OFFSHORE SERVICE SPECIFICATION

DNV-OSS-300

RISK BASED VERIFICATION

APRIL 2004

DET NORSKE VERITAS

FOREWORD
DET NORSKE VERITAS (DNV) is an autonomous and independent foundation with the objectives of safeguarding life, prop-
erty and the environment, at sea and onshore. DNV undertakes classification, certification, and other verification and consultancy
services relating to quality of ships, offshore units and installations, and onshore industries worldwide, and carries out research
in relation to these functions.
DNV Offshore Codes consist of a three level hierarchy of documents:
— Offshore Service Specifications. Provide principles and procedures of DNV classification, certification, verification and con-
sultancy services.
— Offshore Standards. Provide technical provisions and acceptance criteria for general use by the offshore industry as well as
the technical basis for DNV offshore services.
— Recommended Practices. Provide proven technology and sound engineering practice as well as guidance for the higher level
Offshore Service Specifications and Offshore Standards.
DNV Offshore Codes are offered within the following areas:
A) Qualification, Quality and Safety Methodology
B) Materials Technology
C) Structures
D) Systems
E) Special Facilities
F) Pipelines and Risers
G) Asset Operation
H) Marine Operations

Amendments and Corrections

This document is valid until superseded by a new revision. Minor amendments and corrections will be published in a separate
document on the DNV web-site; normally updated twice per year (April and October). To access the web-site, select short-cut
options "Technology Services" and "Offshore Rules and Standards" at http://www.dnv.com/
The electronic web-versions of the DNV Offshore Codes will be regularly updated to include these amendments and corrections.

Comments may be sent by e-mail to rules@dnv.com

For subscription orders or information about subscription terms, please use distribution@dnv.com
Comprehensive information about DNV services, research and publications can be found at http://www.dnv.com, or can be obtained from DNV,
Veritasveien 1, N-1322 Høvik, Norway; Tel +47 67 57 99 00, Fax +47 67 57 99 11.

© Det Norske Veritas. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including
photocopying and recording, without the prior written consent of Det Norske Veritas.

Computer Typesetting (FM+SGML) by Det Norske Veritas.

Printed in Norway.

If any person suffers loss or damage which is proved to have been caused by any negligent act or omission of Det Norske Veritas, then Det Norske Veritas shall pay compensation to such person
for his proved direct loss or damage. However, the compensation shall not exceed an amount equal to ten times the fee charged for the service in question, provided that the maximum compen-
sation shall never exceed USD 2 million.
In this provision "Det Norske Veritas" shall mean the Foundation Det Norske Veritas as well as all its subsidiaries, directors, officers, employees, agents and any other acting on behalf of Det
Norske Veritas.
 Offshore Service Specification DNV-OSS-300, April 2004
Introduction – Page 3

INTRODUCTION
This Service Specification was approved by the Director of
Technology in April 2004.
Publication of this Service Specification will make the Service
Specification DNV-OSS-303 obsolete.
— This general document gives the common framework and
an overview of processes in risk based verification.
— It introduces a levelled description of verification involve-
ment during all phases of an asset’s life.
— The document facilitates a categorisation into risk levels
High, Medium and Low, assisting in an evaluation of the
risk level.
— The document assists in planning the verification through
the making of a Verification Plan.
— Providing an international standard allowing a transparent
and predictable verification scope, as well as defining ter-
minology for verification involvement.

DET NORSKE VERITAS


CONTENTS
Sec. 1 General.................................................................. 7
A. General.................................................................................... 7
A 100 Introduction....................................................................... 7
A 200 Objectives ......................................................................... 7
A 300 Scope of application.......................................................... 7
A 400 Structure of DNV Offshore Service Specifications
related to verification ........................................................ 7
A 500 Structure of this document................................................ 7
A 600 Structure of related DNV documents ............................... 7
B. Definitions and Abbreviations................................................ 8
B 100 General.............................................................................. 8
B 200 Definitions ........................................................................ 8
B 300 Abbreviations ................................................................. 8
C. References .............................................................................. 9
C 100 General............................................................................. 9
Sec. 2 Principles of Risk Based Verification ............... 10
A. General.................................................................................. 10
A 100 Objectives ....................................................................... 10
B. General Verification Principles ............................................ 10
B 100 Purpose of Verification................................................... 10
B 200 Verification as a Complementary Activity ..................... 10
B 300 Verification Based on Risk ............................................. 10
B 400 Verification Management ............................................... 10
C. Risk Based Verification Concept ......................................... 10
C 100 Elements of the service .................................................. 10
C 200 Asset Planned.................................................................. 11
C 300 Asset Specification ......................................................... 11
C 400 Risk Assessment ............................................................. 11
C 500 Definition of Verification Involvement .......................... 11
C 600 Verification Plan ............................................................. 11
C 700 Verification Execution.................................................... 12
C 800 Asset Completed ............................................................. 12
D. Risk-Differentiated Levels of Verification........................... 12
D 100 Levels of verification ...................................................... 12
E. Defining a Verification Plan................................................. 13
E 100 Risk based verification planning .................................... 13
E 200 Selection of Level of Verification .................................. 13
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
Contents – Page 5
E 300 Acceptance criteria ......................................................... 13
F. Simplified Verification Planning..........................................15
F 100 General............................................................................ 15
G. Detailed Verification Planning .............................................15
G 100 General............................................................................ 15
H. Risk Based Verification and National Regulations ..............15
H 100 General............................................................................ 15
App. A Benefits of DNV Risk Based Verification......... 16
A. General..................................................................................16
A 100 Background information................................................. 16
A 200 Verification trends .......................................................... 16
A 300 Benefits of DNV Risk Based Verification...................... 16
A 400 Other DNV services related to Risk Based Verification 17
App. B Verification and Certification Documents ....... 18
A. Verification Documents........................................................18
A 100 Purpose of Verification Documents................................ 18
A 200 Validity of Verification Documents ............................... 18
A 300 Verification Documents Provided ................................. 18
B. Certification documents........................................................19
B 100 General............................................................................ 19
B 200 Validity of Certification documents ............................... 19
App. C Example List of Typical High Risk Elements .. 20
A. High Risk Elements ..............................................................20
A 100 Offshore installations...................................................... 20
App. D Detailed Performance Requirements and
Verification
Activity Descriptions........................................... 22
A. Performance Requirements...................................................22
A 100 Setting performance requirements.................................. 22
B. Verification Activities ..........................................................22
B 100 Developing Verification Activity Lists .......................... 22
Offshore Service Specification DNV-OSS-300, April 2004
Page 6 – Contents

