SAFETY MANUAL - Tuv-fs.com

More documents

Recommendations

Info

SAFETY MANUAL • Method of detecting product related defects and the reporting of these to the original designers. • Methods for detecting systematic failure that may affect other elements of the system or other systems, and links to the satisfactory resolution of the issues. • Procedures for tracking all reported anomalies, their work around and/or resultant corrective action where applicable. 2.2.1.11 System Modification Design changes will inevitably occur during the system lifecycle; to ensure that the system safety is maintained, such changes shall be carefully managed. Procedures defining the measures to be adopted when updating the plant or system shall be documented. These procedures shall be the responsibility of the end-user. The system integrator shall provide sufficient guidance to ensure that these procedures maintain the required level of functional safety. Special consideration shall be given to the procedures to be adopted in case of product level updates and enhancement, i.e. module and firmware updates. Updates to the system shall include considerations of the requirements for application changes and firmware changes. These procedural measures shall include: • Requirement to undertake impact analysis of any such changes • The measures to be implemented during the modification to the system and its programming. These measures shall be in-line with the requirements within this document. Specifically, the requirements defined in sections 2.2 to 2.2.1.8 shall be applied, as well as the additional requirements defined in this paragraph (2.2.1.11). • The definition of these procedures shall include the review and authorisation process to be adopted for system changes. 2.2.1.11.1 Baselines Baselines shall be declared beyond which any change shall follow the formal change management procedure. The point within the lifecycle at which these baselines are declared depends on the detail of the processes involved, the complexity of the system, how amenable to change these processes are, and the required safety requirements class. It is recommended that the baseline for formal change process is the completion of each step in the lifecycle. However, as a minimum the baseline shall be declared before the presence of the potential hazards, i.e. before start-up. 2.2.1.11.2 Modification Records Records of each requested or required change shall be maintained. The change management procedure shall include the consideration of the impact of each of the required/requested changes before authorising the implementation of the change. The implementation of the change should repeat those elements of the lifecycle appropriate to the change. The test of the resultant changes should include nonregression testing in addition to test of the change itself. Doc No P8094 Page 34 of 67 Issue 14 September 2003
SAFETY MANUAL 2.2.1.12 Decommissioning The procedure for decommissioning the system shall be defined. This procedure is to include any specific requirements for the safe decommissioning of the system and, where applicable, the safe disposal or return of materials. As with commissioning, it is likely that the decommissioning be performed in a phased manner. The decommissioning procedure shall ensure that a plan be developed that maintains the functional safety whilst the corresponding hazards are present. Similarly, the installation environment of the control equipment shall be maintained within its operating envelope whilst it is required to function. • The decommissioning plan shall identify the sequence that the hazards are to be removed. • Methods shall be defined to ensure that the interaction between safety functions can be removed without initiating safety responses and still maintain safety functionality for the remaining potential hazards. This shall include the interaction between systems. • The decommissioning procedure shall define which modules/materials are to be returned for safe disposal following decommissioning. 2.3 FUNCTIONAL SAFETY ASSESSMENT The functional safety assessment process shall confirm the effectiveness of the achievement of functional safety for the system. The functional safety assessment, in this context, is limited to the safety-related system and will ensure that the system is designed, constructed and installed in accordance with the safety requirements. Each required safety function and its required safety properties shall be considered. The effects of faults and errors within the system and application programs, failure external to the system and procedural deficiencies in these safety functions are to be considered. The assessments are to be undertaken by an audit team that shall include personnel outside of the project. At least one functional safety assessment shall be performed before the presence of the potential hazards, i.e. before start-up. Doc Number P8094 Issue 14 September 2003 Page 35 of 67
Page 1: 8000 SERIES TMR SYSTEM SAFETY MANUA
Page 4 and 5: SAFETY MANUAL This page intentional
Page 6 and 7: SAFETY MANUAL NOTICE The content of
Page 8 and 9: SAFETY MANUAL RADIO FREQUENCY INTER
Page 10 and 11: SAFETY MANUAL ABBREVIATIONS 1-oo-2
Page 12 and 13: SAFETY MANUAL elements disagree. DR
Page 14 and 15: SAFETY MANUAL similar to the simple
Page 16 and 17: SAFETY MANUAL RS-232C, RS-422, RS-4
Page 18 and 19: SAFETY MANUAL 8000 Series Certified
Page 20 and 21: SAFETY MANUAL 3.11.6 Program Testin
Page 22 and 23: SAFETY MANUAL 1. INTRODUCTION 1.1 P
Page 24 and 25: SAFETY MANUAL 1.3.1 Safety and Func
Page 26 and 27: SAFETY MANUAL The additional elemen
Page 28 and 29: SAFETY MANUAL The TMR architecture
Page 30 and 31: SAFETY MANUAL 2.2.1 Safety Lifecycl
Page 32 and 33: SAFETY MANUAL Tools used within the
Page 34 and 35: SAFETY MANUAL 2.2.1.9 Safety System
Page 38 and 39: SAFETY MANUAL 2.3.1 Competency The
Page 40 and 41: SAFETY MANUAL 3.2.1 Safety-Related
Page 42 and 43: SAFETY MANUAL Pulse Generator 8444,
Page 44 and 45: SAFETY MANUAL 3.2.2 High-Density I/
Page 46 and 47: SAFETY MANUAL 3.2.3 Analog Input Sa
Page 48 and 49: SAFETY MANUAL 3.2.7 NFPA 86 Require
Page 50 and 51: SAFETY MANUAL shall be provided for
Page 52 and 53: SAFETY MANUAL 3.4 ACTUATOR CONFIGUR
Page 54 and 55: SAFETY MANUAL 3.6.1.2 Composite Sca
Page 56 and 57: SAFETY MANUAL Power Fail Timeout (P
Page 58 and 59: SAFETY MANUAL • Access to the wor
Page 60 and 61: SAFETY MANUAL 3.11.1 IEC1131 Workbe
Page 62 and 63: SAFETY MANUAL 3.11.3 Testing of New
Page 64 and 65: SAFETY MANUAL 3.11.4 Application De
Page 66 and 67: SAFETY MANUAL Where the interaction
Page 68 and 69: SAFETY MANUAL In addition to Normal
Page 70 and 71: SAFETY MANUAL 1ºF/min Table 8 - Cl
Page 72 and 73: SAFETY MANUAL 2. Alternatively, the
Page 74 and 75: SAFETY MANUAL 4. CHECKLISTS This se
Page 76 and 77: SAFETY MANUAL Description Reference
Page 78 and 79: SAFETY MANUAL Description Reference
Page 80 and 81: SAFETY MANUAL 4.2.4 High Density Mo
Page 82 and 83: SAFETY MANUAL 5. PREVIOUSLY ASSESSE

SAFETY MANUAL - Tuv-fs.com

Create successful ePaper yourself

Delete template?

Save as template?