Guidelines for managing inspection of Ex electrical equipment ignition risk in support of IEC 60079-17 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 First edition October 2008 Published by ENERGY INSTITUTE, LONDON The Energy Institute is a professional membership body incorporated by Royal Charter 2003 Registered charity number 1097899 The Energy Institute (EI) is the leading chartered professional membership body supporting individuals and organisations across the energy industry. With a combined membership of over 13 500 individuals and 300 companies in 100 countries, it provides an independent focal point for the energy community and a powerful voice to engage business and industry, government, academia and the public internationally. As a Royal Charter organisation, the EI offers professional recognition and sustains personal career development through the accreditation and delivery of training courses, conferences and publications and networking opportunities. It also runs a highly valued technical work programme, comprising original independent research and investigations, and the provision of IP technical publications to provide the international industry with information and guidance on key current and future issues. The EI promotes the safe, environmentally responsible and efficient supply and use of energy in all its forms and applications. In fulfilling this purpose the EI addresses the depth and breadth of energy and the energy system, from upstream and downstream hydrocarbons and other primary fuels and renewables, to power generation, transmission and distribution to sustainable development, demand side management and energy efficiency. Offering learning and networking opportunities to support career development, the EI provides a home to all those working in energy, and a scientific and technical reservoir of knowledge for industry. This publication has been produced as a result of work carried out within the Technical Team of the Energy Institute (EI), funded by the EI’s Technical Partners. The EI’s Technical Work Programme provides industry with cost-effective, value-adding knowledge on key current and future issues affecting those operating in the energy sector, both in the UK and internationally. For further information, please visit http://www.energyinst.org.uk The EI gratefully acknowledges the financial contributions towards the scientific and technical programme from the following companies BG Group BHP Billiton Limited BP Exploration Operating Co Ltd BP Oil UK Ltd Centrica plc Chevron ConocoPhillips Ltd ENI E. ON UK ExxonMobil International Ltd Kuwait Petroleum International Ltd Maersk Oil North Sea UK Limited Murco Petroleum Ltd Nexen Saudi Aramco Shell UK Oil Products Limited Shell U.K. Exploration and Production Ltd Statoil (U.K.) Limited Talisman Energy (UK) Ltd Total E&P UK plc Total UK Limited Copyright © 2008 by the Energy Institute, London: The Energy Institute is a professional membership body incorporated by Royal Charter 2003. Registered charity number 1097899, England All rights reserved No part of this book may be reproduced by any means, or transmitted or translated into a machine language without the written permission of the publisher. ISBN 978 0 85293 513 2 Published by the Energy Institute The information contained in this publication is provided as guidance only and while every reasonable care has been taken to ensure the accuracy of its contents, the Energy Institute cannot accept any responsibility for any action taken, or not taken, on the basis of this information. The Energy Institute shall not be liable to any person for any loss or damage which may arise from the use of any of the information contained in any of its publications. Further copies can be obtained from Portland Customer Services, Commerce Way, Whitehall Industrial Estate, Colchester CO2 8HP, UK. Tel: +44 (0) 1206 796 351 e: [email protected] Electronic access to EI and IP publications is available via our website, www.energyinstpubs.org.uk. Documents can be purchased online as downloadable pdfs or on an annual subscription for single users and companies. For more information, contact the EI Publications Team. e: [email protected] GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 CONTENTS Page Acknowledgements ................................................................................................................. vii Foreword ................................................................................................................................. viii Overview ....................................................................................................................................x 1 Introduction, scope and application ................................................................................. 1 1.1 Introduction................................................................................................................. 1 1.1.1 Objective ........................................................................................................ 3 1.1.2 Ex sampling strategy ....................................................................................... 3 1.2 Scope .......................................................................................................................... 4 1.3 Application .................................................................................................................. 5 1.3.1 Managing inspection of Ex electrical equipment ignition risk by applying gap analysis .................................................................................................... 6 2 Legislation, regulations and standards ............................................................................ 7 2.1 Introduction................................................................................................................. 7 2.2 The Health and Safety at Work etc. Act and Management of Health and Safety at Work Regulations ........................................................................................................ 7 2.3 ATEX 'Equipment Directive', ATEX 'Workplace Directive', The Equipment and Protective Systems for use in Potentially Explosive Atmospheres Regulations and The Dangerous Substances and Explosive Atmospheres Regulations ............................ 