![Functional Safety Management Plan - V1.0 [PDF]](https://pdfs.asia/img/200x200/functional-safety-management-plan-v10.jpg)
11 0 851 KB
PETROLEUM COMPANY OF TRINIDAD AND TOBAGO LIMITED
FUNCTIONAL SAFETY MANAGEMENT PLAN
DIVISION: ISSUE DATE 1.0 2017.02.17
PREPARED BY:
REVIEWED BY:
DOCUMENT NUMBER: SUPPORTED BY:
_________________ HE,I&CSE
_________________ MES
_________________ SMES
REFINING & MARKETING
PCTT-RM-FSMP-R1.0 APPROVED BY: _________________ VPR&M
REVISION HISTORY Issue 0.1
Date December 17, 2014
0.2
January 13, 2015
0.3
April 15, 2016
0.4
July 18, 2016
0.5
November 2016
0.6
December 2016
1.0
February, 2017
Author(s) Functional Safety Management Plan Development Team Functional Safety Management Plan Development Team Functional Safety Management Plan Development Team
Functional Safety Management Plan Development Team Functional Safety Management Plan Development Team Functional Safety Management Plan Development Team
Functional Safety Management Plan Development Team
Description Draft
Reviewed for submission to insurers
Updated for following edits: • Update to section 6.2.2 –Scope and Timing for Phase 2 : “HAZOP Studies” • Update to section 6.3.2 – Scope and Timing for Phase 3: “SIL Studies” • Inclusion of Appendix A: Petrotrin Risk Assessment Matrix Modified Revision to List of Key Stakeholders Modification of responsibility for PSM Development of RASCI Matrix designating roles and responsibilities for each step in the Safety Lifecycle Edits to document: • Name change from SIF Management Plan to Functional Safety Management Plan • Update document to be consistent with developed RASCI Matrix • Removal of Appendix A: Petrotrin Risk Assessment Matrix Modified to be consistent with a LOPA driven framework • Insertion of two new sections: References and Functional Safety Management Planning (which discusses the overall process/phase on planning) • Revision of section on Verification and addition of this step to RASCI matrix • Insertion of ACTIVIITIES and SUCCESS FACTORS for each phase • How To Use this plan reworded to remove plant acronyms • IEC 61508 and Proven In Use references removed • General formatting to numbering and paragraphing changed • Insertion of Signatories • Correction of Typographical/Formatting Errors Issued for Approval i
CONTENTS REVISION HISTORY .......................................................................................................................................... i ABBREVIATIONS ............................................................................................................................................. 1 1
INTRODUCTION ...................................................................................................................................... 2 About SIF, IPF and SIS ................................................................................................................................ 2 Why have a Functional Safety Management Plan ..................................................................................... 2 How to Use this Plan .................................................................................................................................. 2
2
OVERALL OBJECTIVES............................................................................................................................. 3
3
REFERENCES ........................................................................................................................................... 4
4
FUNCTIONAL SAFETY MANAGEMENT LIFECYCLE .................................................................................. 5
5
ROLES AND RESPONSIBILITIES ............................................................................................................... 6
6
FUNCTIONAL SAFETY MANAGEMENT PLANNING ...............................................................................10
7
DATA COLLECTION ...............................................................................................................................11 Objective ..................................................................................................................................................11 Scope and Timing .....................................................................................................................................11 Activities...................................................................................................................................................11 Roles, Responsibilities & Deliverables .....................................................................................................11 Success Factors ........................................................................................................................................12
8
RISK ANALYSIS & PROTECTION LAYER DESIGN ....................................................................................13 Objective ..................................................................................................................................................13 Scope and Timing .....................................................................................................................................13 Activities...................................................................................................................................................13 Roles and Responsibilities .......................................................................................................................14 Inputs .......................................................................................................................................................15 Deliverables .............................................................................................................................................15 Success Factors ........................................................................................................................................15
9
ALLOCATION OF SAFETY FUNCTIONS TO PROTECTION LAYERS ..........................................................16 Objective ..................................................................................................................................................16 Scope and Timing .....................................................................................................................................16 Activities...................................................................................................................................................16 Roles and Responsibilities .......................................................................................................................16 Inputs .......................................................................................................................................................17 ii
Deliverables .............................................................................................................................................17 Success Factors ........................................................................................................................................17 10
SAFETY REQUIREMENTS SPECIFICATION .........................................................................................18
Objective ..................................................................................................................................................18 Scope and Timing .....................................................................................................................................18 Activities...................................................................................................................................................18 Roles and Responsibilities .......................................................................................................................19 Inputs .......................................................................................................................................................20 Deliverables .............................................................................................................................................20 Success Factors ........................................................................................................................................20 11
SIS DESIGN AND ENGINEERING .......................................................................................................21
Objective ..................................................................................................................................................21 Scope and Timing .....................................................................................................................................21 Activities...................................................................................................................................................21 Roles and Responsibilities .......................................................................................................................21 Inputs .......................................................................................................................................................23 Deliverables .............................................................................................................................................23 Success Factors ........................................................................................................................................23 12
INSTALLATION, COMMISSIONING AND VALIDATION ......................................................................24
Objectives ................................................................................................................................................24 Scope and Timing .....................................................................................................................................24 Activities...................................................................................................................................................24 Roles and Responsibilities .......................................................................................................................24 Inputs .......................................................................................................................................................25 Deliverables .............................................................................................................................................25 Success Factors ........................................................................................................................................25 13
OPERATION AND MAINTENANCE ....................................................................................................26
Objectives ................................................................................................................................................26 Scope and Timing .....................................................................................................................................26 Activities...................................................................................................................................................26 Roles and Responsibilities .......................................................................................................................27 Inputs .......................................................................................................................................................28 iii