DET NORSKE VERITAS


SECTION 1
GENERAL
A. General
A 100 Introduction
101 This DNV Offshore Service Specification (DNV-OSS)
gives an overview of DNV Verification Services.
A 200 Objectives
201 The main objectives of this document are to:
— describe DNV’s Risk Based Verification services
— provide a common communication platform for describ-
ing the extent of verification activities, i.e. how to define
a verification scope
— give guidance to owners and other parties for selecting the
level of involvement of the verifier
— provide an opportunity to establish efficient, cost effec-
tive, predictable and transparent verification plans.
A 300 Scope of application
301 This specification applies to verification during the as-
set owner’s control of the process leading up to the completion
of a physical asset, and further during the lifetime of the asset
until abandonment.
302 This specification is primarily aimed at oil and gas re-
lated facilities and installations located onshore or offshore.
The principles may also be applied to general industrial devel-
opments.
303 This specification may be adopted for full field develop-
ment, particular phases of an asset realisation process or for
particular elements. The owner may chose to utilise DNV’s re-
sources for all or selected parts of the scope.
304 DNV’s Risk Based Verification services may be carried
out on assets specified in:
— DNV’s Offshore Standards,
— International or national standards, or
— Owner’s specification
A 400 Structure of DNV Offshore Service Specifications
related to verification
401 The DNV Offshore Service Specifications related to
verification are organised according to the pyramidal princi-
ples in Figure 1.
General
DNV- service
OSS-300 overview
DNV-OSS-3nn
Object specific
detailed
specifications
Figure 1
Hierarchy of DNV’s offshore service specifications for verifica-
tion
402 The top level document DNV-OSS-300, describes the
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
Sec.1 – Page 7
overall philosophy and services. The object-specific docu-
ments describe the principles and give detailed information re-
garding the potential scope of work for the verification of each
object.
403 An object-specific DNV-OSS provides a basis for the
development of scope of work for verification activities. Sec-
tion 2 gives the service overview and principles for scope of
work descriptions. Detailed examples of scope of work tables
are found in appendices to the object specific documents.
404 Some of the object-specific documents also give re-
quirements to achieve and maintain a DNV Certificate of Con-
formity (Ref. Appendix B).
A 500 Structure of this document
501 This document contains two sections and four appendi-
ces:
Section 1 gives the scope of the document, definitions and ref-
erences.
Section 2 explains the philosophy and principles of Risk Based
Verification. It explains the risk-differentiated levels of in-
volvement, the elements in the RBV chain and the different
methodologies within risk assessment to develop a Verifica-
tion Plan.
Appendix A gives the benefits of a targeted and planned veri-
fication.
Appendix B gives an overview of the main verification and cer-
tification documents issued by DNV, including the DNV Cer-
tificate of Conformity and the DNV Statement of Compliance.
Appendix C is an example list of typical high risk elements for
the main types offshore installations
Appendix D gives information on how to develop detailed per-
formance requirements and verification activities.
A 600 Structure of related DNV documents
601 The DNV document systems consist of a three-level hi-
erarchy with these main features:
— Principles and procedures related to DNV’s services are
separate from technical requirements and are presented in
DNV Offshore Service Specifications. The documents
described in Figure 1 belong here.
— Technical requirements are issued as self-contained DNV
Offshore Standards.
— Associated product documents are issued as DNV Recom-
mended Practices.
602 The hierarchy is designed with these objectives:
— Offshore Service Specifications present the scope and ex-
tent of DNV’s services.
— Offshore Standards are issued as neutral technical stand-
ards to enable their use by national authorities, as interna-
tional codes and as company or project specifications
without reference to DNV’s services.
— The Recommended Practices give DNV’s interpretation
of safe engineering practice for general use by industry.
Guidance note:
The latest revision of all DNV documents may be found in the
publications list on the DNV web site www.dnv.com.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
Offshore Service Specification DNV-OSS-300, April 2004
Page 8 – Sec.1
B. Definitions and Abbreviations
B 100 General
101 The following definitions should be applied only in the
context of this document, and may not necessarily be appropri-
ate for services outside the Risk Based Verification approach
as described.
B 200 Definitions
201 Asset: Loose term used to describe the item to be made
or maintained. Can refer to a full field development, a topside
facility, a pipeline system, a compressor station etc. or a part of
these. It is interchangeable with the term Object.
202 Certificate of Conformity: A document signed by a qual-
ified party affirming that, at the time of assessment, the product
or service met the stated requirements (BS 4778: Part 2).
Guidance note:
For this OSS, a Certificate is a short document (often a single
page) stating conformity with specified requirements. The results
from associated verification shall be contained in a separate (sin-
gle or multiple volume) report.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
203 Certification: Used in this document to mean all the ac-
tivities associated with the process leading up to the Certifi-
cate.
Guidance note:
In the DNV- OSS when Certification is used it designates the
overall scope of work or multiple activities for the issue of a Cer-
tificate, whilst Verification is also used for single activities asso-
ciated with the work. This in essence means that Certification is
Verification for which the deliverable includes the issue of a Cer-
tificate.
Other (related) definitions are:
BS 4778: Part 2: Certification: The authoritative act of docu-
menting compliance with requirements.
EN 45011: Certification of Conformity: Action by a third party,
demonstrating that adequate confidence is provided that a duly
identified product, process or service is in conformity with a spe-
cific standard or other normative document.
ISO 8402: 1994: Verification: Confirmation by examination and
provision of objective evidence that specified requirements have
been fulfilled.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
204 Element: Loose term which can mean anything from a
drilling rig to a system or a component. the level of detail will
depend on the situation. In a hierarchic structure elements are
below asset.
205 Hazard: A deviation (departure from the design and op-
erating intention) which could cause damage, injury or other
form of loss (Chemical Industries Association HAZOP
Guide).
206 HAZOP (HAZard and OPerability study): The applica-
tion of a formal systematic critical examination to the process
and engineering intentions of new or existing facilities to as-
sess the hazard potential of mal-operation or mal-function of
individual items of equipment and their consequential effects
on the facility as a whole (Chemical Industries Association
HAZOP Guide).
207 HAZID, (HAZard IDentification): A technique for the
identification of all significant hazards associated with the par-
ticular activity under consideration. (ISO-17776)
208 Life cycle: Loose term which includes all phases of an
asset; concept studies, front end engineering design (FEED),
design, procurement, fabrication, hook-up, commissioning,
operation/ production, maintenance, inspection and abandon-
ment.
209 Object: Loose term used to describe the item to be made
DET NORSKE VERITAS
or maintained. Can refer to a full field development, a topside
facility, a pipeline system, a compressor station etc. or a part of
these. It is interchangeable with the term Asset.
210 Owner: In the document used not just to describe the ac-
tual owner, but also to used to reflect DNV’s contractual part-
ner. In many projects the owner authorises the contractor to act
on his behalf and it shall then mean the contractual partner.
211 Performance requirement: A description of the essential
requirements to be met, maintained or provide on demand by
an element. Appendix D may be used for guidance.
212 Risk: The qualitative or quantitative likelihood of an ac-
cident or unplanned event occurring, considered in conjunc-
tion with the potential consequences of such a failure. In
quantitative terms, risk is the quantified probability of a de-
fined failure mode times its quantified consequence.
Guidance note:
Risk is not only related to physical failure modes, but also to op-
erational errors, human errors and so on. For some risks the func-
tional failures or physical failure modes contribute less than 20%
while more than 80% of the risk relates to other devices.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
213 Risk Reduction Measures: Those measures taken to re-
duce the risks to the operation of the system and to the health
and safety of personnel associated with it or in its vicinity by:
— Reduction in the probability of failure.
— Mitigation of the consequences of failure
Guidance note:
The usual order of preference of risk reduction measures is:
a) Inherent Safety.
b) Prevention.
c) Detection.
d) Control.
e) Mitigation.
f) Emergency Response.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
214 Safety Objectives: The safety goals for the construction,
operation and decommissioning of the asset including accept-
ance criteria for the level of risk acceptable to the Owner.
215 Statement of Compliance: A statement or report signed
by a qualified party affirming that, at the time of assessment,
the defined asset phase, or collection of activities, met the re-
quirements stated by the Owner.
216 Verification is confirmation by examination and provi-
sion of objective evidence that specified requirements have
been fulfilled (ISO 8402: 1994).
Guidance note:
The examination shall be based on information, which can be
proved true, based on facts obtained through observation, meas-
urement, test or other means.
See also Certification.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
B 300 Abbreviations
301
DNV Det Norske Veritas
OS Offshore Standard, used in the form DNV-OS
OSS Offshore Service Specification, used in the form
DNV-OSS
QRA Quantitative Risk Analysis
RBV Risk Based Verification

