Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
DNV-OSS-300
© Det Norske Veritas. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including
photocopying and recording, without the prior written consent of Det Norske Veritas.
If any person suffers loss or damage which is proved to have been caused by any negligent act or omission of Det Norske Veritas, then Det Norske Veritas shall pay compensation to such person
for his proved direct loss or damage. However, the compensation shall not exceed an amount equal to ten times the fee charged for the service in question, provided that the maximum compen-
sation shall never exceed USD 2 million.
In this provision "Det Norske Veritas" shall mean the Foundation Det Norske Veritas as well as all its subsidiaries, directors, officers, employees, agents and any other acting on behalf of Det
Norske Veritas.
Offshore Service Specification DNV-OSS-300, April 2004
Introduction – Page 3
INTRODUCTION
This Service Specification was approved by the Director of
Technology in April 2004.
Publication of this Service Specification will make the Service
Specification DNV-OSS-303 obsolete.
— This general document gives the common framework and
an overview of processes in risk based verification.
— It introduces a levelled description of verification involve-
ment during all phases of an asset’s life.
— The document facilitates a categorisation into risk levels
High, Medium and Low, assisting in an evaluation of the
risk level.
— The document assists in planning the verification through
the making of a Verification Plan.
— Providing an international standard allowing a transparent
and predictable verification scope, as well as defining ter-
minology for verification involvement.
CONTENTS
SECTION 1
GENERAL
B. Definitions and Abbreviations or maintained. Can refer to a full field development, a topside
facility, a pipeline system, a compressor station etc. or a part of
B 100 General these. It is interchangeable with the term Asset.
101 The following definitions should be applied only in the 210 Owner: In the document used not just to describe the ac-
context of this document, and may not necessarily be appropri- tual owner, but also to used to reflect DNV’s contractual part-
ate for services outside the Risk Based Verification approach ner. In many projects the owner authorises the contractor to act
as described. on his behalf and it shall then mean the contractual partner.
B 200 Definitions 211 Performance requirement: A description of the essential
requirements to be met, maintained or provide on demand by
201 Asset: Loose term used to describe the item to be made an element. Appendix D may be used for guidance.
or maintained. Can refer to a full field development, a topside
facility, a pipeline system, a compressor station etc. or a part of 212 Risk: The qualitative or quantitative likelihood of an ac-
these. It is interchangeable with the term Object. cident or unplanned event occurring, considered in conjunc-
tion with the potential consequences of such a failure. In
202 Certificate of Conformity: A document signed by a qual- quantitative terms, risk is the quantified probability of a de-
ified party affirming that, at the time of assessment, the product fined failure mode times its quantified consequence.
or service met the stated requirements (BS 4778: Part 2).
Guidance note:
Guidance note: Risk is not only related to physical failure modes, but also to op-
For this OSS, a Certificate is a short document (often a single erational errors, human errors and so on. For some risks the func-
page) stating conformity with specified requirements. The results tional failures or physical failure modes contribute less than 20%
from associated verification shall be contained in a separate (sin- while more than 80% of the risk relates to other devices.
gle or multiple volume) report.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
213 Risk Reduction Measures: Those measures taken to re-
203 Certification: Used in this document to mean all the ac- duce the risks to the operation of the system and to the health
tivities associated with the process leading up to the Certifi- and safety of personnel associated with it or in its vicinity by:
cate.
Guidance note: — Reduction in the probability of failure.
In the DNV- OSS when Certification is used it designates the — Mitigation of the consequences of failure
overall scope of work or multiple activities for the issue of a Cer-
tificate, whilst Verification is also used for single activities asso- Guidance note:
ciated with the work. This in essence means that Certification is The usual order of preference of risk reduction measures is:
Verification for which the deliverable includes the issue of a Cer-
tificate. a) Inherent Safety.
Other (related) definitions are: b) Prevention.
BS 4778: Part 2: Certification: The authoritative act of docu- c) Detection.
menting compliance with requirements.
d) Control.
EN 45011: Certification of Conformity: Action by a third party,
demonstrating that adequate confidence is provided that a duly e) Mitigation.
identified product, process or service is in conformity with a spe- f) Emergency Response.
cific standard or other normative document.
