Table of Contents Table of Contents
Previous Page  724-725 / 973 Next Page
Information
Show Menu
Previous Page 724-725 / 973 Next Page
Page Background

© SBM Offshore 2012. All rights reserved.

www.sbmoffshore.com

21

v) Safety function will not work in a

specific error state

Fail-safe techniques not fully applied

Normally open field contacts used instead of normally closed.

Use of energise to trip circuits when fail-safe circuits are required.

Communications between controllers not set to fail-safe on loss of communications.

Wrong voting logic used, affecting the logic degrading on sensor failure.

Revealed sensor error not programmed as required to automatically generate a trip.

Counter-measures:

Awareness of logic solver team and verification measures

Awareness of commissioning teams

Test procedures - specific test for action on failure (e.g. test procedure

for specific requirements of the SRS)

Neil Wakeling, August 2014

1 714-715 716-717 718-719 720-721 722-723 724-725 726-727 728-729 730-731 732-733 734-735 736-737 972-973  FlippingBook