C. References
C 100 General
101 A guide to Hazard and Operability studies, 1979, Chem-
ical Industries Association Limited. London
102 ISO 8402 Quality – Vocabulary, 1994, International Or-
ganization for Standardization, Geneva
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
Sec.1 – Page 9
103 BS4778 Quality Vocabulary, Part 2 Quality concepts
and Related Definitions, 1991, British Standard Institute, Lon-
don
104 EN 45011 General Criteria for Certification Bodies Op-
erating Product Certification, 1998, European Committee for
Standardization, Brussels
105 ISO 17776 Petroleum and natural gas industries – Off-
shore production installations - Guidelines on Tools and Tech-
niques for Hazard Identification and Risk Assessment, 2000,
International Organization for Standardization, Geneva.
Offshore Service Specification DNV-OSS-300, April 2004
Page 10 – Sec.2

SECTION 2
PRINCIPLES OF RISK BASED VERIFICATION

A. General oretical and practical knowledge and experience of the activity

being examined. An adequate verification of some activities
A 100 Objectives may require access to specialised technical knowledge.
101 The objectives of this section are to provide: 403 As well as demonstrating competence of individuals,
the verification organisation shall also be able to show compe-
— an introduction to the DNV Risk Based Verification Con- tence and experience in verification work for relevant assets.
cept and the elements of the Risk Based Verification
Chain
— an introduction to the principles of risk differentiated lev-
els of verification activities C. Risk Based Verification Concept
— guidelines on the selection of levels of verification.
C 100 Elements of the service
101 The risk based verification concept can be visualised to
involve the elements in Figure 1. It is a chain with iterative
B. General Verification Principles loops.
B 100 Purpose of Verification
101 Verification constitutes a systematic and independent Asset Planned
examination of the various lifecycle phases of an asset to de-
termine whether it is (or continues to be) in compliance with
some or all of the asset specifications. Asset Specification
102 Verification activities are expected to identify errors or including overall Owner acceptance criteria,
failures in the work associated with the asset and to contribute
to reducing the risks to the operation of the asset and to the performance requirements and verification
health and safety of personnel associated with it or in its vicin- objectives
ity or other unwanted situations.
B 200 Verification as a Complementary Activity Risk Assessment
201 Verification shall be complementary to routine design, including identification of hazards and
construction and operations activities and not a substitute for
them. Therefore, although verification will take into account ranking of hazards based on risk evaluation
the work, and the assurance of that work, carried out by the
owner and its contractors, it is inevitable that verification will
duplicate some work that has been carried out previously by
other parties involved in the asset or system. Definition of Verification Involvement
B 300 Verification Based on Risk including detailing of acceptance criteria and
301 Verification based on risk is founded on the premise that performance requirements
the risk of failure can be assessed in relation to a level that is
acceptable and that the verification process can be used to
manage that risk. The verification process is therefore a tool to Verification Plan
maintain the risk below the acceptance limit.
including list of verification activities
302 Verification based on risk aims to be developed and im-
plemented in such a way as to minimise additional work, and
cost, but to maximise its effectiveness. The development of a
risk based verification plan shall depend on a risk assessment
and the findings from the examination of quality management Verification Execution
systems, documents and production activities. including reporting of compliance or non-
B 400 Verification Management compliance
401 The philosophy and verification methods used shall be
described in a Verification Plan to ensure satisfactory comple-
tion of verification. Asset Completed
The philosophy and these methods should ensure that verifica-
tion: Figure 1
The DNV Risk Based Verification Chain
— has a consistent and constructive approach to the satisfac-
tory completion and operation of the asset
— is available world-wide wherever the owner or his contrac- 102 Asset is used collectively. It is an onshore or offshore in-
tors operate stallation or part thereof, a system or process, or a development
— uses up-to-date methods, tools and procedures phase such as feasibility, design, construction, commissioning,
— uses qualified and experienced personnel. operation and decommissioning.
402 All verification activities shall be carried out by compe- 103 The Asset Planned and Asset Decommissioned are the
tent personnel. Competence includes having the necessary the- boundaries of the Risk Based Verification process.

