The purpose of this document is to identify, evaluate and mitigate risk to personnel when safety equipment is intentionally Disabled or Impaired (D/I).
This chapter applies to all D/I work at Sanford Underground Research Facility (SURF), including contractors and researchers. The risk assessment process outlined in this chapter applies to any pre-planned activity that requires the intentional disabling or impairing of safety systems.
When a definition is used in this document, that word or term is italicized within the document.
Disable |
Remove operational capability or effectiveness of a system. |
Impair |
Remove or limit the protection provided by a safety system. |
Qualified Person |
A person who, by possession of a recognized degree in an applicable field or a certificate of professional standing, or who by extensive knowledge, training and experience, has successfully demonstrated the ability to solve or resolve problems relating to the subject matter and work. |
Risk |
Potential to cause harm or damage to a person, property or environment. |
Risk Assessment |
The process used to determine risk management priorities by evaluating and comparing the level of risk against predetermined standards, target risk levels or other criteria. |
Safety System |
A designed system with the primary function to prevent or reduce damage to nearby personnel, property or the environment. |
Safety-Critical Equipment |
Any engineered device or control (safeguard) that is required to ensure processes occur or equipment is operated within designated safe operating limits or to prevent or limit the effects of a hazard. |
4.1 Laboratory Director
- Ensures direct reports follow all requirements as specified in this chapter
- Reviews, comments and approves permits as appropriate
4.2. Environment, Safety & Health Director
- Ensures direct reports follow all requirements as specified in this chapter
- Coordinates training resources and maintains associated records
- Reviews, comments and approves permits as appropriate
- Manages the D/I permit process
- Audits the D/I risk assessment process
- Provides assistance on completing the D/I permit as required
4.3. Department Director
- Ensures that direct reports and others (such as researchers) under their responsibility follow all requirements as specified in this chapter
- Reviews, comments and approves permits at their level
- Identifies personnel to participate in D/I risk assessments
4.4. Project Manager
- Ensures contractors or vendors meet the requirements within this chapter
4.5. Supervisor
- Ensures that direct reports follow all requirements as specified in this chapter
- Reviews, comments and approves permits as appropriate
- Incorporates this chapter into the work planning and control process
4.6. Worker
- Follows all requirements within this chapter
4.7. Qualified Person
- Performs the alternate protection tasks as assigned in the permit
SURF recognizes that safety systems may be temporarily D/I for testing, maintenance or repair as necessary for safe operations. The resulting interim controls must be proactively identified, implemented and communicated to those impacted by the temporary loss of an established safety system. Communications and consultations are necessary to ensure a safe, controlled process which is achieved through the written permit process.
Disablement or impairment activities must be limited (e.g., size, scope, complexity) to that which can be safely managed. As soon as practicable, systems shall be returned to normal conditions and all affected personnel notified.
Unplanned situations may arise requiring immediate action for which these requirements may not apply.
5.1. A participative team approach is necessary to:
- Identify the risks effectively
- Bring different areas of expertise together in analyzing the risks
- Consider different views in evaluating the risks
- Manage the operational impacts
- Gain “ownership” of the risk, the controls and any further treatment required
Consultation also facilitates the engagement of stakeholders and the “ownership” of risk. It allows those parties to appreciate the benefits of particular controls and the need to endorse and support the risk assessment plan prior to disabling or impairing safety-critical equipment.
A risk assessment shall be undertaken to clearly identify the hazards involved with disabling or impairing safety systems.
5.2. Examples of Safety-Critical Equipment
Safety-critical equipment may include (but is not limited to) the following types of systems:
- Distributed control systems (i.e., Metasys™)
- Pressure switches, level switches, etc.