Deliverables .............................................................................................................................................29 Success Factors ........................................................................................................................................29 14
MODIFICATION AND DECOMMISSIONING ......................................................................................30
Objective ..................................................................................................................................................30 Scope and Timing .....................................................................................................................................30 Activities...................................................................................................................................................30 Roles and Responsibilities .......................................................................................................................30 Inputs .......................................................................................................................................................31 Deliverables .............................................................................................................................................32 15
FUNCTIONAL SAFETY ASSESSMENT .................................................................................................33
Objective ..................................................................................................................................................33 Scope and Timing .....................................................................................................................................33 Activities...................................................................................................................................................33 Roles and Responsibilities .......................................................................................................................33 Inputs .......................................................................................................................................................34 Deliverables .............................................................................................................................................34 Success Factors ........................................................................................................................................34 16
VERIFICATION ..................................................................................................................................35
Objectives ................................................................................................................................................35 Scope and Timing .....................................................................................................................................35 Activities...................................................................................................................................................35 Roles and Responsibilities .......................................................................................................................36 Inputs .......................................................................................................................................................36 Deliverables .............................................................................................................................................37 Success Factors ........................................................................................................................................37
Figure 1– Petrotrin Functional Safety Management Plan (modelled after the IEC 61511 Safety Life Cycle) ....................................................................................................................................................................... 5
iv
ABBREVIATIONS BDP BOD BPCS CED DCS DEP EPC FGS HMI HSE I&CE IEC I/O IPF IPL IPS LOPA ME MES MESC MOC MTTF MTTR OSHA PE P&IDs PEFS PFD PFDs PHA PIU PLC PM PS PSAT PSM PSFS PSSR RE RRF RRM SIF SIL SIS SRS
Basic Design Packages Basis of Design Basic Process Control System Cause and Effect Diagram Distributed Control System Design and Engineering Practices Engineering, Procurement and Construction Fire and Gas System Human Machine Interface Health Safety and Environment Instrument & Controls Engineer International Electrotechnical Commission Input/Output Instrumented Protective Function Independent Protection Layer Instrumented Protective System Layers of Protection Analysis Mechanical Engineer Manager Engineering Services Material Equipment Standard Code Management of Change Mean Time to Failure Mean Time to Repair Occupational Safety and Health Administration Process Engineer Process and Instrumentation Diagrams Process Engineering Flow Scheme Probability of Failure on Demand Process Flow Diagrams Process Hazard Analysis Proven In Use Programmable Logic Controller Project Manager Project Specification Pre-Startup Acceptance Test Process Safety Management Process Safeguarding Flow Scheme Pre-Startup Safety Review Rotating Equipment Engineer Risk Reduction Factor Risk and Reliability Management Safety Instrumented Function Safety Integrity Level Safety Instrumented System Safety Requirements Specification 1
1
INTRODUCTION
This Functional Safety Management Plan details the step-by-step process for the attainment of functional safety within the processes at the Petrotrin Pointe-a-Pierre Refinery via the implementation of Safety Instrumented Functions (SIF) and Safety Instrumented Systems (SIS), where they are so needed. This plan does not replace the engineering of inherently safe process design and allows for the determination of whether or not it is applicable.
About SIF, IPF and SIS A Safety Instrumented Function comprises of one or more sensors or initiators, a logic solver and one or more final elements which work together to prevent or mitigate hazardous situations by performing a specific safety related task in the event of a specific dangerous condition. Towards this end the SIF may either assist with maintaining the safe operation of the process or may force the process to shut down safely. The term SIF may be used interchangeably with the term IPF - Instrumented Protective Functions which is the terminology adopted by the Shell standard referenced by this document. A Safety Instrumented System is made up of multiple SIFs/IPFs and may have interfaces with other systems such as the Basic Process Control System (BPCS) and the Fire and Gas System (FGS).
Why have a Functional Safety Management Plan The plan was created to ensure that functional process safety is attained and maintained in the running of the various units and plants in the refinery. The plan identifies the inputs, activities and deliverables for each phase and thus demonstrates how the objective of each phase will be met in practice. The plan also identifies the roles and responsibilities of key participants that are needed for the execution of the plan. The plan is intended to lead to a high level of consistency within the various phases and stages of the plan’s execution and amongst the different teams and plant personnel that will be involved.
How to Use this Plan This plan is to be individually applied to all existing process units within the refinery at Pointe-a-Pierre including those built or upgraded under the Gasoline Optimization Programme (GOP). This plan does not include plants which are still under construction and not yet commissioned. The plan itself makes provision for determining whether the implementation of Safety Instrumented Functions is required based on the findings of the Process Hazard Analysis (HAZOP) report. This plan is intended to be a living document that will be customized and updated for each plant or process unit and will evolve throughout all the safety life cycle’s phases. 2
2
OVERALL OBJECTIVES
The overall objectives of the activities contained in this Functional Safety Management plan are: •
To identify which plants and process loops require additional risk reduction by way of implementation of Safety Instrumented functions, SIFs
•
To design and implement Safety Instrumented Functions and Systems as needed for each process unit within the refinery that achieve the required risk reduction and integrate seamlessly with the existing controls on the unit
•
To re-design the shut-down instrumentation and systems and upgrade them to SIS so that adherence to the relevant standards and best practices is attained
•
To establish controls that ensure that the risk reduction that is achieved is also maintained throughout the life of each SIF
3
3
REFERENCES
In this document the following publications are referenced and/or adhered to: • •
IEC 61511 DEP 32.80.10.12
Functional safety - Safety instrumented systems for the process industry sector Management of Instrumented Protective Functions – Manual
Company Documents as referenced include: • • •
GEMS PIP GFI
General Equipment and Material Specification Process Industry Practices General Field Instructions
4
4
FUNCTIONAL SAFETY MANAGEMENT LIFECYCLE
The Petrotrin Functional Safety Management Plan is modelled after the IEC 61511 Safety Life Cycle and seeks to structure the approach to Functional Safety Management in Petrotrin. It is a simplified representation however and the sequence is not strictly prescriptive as some phases may be revisited in an iterative fashion. Each phase or step shall be discussed later on in this document. Figure 1– Petrotrin Functional Safety Management Plan (modelled after the IEC 61511 Safety Life Cycle)
1.0 DATA COLLECTION
2.0 RISK ANALYSIS & PROTECTICTION LAYER DESIGN
3.0 ALLOCATION OF SAFETY FUNCTIONS TO PROTECTION LAYERS
4.0 SAFETY REQUIREMENTS SPECIFICATION FOR SIS
DESIGN & DEVELOPMENT OF OTHER MEANS RISK REDUCTION
5.0 SIS DESIGN & ENGINEERING
6.0 INSTALLATION,
Recommended
COMMISSIONING AND VALIDATION Required
7.0 OPERATION AND MAINTENANCE
10.0 FUNCTIONAL SAFETY ASSESSMENT
Required
11.0 VERIFICATION
0.0 FUNCTIONAL SAFETY MANAGEMENT PLANNING
NOTE: IEC 61511 Model → Starts here
Recommended
8.0 MODIFICATION
Recommended
9.0 DECOMMISSIONING
5
5
ROLES AND RESPONSIBILITIES
Mgr., HSE
VP Refining & Mktg
R
Mgr., Technical
Mgr., Eng. Services
S
Mgr., Insp Services
Mgr., Mtce Services
Enterprise Risk Management Production Unit Mgr. Senior Mgr. Operations
The IEC 61511 makes it very clear that the activities of the Functional Safety Management plan must be performed by trained and competent individuals. Key technical staff, who have ownership of and overall accountability for SIFs, shall undergo training in all relevant aspects of SIS design and management, as defined in this document. Results and training development plans shall be recorded. The responsibilities by role are described below.