DET NORSKE VERITAS


104 Asset Specification, Risk Assessment and Definition of
Verification Involvement are inputs into the Verification Plan,
while Verification Execution is the implementation of the Ver-
ification Plan.
The Risk Based Verification service comprises of one, some or
all of these main elements.
C 200 Asset Planned
201 Asset Planned is the starting point for any project or
project phase and is the decision of the owner. It comprises a
general description of the project in the form of functionality,
safety, capacity, economics etc.
C 300 Asset Specification
301 Asset Specification has been identified as a separate el-
ement to focus on the need to address objectives, acceptance
criteria and performance requirements to the asset.
302 This element in the chain comprises:
— detailing of the description at the system level of the
project in the form of functionality, safety, capacity, eco-
nomics etc.
— identification or definition of verification philosophy,
safety objectives etc., including selection of safety and/or
business and/or environmental focus and goals
— identification of codes and technical specifications (e.g.
standard company material specifications) to be adopted
— definition of high level performance requirements for the
asset and identification of main elements and specific per-
formance requirements thereof.
303 The detailing of elements and requirements will vary
from project to project. The timing for detailing will also vary
and is affected by matters like contract type and philosophy,
owners involvement in the process, level of innovative ele-
ments in the project, life time business philosophy etc.
C 400 Risk Assessment
401 Risk Assessment is the identification of hazards, fre-
quencies of occurrence, consequences and risk drivers. The
risk can be defined on a general level for the project, for differ-
ent phases of a project or for detailed elements of the asset.
402 The risk can be evaluated based on safety, environmen-
tal impact, economics, schedule, Public Relations, reputation
or other criteria set by the owner.
403 Risk Assessment can be based on engineering judge-
ment (pragmatic) or on analytical processes. In section E dif-
ferent methods have been described to arrive at the conclusions
necessary to formulate a risk based verification plan.
404 Once the risks have been identified their extent can be
reduced to a level as low as reasonably practicable or as low as
corporately required, by means of one or both of:
— reduction in the probability of failure
— mitigation of the consequences of failure.
Guidance note:
Reasonable Practicability
The term “as low as reasonably practicable (ALARP)” has come
into use through the United Kingdom’s “The Health and Safety
at Work etc. Act 1974”. Reasonable Practicability is not defined
in the Act but has acquired meaning by interpretations in the
courts.
It has been interpreted to mean that the degree of risk from any
particular activity can be balanced against the cost, time and trou-
ble of the measures to be taken to reduce the risk.
It follows, therefore, that the greater the risk the more reasonable
it would be to incur substantial cost, time and effort in reducing
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
Sec.2 – Page 11
that risk. Similarly, if the risk was very small it would not be rea-
sonable to expect great expense or effort to be incurred in reduc-
ing it.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
405 The systematic assessment of risks and the implementa-
tion of measures to reduce these, results in a relative ranking of
the risk level of the elements and /or sub-elements of the asset.
406 The ranking of the elements will differ depending on the
acceptance criteria; safety, environmental impact, economics,
schedule, public relations, reputation or others. Different crite-
ria may be applied to factor the importance of these.
C 500 Definition of Verification Involvement
501 Definition of verification involvement or level(s) in-
cludes defining the cut-off level under which no verification
activity shall be performed and to define the appropriate level
of involvement for the others.
502 Based on the relative risk level of the elements the ver-
ification intensity should increase towards the highest risk ele-
ments.
Guidance note:
Verification of risk reducing measures e.g. in the form of risk re-
ducing barriers, should be directed towards the risk reducing
measures (barriers) which claims to have the highest risk reduc-
ing effects.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
503 In this process the overall acceptance criteria from the
Asset Specification should be cascaded down to more detailed
performance requirements for individual elements or groups of
elements.
504 The risk ranking is used in the selection of the appropri-
ate verification activity level and type to be described in the
verification plan.
C 600 Verification Plan
601 The Verification Plan is the pivot element in the DNV
Risk Based Verification systematics.
602 The Verification Plan is the scope of work (SOW) for
verification. It should be revisited, re-evaluated and possibly
revised as the project progresses and new information becomes
available.
603 The more specific the Verification Plan, the more pre-
dictable the verification activities will be.
604 The Verification Plan repeats the verification objective
and the criteria for selecting the highest risk elements and the
verification involvement, as given by the Owner. It includes
the findings from the risk assessment step, defines which asset
specifications shall be verified, and also the level of involve-
ment by party and type of verification activity.
605 The Verification Plan further consists of listing the el-
ements and their performance requirements together with the
type and depth of scrutiny to which each shall be subjected.
606 The verification involvement level can be described us-
ing the tables in Sect.2 of the relevant object specific DNV-
OSS.
607 Detailed scope of work tables listing all the sub-ele-
ments of an asset, can either be developed from the tables in
Sec. 2 of the relevant object specific DNV-OSS or they can be
based on the example tables included in the appendices.
608 For information typical high risk elements with respect
to safety of personnel, often termed Safety Critical Elements,
are presented in Appendix C.
Offshore Service Specification DNV-OSS-300, April 2004
Page 12 – Sec.2

C 700 Verification Execution Guidance note:

701 Verification Execution is document review, independent
analyses, inspection, monitoring, site visits, process audits,
technical audits, testing, etc. according to the Verification
Plan.
702 Information arising from execution should be used to
identify continuous improvements to the Verification Plan.
E.g. evidence of good systematic control may be used to re-
An element can be everything from a drilling rig to an important
component or system, depending on the detailing level of the risk
assessment being carried out.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
Increasing

Probability of Failure
High
duce the verification activities. Risk
HIGH
703 The purpose of verification activities is to confirm com-
pliance or identify non-compliance with the asset specifica-
tion. MEDIUM

C 800 Asset Completed

Low
LOW
801 Asset Completed is the end point of any lifecycle phase
or phases, which complies with the relevant planned asset and Low High
the asset specification. Consequence of Failure
Figure 2
Levels of verification
D. Risk-Differentiated Levels of Verification
D 100 Levels of verification
A
101 The level of verification activity should be differentiat- B
ed according to the risk to the asset or element or phases there-
C
Elements

of. If the risk to the asset is higher, the level of verification

involvement is higher. Conversely, if the risk to the asset is
lower, the level of verification activities can be reduced, with-
out any reduction in their effectiveness.
102 It is emphasised that the activity level describes the
depth of the verification involvement. It follows, therefore,
that an increase in the level of involvement above that consid-
ered necessary, based on an evaluation of the risks, involves
minimal extra risk reduction for increased cost. This practice is
unlikely to be cost-effective.
103 Verification of assets or elements thereof are typically
categorised into Low, Medium and High.
Low is the level of verification applied where the risks to the
asset are lower than average. For example, it has benign con-
tents, it is located in congenial environmental conditions, or
the contractors are well experienced in the design and con-
struction of similar assets. This level may also be appropriate
when the Owner (or other parties) performs a large degree of
verification and/or quality assurance work.
Medium is the customary level of verification activity and is
applied to the majority of assets.
High is the level of verification applied where the risks to the
asset is higher than average. For example, it has highly corro-
sive contents, it is in adverse environmental conditions, it is
technically innovative or the contractors are not well experi-
enced in the design and construction of similar assets. This lev-
el may also be appropriate when the Owner chooses to have a
small technical involvement or performs little own verifica-
tion.
Guidance note:
The terms Basic, Regular and Special are sometimes used to de-
scribe the level of involvement. If these are used in connection
with DNV Risk Based Verification, then Basic shall mean Low,
Regular shall mean Medium and Special shall mean High.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
104 Illustrations of the levels of involvement are given in
Figures 2 and 3. Figure 2 illustrates the levels as a function of
probability and consequence of failure. Figure 3 illustrates
how increasing depth of scrutiny is assigned to elements with
increasing risk levels.
D
E
F
G
H
I
Axis of increasing risk
and depth of scrutiny
Figure 3
Increasing verification scrutiny as a function of increasing risk
level for each element
105 It is the prerogative of the owner of the asset system to
choose the level of verification. The selection should be docu-
mented.
106 Different levels of verification can be chosen for differ-
ent lifecycle phases of the asset, or even within the same phase
if necessary. For example, asset design may be innovative and
considered high risk whereas the installation method is well
known and considered low risk. The converse might be true al-
so.
107 The level of verification can be reduced or increased
during a phase if the originally chosen level is considered too
rigorous or too lenient, as new information on the risks to the
asset becomes available. Care should be taken to ensure that
short term gains do not influence the reduction of verification,
which could lead to a long term detriment.
108 Verification should be planned in close co-operation
with the Owner and each of the contractors, to provide a scope
of work that is adjusted to the schedule of each lifecycle ele-
ment, i.e. to make the verification activities, surveillance and
hold points, an integrated activity and not a delaying activity.
Guidance note:
Many Contractors have adequate quality control systems and
quality control departments, with competent personnel to per-
form, for example, inspection at plants and specialist engineers
competent to review and verify the performance of plants.

