Discipline guidance - Full assessment
The full assessment should identify measures taken on site with specific measures outlined in BS IEC 61511, or equivalent standard.
An 'equivalent standard' may, in certain cases, be a company's own standard, which itself may be based on BS IEC 61511 or BS EN 61508, or some other recognised international standard. For further information on non 61508 based standards, Guidance for Retrospective Application and Non 61508 Based Standards on COMAH Sites
Criteria 4.28 , 5.1 , 5.2 , 184.108.40.206 & 220.127.116.11 - Design of Safety Instrumented Systems.
The report should include the site's policy for achieving functional safety of safety related control systems. The report must show a direct link between the SIS and the hazard being protected against. It should also provide some discussion of how the required integrity of control systems is established and implemented.
The report should include details of who is responsible for the management of the design and maintenance of the site's safety related control systems. (Assessment Team Issue: Links to the SMS Assessment criterion 4.3a )
The report should contain a full list of all safety related control functions or systems used on the site. The list should identify each loop, and the loop's unique identifier.
The report should state which standard these systems have been designed to. If the standard claimed is not a currently recognised relevant standard such as BS IEC 61511 or BS EN 61508, then a justification for this should be included in the report.
If the site has control systems that pre-date appropriate standards, or no longer has the original documentation to show the design approach, then the site should review its existing measure against BS IEC 61511 to establish any possible shortfalls in the existing systems, and to inform any further action, if necessary.
To complete the demonstrations, relevant documentation should be provided for representative safety instrumented systems or functions.
The reason why the example control systems and functions are representative should be given.
Evidence should be present that shows that safety functions have been allocated to appropriate protection layers. (Assessment Team Issue: Links to the Process Safety Assessment criterion 3.1 , 3.4.2 and 3.4.3 .) (NOTE: The use of a SIS as the single and only means of risk reduction should be subject to detailed inspection.)Examples of such documentation are:
- results of functional safety assessments such as HAZOPs or other risk assessment of the hazard concerned;
- records of the safety requirement specification;
- software safety requirement specification if applicable;
- testing, installation, commissioning and validation reports, such as factory acceptance test reports;
- representative verification reports.
Criteria 18.104.22.168 , 22.214.171.124 - Maintenance and Operation. The requirements for a successful demonstration of the C&I aspects of maintenance and operation are based on the provisions of clause 16 of BS IEC 61511. If a company claim that they are conforming to the standard, and can include documentary evidence to support this, then the demonstration will have been made.
The report should include details of an overall management system for ensuring routine maintenance is carried out.
The report should contain information that demonstrates that the operation of safety-instrumented systems on the site has been considered as a potential initiator, and give brief details about how this is managed in practice. Demonstration could be made by inclusion of a sample operating procedure.
As well as referring to the general arrangements on site for managing maintenance, the report should show that SIS specific maintenance issues have been addressed.
The demonstration of maintenance of safety-instrumented systems could be made through inclusion of information from a representative safety instrumented function, a function identified as relating to a MAH scenario.
Details of the proof test frequency and how this was derived. If this is not in accordance with BS IEC 61511 or BS EN 61508, then a justification should be provided.
Examples of systems or arrangements to limit the effect of maintenance as a major accident hazard initiator.
An example of a representative maintenance procedure.
An example of a procedure for dealing with faults and failures.
Details of proof test procedures for revealing undetected faults should be included, with example documentation and some information on how the procedures were established.
Criterion 126.96.36.199 modification.
The requirements for a successful demonstration of the C&I aspects of modification is based on the provisions of clause 17 of BS IEC 61511. If a company claim that they are conforming to the standard, and can include documentary evidence to support this, then the demonstration will have been made.
The site should have a procedure for the modification of safety-instrumented systems. To complete the demonstration, a representative example of the use of this procedure should be included in the report.