Task I: Scheduling

It is concerned with ensuring that during the scheduling process all appropriate improvements are captured. Here, it is to be noted that an important defense against common cause failures’ occurrence is to ensure that any corrections and improvements to the test procedure are properly captured during the creation of a new function test or inspection work packages.

Task II: Preparation, Execution, and Restoration

It is concerned with avoiding the introduction of common cause failures during preparation, execution, and restoration. Three separate checklists presented below contain quite useful questions for preparation, execution, and restoration.

Preparation checklist questions:

  • • Have human error-associated incidents been experienced during earlier execution?
  • • Are all individuals involved with executing the test clearly familiar with the testing and calibration tools?
  • • Does the procedure describe all the essential steps for safely restoring the SIS?
  • • Have all types of potential human errors during execution and restoration been properly discussed and highlighted?
  • • Does the procedure contain all the known deficiencies (e.g., ambiguous instructions)?
  • • Have all compensating appropriate measures been clearly highlighted and implemented for avoiding human errors?
  • • Are all the calibration tools properly calibrated?

Execution checklist questions:

  • • Are all the parts operated within the specified operating and environmental conditions?
  • • Are all the parts appropriately protected against damage from nearby work- related activities?
  • • Are all the process connections free from plugging and (if applicable) heat-traced?
  • • Are all the field SIS parts (constituting the safety function under test) appropriately labeled?
  • • Are all the additional parts that are operated during SIS function testing and inspection process appropriately labeled?

Restoration checklist questions:

  • • Have all inhibits’ and overrides’ suspensions been appropriately verified and communicated?
  • • Has the safety function been appropriately verified prior to start-up ?
  • • Are any remaining inhibits, bypasses, or overrides logged, and compensating measures appropriately highlighted and implemented?
  • • Has the physical restoration (e.g., bypasses and isolation valves) been appropriately verified?

Task III: Failure Reporting

It is concerned with improving failure reporting quality. In this regard, the following

questions are considered very useful [15]: [1]

  • • Was the part tested or inspected in a different way than stated in the test or inspection procedure; if so, what was the reason for the approach to be different?
  • • How was the failure observed or found (i.e., during the repair or inspection process, by diagnostic, by review, upon demand, incidentally, or during function testing)?
  • • Have any similar types of failures occurred previously?
  • • Has the part/component been overexposed (i.e., environmental or by operational stresses); if so, what could be the associated causes?

Task IV: Failure Analysis

It is concerned with highlighting common cause failures through failure analysis. The following four steps are considered very useful in highlighting common cause failures [15]:

  • • Step I: Review failure’s description and verify the initial failure classification (if necessary correct it).
  • • Step II: Conduct an appropriate initial screening that clearly captures failures that (i) share failure-associated causes, (ii) have been discovered within the framework of the same inspection or test interval, (iii) have quite similar design or physical/location, and (iv) the causes for failures are not random as stated by IEC 61508, 1998 and IEC 6151 lm 2003 documents [15].
  • • Step III: Conduct a root cause and coupling factors analysis by using influence diagrams.
  • • Step IV: List in a cause-defense matrix, all the root cause and coupling factors.

Task V: Implementation

It is concerned with implementing appropriate defensive measures. The proper implementation of common cause failures-associated defensive measures is very important for preventing the occurrences of similar types of failures. Additional information on this task is available in Lundteigen and Rausand [15].

Task VI: Validation and Continuous Improvements

It is concerned with validation and continuous improvements. In regard to validation, the following questionnaire considered useful [15]: [2]

  • • Are all personnel using the calibration and test tools clearly familiar with their proper application?
  • • Are all failures detected upon real demands appropriately analyzed for verifying that they would have been detected during a function or inspection test?
  • • Are all changes in operating or environmental conditions properly captured and analyzed for essential modifications to the SIS or related procedures?
  • • Are all the test and calibration tools suitable and maintained according to the vendor recommendations?
  • • Are all the procedure-associated shortcomings appropriately communicated to the responsible personnel and followed up?
  • • Are all the diagnostic alarms appropriately followed up within the stated mean time to restoration?
  • • Are all the test-associated limitations (compared to the actual demand conditions) clearly known?
  • • Are all failures introduced during function testing and inspection processes captured, analyzed, and used for improving the associated procedures?

Finally, it is to be noted that for all the above questions, the answer “No” indicates a potential weakness in the defense against common cause failures’ occurrence, and should be discussed for determining appropriate corrective measures.

  • [1] What appears to be the possible failure cause(s)? • What was the effect of failure’s occurrence on the overall safety function (i.e.,loss of entire function, degraded, none at all)?
  • [2] Are all common cause failures systematically highlighted and analyzed, andproper defenses implemented for preventing their re-occurrences? • Are all dangerous undetected failure modes clearly known and properly cateredfor in the function test and inspection-associated procedures? • Are all safety function redundant channels appropriately covered by thefunction test or inspection-associated procedures? • Are all requirements for the safety function appropriately covered by theinspection or function test-related procedure(s)? • Are all disciplines concerned with SIS inspection, testing, maintenance, andfollow-up properly familiar with the concept of common cause failures?
 
Source
< Prev   CONTENTS   Source   Next >