AADvance Safety Manual - Tuv-fs.com
AADvance Safety Manual - Tuv-fs.com AADvance Safety Manual - Tuv-fs.com
AADvance Safety ManualRecords shall be maintained throughout the commissioning process. These recordsshall include evidence of the tests completed, any problem reports and the resolutionof problems.Safety System ValidationSafety system validation shall test the integrated system to ensure compliance with thesafety requirements specification at the intended safety requirements class. Thevalidation activities should include those necessary to prove that the systemimplements the safety actions during normal start-up and shutdown and underabnormal fault modes.The validation shall confirm that each functional safety requirement has beenimplemented at the specified safety integrity level, and that the realization of thefunction achieves its performance criteria, specifically that the process safety timerequirements have been met.The validation shall also consider the potential external common cause failures (powersources and environmental conditions) and ensure that the system will provide fail-safeoperation when these conditions exceeded its design capabilities.Operation and Maintenance PlanThe provision of an Operation and Maintenance Plan ensures that functional safety canbe maintained beyond the commissioning of the system. The in-service operation andmaintenance is normally outside the responsibility of the system integrator, but thesystem integrator can provide guidance and procedures to ensure that the persons ororganizations responsible for operation and maintenance can ensure the systemoperates to the specified safety levels.The Operating and Maintenance Plan shall include the following items: Clear definitions of power up and down sequences. These definitions shall ensurethat the sequences cannot result in periods when the system is unable to respondsafely whilst a hazard may be present. The procedures for re-calibrating sensors and actuators. The recommendedcalibration periods shall also be included. The procedures for periodically testing the system, together with definitions of themaximum intervals between testing. Definitions of the overrides to be applied to be able to carry maintenance of thesensors and actuators. The procedures for maintaining system security.3-6 Document number 553630 Issue 7: February 2010
Chapter 3 Functional Safety ManagementInput Module CalibrationPlanned MaintenanceField Device MaintenanceModule Fault HandlingThe Operation and Maintenance Plan shall include recommendations to check thecalibration of controller input modules.The calibration of each analogue input module should be checked every two years; thecalibration of each digital input module should be checked every five years.In most system configurations there will be some elements that are not tested by thesystem's internal diagnostics — for example, the final passive elements in I/O modules,the sensors and actuators themselves, and the field wiring.A regime of planned maintenance testing shall be defined to ensure that any faults,which could ultimately lead to the system's inability to perform its safety functions, donot accumulate. The maximum interval between these tests shall be defined beforeinstallation. It is highly recommended the test interval be less than 12 months.The Operation and Maintenance Plan shall include field maintenance activities, such asre-calibration, testing and replacement of devices, which were specified by the systemdesign requirements.In general, adequate provision for these measures will be defined by the client. As longas the necessary maintenance overrides and other facilities are implemented, nofurther safety requirements will be needed.It is highly recommended the I/O forcing capability is NOT used to support field devicemaintenance. Should I/O forcing be used to support field device maintenance, therequirements defined for 'Input and Output Forcing' in this manual shall be applied.When the AADvance controller uses modules in a dual or triple redundantconfiguration, the controller can continue to operate if one of its modules shoulddevelop a fault. However, when a module does have a fault it should be replacedpromptly to ensure that faults do not accumulate and that multiple failure conditionsresult in a plant shutdown.All modules permit live removal and replacement within a fault-tolerant configuration(dual or triple redundant configurations only). On-site repair is not supported exceptfor the replacement of fuses within some termination assemblies. All failed modulesshould be returned for repair or fault diagnosis in accordance with the warranty andreturn policy documentation delivered with your system.Document number 553630 Issue 7: February 2010 3-7
- Page 1 and 2: ICS TriplexAADvance Safety ManualIS
- Page 3 and 4: Issue RecordIssueNumberDateRevisedb
- Page 5 and 6: ForewordThis technical manual defin
- Page 7 and 8: ContentsChapter 1 Introduction ....