7 2.4 Provision and Use of Work Equipment Regulations ...................................................... 8 2.5 Offshore installations (Prevention of Fire and Explosion, and Emergency Response) Regulations.................................................................................................................. 8 2.6 Offshore Installations (Safety Case) Regulations ........................................................... 8 2.7 The Electricity at Work Regulations .............................................................................. 8 2.8 The Construction (Design and Management) Regulations ............................................ 9 2.9 IEC 60079-17 .............................................................................................................. 9 2.9.1 Maintenance .................................................................................................. 9 2.9.2 Inspection....................................................................................................... 9 2.9.3 Skilled personnel (electrical technicians) ........................................................ 10 2.9.4 Technical person with executive function...................................................... 10 2.10 ISO 2859-1 ................................................................................................................ 10 3 Applying SMS principles to managing the inspection of Ex electrical equipment ..... 12 3.1 Introduction............................................................................................................... 12 3.2 Policy ..................................................................................................................... 12 3.2.1 Initial inspection............................................................................................ 12 3.2.2 Periodic inspections ...................................................................................... 13 3.2.3 Sample inspections ....................................................................................... 14 3.2.4 Ex risk-based inspection ................................................................................ 16 3.2.5 Summary of coupling the sampling strategy with an RBI strategy.................. 17 3.2.6 Audit and review of Ex inspection strategy.................................................... 20 3.3 Organisation.............................................................................................................. 20 3.3.1 Roles and responsibilities .............................................................................. 20 3.3.2 Competence................................................................................................. 21 iii GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Contents Cont… 3.4 3.5 3.6 4 Planning and implementation .................................................................................... 22 3.4.1 Phase 1 of implementation plan ................................................................... 22 3.4.2 Phase 2 of implementation plan ................................................................... 23 3.4.3 Phase 3 of implementation plan ................................................................... 24 Measuring performance............................................................................................. 25 3.5.1 Initial Ex inspection target levels.................................................................... 25 3.5.2 Faults............................................................................................................ 25 Audit and review of performance .............................................................................. 25 3.6.1 Reviewing performance ................................................................................ 25 3.6.2 Auditing ....................................................................................................... 31 Managing inspection of Ex electrical equipment throughout its life cycle phases .... 32 4.1 Introduction............................................................................................................... 32 4.2 Design and construction ............................................................................................ 32 4.2.1 Equipment selection and implications for inspection and maintenance ......... 32 4.3 Installation/commissioning/handover ......................................................................... 33 4.3.1 Handover of data.......................................................................................... 33 4.3.2 Equipment register ....................................................................................... 33 4.3.3 Initial inspection............................................................................................ 34 4.4 Operation .................................................................................................................. 35 4.4.1 Equipment location....................................................................................... 35 4.5 Maintenance and inspection ...................................................................................... 36 4.5.1 Functional maintenance................................................................................ 36 4.5.2 Inspection of systems.................................................................................... 36 4.5.3 Efficiency in inspections ................................................................................ 37 4.6 Modification and decommissioning ........................................................................... 37 Annex A: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist................................................................................................................... 38 A.1 Managing inspection of Ex electrical equipment ignition risk gap analysis checklist.... 38 Annex B: Developing sampling plans by applying the RBI sampling methodology......... 44 B.1 Introduction............................................................................................................... 