ISO 8402: 1994: Verification: Confirmation by examination and ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
provision of objective evidence that specified requirements have
been fulfilled. 214 Safety Objectives: The safety goals for the construction,
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e--- operation and decommissioning of the asset including accept-
ance criteria for the level of risk acceptable to the Owner.
204 Element: Loose term which can mean anything from a 215 Statement of Compliance: A statement or report signed
drilling rig to a system or a component. the level of detail will by a qualified party affirming that, at the time of assessment,
depend on the situation. In a hierarchic structure elements are the defined asset phase, or collection of activities, met the re-
below asset. quirements stated by the Owner.
205 Hazard: A deviation (departure from the design and op- 216 Verification is confirmation by examination and provi-
erating intention) which could cause damage, injury or other sion of objective evidence that specified requirements have
form of loss (Chemical Industries Association HAZOP been fulfilled (ISO 8402: 1994).
Guide).
Guidance note:
206 HAZOP (HAZard and OPerability study): The applica- The examination shall be based on information, which can be
tion of a formal systematic critical examination to the process proved true, based on facts obtained through observation, meas-
and engineering intentions of new or existing facilities to as- urement, test or other means.
sess the hazard potential of mal-operation or mal-function of See also Certification.
individual items of equipment and their consequential effects
on the facility as a whole (Chemical Industries Association ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
HAZOP Guide).
207 HAZID, (HAZard IDentification): A technique for the B 300 Abbreviations
identification of all significant hazards associated with the par- 301
ticular activity under consideration. (ISO-17776)
208 Life cycle: Loose term which includes all phases of an DNV Det Norske Veritas
asset; concept studies, front end engineering design (FEED), OS Offshore Standard, used in the form DNV-OS
design, procurement, fabrication, hook-up, commissioning, OSS Offshore Service Specification, used in the form
operation/ production, maintenance, inspection and abandon- DNV-OSS
ment. QRA Quantitative Risk Analysis
209 Object: Loose term used to describe the item to be made RBV Risk Based Verification
SECTION 2
PRINCIPLES OF RISK BASED VERIFICATION
104 Asset Specification, Risk Assessment and Definition of that risk. Similarly, if the risk was very small it would not be rea-
Verification Involvement are inputs into the Verification Plan, sonable to expect great expense or effort to be incurred in reduc-
while Verification Execution is the implementation of the Ver- ing it.
ification Plan. ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
The Risk Based Verification service comprises of one, some or
all of these main elements. 405 The systematic assessment of risks and the implementa-
tion of measures to reduce these, results in a relative ranking of
C 200 Asset Planned the risk level of the elements and /or sub-elements of the asset.
201 Asset Planned is the starting point for any project or 406 The ranking of the elements will differ depending on the
project phase and is the decision of the owner. It comprises a acceptance criteria; safety, environmental impact, economics,
general description of the project in the form of functionality, schedule, public relations, reputation or others. Different crite-
safety, capacity, economics etc. ria may be applied to factor the importance of these.
C 300 Asset Specification C 500 Definition of Verification Involvement
301 Asset Specification has been identified as a separate el- 501 Definition of verification involvement or level(s) in-
ement to focus on the need to address objectives, acceptance cludes defining the cut-off level under which no verification
criteria and performance requirements to the asset. activity shall be performed and to define the appropriate level
302 This element in the chain comprises: of involvement for the others.
502 Based on the relative risk level of the elements the ver-
— detailing of the description at the system level of the ification intensity should increase towards the highest risk ele-
project in the form of functionality, safety, capacity, eco- ments.
nomics etc.
— identification or definition of verification philosophy, Guidance note:
safety objectives etc., including selection of safety and/or Verification of risk reducing measures e.g. in the form of risk re-
business and/or environmental focus and goals ducing barriers, should be directed towards the risk reducing
— identification of codes and technical specifications (e.g. measures (barriers) which claims to have the highest risk reduc-
ing effects.
standard company material specifications) to be adopted
— definition of high level performance requirements for the ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
asset and identification of main elements and specific per-
formance requirements thereof. 503 In this process the overall acceptance criteria from the
Asset Specification should be cascaded down to more detailed
303 The detailing of elements and requirements will vary performance requirements for individual elements or groups of
from project to project. The timing for detailing will also vary elements.
and is affected by matters like contract type and philosophy,
owners involvement in the process, level of innovative ele- 504 The risk ranking is used in the selection of the appropri-
ments in the project, life time business philosophy etc. ate verification activity level and type to be described in the
verification plan.
