Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Hazard and Risk Analysis 11<br />
• Each individual field device shall have its own dedicated wiring to the system I/O.<br />
Using a field bus is not allowed!<br />
• A control valve from the BPCS shall not be used as a single final element <strong>for</strong> SIL<br />
capability 3.<br />
• The operator interface may not be allowed to change the SIS application software.<br />
• Maintenance overrides shall not be used as a part of application software or<br />
operating procedures.<br />
• When online testing is required, test facilities shall be an integral part of the SIS<br />
design.<br />
4 Develop a pre-start-up acceptance test procedure that provides a fully functional test of<br />
the SIS to verify con<strong>for</strong>mance with the SRS.<br />
5 Be<strong>for</strong>e startup, establish operational and maintenance procedures to ensure that the SIS<br />
functions comply with the SRS throughout the SIS operational life, including:<br />
• Training<br />
• Documentation<br />
• Operating procedures<br />
• Maintenance program<br />
• Testing and preventive maintenance<br />
• Functional testing<br />
• Documentation of functional testing<br />
6 Be<strong>for</strong>e start-up, complete a safety review.<br />
7 Define procedures <strong>for</strong> the following:<br />
• Start-up<br />
• Operations<br />
• Maintenance, including administrative controls and written procedures that ensure<br />
safety if a process is hazardous while an SIS function is being bypassed<br />
• Training that complies with national regulations (such as OSHA 29 CFR 1910.119)<br />
• Functional testing to detect covert faults that prevent the SIS from operating<br />
according to the SRS<br />
• SIS testing, including sensors, logic solver, and final elements (such as shutdown<br />
valves, motors, etc.)<br />
8 Follow management of change (MOC) procedures to ensure that no unauthorized<br />
changes are made to an application, as mandated by OSHA 29 CFR 1910.119.<br />
9 Decommission an SIS be<strong>for</strong>e its permanent retirement from active service, to ensure<br />
proper review.<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>