S
A
Lifecycle Step – Planning Develop Functional Safety Management philosophy Ensure that requirements outlined in Functional Safety Management Plan are followed Owner of the Plant SIS Owner of the Functional Safety Management Plan
A
S
R
R
Competency Development of Key Technical Staff Corporate Risk Tolerability Criteria Maintaining current Process Safety Information (PSI) [e.g. P&IDs, PFDs, Data Sheets]
R
R
R
R
R
R
A A
R
A
S
S
S
6
S S
R R
R
A
R R R
A A A
S
A A R R
A A
R
A
R
A
R
A R
A
R
A
R
A
R
A
S A S S S Lifecycle Step - Allocation of Safety Functions to Protection Layers Perform SIL determination via LOPA and provide a report with target RRF for each SIF identified1 S A S S S
R
I
R
1
This step must be executed by a Certified Functional Safety Expert for the first cycle of all plants in order to ensure the initial quality of the output of this step.
7
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator Lifecycle Step – Data Collection Provide Piping and Instrumentation Diagrams (MECH) Provide Process Flow Diagrams (MECH) Provide Cause & Effect Diagrams (MECH) Provide Equipment Data Sheets (MECH) Provide Plant Operating Procedures Provide Plant Incident Reports Provide Inspection Reports (INSP) Provide Relief Valves Data (INSP) Provide Process Control Narratives & Overview of Process Provide Design Parameters Provide MSDS for chemicals (including Products) Provide Instrument Databases with Alarm Configuration (As applicable) Provide Shutdown System Logic Narratives and descriptions (As applicable) Provide Instrument Data Sheets (As applicable) Provide Logic Solver specifications (As applicable) Lifecycle Step - Risk Analysis Conduct PHA (HAZOP) and provide a report on SIF’s identified
Lifecycle Step - Installation, Commissioning and Validation Perform Inspection and Retain Test Records Perform Calibration and Retain Reports Maintain Equipment Manuals Perform Validation Testing and Retain Records S Update and Maintain Operating Procedures S R A Lifecycle Step - Operation and Maintenance Prepare SIF activation investigation reports S S S Managing SIF bypasses per MOC S S S Maintain Logic Solver and Records of same I Perform SIF Proof Testing and Retain Records S S I Perform IPL Alarm Proof Tests and Retain Records S S I Maintain SIF Field devices and Records of same S S I Review SIF component performance against SRS
Functional safety Expert
VP Refining & Mktg
C
Training Coordinator
A
Inst Mtce Super
S
Inst Technician
C
Head, PSM
A
Mgr., Technical
Mgr., Eng. Services
R
Mgr., Insp Services
Controls Engineer
Discipline Engineer
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Lifecycle Step - Safety Requirements Specification for SIS Equipment Selections / Manuals / Certificates Prepare Safety Requirements Specification (SRS) Lifecycle Step - SIS Design and Engineering Perform SIS / SIF detailed design Perform Verification Report (Calculations) Prepare Validation Test Procedures Procure Equipment Prepare Proof Test Procedures Prepare Installation Contract Package Perform Factory Acceptance Testing S
I R
A A A R S R A
R R R C R
C C A
R
R R R
S S
I I C
A
S
R
R R
I
C
R S
S
R
C
S
S
R
C
S
S
R
C
S
C
R
8
S
S
R
A
I
C
S
A
S
R
S
A
S
R
S
A
S
S
A
S
Table 1 - Functional Safety Management Plan Roles and Responsibilities
Responsibility Codes: R A S C
Responsible
The resource(s) who owns the task and is responsible for leading the activity / ensuring that it gets completed. Accountable The resource ultimately accountable for the completion of the task. This resource must sign off (approve) the work before it can be implemented. Support Plays a role in executing the task or provides resources to execute the task Those whose opinions or guidance are sought. They have information or capability that Consult is necessary to complete the task. 2 way communication.
I
Inform
Those that are kept up-to-date on progress and must be notified of results. 1 way communication
Note: Discipline Engineer refers to the following engineering roles: Mechanical, Inspection, Reliability, etc.
2
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
S S
Controls Engineer
Process Engineer
A I
Discipline Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Lifecycle Step - Modification and Decommissioning Adhere to Management Of Change Process S R Perform SIF Modifications (As required) I I Lifecycle Step - Functional Safety Assessment Perform Functional Safety Audits at defined stages Review SIF performance against SRS S Lifecycle Step - Verification Review the execution of the entire management plan Conduct audits2
To be executed by the Internal Audit department as a minimum level of independence
9
6
FUNCTIONAL SAFETY MANAGEMENT PLANNING
The very first step towards functional safety management was the development of this philosophy document which seeks to strategize and consequently manage the implementation of functional safety within the refinery. This document must now be applied to the various units within the refinery. That is to say, the plan must be worked for each unit. Each project or unit for which functional safety is to be implemented should follow this document which is structured around the IEC 61511 Safety Lifecycle and the Shell Design and Engineering Practice manual for the Management of Instrumented Protective Functions. The very first deliverable for functional safety planning within a project should be the production of a project specific management plan which details the following: •
• •
Overall Objectives and Scope for the Project – be it as significant as the automation of a pneumatic plant and the concurrent implementation of functional safety or the more specific conversion of one or a few loops to safety instrumented functions Roles and Responsibilities – A meeting must be convened with all custodians and contributors who must understand their roles within the functional safety management planning Detailed plans for each phase where the following are further clarified: o Objectives for the particular phase o Scope of works to be completed within the phase o Roles and Responsibilities within this phase o Required Inputs o Specific actions which should be clear and measurable and designated to a named action party with a realistic target completion date o Procedures and Methods to be used o Resources required (e.g. personnel, equipment, financial, etc.) o Expected physical deliverables
The verification phase (Section
10
16 VERIFICATION ) is an overall process which runs in parallel with the planning process and as such a chairperson (either the plan’s custodian or someone appointed by him/her) must be identified so that progress review meetings can be initiated. The verification process is also the vehicle by which recommendations for changes to this document may be made. Guidelines and success factors for each phase which are structured around the life-cycle shall now be discussed in more detail. It should be noted however that the overall success of the plan is hinged upon practical actions assigned to persons who have a sense of ownership towards the plan and so hold themselves accountable.