C 400 Risk Assessment
C 600 Verification Plan
401 Risk Assessment is the identification of hazards, fre-
quencies of occurrence, consequences and risk drivers. The 601 The Verification Plan is the pivot element in the DNV
risk can be defined on a general level for the project, for differ- Risk Based Verification systematics.
ent phases of a project or for detailed elements of the asset. 602 The Verification Plan is the scope of work (SOW) for
402 The risk can be evaluated based on safety, environmen- verification. It should be revisited, re-evaluated and possibly
tal impact, economics, schedule, Public Relations, reputation revised as the project progresses and new information becomes
or other criteria set by the owner. available.
403 Risk Assessment can be based on engineering judge- 603 The more specific the Verification Plan, the more pre-
ment (pragmatic) or on analytical processes. In section E dif- dictable the verification activities will be.
ferent methods have been described to arrive at the conclusions
necessary to formulate a risk based verification plan. 604 The Verification Plan repeats the verification objective
and the criteria for selecting the highest risk elements and the
404 Once the risks have been identified their extent can be verification involvement, as given by the Owner. It includes
reduced to a level as low as reasonably practicable or as low as the findings from the risk assessment step, defines which asset
corporately required, by means of one or both of: specifications shall be verified, and also the level of involve-
ment by party and type of verification activity.
— reduction in the probability of failure
— mitigation of the consequences of failure. 605 The Verification Plan further consists of listing the el-
ements and their performance requirements together with the
Guidance note: type and depth of scrutiny to which each shall be subjected.
Reasonable Practicability 606 The verification involvement level can be described us-
The term “as low as reasonably practicable (ALARP)” has come ing the tables in Sect.2 of the relevant object specific DNV-
into use through the United Kingdom’s “The Health and Safety OSS.
at Work etc. Act 1974”. Reasonable Practicability is not defined
in the Act but has acquired meaning by interpretations in the 607 Detailed scope of work tables listing all the sub-ele-
courts. ments of an asset, can either be developed from the tables in
Sec. 2 of the relevant object specific DNV-OSS or they can be
It has been interpreted to mean that the degree of risk from any based on the example tables included in the appendices.
particular activity can be balanced against the cost, time and trou-
ble of the measures to be taken to reduce the risk. 608 For information typical high risk elements with respect
It follows, therefore, that the greater the risk the more reasonable to safety of personnel, often termed Safety Critical Elements,
it would be to incur substantial cost, time and effort in reducing are presented in Appendix C.
Probability of Failure
High
duce the verification activities. Risk
HIGH
703 The purpose of verification activities is to confirm com-
pliance or identify non-compliance with the asset specifica-
tion. MEDIUM
Low
LOW
801 Asset Completed is the end point of any lifecycle phase
or phases, which complies with the relevant planned asset and Low High
the asset specification. Consequence of Failure
Figure 2
Levels of verification
D. Risk-Differentiated Levels of Verification
D 100 Levels of verification
A
101 The level of verification activity should be differentiat- B
ed according to the risk to the asset or element or phases there-
C
Elements
In that case, all verification work need not be done by DNV per- ing the Verification Plan the appropriate analytical tools can be
sonnel. Where applicable, the various inspections may be carried utilised.
out by competent persons other than DNV personnel.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
In that situation a substantial part of DNV’s verification activities
may be encompassed by:
E 200 Selection of Level of Verification
- reviewing the competence of the Contractor’s personnel,
- auditing their working methods and their performance of that 201 Suitable selection factors include:
work, and
- reviewing the documents produced by them. — overall asset specification
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
— assessment of the risks associated with the asset and the
measures taken to reduce these risks
109 Verification should direct greatest effort at those ele- — degree of technical innovation in the asset system
ments of the asset or system whose failure or reduced perform- — experience of the contractors in carrying out similar work
ance will have the most significant impact on safety or the — quality management systems of the Owner and their con-
other defined project risks. These elements are termed high tractors.
risk elements or sometimes Critical Elements.