- Pressure safety valves, pressure relief valves and rupture disks
- Emergency shutdown valves
- Alarm panels
- Seals on safety-critical manual valves
- Fire suppression systems
- Fire and gas detection systems
- Fire water distribution systems
- Oxygen deficiency hazard control and monitoring systems
- Underground ventilation and chilling systems
- Over-speed safety devices
- Electrical safety and protection devices including overcurrent protection devices and ground fault circuit interrupters
- Limit switches (e.g., hoists)
- Refuge chamber and the compressed air delivery system
- Communication systems
5.3. D/I Risk Assessment Process
5.3.1 D/I Risk Assessment
Prior to undertaking any D/I activities, a risk assessment must be completed. The risk assessment (as specified in the Work Planning and Control Chapter) shall:
- Identify hazards, hazardous situations or specific events that may arise due to the condition
- Evaluate the risk associated with these hazards
- Evaluate safeguards that reduce the risk
- Determine the level of risk after safeguards are applied
- Determine if further safeguards are required to reduce the risk to an acceptable level
- Evaluate operational impacts
The D/I risk assessment table utilizes a numerical, color-coded risk-ranking process. The risks are ranked from 1 to 5, with 5 being the higher level of risk. Each risk level has a signature process commensurate with the result.
See Appendix A: Disablement or Impairment Risk Assessment Tool.
5.3.2 D/I Risk Assessment Team
The D/I risk assessment team members shall be experienced with the process or operation being reviewed and may include the following personnel depending upon the risk level of the task:
Level 1 Team:
- Facilities/Operations
- Environment, Safety and Health
- Quality Assurance
- Engineering
- A process representative (e.g., Work Lead)
- A designated facilitator (who may also fill one of the previously listed roles)
Level 2 Team:
- Level 1 Team, plus:
- Technical experts
- Operations leadership
The risk assessment team determines the processes, procedures and number of personnel required to provide effective monitoring for each piece of safety-critical equipment that is disabled or impaired.
See Appendix B: Example D/I Activities and Levels of Approval.
5.3.3 D/I Permit
The results of the D/I risk assessment will inform the completion of the D/I Permit. See the D/I Permit (linked below) for detailed instructions.
Alternate protection methods shall be specified and functioning for the duration of all
D/I activities. Examples of alternate safeguards include but are not limited to:
- Use of a portable area monitoring systems in lieu of fixed detectors
- Use of temporary electrical insulation until permanent insulation/cladding is installed
- Use of a secondary redundant pressure safety valves when the primary is out of service
- Installation of a temporary replacement control valve when the permanent valve is not available
- Modification of process parameters (pressure, temperature, flow, etc.) to reduce the risk of a release
- Use of a Qualified Person
5.3.4 Using a Qualified Person as Alternate Protection:
The ability to manually initiate immediate action in the event of an abnormal operating condition must be maintained to protect personnel, equipment and the environment.
- The number of personnel who monitor safeguards in lieu of automatic protection shall be kept to only those necessary to accomplish the task
- When a Qualified Person is monitoring equipment, that person is taking the place of a safeguard and must be able to provide a similar level of protection to the safety- critical equipment
- The Qualified Person must do this without exposing themselves or others to unacceptable risk
- Any disabled or impaired system that does not have an equal and redundant device to provide the same protection shall be controlled by a Qualified Person(s)
Any person asked to perform the function of safety-critical equipment while that safeguard is disabled or impaired shall know and understand the procedures regarding this type of monitoring and shall understand the D/I risk assessment. A checklist for the Qualified Person is part of the D/I permit.
Monitoring can be conducted by one individual on more than one safeguard in the same general area, provided the person can freely move around the general area and effectively monitor for any changes.
Where corrective actions are dependent on external processes (e.g., control room operator shutdown), a reliable communication plan and protocols shall be developed, tested and maintained throughout the monitoring period.
5.3.5 Communication Plan
The Communication Plan shall be used to notify impacted personnel before, during and after D/I activities.
Components of the D/I Communication Plan include the following:
- Schedule
- Change
- Affected safety systems
- Risk
- Mitigative controls
Details of the Communication Plan are listed in Section 9 of the Permit.
5.3.6. D/I Permit Approval
The approval process for the D/I Permit is described in Appendix B: Example D/I Activities and Levels of Approval. This table contains the approval signatures commensurate with the risk level. The safety systems described within this Appendix are examples only and may be assessed on a case-by-case basis.
6.0 REFERENCES AND RELATED DOCUMENTS
- SURF Work Planning and Control Chapter
- Disablement and Impairment Permit
- Instruction Sheet
- Qualified Person Checklist