7
DATA COLLECTION
Objective To collect all data necessary for the different phases of the Functional Safety Management plan as identified in Figure 1– Petrotrin Functional Safety Management Plan (modelled after the IEC 61511 Safety Life Cycle) on page 5
Scope and Timing The scope of this data collection covers the data and drawings for the Risk Analysis, Safety Requirements Specification development and the Design and Engineering phases. It is highly recommended that all relevant data be collected before entering these phases.
Activities Collect soft and hard copies of all relevant documents that will feed into the phases as identified in the scope above.
Roles, Responsibilities & Deliverables The persons responsible for the phases identified in the scope above shall be responsible for ensuring that all data is collected and towards this end shall contact the following data custodians in Petrotrin: • • •
The Manager, Engineering Services who manages all engineering drawings and documents The Manager, Inspection Services who is accountable for all inspection records and The Manager, Technical Services who is accountable for all process engineering data
The deliverables are the respective documents and drawings as listed below in the subsection of the RASCI matrix.
11
R R R R S S
R R
A S
A A A
A A R R
A A
R
A
R
A
R
A R
A
R
A
R
A
R
A
Success Factors In a plan such as this where there are many tasks and shared responsibilities, the ability of the Production Unit Manager to take an over-arching ownership for the collection of all the data for his unit will not only be an asset to the success of this phase but indeed benefit the overall objective of functional safety.
12
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator Lifecycle Step – Data Collection Provide Piping and Instrumentation Diagrams (MECH) Provide Process Flow Diagrams (MECH) Provide Cause & Effect Diagrams (MECH) Provide Equipment Data Sheets (MECH) Provide Plant Operating Procedures Provide Plant Incident Reports Provide Inspection Reports (INSP) Provide Relief Valves Data (INSP) Provide Process Control Narratives & Overview of Process Provide Design Parameters Provide MSDS for chemicals (including Products) Provide Instrument Databases with Alarm Configuration (As applicable) Provide Shutdown System Logic Narratives and descriptions (As applicable) Provide Instrument Data Sheets (As applicable) Provide Logic Solver specifications (As applicable)
8
RISK ANALYSIS & PROTECTION LAYER DESIGN
Objective The overall objective is to review the process unit’s design for completeness of all risk reduction measures required to protect against all hazards and hazardous events associated with the operations of the unit. The hazard and risk assessment or analysis will thus verify that the various layers of protection are performing suitably to reduce the risk inherent in the process.
Scope and Timing The scope of this phase is limited to those analyses which determined a need for instrumented risk reduction methods and are thus identified as SIFs or potential SIFs. In Petrotrin the Risk or Process Hazard Analysis (PHA) is usually conducted by the department of Process and Safety Management on a unit based schedule that is developed and coordinated by this department. From this full unit report, the SIFs and potential SIFs will need to be extracted. Petrotrin may choose to contract this scope out to an external consultant bearing in mind that if this is done, the PHA report shall not be a full PHA of the process unit but rather one with a specific emphasis on SIF identification.
Activities Assemble a team to perform a risk analysis or HAZOP study to review the hazards and hazardous events associated with the process and processing equipment and their associated risks. According to DEP 32.80.10.12, as a minimum the review shall: • • • • • • • • •
Identify the hazards and hazardous events of the process and associated equipment Determine the sequence of events leading up to the hazardous events Identify the causes of each hazardous event (including fault conditions and any foreseeable misuse) Identify the consequences of each hazardous event Determine the likelihood and hence risk associated with the hazardous events Determine the requirement for additional risk reduction Establish what risk reduction measures should be taken Record the assumptions used during the analysis, including demand rates, failure rates, human intervention and operating conditions Generate the PHA report in such a way that there is traceability between the hazards identified and the protections determined in subsequent phases
13
Roles and Responsibilities
Lifecycle Step - Risk Analysis Conduct PHA (HAZOP) and provide a report on SIF’s identified
S
R
The HAZOP team usually comprises of the following persons on a full time basis: • • • • •
PSM Coordinator\Facilitator Plant Superintendent Senior Operations Personnel Process Engineer Maintenance Personnel
The following persons contribute on a demand or part time basis: • • • • •
HSE Personnel Inspection Personnel Instrument & Controls Engineer Electrical Engineer Mechanical Engineer
These roles are not all identified in the RASCI matrix but are called upon as required by the PSM facilitator.
14
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
S
Head, PSM
Controls Engineer
S
Mgr., Technical
Discipline Engineer
A
Mgr., Insp Services
Production Unit Mgr. Senior Mgr. Operations Process Engineer
S
Mgr., Eng. Services
Senior Operator
The respective Asset Managers are the custodians for the risk analysis and are ultimately accountable for the objective of this phase being fully met.
Inputs The inputs of this phase are the deliverables of the Data Collection phase as identified below: • • • • • • • • • • • • • •
Corporate Risk Tolerability Criteria (Petrotrin Risk Assessment Matrix) Piping and Instrumentation Diagrams (Updated) Process Flow Diagrams Operating Procedures Incident Reports Process Control Narratives & Overview of Process Design Parameters MSDS for chemicals (including Products) Equipment Data Sheets Inspection Reports Relief Valves Data Instrument Databases with Alarm Configuration Cause & Effect Diagrams Shutdown System Logic Narratives and descriptions
Deliverables • •
HAZOP Report with Safeguarding or design recommendations Initial identification of SIFs and potential SIFs
Success Factors The success of this phase is heavily dependent on accurate data and the use of experienced personnel.
15
9
ALLOCATION OF SAFETY FUNCTIONS TO PROTECTION LAYERS
Objective To verify that the SIFs identified by the HAZOP team are indeed required by examining the other protection layers and how much protection they offer. (NOTE: Any changes made or proposed in this phase must be reviewed by the HAZOP team). To allocate performance targets for the safety instrumented functions as agreed upon by the HAZOP team and determine the Safety Integrity Level (SIL) of the SIF. It should be noted that a SIF is typically never intended to be the only layer of protection and IEC 61511 encourages the use of “multiple safety layers” so as to avoid a harmful consequence due to the failure of one layer.
Scope and Timing The scope of this phase is limited to the determination of the required integrity level for each SIF identified in the preceding risk analysis phase. The LOPA shall directly follow the completion of the HAZOP exercise or be conducted within the HAZOP.
Activities Assemble a team (which for consistency may be the same as the HAZOP team), to conduct a study that shall: 1
2 3 4 5
Allocate safety functions to the layers of protection determined in the HAZOP taking into account the potential reduction in effective protection due to common cause failure between the safety layers and the BPCS using the LOPA methodology and the corporate HSE risk tolerability criteria. Determine the required safety integrity level (SIL) Determine the probability of failure on demand (PFD) required by the SIL Determine the proof test interval required to meet the PFD target for the SIL Determine the requirement for dangerous failure robustness, taking into account the level of complexity of the SIF sub-system, the SIL and the safe failure fraction
Roles and Responsibilities The Production Unit Manager is ultimately accountable for this phase however it‘s execution is managed by the department of Process Safety Management. The initial execution of this task for each process unit shall be supported by a Certified Functional Safety Expert to ensure the initial quality of the exercise.
16
I
R
Inputs • • • • • •
HAZOP study Updated P&IDs Corporate Risk Tolerability Criteria (e.g. Petrotrin Risk Assessment Matrix and HSE assumptions) Instrument Data Sheets Safe and Dangerous failure rates for initiators and final elements Logic Solver Specifications
Deliverables • • •
LOPA report with SIF Classification Study including risk reduction factors, PFD Targets , Proof Test Intervals and recommendations SIF Narratives Marked-up Cause & Effect Diagram
Success Factors The success of this phase is heavily dependent on the robustness of the PHA report generated in the previous phase, the use of experienced personnel and a competent facilitator. It is important that a consistent interpretation of the risks and responses is maintained between this phase and the prior one. The practice of indexing and cross referencing the hazards to the identified SIFs which allows for traceability will assist this consistency. The deliverables of this phase are to be handed over to the Engineering Services department from the department of Process Safety Management. Overall success for the entire plan can be guaranteed if a verification check is performed at this interface.
17
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Lifecycle Step - Allocation of Safety Functions to Protection Layers Perform SIL determination via LOPA and provide a report with target RRF for each SIF identified S A S S S
10
SAFETY REQUIREMENTS SPECIFICATION
Objective To define how the Safety Instrumented Functions are to be designed and integrated into a Safety Instrumented System. The SRS provides the requirements of the safety instrumented functions. This phase is critical for satisfying a documentation requirement of IEC 61511 and ANSI/ISA S84.01.2004.
Scope and Timing The scope of this phase is limited to the hardware and software elements of the SIS. Work within this phase should commence as soon as the SIF Classification Report is produced.
Activities Prepare the Safety Requirements Specification which shall include the following according to the IEC 61511 standard: • • • • • • • • • • • • • • • • • • • • •
A description of all the safety instrumented functions necessary to achieve the required functional safety requirements to identify and take account of common cause failures A definition of the safe state of the process for each identified safety instrumented function A definition of any individually safe process states which, when occurring concurrently, create a separate hazard (for example, overload of emergency storage, multiple relief to flare system) The assumed sources of demand and demand rate on the safety instrumented function Requirement for proof-test intervals Response time requirements for the SIS to bring the process to a safe state The safety integrity level and mode of operation (demand/continuous) for each safety instrumented function A description of SIS process measurements and their trip points A description of SIS process output actions and the criteria for successful operation, for example, requirements for tight shut-off valves The functional relationship between process inputs and outputs, including logic, mathematical functions and any required permissive Requirements for manual shutdown Requirements relating to energize or de-energize to trip Requirements for resetting the SIS after a shutdown Maximum allowable spurious trip rate Failure modes and desired response of the SIS (for example, alarms, automatic shut-down); Any specific requirements related to the procedures for starting up and restarting the SIS All interfaces between the SIS and any other system (including the BPCS and operators) paying attention to BPCS-SIS independence A description of the modes of operation of the plant and identification of the safety instrumented functions required to operate within each mode The application software safety requirements Requirements for overrides/inhibits/bypasses including how they will be cleared The specification of any action necessary to achieve or maintain a safe state in the event of fault(s) being detected in the SIS. Any such action shall be determined taking account of all relevant human factors
18
• • •
•
•
the mean time to repair which is feasible for the SIS, taking into account the travel time, location, spares holding, service contracts, environmental constraints Identification of the dangerous combinations of output states of the SIS that need to be avoided The extremes of all environmental conditions that are likely to be encountered by the SIS shall be identified. This may require consideration of the following: temperature, humidity, contaminants, grounding, electromagnetic interference/radiofrequency interference (EMI/RFI), shock/vibration, electrostatic discharge, electrical area classification, flooding, lightning, and other related factors Identification to normal and abnormal modes for both the plant as a whole (for example, plant start-up) and individual plant operational procedures (for example, equipment maintenance, sensor calibration and/or repair). Additional safety instrumented functions may be required to support these modes of operation definition of the requirements for any safety instrumented function necessary to survive a major accident event, for example, time required for a valve to remain operational in the event of a fire
A
C
R
The Manager Engineering Services (MES) is ultimately accountable for this phase. The responsibilities of some key contributors are as follows: Controls Engineer •
Shall source and provide the necessary data for the development of the SRS for submission to the SIL expert
Functional Safety Expert\Specialist: •
Functional safety Expert
VP Refining & Mktg
Training Coordinator
S
Inst Mtce Super
I
Inst Technician
C
Head, PSM
A
Mgr., Technical
R
Mgr., Insp Services
Mgr., Eng. Services
Discipline Engineer
Controls Engineer
Lifecycle Step - Safety Requirements Specification for SIS Equipment Selections / Manuals / Certificates Prepare Safety Requirements Specification (SRS)
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Roles and Responsibilities
Produce the SRS document using data provided from the I& C Engineer, the SIL Classification Report and the HAZOP exercise
19
Inputs • • • • • •
SIL Classification Report Final Cause and Effect Diagrams SIF Narratives Updated P&IDs HAZOP Report Decision on SIS technology
Deliverables •
Comprehensive SIS Safety Requirements Specification Report
Success Factors The SRS Specification is the key design document for the Safety Instrumented System. It also represents information as supplied from different departments and resource personnel. The most important success factor for this phase is effective communication between disciplines and roles to manage issues related to interpretation of the information or any changes that must be fed back to the teams and responsible parties of previous phases.
20
11
SIS DESIGN AND ENGINEERING
Objective To design the hardware and software of the Safety Instrumented System in accordance with the Safety Requirements Specification from the preceding phase and in accordance with the company’s accepted policies and guidelines (e.g. GEMS, PIPs and GFIs). .
Scope and Timing The scope of this phase covers the complete detailed design, verification and validation of the Safety Instrumented System from field device to logic solver and operator interface. This phase closely follows the development of the SRS document.