202 To facilitate the selection of the level of verification a
110 The degree of confidence placed in verification reports set of trigger questions based on the above list of selection fac-
depends on the degree of confidence in the verification activi- tors, has been prepared and is included in the object specific
ties carried out. Therefore, the verification plan must be trans- DNV-OSS.
parent and give clear details of the level of verification for both
elements and phases. 203 To further assist in the selection of general level of ver-
ification Table E1 can give some guidance.
204 The level of verification is selected for each individual
element and should reflect the risk level as well as the type of
E. Defining a Verification Plan performance requirements.
E 100 Risk based verification planning Guidance note:
101 The selection of the level of verification shall depend on To achieve a consistent verification involvement relative to risk
level a practical and visual approach can be to plot the elements
the risk level of each element having an impact on the manage- and relative risk levels as in Figure 3. Decide on the maximum
ment of hazards and associated risk levels of the asset. level of involvement (L, M or H) and draw the line to the left of
102 The effort spent to select the overall level of verification which no verification shall be made. The area enveloping the el-
and the detailing and differentiation between different ele- ements to be verified can then be split in to areas with uniform
verification involvement.
ments will vary from project to project. It is a business decision
on how to balance the effort of up-front planning with that of ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
some additional effort during verification execution.
103 The tools used to arrive at a Verification Plan range E 300 Acceptance criteria
from engineering judgement risk assessment to analytical risk 301 Defined acceptance criteria are essential to confirm
assessments. The former generally reflects less effort in the up- compliance and identify non-compliance.
front planning stage while the latter directs more efforts into
the particulars of a specific project. 302 The format and detailing may differ. Assets, elements or
lifecycle phases for which technical standards or company
104 The span in the method is illustrated in Figure 4. Most specifications exist, may have relatively short and simple ac-
projects will utilise a combination of tools. ceptance criteria. For assets, elements or lifecycle phases not
Guidance note: readily covered by prescriptive standards, greater effort is di-
Typically, for a tender phase it may be useful to utilise engineer- rected into the particulars of the specific project and this often
ing judgement to make an initial Verification Plan. When updat- results in more detailed performance requirements.
Asset
Specification
Verification
Plan
Figure 4
Verificaton planning
F. Simplified Verification Planning 103 A description on how to carry out HAZID, HAZOPD
and QRA in general is not given in this DNV-OSS. The meth-
F 100 General odology is described in numerous books and publications on
101 Simplified verification planning is mainly based on en- the subject.
gineering judgment and reflects DNV's in-house experience as 104 Particularly for projects or project elements were there
well as the industry experience as reflected in a number of are limited or inadequate prescriptive technical standards or if
technical standards. Both have been used to make up the object the performance requirements are of a nature that make avail-
specific DNV-OSS’s. able prescriptive standards inadequate, it is advisable to invest
102 The steps in the simplified verification planning are as more time and effort in the planning stages.
follows: 105 With limited prescriptive standards the need and also the
effort required to define the acceptance criteria for individual
— Use trigger questions to assess the overall risk level of the or groups of elements will normally increase. Appendix D ad-
project (or manageable elements thereof). dresses how to formulate detailed performance requirements
— Evaluate the risk against the relevant owner or project ac- and also how these and the risk elements are developed into
ceptance criteria (often this can be directly tied to the own- verification activity lists, which are finally included in the Ver-
er core values or a sub-set of these) and decide whether the ification Plan
general verification involvement shall be Low, Medium or
High.
— Use the detailed scope of work tables in the object DNV-
OSS to make a first draft of a Verification Plan H. Risk Based Verification and National
— Generate the project specific Verification Plan by include
a project specific engineering judgment to adjust the table Regulations
to suit the project
— Perform the verification execution according to the Verifi- H 100 General
cation Plan, making revision to the plan if and when nec- 101 Many national authorities have specific requirements to
essary. the verification activities. These can be in the form of mini-
mum requirements to documentation of risk and risk reducing
103 Care shall be taken not to use this process without suf- measures, which documents shall be presented to the authori-
ficient attention to its built-in simplifications. Particularly the ties, mandatory use of standards etc. The authorities may also
use of example tables in the appendices can never replace the have requirements to roles and responsibility, independence of
need for project specific assessments. They can, however, be verifier, content and form of verification activities, terminolo-
very useful starting and reference points. gy etc.
