This website uses non-intrusive cookies to improve your user experience. You can visit our cookie privacy page for more information.

Discipline guidance - Example model of C&I aspects

Example model of c&i aspects for inclusion in a comah report.

Notes:

UPPER CASE text gives examples of information that could be used to make a demonstration.

This is GUIDANCE, not a legal requirement. It seeks to encompass HSE's experience of COMAH report assessment, and subsequent inspections.

SECTION 1 - Design and Installation.

This section of the report is intended to fully or partially meet the requirements of the following COMAH Assessment criteria:

By meeting these requirements, we are demonstrating that the design of our control systems is proportionate to the risk of the major hazards of our site, and are therefore taking all necessary measures to prevent an incident based on the failure of a safety instrumented system.

The policy of this company for achieving functional safety of safety related control systems is:

[STATE POLICY, OR GIVE LOCATION OF POLICY IN COMAH REPORT]

The following persons/departments are responsible for managing the use of safety related control systems on this site:

[GIVE DETAILS, OR REFERENCE TO APPROPRIATE SECTION OF COMAH REPORT. IT MAY BE USEFUL AT THIS POINT TO REFERENCE THE SECTION

OF THE REPORT DESCRIBING MANAGEMENT OF COMPETENCE FOR THOSE

PERSONS/GROUPS/DEPARTMENTS IDENTIFIED.]

The system for managing the lifecycle of safety related control systems is described in [REFERENCE TO COMAH REPORT ENTRY]/ available on site for further inspection if required.

The following safety related control systems are used on site: [LIST OF SAFETY RELATED CONTROL SYSTEMS USED ON SITE]

(If no systems are used, state it explicitly. This claim could be subject to verification through inspection.)

These control systems are designed in accordance with:

[NAME OF STANDARD USED TO DESIGN OR REVIEW THE SYSTEM.]

(Preferred standard is BS IEC 61511. BS EN 61508 may have been used, if some other standard is claimed, see this link .)

To demonstrate the adequacy of these control systems, the following has been chosen as a representative system for the site as a whole for the following reasons:

[STATE REASONS WHY THE SPECIFIC SYSTEM/FUNCTION HAS BEEN CHOSEN. SUGGESTED EXAMPLES INCLUDE ONE OR MORE OF THE FOLLOWING:THE FUNCTION WITH THE HIGHEST SIL; A FUNCTION IN USE ON A PROCESS WITH THE HIGHEST MAJOR ACCIDENT HAZARD POTENTIAL, EVEN IF IT IS NOT OF A HIGH SIL RATING; A FUNCTION THAT IS USED FREQUENTLY ACROSS THE SITE.]

This system/function has been identified as safety critical as the result of [STATE METHOD OF RISK ASSESSMENT, e.g. HAZOP, AND GIVE REFERENCE TO WHERE IN THE COMAH REPORT THIS PROCESS IS DESCRIBED.]

[ENTER NUMBER HERE] functional safety assessments were carried out in the design of this control function/system. An example of the documented results of one of these assessments is included in Appendix [APPENDIX REFERENCE].

(If the plant has not been designed according to an appropriate standard, or the original documentation is no longer available, or the company is unable to demonstrate the suitability of control system design, then a retrospective application of relevant parts of BS IEC 61511 is recommended as a requirement for further inspection activity or enforcement action.)

Other means of protecting against a major accident in this part of the plant include:

[LIST OTHER METHODS OF PROTECTION SUCH AS INHERENTLY SAFE PROCESS DESIGN, MECHANICAL ISSUES SUCH AS PIPEWORK OR PRESSURE VESSEL DESIGN, OR ANY OTHER RISK REDUCTION MEASURES PRESENT.]

Safety functions have been allocated to these specific protection layers for the purpose of prevention, control or mitigation of hazards from the process and its associated equipment as shown in Appendix [APPENDIX REFERENCE].

The risk reduction target of the control system/function described has therefore been determined as [SIL]. Representative examples of documentation of the safety instrumented system safety requirement and software safety requirement specifications are included in Appendices [APPENDIX REFERENCE].

A factory acceptance test report is shown in Appendix [APPENDIX REFERENCE].

SECTION 2 Operation and Maintenance.

This section of the report is intended to fully or partially meet the requirements of the following COMAH Assessment criteria:

By meeting these requirements, we are demonstrating that the operation and maintenance of our control systems are proportionate to the risk of the major hazards of our site, and that we are therefore taking all necessary measures to prevent an incident based on the failure of a safety instrumented system.

The policies and procedures for operating the plant are given in:

[STATE POLICY, OR GIVE LOCATION OF POLICY IN COMAH REPORT]

One of the objectives of the operating policy is to ensure that the designed safety integrity of the safety instrumented system is maintained.

[IF APPROPRIATE] An example of an operating procedure that demonstrates this approach is included in Appendix [APPENDIX REFERENCE].

The policies and procedures for managing general maintenance are covered in:

[STATE POLICY, OR GIVE LOCATION OF POLICY IN COMAH REPORT]

For safety instrumented systems, the objective of the maintenance system is to maintain the designed functional safety.

The following persons/departments are responsible for managing the related control systems on this site:

[GIVE DETAILS, OR REFERENCE TO APPROPRIATE SECTION OF COMAH REPORT.]

The following system has been chosen to demonstrate the use of maintenance and inspection to maintain the designed safety integrity of the equipment.

[GIVE DETAILS OF SYSTEM CHOSEN - OR USE ONE PREVIOUSLY MENTIONED IN THE REPORT.]

The routine proof-test frequency for this equipment has been defined by the safety integrity levels set out in the design of the equipment. This is based on the level of risk reduction assigned to the equipment, and is therefore proportionate to the hazard.

[IF THE TEST FREQUENCY IS NOT IN ACCORDANCE TO BS IEC 61511, SAY HOW THE TEST FREQUENCY HAS BEEN DETERMINED, AND WHY.]

The following actions and constraints are necessary to prevent an unsafe state and/or reduce the consequences of a hazardous event during maintenance.

[GIVE DETAILS OF ANY MEASURES SUCH AS BYPASSING OR ADDITIONAL MITIGATION STEPS TAKEN WHEN MAINTAINING.]

The maintenance procedure for this equipment is shown in Appendix [APPENDIX REFERENCE].

The document in Appendix [APPENDIX REFERENCE], shows typical information maintained on system failure and demand rates.

The document in Appendix [APPENDIX REFERENCE], shows typical audit and test results on this safety instrumented system.

A procedure for dealing with faults or failures in this system are included in [APPENDIX REFERENCE].

Details of calibration and maintenance of instruments used during normal maintenance activities are available for inspection on site.

Appendix [APPENDIX REFERENCE] shows the written proof-test procedure designed to identify undiagnosed failures on the [STATE FUNCTION] safety function. It is based on the [STATE METHOD, e.g. FMEA, FAULT TREES, RCM] method of failure identification.

Appendix [APPENDIX REFERENCE] shows an example of a completed proof test for this system.

Section 3 Modification and Decommissioning.

This section of the report is intended to fully or partially meet the requirements of the following COMAH Assessment criterion:

By meeting this criterion, we are demonstrating that our modification procedures for use on safety related control systems are reducing the risk of a major accident initiator resulting from modifications to as low as is reasonably practicable, and therefore are taking all necessary measures.

Copies of the site's modification and decommissioning procedures are contained in Appendix [APPENDIX REFERENCE]. Typical examples of documentation generated by these procedures are shown in Appendix [APPENDIX REFERENCE].

Page last updated: 04/05/2006

2010-03-11