3 functional safety assessment – Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual
Page 37
SAFETY MANUAL
D oc N umber T8094
I ssue 27 – June 2013
Page 16 of 103
2.2.1.12 Decommissioning
The procedure for decommissioning the system shall be defined. This procedure is to
include any specific requirements for the safe decommissioning of the system and,
where applicable, the safe disposal or return of materials.
As with commissioning, it is likely that the decommissioning be performed in a phased
manner. The decommissioning procedure shall ensure that a plan be developed that
maintains the functional safety whilst the corresponding hazards are present.
Similarly, the installation environment of the control equipment shall be maintained
within its operating envelope whilst it is required to function.
• The decommissioning plan shall identify the sequence that the hazards are
to be removed.
• Methods shall be defined to ensure that the interaction between safety
functions can be removed without initiating safety responses and still
maintain safety functionality for the remaining potential hazards. This shall
include the interaction between systems.
• The decommissioning procedure shall define which modules/materials are to
be returned for safe disposal following decommissioning.
2.3 FUNCTIONAL SAFETY ASSESSMENT
The functional safety assessment process shall confirm the effectiveness of the
achievement of functional safety for the system. The functional safety assessment, in
this context, is limited to the safety-related system and will ensure that the system is
designed, constructed and installed in accordance with the safety requirements.
Each required safety function and its required safety properties shall be considered.
The effects of faults and errors within the system and application programs, failure
external to the system and procedural deficiencies in these safety functions are to be
considered.
The assessments are to be undertaken by an audit team that shall include personnel
outside of the project. At least one functional safety assessment shall be performed
before the presence of the potential hazards, i.e. before start-up.