102 The particulars of the relevant national requirements
shall be observed when planning and performing Risk Based
G. Detailed Verification Planning Verification.
Guidance note:
G 100 General The Offshore Installations (Safety Case) Regulations in UK can
101 The analytical verification planning is based on the use be an example of particular National Authority requirements.
of (quantitative) risk methods to establish project specific The risk based verification approach fits very well with these reg-
identification of the relative risk level of the project elements. ulations, but one needs to ensure that the correct documents and
terminology are used and understood e.g. Major Accidents Haz-
102 Depending on the project size and type the risk assess- ards, Safety-Critical Elements, Performance Standards etc.
ment will often include an initial qualitative risk assessment
screening prior to a full quantitative risk analysis, QRA. ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
APPENDIX A
BENEFITS OF DNV RISK BASED VERIFICATION
Verification Planning
ry Bodies.
Risk Management
306 For a new asset development Risk Based Verification
Verification
services should seek to reduce any uncertainty in the design as
Design
early as possible, and if any weaknesses are revealed allow for
effective management of necessary changes, ref. Figure 2 “Ef-
Construction
fects of Early Involvement”. DNV’s verification experience
reinforces the important message of early involvement and the
Operation
need for in-depth knowledge of the activities required to obtain
optimal resource allocation for the verification process. A
proactive approach is required and places particular emphasis
on roles and responsibilities. Management
Optimum output
Figure 2
Increase
APPENDIX B
VERIFICATION AND CERTIFICATION DOCUMENTS
A. Verification Documents
A 100 Purpose of Verification Documents Statement of Compliance
101 Verification documents are issued by DNV. The pur- with accompanying
pose of these documents is to provide documentation that ob- verification report
jective evidence has been presented to confirm compliance
with the requirements and to document the work performed by
DNV.
Guidance note:
Examples of document forms are found in the objects specific Verification Report
DNV-OSS.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
Manufacturing of
Operation, Main-
Equipment and
Detail Design
Components
tenance and
Completion
Assemblies
Conceptual
Installation
Design
Project
Types of Verification
Documents Provided Statement of Compliance for individual phase or natural part thereof
B. Certification documents
Certificate of Conformity
B 100 General
with accompanying
101 DNV Certification is a special form of verification verification report
where the total scope is defined by DNV. Reference is given to
the section on definitions. For statutory certification the scope
should in principle be defined by the regulating body.
102 The certification documents consist of the verification
documents described above with an overlying Certificate of Statement of Compliance
Conformity. Hence, the hierarchy of documents are as illus- with accompanying
trated in Figure 2. In relation to the project phases, reference is
given to Table B1. verification report
B 200 Validity of Certification documents
201 In general the same validity, i.e. the time of issue, ap-
plies as for verification documents.
Verification Report
202 However, for Certificates of Conformity, a specified pe-
riod of validity and maintenance conditions for ensuring this
validity may be given in the certificate.
Intermediate documents
Figure 2
Document hierarchy for certification
Components
Completion
Assemblies
Conceptual
Installation
Operation,
Project
Design
Repair
Project Phases
Certificate of Con-
Certificate of
Conformity
Pre - Maintenance of
Certification phase Certification Certification Certification
APPENDIX C
EXAMPLE LIST OF TYPICAL HIGH RISK ELEMENTS
A. High Risk Elements ments (ref e.g. UK Safety Case regime). This list is intended as
a tool to help to ensure that key systems identified as high(est)
A 100 Offshore installations risk are not omitted. However, the list can never be guaranteed
101 The following table presents typical high risk elements to be exhaustive and shall never be used without due consider-
with respect to safety of personnel for the main types of off- ations.