DET NORSKE VERITAS

 Offshore Service Specification DNV-OSS-300, April 2004
Sec.2 – Page 13

In that case, all verification work need not be done by DNV per-
sonnel. Where applicable, the various inspections may be carried
out by competent persons other than DNV personnel.
In that situation a substantial part of DNV’s verification activities
may be encompassed by:
- reviewing the competence of the Contractor’s personnel,
- auditing their working methods and their performance of that
work, and
- reviewing the documents produced by them.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
109 Verification should direct greatest effort at those ele-
ments of the asset or system whose failure or reduced perform-
ance will have the most significant impact on safety or the
other defined project risks. These elements are termed high
risk elements or sometimes Critical Elements.
110 The degree of confidence placed in verification reports
depends on the degree of confidence in the verification activi-
ties carried out. Therefore, the verification plan must be trans-
parent and give clear details of the level of verification for both
elements and phases.
E. Defining a Verification Plan
E 100 Risk based verification planning
101 The selection of the level of verification shall depend on
the risk level of each element having an impact on the manage-
ment of hazards and associated risk levels of the asset.
102 The effort spent to select the overall level of verification
and the detailing and differentiation between different ele-
ments will vary from project to project. It is a business decision
on how to balance the effort of up-front planning with that of
some additional effort during verification execution.
103 The tools used to arrive at a Verification Plan range
from engineering judgement risk assessment to analytical risk
assessments. The former generally reflects less effort in the up-
front planning stage while the latter directs more efforts into
the particulars of a specific project.
104 The span in the method is illustrated in Figure 4. Most
projects will utilise a combination of tools.
Guidance note:
Typically, for a tender phase it may be useful to utilise engineer-
ing judgement to make an initial Verification Plan. When updat-
ing the Verification Plan the appropriate analytical tools can be
utilised.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
E 200 Selection of Level of Verification
201 Suitable selection factors include:
— overall asset specification
— assessment of the risks associated with the asset and the
measures taken to reduce these risks
— degree of technical innovation in the asset system
— experience of the contractors in carrying out similar work
— quality management systems of the Owner and their con-
tractors.
202 To facilitate the selection of the level of verification a
set of trigger questions based on the above list of selection fac-
tors, has been prepared and is included in the object specific
DNV-OSS.
203 To further assist in the selection of general level of ver-
ification Table E1 can give some guidance.
204 The level of verification is selected for each individual
element and should reflect the risk level as well as the type of
performance requirements.
Guidance note:
To achieve a consistent verification involvement relative to risk
level a practical and visual approach can be to plot the elements
and relative risk levels as in Figure 3. Decide on the maximum
level of involvement (L, M or H) and draw the line to the left of
which no verification shall be made. The area enveloping the el-
ements to be verified can then be split in to areas with uniform
verification involvement.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
E 300 Acceptance criteria
301 Defined acceptance criteria are essential to confirm
compliance and identify non-compliance.
302 The format and detailing may differ. Assets, elements or
lifecycle phases for which technical standards or company
specifications exist, may have relatively short and simple ac-
ceptance criteria. For assets, elements or lifecycle phases not
readily covered by prescriptive standards, greater effort is di-
rected into the particulars of the specific project and this often
results in more detailed performance requirements.

Table E1 Levels of verification and guidance on typical involvement at system level

Level Typical System Characteristics Description of typical verification involvement
Low — Proven designs with relatively harmless content and/or in- — Review of General Principles and production systems dur-
stalled in benign environmental conditions. ing design and construction.
— State of the art design, manufacturing and installation by — Review of principal design documents, construction pro-
experienced contractors. cedures and qualification reports.
— Low consequences of failure from a commercial, safety or — Site attendance only during system testing.
environmental point of view. — Less comprehensive involvement than level Medium.
— Relaxed to normal completion schedule.
Medium — Asset in moderate or well controlled environmental condi- — Review of General Principles and production systems dur-
tions. ing design and construction.
— Plants with a moderate degree of novelty — Detailed review of principal and other selected design
— Medium consequences of failure from a commercial, safe- document with support of simplified independent analy-
ty or environmental point of view. ses.
— Ordinary completion schedule. — Full time attendance during (procedure) qualification and
review of the resulting reports.
— Audit based or intermittent presence at site.
High — Innovative designs. — Review of General Principles and production systems dur-
— Extreme environmental conditions. ing design and construction.
— Plants with a high degree of novelty or large leaps in tech- — Detailed review of most design document with support of
nology. simplified and advanced independent analyses.
— Contractors with limited experience or exceptionally tight — Full time attendance during (procedure) qualification and
completion schedule. review of the resulting reports.
— Very high consequences of failure from a commercial, — Full time presence at site for most activities.
safety or environmental point of view. — More comprehensive involvement than level Medium.

DET NORSKE VERITAS

Offshore Service Specification DNV-OSS-300, April 2004
Page 14 – Sec.2

Asset
Specification

Simplified verification Detailed verification

Combined
planning, based on verification planning, based on
Engineering judgement planning Analytical risk assessment:

Risk assessment HAZID for the asset. This may be done

based on trigger stepwise with increasing detailing on the
questions. more complex components/processes.

Conclude on The predefined tables may be useful

overall references
Risk Identify
Assessment verification elements for
involvement; verification
H, M or L Frequency of occurrence Consequence
and prepare
verification
plan based
on any Analytical assessment of risk and
Prepare combination identification of relative risk levels.
Verification of the The relative risk may be grouped into
Plan based on simplified Low, Medium or High
predefined and detained
tables. verification
planning.
Include Define acceptance criteria or performance
Definition of requirements in more detail
Verification adjustments to
Level tailor for the
particular asset. Prepare Verification Plan based on the
assessed risks, risk drivers and acceptance
Confirm criteria as defined above.
acceptance The type and depth of verification is
criteria to be described using the same terminology as used
sufficient. in the predefined tables.

