations/system constraints

Note that any SIS scheduled maintenance or fault diagnosis may result in a system with limited

capabilities to perform its risk reduction functions, for example due to being taken off line for routine

maintenance, or loss of I/O-module(s), loss of redundancy of communications, redundancy of central

processor, or power supply, etc. Therefore on occasion, it may be necessary to stop operation of part

of the process during the period of scheduled maintenance or system diagnosis and repair. This

operational constraint should be considered as part of the O&M impact assessment process.

It should also be noted that the time between occurrence/detection of the SIS error/fault and resolution

of the error/fault may be restricted as the system is allowed to function in a “degraded mode” for a

limited period of time before a complete shutdown is required and in doing so additional risk reduction

measures may have to be implemented by the operations team to compensate for this event.

Referring back to the importance of O&M innovation at the development of the SIS safety requirements

specification (SRS), the MTTR requirements may also need to identify issues with automatic shutdown

of the system depending on how the diagnostics for the safety system controller have been configured

to react to system faults i.e. the shutdown timer may have been running well before the maintenance

request has been acknowledged i.e. avoidance of unnecessary spurious trips due to the lack of

communication and response between the plant operators and the maintenance team.

Getting the job done

Before any work starts, a method statement and impact assessment should be developed and included

within any preventative maintenance routine documentation. Separately, a similar system should exist

for corrective maintenance activities which will need to develop a bespoke method statement which will

be dependent on the nature of the faults identified. In addition an impact analysis shall always be

produced with respect to corrective action where functional safety performance could be affected by

direct intervention with the SIS hardware and software.

1 486 487 488 489 490 491 492 493 494 495 496 497 974-975  FlippingBook