shore installation. These are often called safety critical ele-
FPSO/FPU
FLOTEL
MODU
FOI
TYPICAL HIGH RISK ELEMENTS
STRUCTURE
Jackets and Piles - - - X
Gravity Based Structure - - - X
Jack-up Legs and associated Jacking and Locking Systems X X - -
Hull (including Watertight Closures) X X X -
Drilling Derrick X - - X
Firewater Caisson and Supports - - - X
Topsides Primary Structure including Bridge and Flare Tower X X X X
Helideck X X X X
Lifting (cranes) and Hoisting (drilling equipment) X X X X
Crane Pedestal X X X X
Foundations X X X X
Blast Protection including Blast Venting Provisions X - X X
Dropped Object Protection incl. Subsea Protective Structures X X X X
Turret - - X -
DRILLING
Mud Systems X - - X
Blowout Preventer System X - - X
Choke and Kill (including Emergency Blowdown) X - - X
Cement System X - - X
Marine Riser System X - - X
Well Control Instrumentation X - - X
Diverter system X - - X
POWER
Emergency Power X X X X
Battery Systems X X X X
Protection of Electrical Equipment X X X X
IGNITION PREVENTION
Electrical Earthing Continuity X X X X
Electrical Equipment in Hazardous Areas X X X X
Protection of Hot Surfaces X X X X
Natural Ventilation X X X X
FIRE AND GAS
Gas (Flammable and Toxic) Detection System X X X X
Fire Detection System X X X X
Deluge X X X X
Sprinklers X X X X
Fire Pumps X X X X
Firewater Ring Main X X X X
Foam System X X X X
Gaseous Systems (e.g. Halon, CO2) X X X X
Passive Fire Protection (including Doors, Walls and Penetrations) X X X X
Ventilation Systems X X X X
EMERGENCY RESPONSE AND EVACUATION
Temporary Refuge X X X X
Escape Routes X X X X
Helideck Systems (Markings, Nets, Obstacle Marking/Lighting etc.) X X X X
Escape (battery-backed) Lighting X X X X
Internal Communications (e.g. Public Address,/General Alarm, Manual Alarm Call Points, Tel- X X X X
ephones)
External Communications (including Marine and Aviation) X X X X
TEMPSC X X X X
PPE (incl. Lifejackets, Survival/Immersion Suits, Helideck Crash Equip.) X X X X
ESCAPE SYSTEMS
Descent to Sea Systems (Personal Descent Devices, Knotted Ropes, Nets) X X X X
Ladders to Sea X X X X
Life rafts X X X X
Standby Vessel and associated Fast Rescue Craft X X X X
HYDROCARBON CONTAINMENT
Hydrocarbon Piping and Equipment (including Valves and Instrumentation) - - X X
Emergency Shutdown System including Software, Process Shutdown, High Integrity Protection X X X X
Systems, Overpressure Protection Systems etc.
Relief and Blowdown System X X X X
High Speed Machinery Trips X - X X
Local Atmospheric Vents X - X X
Drains (Open and Closed Hazardous) X X X X
Risers and Riser Emergency Shutdown Valves - - X X
Pipelines - - X X
Pipeline Subsea Isolation Valves - - X X
MARINE
Mooring (including Move-off) X X X -
Navaids (including Lights, Foghorns, Marine/Weather Monitoring Systems) X X X X
Radar Early Warning System X X X X
Ballast and Bilge (Stability) X X X -
Inert Gas System - - X -
Dynamic Positioning System X X X -
Thrusters X X X -
TEMPORARY EQUIPMENT
Bridge Connections to Support Vessels X X X X
Gas Cylinders and Attachments X X X X
Power Generators X X X X
Temporary Public Address/General Alarm Systems X X X X
Well Test Equipment X - - X
Radioactive Source Store X - X X
Explosives Store X - - X
SAFETY MANAGEMENT SYSTEM X X X X
APPENDIX D
DETAILED PERFORMANCE REQUIREMENTS AND VERIFICATION
ACTIVITY DESCRIPTIONS
A. Performance Requirements ure on demand for each safety function (complete loop),
consistent with the concept of Safety Integrity Level (SIL) as de-
A 100 Setting performance requirements scribed in IEC 61508.
