Rockwell Automation AADvance Controller Troubleshooting and Maintenance Manual User Manual





Document: 553634
(ICSTT-RM406F_EN_P) Issue: 089:

6-19



Scope definition



Hazard and risk analysis



System Functional and Safety Requirements



System engineering



Application programming



System production



System integration



Installation and commissioning

The definition of these procedures shall include the review and authorization process to be adopted
for system changes.

Baselines

Baselines shall be declared, beyond which any change shall follow the formal change management
procedure. The point within the lifecycle at which these baselines are declared depends on the detail of
the processes involved, the complexity of the system, how amenable to change these processes are,
and the required safety requirements class. It is recommended the baseline for formal change process
be the completion of each step in the lifecycle. However, as a minimum the baseline shall be declared
before start-up, when the potential hazards are introduced.

Modification Records

Modification records, to provide traceability of each requested or required change, shall be maintained.
The change management procedure shall include the consideration of the impact of each such change
before authorizing the change. The implementation of the change should repeat the safety lifecycle
phases which are affected by the change. The test of the resultant changes should include non-
regression testing as well as test of the change itself. All test results should be documented.

Decommissioning

The procedure for decommissioning the system shall be defined. This procedure should include specific
requirements for the safe decommissioning of the system and, where applicable, the safe disposal or
return of materials.

As with commissioning, it is likely the decommissioning will be performed in a phased manner. The
decommissioning procedure shall ensure that a plan be developed that maintains the functional safety
whilst the corresponding hazards are present. Similarly, the physical environment of the control
equipment shall be maintained whilst the equipment is required to function.

The procedure for decommissioning shall address the following items: