Professional Documents
Culture Documents
Operation PRO-03-30
TABLE OF CONTENT
COVER PAGE 1
TABLE OF CONTENT 2
1. PURPOSE 3
2. SCOPE 3
3. SAFETY CRITICAL EQUIPMENT 4
4. RESPONSIBILTIES AND AUTHORIZATION 5
5. PERIOD OF DEFEAT 7
6. TERMINAL PROCEDURE 7
7. TRAINING 12
8. REFERENCES 12
9. Workflow for Defeat of Safety Critical Equipment 13
DEPT Doc # Page 3 of 16
Operation PRO-03-30
1.0 PURPOSE
This document describes the general procedures and definition of Defeat of
Safety Critical Equipment.
2.0 SCOPE
This procedure is intended to
a. Establish and maintain control over the process of defeat of Safety Critical
Equipment
b. Ensure that safe Operational control is maintained while any Safety Critical
Equipment is defeated or out of service.
Defeating a Safety Critical Equipment is the action of taking that device out of
service for a period of time. A request for defeat of Safety Critical Equipment is
needed when:
Consideration must also be given if this Safety Critical Equipment defeat affects
related process loops.
For this process to be effective, each terminal shall establish and maintain a list
of Safety Critical Equipment. The list must be formally approved by the Terminal
DEPT Doc # Page 5 of 16
Operation PRO-03-30
Manager and any subsequent changes (set points, control logic steps) to the list
shall be subject to Management of Change procedures.
Following are the list of safety critical systems agreed for VTKN:
4.1 Responsibilities
The Sr. Engineer Electrical is responsible to develop and maintain the list of
safety critical equipment in the Terminal, and responsible for ensuring that
relevant inspection, maintenance and operational procedures properly consider
the use, maintenance and defeat of this equipment. He is also responsible to
communicate this Safety Critical Equipment list (and any changes) to all
personnel in Operations, Maintenance, SHE departments and contractors (if
necessary). This is to ensure such equipment is not unknowingly defeated
without the proper authorization.
The risk of continue operations during the period of defeat must be assessed and
additional precautions must demonstrate that the risk has been reduced to an
acceptable level.
The Executive Ops team and Shift Leaders are responsible to ensure that
“Defeat Equipment communication” is properly carried out during shift change.
Shift leader is the defeat coordinator for better implementation of DSCE
procedure on ground. It is responsibility of Operation manager or in his absence
shift leader to track the status of the defeat from initiation to closure.
DEPT Doc # Page 7 of 16
Operation PRO-03-30
4.2 Authorization
Defeat Of Safety Critical Equipment- Authorities
The safest option is to suspend operations during the period of defeat and this
must always be the first consideration. Through coordination of maintenance and
operational activities it is often possible to choose a maintenance period when no
operational activities are planned.
The risk assessment and additional precautions must demonstrate that the risk
has been reduced to an acceptable level
If an Operation is critical and risk from Defeat of Safety Critical Equipment is
deemed low, the Asst. Manager Operations, with appropriate consultation from
the Terminal Management Team is authorized to approve the continuation of
Operations while a safety critical equipment or system is defeated. Pre-appointed
designate may authorize defeat if Asst. Manager Operations is not available.
Please note that for some equipment subject to legal inspection and
maintenance regimes such as pressure vessels and lifting equipment, the
Terminal must authorize the defeat if the Maintenance Engineer declares that the
system has to be taken out of service for remedial work.
5. PERIOD OF DEFEAT
DEPT Doc # Page 10 of 16
Operation PRO-03-30
If the period of defeat is more than 1 week, to ensure that these defeats are not
forgotten, the defeat must be re-authorized each week using a new Defeat
Authorization Form. This is to allow assessment of condition change (if any) &
risk before renewal of equipment defeat. A ‘grace period’ of 20% of the agreed
inspection interval will apply. Extension within the ‘grace period’ possible only
with written TM approval (and Authority approval if applicable).
6. TERMINAL PROCEDURES
Appendix 1 shows a typical workflow for the Defeat of Safety Critical Equipment
process, Terminals must include the following key steps during defeat of Safety
Critical Equipment.
Authorized person(s) are to make requests via the Defeat Authorization Form F-
03-30. Reasons for defeat, isolation in place (if available), consequences of
defeat and estimated period of defeat must also be clearly stated via this form.
DEPT Doc # Page 11 of 16
Operation PRO-03-30
The equipment defeat form must be raised soon after, once opportunity allows.
Safety Critical Equipment can only be defeated following the system of controls
described.
This is especially when request has been approved and risk mitigating measures
have to be taken during Operations. As a reminder, the approved defeat form
shall be displayed on the Defeat of Safety Critical Equipment Notice Board for
the duration the equipment is defeated. It is recommended that a copy of original
Defeat Form be placed on this Notice Board if a lengthy period of defeat is
expected.
Once equipment returns to service, any changes to control devices set points, or
control logic steps must be initiated using a Management Of Change system and
must be formally authorized. In some cases it will be necessary to undertake a
safety study such as a HAZOP, What if analysis, or checklist based study to
demonstrate that the set point can be safely changed.
DEPT Doc # Page 14 of 16
Operation PRO-03-30
7.0 TRAINING
8.0 REFERENCES
Vopak Standards: Defeat of Safety Critical Equipment