AADvance Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

AADvance Safety ManualRecords shall be maintained throughout the commissioning process. These recordsshall include evidence of the tests completed, any problem reports and the resolutionof problems.Safety System ValidationSafety system validation shall test the integrated system to ensure compliance with thesafety requirements specification at the intended safety requirements class. Thevalidation activities should include those necessary to prove that the systemimplements the safety actions during normal start-up and shutdown and underabnormal fault modes.The validation shall confirm that each functional safety requirement has beenimplemented at the specified safety integrity level, and that the realization of thefunction achieves its performance criteria, specifically that the process safety timerequirements have been met.The validation shall also consider the potential external common cause failures (powersources and environmental conditions) and ensure that the system will provide fail-safeoperation when these conditions exceeded its design capabilities.Operation and Maintenance PlanThe provision of an Operation and Maintenance Plan ensures that functional safety canbe maintained beyond the commissioning of the system. The in-service operation andmaintenance is normally outside the responsibility of the system integrator, but thesystem integrator can provide guidance and procedures to ensure that the persons ororganizations responsible for operation and maintenance can ensure the systemoperates to the specified safety levels.The Operating and Maintenance Plan shall include the following items: Clear definitions of power up and down sequences. These definitions shall ensurethat the sequences cannot result in periods when the system is unable to respondsafely whilst a hazard may be present. The procedures for re-calibrating sensors and actuators. The recommendedcalibration periods shall also be included. The procedures for periodically testing the system, together with definitions of themaximum intervals between testing. Definitions of the overrides to be applied to be able to carry maintenance of thesensors and actuators. The procedures for maintaining system security.3-6 Document number 553630 Issue 7: February 2010
Chapter 3 Functional Safety ManagementInput Module CalibrationPlanned MaintenanceField Device MaintenanceModule Fault HandlingThe Operation and Maintenance Plan shall include recommendations to check thecalibration of controller input modules.The calibration of each analogue input module should be checked every two years; thecalibration of each digital input module should be checked every five years.In most system configurations there will be some elements that are not tested by thesystem's internal diagnostics — for example, the final passive elements in I/O modules,the sensors and actuators themselves, and the field wiring.A regime of planned maintenance testing shall be defined to ensure that any faults,which could ultimately lead to the system's inability to perform its safety functions, donot accumulate. The maximum interval between these tests shall be defined beforeinstallation. It is highly recommended the test interval be less than 12 months.The Operation and Maintenance Plan shall include field maintenance activities, such asre-calibration, testing and replacement of devices, which were specified by the systemdesign requirements.In general, adequate provision for these measures will be defined by the client. As longas the necessary maintenance overrides and other facilities are implemented, nofurther safety requirements will be needed.It is highly recommended the I/O forcing capability is NOT used to support field devicemaintenance. Should I/O forcing be used to support field device maintenance, therequirements defined for 'Input and Output Forcing' in this manual shall be applied.When the AADvance controller uses modules in a dual or triple redundantconfiguration, the controller can continue to operate if one of its modules shoulddevelop a fault. However, when a module does have a fault it should be replacedpromptly to ensure that faults do not accumulate and that multiple failure conditionsresult in a plant shutdown.All modules permit live removal and replacement within a fault-tolerant configuration(dual or triple redundant configurations only). On-site repair is not supported exceptfor the replacement of fuses within some termination assemblies. All failed modulesshould be returned for repair or fault diagnosis in accordance with the warranty andreturn policy documentation delivered with your system.Document number 553630 Issue 7: February 2010 3-7
Page 1 and 2: ICS TriplexAADvance Safety ManualIS
Page 3 and 4: Issue RecordIssueNumberDateRevisedb
Page 5 and 6: ForewordThis technical manual defin
Page 7 and 8: ContentsChapter 1 Introduction ....
Page 11 and 12: IntroductionChapter 1This chapter p
Page 13 and 14: Chapter 1 IntroductionAssociated Do
Page 15 and 16: The AADvance SystemChapter 2.An AAD
Page 17 and 18: Chapter 2 The AADvance SystemThe AA
Page 19 and 20: Functional Safety ManagementChapter
Page 21 and 22: Chapter 3 Functional Safety Managem
Page 23: Chapter 3 Functional Safety Managem
Page 31 and 32: AADvance System ArchitecturesChapte
Page 33 and 34: Chapter 4 AADvance System Architect
Page 45 and 46: Chapter 5AADvance Functional Safety
Page 47 and 48: Chapter 5 AADvance Functional Safet
Page 75 and 76:
Chapter 5 AADvance Functional Safet
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
ChecklistsChapter 6This chapter con
Page 85 and 86:
Chapter 6 ChecklistsEngineering Che
Page 87 and 88:
Chapter 6 ChecklistsInput/Output Mo
Page 89 and 90:
Chapter 6 Glossary of TermsGlossary
Page 91 and 92:
Chapter 6 Glossary of Termscoverage
Page 93 and 94:
Chapter 6 Glossary of TermsIEC 6150
Page 95 and 96:
Chapter 6 Glossary of Termsprogram
Page 97:
Chapter 6 Glossary of Termsvoting s
show all

AADvance Safety Manual - Tuv-fs.com

Create successful ePaper yourself

Delete template?

Save as template?