The operational rules

In normal operation

In normal production, all safety add-ons should be effective:

• The backup cooling sub-systems should be enabled
• The valves used to protect system components should be in their specific state, specified in the rules.

In exceptional situations

Apparently, the system design did not include means to detect all exceptional situations. Probably, it did not include formal rules about detecting faults in all valves, and risky scenario setting, which enable the operators to mistakenly perform risky maintenance activities during production.

In case of operating under hazard, such as a malfunction of a sub-system, or overheat, additional rules should have been specified and implemented:

• Direct detection and identification of the source for the exceptional situation
• Indirect detection of faults, such as by routine testing
• Alarming about the risks of the exceptional situation
• Recovery information associated with the specific alarm
• Activating means to recover from the exceptional situation
• Activating means to prevent escalation

In emergency

• The automated operation of a backup sub-system for each safety-critical sub-system
• Enabling automatic response to the alarm situation in case of operators confusion.

  Guidelines about rule specification

Updated on 18 Apr 2016.