101 Performance requirements should describe the essential ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
requirements that a high risk element must meet, maintain, or
provide on demand. Ideally it is a statement, which can be ex-
pressed in qualitative or quantitative terms, of the performance B. Verification Activities
required of a system, item of equipment or procedure and
which is used as the basis for managing a risk and any events B 100 Developing Verification Activity Lists
requiring emergency response, through the lifecycle of the as- 101 The objective of an activity is to confirm that the per-
set. formance requirements are achieved. The verification activity
102 The most suitable performance requirement should ide- list constitutes the main pert of the Verification Plan and cor-
ally satisfy all of the following conditions: responds to the example tables included as Appendix to the ob-
ject specific DNV-OSS.
— it requires measurement of the performance/capability of
a parameter of the component/system 102 The list should give details of what needs to be done, by
— the measured parameter provides evidence of the ability of whom and when. For each performance requirement there
the component/system to prevent, or limit the effect of, an should be at least one examination activity. The activity list
unplanned event should include:
— acceptance criteria/range are defined for the parameter in — what is to be done – a description of the examination ac-
question tivity to be performed to verify that the criteria specified in
— the parameter can be monitored/measured. each performance requirement is met
Guidance note:
— type of examination activity to be performed, e.g. inspec-
tion, witness, review, monitoring
DNV’s experience is that performance requirements should be at — extent of involvement in activity, where applicable (e.g.
a level that sets an objective for the element in question, they
should not describe how that objective is to be achieved, or how percentage of sample)
it is to be demonstrated (verified), this is part of the verification — how often it is to be repeated (if at all, e.g. for initial suit-
plan. ability only)
— unique identifier for each activity, for control and report-
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e--- ing purposes (ideally aligned to high risk element and per-
formance requirement identifier)
103 As a minimum the following characteristics should be — a clear reference to a specific performance requirement
considered in generating performance requirements: and high risk element for each activity
— note of specific documents or processes (e.g. planned
— functionality – what the element must achieve maintenance activities, rolling inspection programmes)
— reliability – how often it will be required to operate satis- which will be used as a basis for verification or for refer-
factorily ence as part of the examination activity.
— availability – how often it will be required to operate on
demand 103 The activity list should state which examinations shall
— survivability – the conditions under which it will be re- only be performed prior to the high risk element being put into
quired to operate, e.g. if exposed to fire, blast, vibration, service (examination for “initial suitability”). No further activ-
ship impact, dropped objects, adverse weather etc. ities of this type will be performed during operation, unless
modifications are made to the element. Other examination ac-
104 The consequence of a performance requirement not be- tivities (examination for continued suitability), especially dur-
ing met (demonstrated) should also be considered. If the con- ing the operational phase, should be repeated at intervals
sequences are such that an unplanned event cannot result, or a specified to ensure that the high risk element to which it refers
significant reduction in the effectiveness to prevent, detect, maintains its suitability and adequacy.
control, mitigate, or monitor a major unplanned event cannot
result, then the performance requirement should not be consid- 104 The following may contribute to the specification of in-
ered as necessary. terval or frequency of examination:
105 In the same way that parts of an asset may be considered — requirements of recognised codes and standards,
as high risk for certain periods of its lifecycle it is possible for — risk assessments
performance requirements to be applicable during specific — assumptions and conclusions of risk and/or reliability
phases of an asset’s lifecycle only. At all times that a part of an studies on relevant systems
asset is high risk, there must be at least one performance re- — extent of installation maintenance routines and inspection
quirement. plans
Guidance note: — interval between the asset operator’s assurance activities,
— manufacturer’s recommendations for the equipment
Quantitative performance requirements for reliability or availa-
bility of an element are essential for high risk elements contain- — findings of previous examination activities (including
ing instrument-based protective systems. Where such those for related high risk elements or performance re-
performance requirements are specified, it is recommended that quirements).
the precise requirements are fully defined (i.e. not just “reliability
to be ....”), that there is a clear means of verifying the require- 105 The activity list may often (but optionally) be contained
ment, and that verification can provide positive demonstration of in a database application in order to facilitate the dynamic
the element’s suitability. DNV’s preferred style of such perform- process of modifications and updates, and also provides for a
ance requirements is to specify the maximum probability of fail- powerful management and reporting tool.