Typically, the rebounding add-ons may not be active in normal operation. They should operate only they are needed. Therefore, by default, the secondary risks may not be detected in time. Special means should be designed to ensure that the rebounding is functional when it is needed.
The rebounding add-ons should be reliable, and special procedures should be employed routinely, to enable timely detection of failure of the rebounding add-ons.
All the rebounding add-ons should be tested periodically, to verify that they are functional and operative.
Certain rebounding add-ons can be tested regularly without interfering normal operation. For example a backup pump of a coolant can substitute the primary pump occasionally, enabling controlled early failure detection.
The system design should incorporate test mode operation, in which some of the functions are compromised in favor of testability. In test-mode operation, the operation of the rebounding add-ons is sampled, to enable early failure detection.
Safety valves may be operated partly, for very short periods, to enable verification of their operability, with minimal affect on the environment.
The operators should be reported about all situations of detection failure.
The information should not be intrusive. It should be visible and salient, but it should not interfere with the other operational activities.
Updated on 15 Oct 2016.