Activities Prepare the complete SIS Design and Engineering package which shall include: •
• • • • • •
the design of all the SIF sub-systems hardware including transmitters, I.S. barriers, solenoid tubing / voting configurations, field junction boxes, process connections, logic solver, valves, interposing systems and associated HMI(s) the design, coding, validation and testing of the SIS application software overall testing of the SIS from the field to the operator display the development of the proof test procedures the verification and validation of the SIFs installation construction engineering Equipment procurement specifications
Lifecycle Step - SIS Design and Engineering Perform SIS / SIF detailed design Perform Verification Report (Calculations) Prepare Validation Test Procedures Procure Equipment Prepare Proof Test Procedures Prepare Installation Contract Package Perform Factory Acceptance Testing
S
A A A R S R A
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Roles and Responsibilities
R R R C R
C C A
R 21
The responsibilities of identified contributors are as follows: Controls Engineer • •
Shall provide support to the Functional Safety Expert for the development of the SIS Design and Engineering package which will guide the Automation constructor (s). Collect / Provide information on Company instrument and control philosophies, preferred manufacturers and technologies
•
Shall develop a scope of works which would include the functional safety design developed out of the SRS and shall also consider the wiring requirements inclusive of I.S. barriers and solenoid tubing / voting configurations and field junction boxes.
•
engineering for functional safety which and engage the services of an automation contractor who will provide the hardware and software consistent with the design as offered in the SRS document Shall develop a scope of works and engage the services of an Instrument Contractor to handle field related instrumentation works Provide coordination between the Automation and Instrument contractors (if no EPC is involved) Attend Factory Acceptance Testing for SIS
• • •
Functional Safety Expert • • • •
Develops a full design for the Safety Instrumented System from sensor to logic solver Provides support for installation of SIS Develop proof test procedures Perform verification calculations to ensure that the integrity as outlined by the SRS is being maintained by the installation
Automation Constructor • • • • • • • • • •
Shall design, code, validate and test the SIS application software Provide power and grounding drawings Provide equipment layout and installation drawings Provide cabinet integration drawings Provide communications wiring drawings Conduct Factory Acceptance Testing for SIS, covering all hardware and software validation tests Shall design and/or provide instrumentation to satisfy requirements of the SIS Design and Engineering Package in the scope of works document. Provide wiring layouts /junction boxes, etc. Provide loop drawings and any information that may be needed by the Automation Contractor Develop maintenance procedures
22
Senior Operator or Operations Representative • •
Shall witness Factory Acceptance Test Shall review graphics related to SIS design
EPC Contractor An EPC Contractor may be engaged as is necessary to coordinate the efforts of the various different vendors and contractors and to streamline the contributions of the different parties. Some of the contributions attributed to the contractors above may be moved around or handled directly by the EPC. Once an EPC is engaged, Petrotrin will not be dealing directly with the sub-contractors. The decision to engage the services of an EPC is dependent on the quantity and complexity of the scope of works and can be made after discussions between the Electrical, Instrument & Control Systems Engineering department and the MES.
Inputs • • • •
SIS Safety Requirements Specification Field device technology / voting Preferred manufacturer listing Additional requirements e.g. Sequence of Events Recording and HART connectivity to AMS
Deliverables • • • • • • • • • • •
SIS Hardware design complete with equipment layout and installation drawings SIF / SIL Verification Calculations A hard copy of the SIS logic Power and grounding drawings Cabinet integration drawings Communications wiring drawings Factory Acceptance Test signed off document Wiring layouts /junction boxes, etc. Loop drawings Maintenance procedures Proof test procedures
Success Factors Good project management is critical to the Controls Engineer who would be the person ultimately responsible for this phase and for collaborating the various vendors and consultants. A well-developed SRS document is also an important success factor.
23
12
INSTALLATION, COMMISSIONING AND VALIDATION
Objectives To install the safety instrumented system according to the specifications and drawings. To commission the safety instrumented system so that it is ready for final system validation.
Scope and Timing The scope of this phase is limited to the installation, commissioning and validation of the SIS on the individual plants and includes works related to the initiating devices, the logic solver, final elements, interconnections and tie-ins or modifications to existing installations. This time of execution is to be determined by the Operations department and dependent on plant availability. If the works are major or significant, plant shut down may be required and in some cases the timing may be dependent on the turn-around schedule.
Activities Prepare and execute a plan for installing, commissioning and validating the safety instrumented system design. This shall include but not be limited to the following activities, towards the achievement of this phase’s objectives: • Development of a project plan and work flow chart • Installation • Inspection • Functional testing • Commissioning • Change control procedures
S
R
24
Functional safety Expert
A
VP Refining & Mktg
I I C
Training Coordinator
S S
Head, PSM
R R R
Mgr., Technical
Inst Mtce Super
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Inst Technician
Lifecycle Step - Installation, Commissioning and Validation Perform Inspection and Retain Test Records Perform Calibration and Retain Reports Maintain Equipment Manuals Perform Validation Testing and Retain Records S Update and Maintain Operating Procedures S R A
Process Engineer
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Roles and Responsibilities
Key contributors include: • • • • •
I & C Engineer Automation Contractor Instrument Contractor EPC (if engaged) Operations department – to witness and sign-off on acceptance and validation tests
Inputs • • •
SIS Safety Requirements Specification SIS Detailed Design Documentation Signed off Factory Acceptance Test
Deliverables • • • • • • • • • • • •
Installation and Commissioning plan and report Completed field instrumentation calibration forms Completed loop check test forms As built safety loop drawings As built Instrument database Signed and approved inspection and test records for all SIFs SIS Vendor Equipment Manuals handed over to I&C Engineering department from Automation contractor Signed off Site Acceptance Test SIS application software handed over to I&C Engineering department from Automation contractor Approved and validated proof test and maintenance procedures for hand over to Maintenance department Approved operating procedures (falling under the responsibility of Operations Support) Complete hand over packages for Maintenance and Operations department
Success Factors According to DEP 32.80.10.12, “Function testing during pre-commissioning and later commissioning activities provides a good training ground for operational, maintenance and engineering personnel and helps to build a sense of ownership at an early stage.” Additionally good communication and close adherence to the change control procedures will allow for effective feedback of information to the earlier phases of the management plan, should they need to be revisited.
25
13
OPERATION AND MAINTENANCE
Objectives To ensure that the safety instrumented functions meet the required SIL throughout their operational life. IEC 61511 requires that the SIS be operated and maintained in such a way that the designed safety function is preserved.
Scope and Timing The scope of this phase is limited to the operation and maintenance of the related SIF components including initiating devices, logic solver and final elements and all interconnections. The scope as is applicable to the overall functional safety management planning is particularly relevant here as the management of the human resource who must maintain the system is a critical component within this phase. This phase begins upon commissioning and the official hand over of the system to the Operations department.
