AADvance Safety Manual - Tuv-fs.com
AADvance Safety Manual - Tuv-fs.com AADvance Safety Manual - Tuv-fs.com
AADvance Safety ManualScope Definition Hazard and risk analysis Functional and safety requirements specification System engineering Application programming System production System integration System installation and commissioning Safety system validation Operation and maintenance plan System modification DecommissioningThe definition of each life-cycle stage shall include its inputs, outputs and verificationactivities. It is not necessary to have separate stages within the lifecycle addressing eachof these elements independently; but it is important that all of these stages are coveredwithin the lifecycle. Specific items that need to be considered for each of these lifecycleelements are described in the following sub-paragraphs.The scope definition is the first step in the system life-cycle. You have to identify theboundaries of the safety-related system and provide a clear definition of its interfaceswith the process and with all third party equipment. This stage should also establish thederived requirements resulting from the intended installation environment, such asenvironmental conditions and power sources.In most cases, the client will provide this information. The system integrator mustreview this information and gain a thorough understanding of the intended application,the bounds of the system to be provided, and its intended operating conditions.Hazard and Risk AnalysisThe hazard and risk analysis has three objectives: The first objective is to determine the hazards and hazardous events of thecontrolled system for all reasonably foreseeable circumstances, including faultconditions and misuse. The second objective is to determine the event sequences that may lead to ahazardous event. The third objective is to determine the risks associated with the hazardous event.This risk analysis will provide a basic information for identifying the safety-relatedrequirements to mitigate risks.3-2 Document number 553630 Issue 7: February 2010
Chapter 3 Functional Safety ManagementSystem Functional and Safety RequirementsSystem EngineeringA set of system functions and their timing requirements will be specified. Wherepossible, the functions should be allocated to defined modes of operation of theprocess. For each function, it will be necessary to identify the process interfaces.Similarly, where the function involves data interchange with third party equipment, thedata and interface should be clearly identified. Where non-standard field devices,communications interfaces or communications protocols are required, it is especiallyimportant that detailed requirements for these interfaces are established anddocumented at this stage.The client should provide the functional requirements, where this information is notsupplied the System Integrator should define the requirements and agree them with theclient. It is, however, necessary to collate these requirements into a document,including any clarification of the requirements. It is recommended that logic diagramsbe used to represent the required functionality and highly recommended that allrequirements are reviewed, clarified where required and approved by the client.The system safety requirements stage analyses the functional requirements todetermine their safety relevance. Where necessary, additional safety requirements shallbe identified and documented to ensure that the plant will fail-safe in the case offailures of the plant, safety-related system, external equipment or communications, or ifthe safety-related system's environment exceeds the required operating conditions.The appropriate safety integrity level (SIL2 or SIL3) and safety-related timingrequirements shall be defined for each safety-related function. For each function therequired safety failure mode shall be determined. The client should supply thisinformation or it should be defined and agreed with the client as part of this phase.The System Integrator shall ensure that the client approves the resulting safetyrequirements.The system engineering stage realizes the design of the safety-related system. It isrecommended that the engineering be divided into two distinct stages, the first definingthe overall system architecture, and the second detailing the engineering of theindividual architectural blocks.The architectural definition shall define the safety requirements class for eacharchitectural element and identify the safety functions allocated to each element.Additional safety functions resulting from the chosen system architecture shall bedefined at this stage.The detailed engineering design shall refine the architectural elements and culminate indetailed information for system build. The design shall be in a form that is readilyunderstood and allows for inspection and review of each stage of the process and finaldesign.If the possibility of errors cannot be eliminated, the system integrator should makesure that procedural methods are devized and applied to detect them.Document number 553630 Issue 7: February 2010 3-3
- Page 1 and 2: ICS TriplexAADvance Safety ManualIS
- Page 3 and 4: Issue RecordIssueNumberDateRevisedb
- Page 5 and 6: ForewordThis technical manual defin
- Page 7 and 8: ContentsChapter 1 Introduction ....
- Page 11 and 12: IntroductionChapter 1This chapter p
- Page 13 and 14: Chapter 1 IntroductionAssociated Do
- Page 15 and 16: The AADvance SystemChapter 2.An AAD
- Page 17 and 18: Chapter 2 The AADvance SystemThe AA
- Page 19: Functional Safety ManagementChapter
- Page 23 and 24: Chapter 3 Functional Safety Managem
- Page 25 and 26: Chapter 3 Functional Safety Managem
- Page 27 and 28: Chapter 3 Functional Safety Managem
- Page 29 and 30: Chapter 3 Functional Safety Managem
- Page 31 and 32: AADvance System ArchitecturesChapte
- Page 33 and 34: Chapter 4 AADvance System Architect
- Page 35 and 36: Chapter 4 AADvance System Architect
- Page 37 and 38: Chapter 4 AADvance System Architect
- Page 39 and 40: Chapter 4 AADvance System Architect
- Page 41 and 42: Chapter 4 AADvance System Architect
- Page 43 and 44: Chapter 4 AADvance System Architect
- Page 45 and 46: Chapter 5AADvance Functional Safety
- Page 47 and 48: Chapter 5 AADvance Functional Safet
- Page 49 and 50: Chapter 5 AADvance Functional Safet
- Page 51 and 52: Chapter 5 AADvance Functional Safet
- Page 53 and 54: Chapter 5 AADvance Functional Safet
- Page 55 and 56: Chapter 5 AADvance Functional Safet
- Page 57 and 58: Chapter 5 AADvance Functional Safet
- Page 59 and 60: Chapter 5 AADvance Functional Safet
- Page 61 and 62: Chapter 5 AADvance Functional Safet
- Page 63 and 64: Chapter 5 AADvance Functional Safet
- Page 65 and 66: Chapter 5 AADvance Functional Safet
- Page 67 and 68: Chapter 5 AADvance Functional Safet
- Page 69 and 70: Chapter 5 AADvance Functional Safet
<strong>AADvance</strong> <strong>Safety</strong> <strong>Manual</strong>Scope Definition Hazard and risk analysis Functional and safety requirements specification System engineering Application programming System production System integration System installation and <strong>com</strong>missioning <strong>Safety</strong> system validation Operation and maintenance plan System modification De<strong>com</strong>missioningThe definition of each life-cycle stage shall include its inputs, outputs and verificationactivities. It is not necessary to have separate stages within the lifecycle addressing eachof these elements independently; but it is important that all of these stages are coveredwithin the lifecycle. Specific items that need to be considered for each of these lifecycleelements are described in the following sub-paragraphs.The scope definition is the first step in the system life-cycle. You have to identify theboundaries of the safety-related system and provide a clear definition of its interfaceswith the process and with all third party equipment. This stage should also establish thederived requirements resulting from the intended installation environment, such asenvironmental conditions and power sources.In most cases, the client will provide this information. The system integrator mustreview this information and gain a thorough understanding of the intended application,the bounds of the system to be provided, and its intended operating conditions.Hazard and Risk AnalysisThe hazard and risk analysis has three objectives: The first objective is to determine the hazards and hazardous events of thecontrolled system for all reasonably foreseeable circumstances, including faultconditions and misuse. The second objective is to determine the event sequences that may lead to ahazardous event. The third objective is to determine the risks associated with the hazardous event.This risk analysis will provide a basic information for identifying the safety-relatedrequirements to mitigate risks.3-2 Document number 553630 Issue 7: February 2010