The
specification document would include a definition of the operational
scenarios and
situations, and of the expected combinations of them, defining the
design scope .If the system were to be redesigned to prevent this kind of accidents, it would have been designed with the resilience-oriented features as follows:
The
specification document would include a definition of the operational
scenarios and
situations, and of the expected combinations of them, defining the
design scope .
All safety critical components, including valves, should be equipped with means to identify their state.
If sensors are not available, they may be substituted with indirect means, such as by routine testing.
The resilience add-ons should be tested regularly, by special procedures.
The
control of the
Primary operation mode (Production vs. Maintenance) should impose restrictions on the
scenario of the sub-systems.
Make sure that the controls of special troubleshooting features are
error-proof, namely,
that they obey the rules for the operating in exceptional situations
Updated on 20 Apr 2016.