Activities The activities which will promote the effective operation and maintenance of the installed safety instrumented system include: • • •
• •
•
• •
Competence Management – personnel who are formally trained or sufficiently experience form a key component for this phase Proof testing - the integrity of the various SIFs is maintained via correctly executed and timed proof testing Preventative and predictive maintenance – where available diagnostic features shall greatly enhance the reliability of the system components to ensure that the integrity is maintained Corrective maintenance – the SRS document shall guide the procedures for the repair of faulty or defective equipment Trip reporting – a procedure shall be in place to report trips following safe failure of SIS components and data collected shall be used to review the ongoing validity of the assumed demand rate and safe failure rate data Incident investigation – a procedure shall be in place to investigate reported trips to determine immediate causes and system deficiencies and to make recommendations for improvement Failure rate data collection – Safe and dangerous failure rates of components must be collected for input into the SRS review Safety Requirements Specification (SRS) Review – The ongoing validity of the SRS document is to be reviewed regularly
26
•
Auditing – This is an essential component of the plan’s verification process that determines how effectively the SIF management activities are conducted to support the operation and maintenance of the SIF
Typical targets for certain key activities are as follows: • • • • •
Trip Investigations – within 24 hours of trips Accident Investigations – within 72 hours of incident Review of SIS Safety Requirements Specification – annually Performance and Development Review of SIF – annually These typical targets may be used to inform the various procedures identified and required above.
S S
I
R R
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
S S
Process Engineer
S S
Senior Mgr. Operations
Production Unit Mgr.
Lifecycle Step - Operation and Maintenance Prepare SIF activation investigation reports Managing SIF bypasses per MOC Maintain Logic Solver and Records of same Perform SIF Proof Testing and Retain Records Perform IPL Alarm Proof Tests and Retain Records Maintain SIF Field devices and Records of same Review SIF component performance against SRS .
Senior Operator
Roles and Responsibilities
I
C
R
S
S
I
S
S
R
C
S
S
I
S
S
R
C
S
S
I
S
S
R
C
S
C
R
27
Key contributors include: Controls Engineering department personnel - shall be responsible for: • • • • • •
maintenance of SIS logic solver investigating plant trips to uncover root causes and make recommendations to improve performing logic bypasses per the Management of Change process working with the Maintenance department to perform proof tests when necessary reviewing SIS Safety Requirements Specification paying particular attention to updating failure and demand rate date and proof test intervals keeping a log of SIS initiated trips
Maintenance Department personnel - shall be responsible for • • • • • •
keeping a log of the SIF Proof Testing preventative and corrective maintenance of field related components of the SIF working with the I & C Engineering department to perform proof tests when necessary performing bypasses in the field per the Management of Change process Updating the Maintenance system on SAP reviewing SIS Safety Requirements Specification paying particular attention to updating failure and demand rate date and proof test intervals for field instrumentation
Operations department personnel – shall be responsible for • • • • •
the safe and proper operations of the SIFs reviewing SIS Safety Requirements Specification giving information on the performance of the SIFs witnessing the SIF Proof Testing assisting Trip Investigation team with information on operations prior to and during trip generating reports to Maintenance or I&C Engineering for any malfunctioned SIF component
Inputs • • • • •
SIS Safety Requirements Specification Management of Change forms Hand Over Package complete with as-built drawings Approved and validated proof test procedures Approved and validated maintenance procedures
28
Deliverables • • • • • • •
Training program Maintenance records for SIF components Up to date Log Books for SIS to capture trips and bypasses etc. SIS Safety Requirements Specification: reviewed and updated on a frequency to be determined Proof Test reports Investigation reports for SIS related incidents Proposed audit schedule
Success Factors Genuine commitment on the part of all the contributors is essential to the success of this phase which for all intents and purposes represents the rest of the lifetime for the various SIFs. Education, whether it be via awareness building on-site programs or class room type training sessions is also another important success factor.
29
14
MODIFICATION AND DECOMMISSIONING
Objective To ensure that any modification (including partial decommissioning) is properly planned, reviewed and authorized while maintaining the required safety integrity level of the SIS.
Scope and Timing This scope of this phase is limited to any change to the hardware or software of the SIF and its subcomponents whether the change is temporary or permanent or considered to be an upgrade. In this context, software shall mean either application software written by the user, or operating system software supplied by the manufacture in any sub-component of the SIF. This phase is executed and completed during the operating life of the SIFs.
Activities The approval to enter this phase must first come from a detailed risk analysis to substantiate either the modification or the decommissioning of a SIF. If the change to be made does not include decommissioning (i.e. a modification only with retention of the SIF) then the activities of the entire life cycle must be revisited and all relevant documents updated.
Roles and Responsibilities
Lifecycle Step - Modification and Decommissioning Adhere to Management Of Change Process S R Perform SIF Modifications (As required) I I
A I
S S
S R
Functional safety Expert
VP Refining & Mktg
Training Coordinator
Inst Mtce Super
Inst Technician
Head, PSM
Mgr., Technical
Mgr., Insp Services
Mgr., Eng. Services
Controls Engineer
Discipline Engineer
Production Unit Mgr. Senior Mgr. Operations Process Engineer
Senior Operator
The Production Unit Manager is the custodian of the Functional Safety Management Plan subsequent to installation and commissioning however once a work request is generated to Engineering Services, the MES becomes responsible for the execution of the modification and is accountable for the objective of the phase being fully met.
S A
C
I
30
Other key contributors are as follows: The Plant Production Superintendent – shall be responsible for: • • • • •
Generating the plant change request\work order and getting it approved Coordinating with PSM to have the relevant risk analyses or HAZOP studies conducted for the modification Requesting participants for the multi-disciplinary HAZOP exercise Assigning a senior Operations personnel with relevant and recent experience on the plant to the HAZOP exercise Ensuring that assessment of hazards considers functional safety during the execution of the modification and impact on adjacent operating units and facilities
The Process Engineer – shall be responsible for: •
• •
Developing the Process Engineering Report (PER), if the change is process driven. The PER shall detail the required change, instrument requirements, economic ramifications, and mark-ups to DCS\BPCS graphics and P&IDs Providing updated process narratives for the affected process participating in the HAZOP exercise
The Controls Engineer – shall be responsible for: • • • • • •
Participating in the HAZOP exercise Identifying which phases of the SIF safety life cycle would need to be revisited and the extent to which they may need to be revisited Defining the work required to modify the SIF and any SIF sub-component Modifying the logic in the SIS if necessary Implementing changes to the DCS\BPCS graphics or control strategy as necessary Requesting independent re-verification if so identified in the risk analysis
Inputs • • • • •
Approved plant change request with work order Existing SIS Requirements Specification Petrotrin Functional Safety Management Plan Existing design drawings and documents Existing risk analysis & HAZOP studies
31
Deliverables • • • • • • •
Complete MOC documentation inclusive of HAZOP reports Updated SRS documentation Revised Functional Safety Management Plan (if revisions were necessary) Validation test reports to show modification was properly implemented and SIS performs as expected (IEC 61511 requirement) Tests or reports to show change has not adversely affected parts of SIS that were not modified (IEC 61511 requirement) Updated design drawings and documents Updated risk analysis studies
32
15
FUNCTIONAL SAFETY ASSESSMENT
Objective To ensure that the level of integrity achieved by the SIS is known and maintained throughout its life cycle
Scope and Timing The Functional Safety Assessment scope covers all the SIF components, including initiators, logic solver, final elements and all associated interfaces. It is recommended that functional assessments should be conducted within the SIS Design and Engineering and Operation and Maintenance phases. It is also recommended that it be conducted after any modifications to the SIF. It is required that a functional safety assessment be performed on the SIF after installation and prior to handover of the SIF with sufficient time in the project schedule for the rectification of any deficiencies.