Verification
Plan

Figure 4
Verificaton planning

DET NORSKE VERITAS


F. Simplified Verification Planning
F 100 General
101 Simplified verification planning is mainly based on en-
gineering judgment and reflects DNV's in-house experience as
well as the industry experience as reflected in a number of
technical standards. Both have been used to make up the object
specific DNV-OSS’s.
102 The steps in the simplified verification planning are as
follows:
— Use trigger questions to assess the overall risk level of the
project (or manageable elements thereof).
— Evaluate the risk against the relevant owner or project ac-
ceptance criteria (often this can be directly tied to the own-
er core values or a sub-set of these) and decide whether the
general verification involvement shall be Low, Medium or
High.
— Use the detailed scope of work tables in the object DNV-
OSS to make a first draft of a Verification Plan
— Generate the project specific Verification Plan by include
a project specific engineering judgment to adjust the table
to suit the project
— Perform the verification execution according to the Verifi-
cation Plan, making revision to the plan if and when nec-
essary.
103 Care shall be taken not to use this process without suf-
ficient attention to its built-in simplifications. Particularly the
use of example tables in the appendices can never replace the
need for project specific assessments. They can, however, be
very useful starting and reference points.
G. Detailed Verification Planning
G 100 General
101 The analytical verification planning is based on the use
of (quantitative) risk methods to establish project specific
identification of the relative risk level of the project elements.
102 Depending on the project size and type the risk assess-
ment will often include an initial qualitative risk assessment
screening prior to a full quantitative risk analysis, QRA.
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
Sec.2 – Page 15
103 A description on how to carry out HAZID, HAZOPD
and QRA in general is not given in this DNV-OSS. The meth-
odology is described in numerous books and publications on
the subject.
104 Particularly for projects or project elements were there
are limited or inadequate prescriptive technical standards or if
the performance requirements are of a nature that make avail-
able prescriptive standards inadequate, it is advisable to invest
more time and effort in the planning stages.
105 With limited prescriptive standards the need and also the
effort required to define the acceptance criteria for individual
or groups of elements will normally increase. Appendix D ad-
dresses how to formulate detailed performance requirements
and also how these and the risk elements are developed into
verification activity lists, which are finally included in the Ver-
ification Plan
H. Risk Based Verification and National
Regulations
H 100 General
101 Many national authorities have specific requirements to
the verification activities. These can be in the form of mini-
mum requirements to documentation of risk and risk reducing
measures, which documents shall be presented to the authori-
ties, mandatory use of standards etc. The authorities may also
have requirements to roles and responsibility, independence of
verifier, content and form of verification activities, terminolo-
gy etc.
102 The particulars of the relevant national requirements
shall be observed when planning and performing Risk Based
Verification.
Guidance note:
The Offshore Installations (Safety Case) Regulations in UK can
be an example of particular National Authority requirements.
The risk based verification approach fits very well with these reg-
ulations, but one needs to ensure that the correct documents and
terminology are used and understood e.g. Major Accidents Haz-
ards, Safety-Critical Elements, Performance Standards etc.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
Offshore Service Specification DNV-OSS-300, April 2004
Page 16 – App.A
APPENDIX A
BENEFITS OF DNV RISK BASED VERIFICATION
A. General
A 100 Background information
101 This appendix gives background information on verifi-
cation and the possible benefits thereof.
A 200 Verification trends
201 Verification has historically been carried out with a va-
riety of scope and depth of involvement. The depth of involve-
ment, or level of verification, has not always been very
transparent.
202 There are national authorities requiring verification or
even certification of offshore or onshore installations (assets)
and have appointed specific organisations qualified for this
work.
203 Some of these national authorities may have detailed re-
quirements to the verification or certification activity, while
others leave the definition of the necessary work up to the ap-
pointed organisation. Other national authorities require specif-
ic documents to be verified and approved by them, some hold
the owner responsible for the verification activities, others
again may not have any specific requirements.
204 The trend is that authorities remove themselves from the
prescriptive regimes and convert to functional requirements
and safety and risk approaches. It is therefore believed that
there will be a stronger demand for measurable objectives to be
presented by the owners. The objectives are linked, as a mini-
mum, to the expectations from the authorities on safety to the
work force, the public and the environment. Economics may
be an additional minimum requirement from the owner and his
partners.
205 As a means to fulfilling these expectations business to-
day is often characterised by a defined desire to systematically
balance expected costs and benefits. The aim is an optimum
control of the uncertainties (or risks) related to the objectives.
206 Even where national authorities do not require verifica-
tion of installations (assets), verification (or certification) is a
convenient tool for the owner to get an independent evaluation
of the contractor(s) work or to show financiers, partners, insur-
ers and the public that the asset complies with relevant safety
levels and other requirements in the asset specification.
207 It is good business practice to subject important work to
a third-party check as this reduces the possibility of errors re-
maining undetected. Third-party verification will ensure that
the verifier has an independent view and perspective when per-
forming this activity. Furthermore, it will avoid the situation
where errors could be overlooked by engineers or others be-
cause of their closeness to the work with the asset.
208 Systematic risk based assessment methods are more of-
ten used to identify the risk associated with the elements.
Based on this identified risk, focus is put on the relevant ac-
ceptance criteria pertaining to integrity, functionality, surviva-
bility, availability, reliability, maintainability, and
environmental impact of an asset throughout its lifecycle.
209 The result of the systematic identification of risk can be
utilised in the design and construction by the Contractor and by
the Owner or a 3rd party to optimise the verification activities
through a well defined and transparent verification plan.
210 Not all projects nor all high risk elements have great de-
grees of novelty or innovation requiring a large degree of so-
phistication when predicting risk. The high risk elements or
DET NORSKE VERITAS
phases can often be determined by what is addressed in inter-
national technical standards and from general experience. For
these projects the ability to communicate the correct or desired
level of verification may be the most time consuming exercise.
211 At the other end of the scale are the projects that have
greater uncertainty, and often appears to be high risk, but
which need to be systematically addressed to be able to identi-
fy the hazards, the probability and consequences of occurrence
and the risk levels of the elements. For these projects the cor-
rect identification and ranking of the risk of the elements is es-
sential for the project optimisation process and planning of the
verification activities. However, it is also for these necessary
to be able to communicate the level of verification and link it
to the associated risk.
212 For almost all projects, interface activities are important
and many have experienced that inadequate interface manage-
ment can be very costly and time consuming.
A 300 Benefits of DNV Risk Based Verification
301 Business today is characterised by the need to balance
cost and benefits through a better understanding and mastering
of the assets and their associated risks. Risk Based Verification
aims at balancing the efforts to control the operational and
technological risks and for an optimum control of risks and un-
certainties from the concept stage to decommissioning or
abandonment of any asset. It may provide cost and time sav-
ings compared with prescriptive verification or certification by
focusing on risk and by prioritising verification efforts.
302 The use of a more elaborate analytical method to plan
the verification may give substantial cost benefits during the
verification execution. Particularly for projects characterised
by the following:
— a high degree of complexity
— significant elements of new or unproven technology
— proven elements being introduced to new operating condi-
tions or applications
— participants having limited experience in a type of asset or
development
— challenging development programmes.
303 DNV aims through Risk Based Verification, to instil
confidence in our customers. Through independent and com-
petent scrutiny the intent is to confirm that the asset is de-
signed, constructed and/or operated so that:
— it is fit for its intended purpose,
— its level of integrity is as high as reasonably practicable
— the associated risk to health, life, property and environ-
ment is as low as reasonably practicable.
304 Such confidence arising from Risk Based Verification is
not necessarily limited to DNV’s traditional customers – it can
be extended to contractors or other project participants, own-
ers, financiers, partners, insurers etc. that an asset complies
with a relevant basis, even in areas where formal references
may be missing or are under development.
305 The advantages for DNV’s customers in applying a Risk
Based Verification approach may include:
— reduced probability of undesirable events
— improved availability and reliability
— cost and time savings through avoiding undue attention to
areas and activities that are low contributors to risk
— contributing to optimised expenditure (CAPEX, OPEX
and RISKEX) in high risk areas