- Page 11 and 12: IntroductionChapter 1This chapter p
- Page 13 and 14: Chapter 1 IntroductionAssociated Do
- Page 15 and 16: The AADvance SystemChapter 2.An AAD
- Page 17 and 18: Chapter 2 The AADvance SystemThe AA
- Page 19 and 20: Functional Safety ManagementChapter
- Page 21 and 22: Chapter 3 Functional Safety Managem
- Page 23: Chapter 3 Functional Safety Managem
- Page 27 and 28: Chapter 3 Functional Safety Managem
- Page 29 and 30: Chapter 3 Functional Safety Managem
- Page 31 and 32: AADvance System ArchitecturesChapte
- Page 33 and 34: Chapter 4 AADvance System Architect
- Page 35 and 36: Chapter 4 AADvance System Architect
- Page 37 and 38: Chapter 4 AADvance System Architect
- Page 39 and 40: Chapter 4 AADvance System Architect
- Page 41 and 42: Chapter 4 AADvance System Architect
- Page 43 and 44: Chapter 4 AADvance System Architect
- Page 45 and 46: Chapter 5AADvance Functional Safety
- Page 47 and 48: Chapter 5 AADvance Functional Safet
- Page 49 and 50: Chapter 5 AADvance Functional Safet
- Page 51 and 52: Chapter 5 AADvance Functional Safet
- Page 53 and 54: Chapter 5 AADvance Functional Safet
- Page 55 and 56: Chapter 5 AADvance Functional Safet
- Page 57 and 58: Chapter 5 AADvance Functional Safet
- Page 59 and 60: Chapter 5 AADvance Functional Safet
- Page 61 and 62: Chapter 5 AADvance Functional Safet
- Page 63 and 64: Chapter 5 AADvance Functional Safet
- Page 65 and 66: Chapter 5 AADvance Functional Safet
- Page 67 and 68: Chapter 5 AADvance Functional Safet
- Page 69 and 70: Chapter 5 AADvance Functional Safet
- Page 71 and 72: Chapter 5 AADvance Functional Safet
- Page 73 and 74: Chapter 5 AADvance Functional Safet
<strong>AADvance</strong> <strong>Safety</strong> <strong>Manual</strong>Records shall be maintained throughout the <strong>com</strong>missioning process. These recordsshall include evidence of the tests <strong>com</strong>pleted, any problem reports and the resolutionof problems.<strong>Safety</strong> System Validation<strong>Safety</strong> system validation shall test the integrated system to ensure <strong>com</strong>pliance with thesafety requirements specification at the intended safety requirements class. Thevalidation activities should include those necessary to prove that the systemimplements the safety actions during normal start-up and shutdown and underabnormal fault modes.The validation shall confirm that each functional safety requirement has beenimplemented at the specified safety integrity level, and that the realization of thefunction achieves its performance criteria, specifically that the process safety timerequirements have been met.The validation shall also consider the potential external <strong>com</strong>mon cause failures (powersources and environmental conditions) and ensure that the system will provide fail-safeoperation when these conditions exceeded its design capabilities.Operation and Maintenance PlanThe provision of an Operation and Maintenance Plan ensures that functional safety canbe maintained beyond the <strong>com</strong>missioning of the system. The in-service operation andmaintenance is normally outside the responsibility of the system integrator, but thesystem integrator can provide guidance and procedures to ensure that the persons ororganizations responsible for operation and maintenance can ensure the systemoperates to the specified safety levels.The Operating and Maintenance Plan shall include the following items: Clear definitions of power up and down sequences. These definitions shall ensurethat the sequences cannot result in periods when the system is unable to respondsafely whilst a hazard may be present. The procedures for re-calibrating sensors and actuators. The re<strong>com</strong>mendedcalibration periods shall also be included. The procedures for periodically testing the system, together with definitions of themaximum intervals between testing. Definitions of the overrides to be applied to be able to carry maintenance of thesensors and actuators. The procedures for maintaining system security.3-6 Document number 553630 Issue 7: February 2010
Change language