Activities The activities of this phase cover: •
The development of a plan for the formal assessment of a SIF which would detail who will be involved, the competence of the assessors and the degree of independence required of the assessors.
The degree of independence of the assessors will depend on the highest SIL of the system under assessment and shall be guided by the governing standards and best practices.
Functional safety Expert
VP Refining & Mktg
Training Coordinator
S
A
S
R
Inst Mtce Super
R
Inst Technician
S
Head, PSM
A
Mgr., Technical
S
Mgr., Insp Services
Mgr., Eng. Services
Discipline Engineer
Process Engineer
Controls Engineer
Lifecycle Step - Functional Safety Assessment (Audits) Perform Functional Safety Audits at defined stages Review SIF performance against SRS S
Senior Mgr. Operations
Production Unit Mgr.
Senior Operator
Roles and Responsibilities
33
The Manager, Engineering Services is the custodian for the Functional Assessment phase and, as such, is accountable for the objective of the phase being fully met. These assessments or audits must be independent and objective and are to be carried out by corporate personnel external to the executing or maintenance departments. A specialized consulting company may be used.
Inputs • • • • • •
SRS – Safety Requirements Specification Previous assessment or audit reports Maintenance and test records Management of Change records SIS Bypass logs Logs showing bypassed systems, records of the number and cause of process demands on the SIS, nuisance trips if any, actual failure rates of SIS devices and their comparison to design assumptions
Deliverables •
Independently prepared SIF Functional Assessment/Audit Report indicating suitability of SIF or whether it has had to be rejected. This report will also detail if corrective action to lift the SIF to the level of acceptance is required.
Success Factors Proper records and documentation that are accessible to the assessors will greatly enhance the success of this phase. The competency and independence of the assessors are also important success factors.
34
16
VERIFICATION
This process is applied to determine the extent to which the Functional Safety Management plan has been executed and how well it has been executed
Objectives Verification aims to: 1. Track the overall progress of the functional safety management plan as applied to a specific project 2. Ensure the accuracy and completeness of the deliverables from one phase to another and particularly when this interface occurs across different departments 3. Audit the life-cycle to determine how effectively the Functional Safety Management plan’s activities are being conducted 4. Update the functional safety management plan based on recommendations and findings from the auditing process
Scope and Timing This verification activity is limited to a regular review of the progress against targets and deliverables as outlined within this plan. The assessment of whether the level of integrity for a SIF has been achieved is not a part of this scope as that is to be provided by the functional assessments. Progress review meetings will typically be executed in all the phases leading up to Operation and Maintenance A verification check is required between the phases for the Allocation of Safety functions to Protection Layers and the Safety Requirement Specification which represents a handover from the Process Safety Management department to the Engineering Services department. Audits are conducted over the life cycle of a SIF that is after it has been commissioned and handed over to the Operations department. The very first audit should occur within the first year of operation and should be followed up consequently by bi-annual audits (i.e. every two years).
Activities The activities of this step are limited to the objectives of this process: Progress review meetings shall be conducted in the phases leading up to the commissioning of the SIF Auditing –is to be conducted over the life-cycle of the SIF to determine: •
•
The level of compliance of the management plan and its various procedures (e.g. checking that the proof testing is done according to the stipulated procedure and schedule) The degree of competence of the various key contributors
35
• • • • • • •
The degree of adherence with proper change control procedures (i.e. the Management of Change process) The quality of documentation and reporting That SIF operation and maintenance support the maintenance of the SIF’s integrity level throughout its lifecycle That SIFs are not operated with permanently forced inputs or outputs The Safety Requirements Specification is sufficiently reviewed during the operation phase General areas for improvement That the Functional Safety Management plan is appropriate and relevant
Functional Safety Management Plan review – depending on the findings of the audit program, recommendations for the update of the document may be made. These recommendations must be reviewed by a team that shall as a minimum contain the identified custodian and contributors for this phase.
The Manager, Engineering Services is the custodian of this activity and is responsible for engaging Audit department at the appropriate intervals.
Inputs • • • • • •
The Petrotrin Refinery Functional Safety Management Plan Human Resource department competency development program Previous assessment or audit reports Maintenance and test records Management of Change records SIS Bypass logs
36
Functional safety Expert
VP Refining & Mktg
S
Training Coordinator
A
Inst Mtce Super
S
Inst Technician
S
Head, PSM
A
Mgr., Technical
S
Mgr., Insp Services
Mgr., Eng. Services
Discipline Engineer
Controls Engineer
Lifecycle Step - Verification Review the execution of the entire management plan Conduct audits
Production Unit Mgr. Senior Mgr. Operations Process Engineer
Senior Operator
Roles and Responsibilities
•
• •
Logs showing bypassed systems, records of the number and cause of process demands on the SIS, nuisance trips if any, actual failure rates of SIS devices and their comparison to design assumptions SIF Audit Reports Safety Requirements Specification Review report
Deliverables • • • •
The Petrotrin Process Unit Functional Safety Management Plan Status report - this report reviews the status of functional safety management within a process unit The Petrotrin Refinery Functional Safety Management Plan Status report - this report gives an overall review of the status of functional safety management within the refinery Updated or re-approved Functional Safety Management plan Progress Review meeting minutes
Success Factors According to the DEP 32.80.10.12 there are two main factors which will contribute towards the successful achievement of this phase’s objectives. These are: “Accountability – All action parties shall be responsible for the implementation of their actions and accountable for the effectiveness of their actions” “Follow-up – A single point coordinator for follow-up should be appointed [to] ensure that progress is checked at the required intervals, that action parties are aware of their obligations and that progress reports/charts are prepared and distributed.”
37