— early involvement in projects to ensure correct decisions
and minimal rework
— a demonstrable and auditable case for safety or other own-
er or project core values
— active support to, and demonstration of achievement of,
these core values
— confirmation, and increased visibility, of the above to
(project) partners and other stakeholders and to Regulato-
ry Bodies.
306 For a new asset development Risk Based Verification
services should seek to reduce any uncertainty in the design as
early as possible, and if any weaknesses are revealed allow for
effective management of necessary changes, ref. Figure 2 “Ef-
fects of Early Involvement”. DNV’s verification experience
reinforces the important message of early involvement and the
need for in-depth knowledge of the activities required to obtain
optimal resource allocation for the verification process. A
proactive approach is required and places particular emphasis
on roles and responsibilities.
Increase
Ability to Cost of
Influence Change
Concept Commissioning
Time
Figure 1
Effect of early involvement
307 The above processes should consider all phases of the
asset lifecycle. For example during the offshore commission-
ing phase of a new asset there may be temporary items of
equipment provided which should be identified as high risk el-
ements (e.g. temporary fire/gas detection).
308 DNV believes that a strong focus on the development of
the Verification Plan will support a common interpretation of
verification philosophies and requirements (which may differ
from one project to another), and this should facilitate a more
cost effective verification execution and provide for greater
potential value to be obtained from the overall verification
process.
309 Database applications (for example DNV’s Verifier
software) can be implemented to assist with development and
execution of Verification Plans, including the capability to
record the status of all verification activities, and provide re-
ports on their status. Such database applications can assist co-
ordination by making the status available to all involved in ver-
ification, including the customer, simultaneously.
DET NORSKE VERITAS
Offshore Service Specification DNV-OSS-300, April 2004
App.A – Page 17
Input
Management
Verification Planning
Risk Management
Verification
Design
Construction
Operation
Management
Optimum output
Figure 2
The asset realisation process
310 The optimisation can be regarded as the process to
shrink the total volume of the circle in Figure 2 and to find the
ideal balance between Contractor and 3rd party volumes within
that circle.
311 Alternatively, the volume of the ball can be used to indi-
cate the cost of the process. The correct balance between the
two sides may reduce the total volume of the whole process
and at the same time achieve the optimum asset. By optimum
asset we mean one that through its lifecycle is suitable for the
operation and has the correct balance between the quality, cost,
environmental impact, safety, schedule and any other elements
defined by Owner.
A 400 Other DNV services related to Risk Based Verifi-
cation
401 Any of the areas of Risk Based Verification involvement
can be integrated with other DNV services, potentially with
enhanced effectiveness, such as:
— Project Risk Management
— assisting with development of project HSE philosophy
— conducting, or participating in, Hazid
— risk studies or assessments (e.g. QRA)
— reviewing the customer’s formal safety assessment (safety
case) to confirm the adequacy and robustness of the proc-
ess
— providing a suitable computer application to manage veri-
fication requirements and findings
— managing other legislative compliance requirements on
behalf of the customer or asset owner
— developing or reviewing Reliability Centred Maintenance
(RCM) and Risk Based Inspection (RBI) philosophies and
procedures.
Offshore Service Specification DNV-OSS-300, April 2004
Page 18 – App.B

APPENDIX B
VERIFICATION AND CERTIFICATION DOCUMENTS

A. Verification Documents
A 100 Purpose of Verification Documents Statement of Compliance
101 Verification documents are issued by DNV. The pur- with accompanying
pose of these documents is to provide documentation that ob- verification report
jective evidence has been presented to confirm compliance
with the requirements and to document the work performed by
DNV.
Guidance note:
Examples of document forms are found in the objects specific Verification Report
DNV-OSS.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---

102 Intermediate verification documents act as a form of

progress reporting showing satisfactory completion of com- Intermediate documents
plete life cycle verification activities for various issues, items
or phases of the asset.
Figure 1
103 The verification documents follow the hierarchy shown Document hierarchy for verification
below and in Figure 1:
— Statement of Compliance A 200 Validity of Verification Documents
— Verification Report
— Intermediate documents 201 Verification documents are, in principle, documents
confirming that an examination has been carried out, and are
— Audit reports valid only at the time of issue.
— Verification Comments
A 300 Verification Documents Provided
— Visit reports
301 The types of documents issued by DNV relative to the
104 A description of each of these is given in the respective different stages of the verification process are illustrated by
object specific DNV-OSS. Table B1.

Table B1 Asset VERIFICATION – Documents provided by DNV

Reference Standard DNV Offshore Standard or other agreed technical standard
for verification
Design Construction Operation
Manufacturing of

Manufacturing of

Operation, Main-
Equipment and
Detail Design

Components

tenance and
Completion
Assemblies
Conceptual

Installation
Design

Project

Project Phases Repair

Types of Verification
Documents Provided Statement of Compliance for individual phase or natural part thereof

DET NORSKE VERITAS

 Offshore Service Specification DNV-OSS-300, April 2004
App.B – Page 19

B. Certification documents
Certificate of Conformity
B 100 General
with accompanying
101 DNV Certification is a special form of verification verification report
where the total scope is defined by DNV. Reference is given to
the section on definitions. For statutory certification the scope
should in principle be defined by the regulating body.
102 The certification documents consist of the verification
documents described above with an overlying Certificate of Statement of Compliance
Conformity. Hence, the hierarchy of documents are as illus- with accompanying
trated in Figure 2. In relation to the project phases, reference is
given to Table B1. verification report
B 200 Validity of Certification documents
201 In general the same validity, i.e. the time of issue, ap-
plies as for verification documents.
Verification Report
202 However, for Certificates of Conformity, a specified pe-
riod of validity and maintenance conditions for ensuring this
validity may be given in the certificate.

Intermediate documents

Figure 2
Document hierarchy for certification

Table B1 Asset CERTIFICATION – Documents Provided by DNV

Reference Standard DNV Offshore Standard
for certification
Design Construction Operation
Manufacturing of

formity (retention) Maintenance and

Manufacturing of
Equipment and
Detail Design

Components

Completion
Assemblies
Conceptual

Installation

Operation,
Project
Design

Repair
Project Phases

Certificate of Con-
Certificate of
Conformity

Types of Statement of Compliance for individual phase or natural part

Certification thereof
Documents Provided

Pre - Maintenance of
Certification phase Certification Certification Certification

DET NORSKE VERITAS

Offshore Service Specification DNV-OSS-300, April 2004
Page 20 – App.C

APPENDIX C
EXAMPLE LIST OF TYPICAL HIGH RISK ELEMENTS

A. High Risk Elements
A 100 Offshore installations
101 The following table presents typical high risk elements
with respect to safety of personnel for the main types of off-
shore installation. These are often called safety critical ele-
ments (ref e.g. UK Safety Case regime). This list is intended as
a tool to help to ensure that key systems identified as high(est)
risk are not omitted. However, the list can never be guaranteed
to be exhaustive and shall never be used without due consider-
ations.

FPSO/FPU
FLOTEL
MODU

FOI
TYPICAL HIGH RISK ELEMENTS

STRUCTURE
Jackets and Piles - - - X
Gravity Based Structure - - - X
Jack-up Legs and associated Jacking and Locking Systems X X - -
Hull (including Watertight Closures) X X X -
Drilling Derrick X - - X
Firewater Caisson and Supports - - - X
Topsides Primary Structure including Bridge and Flare Tower X X X X
Helideck X X X X
Lifting (cranes) and Hoisting (drilling equipment) X X X X
Crane Pedestal X X X X
Foundations X X X X
Blast Protection including Blast Venting Provisions X - X X
Dropped Object Protection incl. Subsea Protective Structures X X X X
Turret - - X -
DRILLING
Mud Systems X - - X
Blowout Preventer System X - - X
Choke and Kill (including Emergency Blowdown) X - - X
Cement System X - - X
Marine Riser System X - - X
Well Control Instrumentation X - - X
Diverter system X - - X
POWER
Emergency Power X X X X
Battery Systems X X X X
Protection of Electrical Equipment X X X X
IGNITION PREVENTION
Electrical Earthing Continuity X X X X
Electrical Equipment in Hazardous Areas X X X X
Protection of Hot Surfaces X X X X
Natural Ventilation X X X X
FIRE AND GAS
Gas (Flammable and Toxic) Detection System X X X X
Fire Detection System X X X X
Deluge X X X X
Sprinklers X X X X
Fire Pumps X X X X
Firewater Ring Main X X X X
Foam System X X X X
Gaseous Systems (e.g. Halon, CO2) X X X X
Passive Fire Protection (including Doors, Walls and Penetrations) X X X X
Ventilation Systems X X X X
EMERGENCY RESPONSE AND EVACUATION
Temporary Refuge X X X X

DET NORSKE VERITAS

 Offshore Service Specification DNV-OSS-300, April 2004
App.C – Page 21

Escape Routes X X X X
Helideck Systems (Markings, Nets, Obstacle Marking/Lighting etc.) X X X X
Escape (battery-backed) Lighting X X X X
Internal Communications (e.g. Public Address,/General Alarm, Manual Alarm Call Points, Tel- X X X X
ephones)
External Communications (including Marine and Aviation) X X X X
TEMPSC X X X X
PPE (incl. Lifejackets, Survival/Immersion Suits, Helideck Crash Equip.) X X X X
ESCAPE SYSTEMS
Descent to Sea Systems (Personal Descent Devices, Knotted Ropes, Nets) X X X X
Ladders to Sea X X X X
Life rafts X X X X
Standby Vessel and associated Fast Rescue Craft X X X X
HYDROCARBON CONTAINMENT
Hydrocarbon Piping and Equipment (including Valves and Instrumentation) - - X X
Emergency Shutdown System including Software, Process Shutdown, High Integrity Protection X X X X
Systems, Overpressure Protection Systems etc.
Relief and Blowdown System X X X X
High Speed Machinery Trips X - X X
Local Atmospheric Vents X - X X
Drains (Open and Closed Hazardous) X X X X
Risers and Riser Emergency Shutdown Valves - - X X
Pipelines - - X X
Pipeline Subsea Isolation Valves - - X X
MARINE
Mooring (including Move-off) X X X -
Navaids (including Lights, Foghorns, Marine/Weather Monitoring Systems) X X X X
Radar Early Warning System X X X X
Ballast and Bilge (Stability) X X X -
Inert Gas System - - X -
Dynamic Positioning System X X X -
Thrusters X X X -
TEMPORARY EQUIPMENT
Bridge Connections to Support Vessels X X X X
Gas Cylinders and Attachments X X X X
Power Generators X X X X
Temporary Public Address/General Alarm Systems X X X X
Well Test Equipment X - - X
Radioactive Source Store X - X X
Explosives Store X - - X
SAFETY MANAGEMENT SYSTEM X X X X

DET NORSKE VERITAS

Offshore Service Specification DNV-OSS-300, April 2004
Page 22 – App.D
APPENDIX D
DETAILED PERFORMANCE REQUIREMENTS AND VERIFICATION
ACTIVITY DESCRIPTIONS
A. Performance Requirements
A 100 Setting performance requirements
101 Performance requirements should describe the essential
requirements that a high risk element must meet, maintain, or
provide on demand. Ideally it is a statement, which can be ex-
pressed in qualitative or quantitative terms, of the performance
required of a system, item of equipment or procedure and
which is used as the basis for managing a risk and any events
requiring emergency response, through the lifecycle of the as-
set.
102 The most suitable performance requirement should ide-
ally satisfy all of the following conditions:
— it requires measurement of the performance/capability of
a parameter of the component/system
— the measured parameter provides evidence of the ability of
the component/system to prevent, or limit the effect of, an
unplanned event
— acceptance criteria/range are defined for the parameter in
question
— the parameter can be monitored/measured.
Guidance note:
DNV’s experience is that performance requirements should be at
a level that sets an objective for the element in question, they
should not describe how that objective is to be achieved, or how
it is to be demonstrated (verified), this is part of the verification
plan.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
103 As a minimum the following characteristics should be
considered in generating performance requirements:
— functionality – what the element must achieve
— reliability – how often it will be required to operate satis-
factorily
— availability – how often it will be required to operate on
demand
— survivability – the conditions under which it will be re-
quired to operate, e.g. if exposed to fire, blast, vibration,
ship impact, dropped objects, adverse weather etc.
104 The consequence of a performance requirement not be-
ing met (demonstrated) should also be considered. If the con-
sequences are such that an unplanned event cannot result, or a
significant reduction in the effectiveness to prevent, detect,
control, mitigate, or monitor a major unplanned event cannot
result, then the performance requirement should not be consid-
ered as necessary.
105 In the same way that parts of an asset may be considered
as high risk for certain periods of its lifecycle it is possible for
performance requirements to be applicable during specific
phases of an asset’s lifecycle only. At all times that a part of an
asset is high risk, there must be at least one performance re-
quirement.
Guidance note:
Quantitative performance requirements for reliability or availa-
bility of an element are essential for high risk elements contain-
ing instrument-based protective systems. Where such
performance requirements are specified, it is recommended that
the precise requirements are fully defined (i.e. not just “reliability
to be ....”), that there is a clear means of verifying the require-
ment, and that verification can provide positive demonstration of
the element’s suitability. DNV’s preferred style of such perform-
ance requirements is to specify the maximum probability of fail-
DET NORSKE VERITAS
ure on demand for each safety function (complete loop),
consistent with the concept of Safety Integrity Level (SIL) as de-
scribed in IEC 61508.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
B. Verification Activities
B 100 Developing Verification Activity Lists
101 The objective of an activity is to confirm that the per-
formance requirements are achieved. The verification activity
list constitutes the main pert of the Verification Plan and cor-
responds to the example tables included as Appendix to the ob-
ject specific DNV-OSS.
102 The list should give details of what needs to be done, by
whom and when. For each performance requirement there
should be at least one examination activity. The activity list
should include:
— what is to be done – a description of the examination ac-
tivity to be performed to verify that the criteria specified in
each performance requirement is met
— type of examination activity to be performed, e.g. inspec-
tion, witness, review, monitoring
— extent of involvement in activity, where applicable (e.g.
percentage of sample)
— how often it is to be repeated (if at all, e.g. for initial suit-
ability only)
— unique identifier for each activity, for control and report-
ing purposes (ideally aligned to high risk element and per-
formance requirement identifier)
— a clear reference to a specific performance requirement
and high risk element for each activity
— note of specific documents or processes (e.g. planned
maintenance activities, rolling inspection programmes)
which will be used as a basis for verification or for refer-
ence as part of the examination activity.
103 The activity list should state which examinations shall
only be performed prior to the high risk element being put into
service (examination for “initial suitability”). No further activ-
ities of this type will be performed during operation, unless
modifications are made to the element. Other examination ac-
tivities (examination for continued suitability), especially dur-
ing the operational phase, should be repeated at intervals
specified to ensure that the high risk element to which it refers
maintains its suitability and adequacy.
104 The following may contribute to the specification of in-
terval or frequency of examination:
— requirements of recognised codes and standards,
— risk assessments
— assumptions and conclusions of risk and/or reliability
studies on relevant systems
— extent of installation maintenance routines and inspection
plans
— interval between the asset operator’s assurance activities,
— manufacturer’s recommendations for the equipment
— findings of previous examination activities (including
those for related high risk elements or performance re-
quirements).
105 The activity list may often (but optionally) be contained
in a database application in order to facilitate the dynamic
process of modifications and updates, and also provides for a
powerful management and reporting tool.