44 B.2 Overview of developing a sampling plan by applying the RBI sampling strategy to manage Ex electrical equipment ignition risks ........................................................ 44 B.3 Steps in developing a sampling plan by applying the sampling methodology ............. 45 B.3.1 Define lots .................................................................................................... 45 B.3.2 Define grade of inspection............................................................................ 50 B.3.3 Define sample size ........................................................................................ 51 B.3.4 Define rejection criterion............................................................................... 55 B.3.5 Define frequency of inspection ..................................................................... 55 B.3.6 Select a random sample from a lot ............................................................... 59 B.3.7 Inspect sample.............................................................................................. 60 B.3.8 Record inspection data ................................................................................. 60 B.3.9 Define scoring and rules for handling faulty equipment ................................ 61 B.3.10 Audit and review of sampling plans .............................................................. 69 Annex C: Technical basis of RBI sampling methodology ..................................................... 70 C.1 Introduction............................................................................................................... 70 C.2 Limitations of inspection by sampling ........................................................................ 70 C.2.1 Varying ASLs and applying Pa(10%) and Pr(5%) for an example lot.............. 70 iv GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Contents Cont… C.3 C.4 C.5 C.6 C.7 C.8 C.9 Define key sampling parameters ................................................................................ 71 C.3.1 Calculation of P(X=d) using hypergeometric law ........................................... 71 C.3.2 Calculation of Pa(X=Re-1) using hypergeometric law .................................... 72 C.3.3 Calculation of P(X=d) and Pa(X=Re) using binomial law ................................ 72 Determination of Pa(10%) ......................................................................................... 73 C.4.1 Determination of Pa(10%) where n/N≥0,15.................................................. 73 C.4.2 Determination of Pa(10%) where n/N<0,15.................................................. 75 Determination of Pr(5%)............................................................................................ 75 C.5.1 Determination of Pr(5%) where n/N≥0,15 .................................................... 75 C.5.2 Determination of Pr(5%) where n/N<0,15 .................................................... 75 Example graphical determination of Pa(10%) and Pr(5%).......................................... 76 Sampling tables for various ASLs................................................................................ 77 Determination of ALARP ASLs for various lot sizes ..................................................... 86 Lot quality for various sample sixes and rejection numbers......................................... 94 Annex D: Inspection schedules for Ex 'd', 'e', 'n', 'i' and 'p' electrical equipment ............ 95 D.1 Introduction............................................................................................................... 95 Annex E: Glossaries................................................................................................................. 99 E.1 Introduction............................................................................................................... 99 E.2 Glossary of terms....................................................................................................... 99 E.3 Glossary of abbreviations ......................................................................................... 109 Annex F: References ............................................................................................................. 111 Tables: Table 3.1: Ex electrical equipment risk graph – starting point for defining lots of Ex electrical equipment based on ignition risk............................................................................... 18 Table 3.2: Example application of RBI with or without sampling to Ex ignition risk in an Ex electrical equipment strategy by applying frequency of inspection multipliers ............ 19 Table 3.3: Example application of RBI to Ex ignition risk in an Ex electrical equipment sampling strategy by varying ASL ............................................................................... 19 Table 3.4: Simple set of fault codes based upon the type of faults typically encountered ........... 30 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist.... 38 Table B.1: Simplified approach to defining lots using a matrix for an offshore installation .......... 50 Table B.2: Sampling data for ASL = 1% ..................................................................................... 54 Table B.3: ALARP ASLs for various lot sizes................................................................................. 54 Table B.4: Ignition risk................................................................................................................ 57 Table B.5: Severity of the environment ....................................................................................... 58 Table B.6: Ignition risk................................................................................................................ 62 Table B.7: Results of inspection by sampling for equipment in a Zone 1 hazardous area ............ 63 Table B.8: Results of inspection by sampling for equipment in a Zone 2 hazardous area ............ 64 Table C.1: Example calculation of Pa(10%) where n/N≥0,15 ...................................................... 74 Table C.2: Example calculation of Pa(10%) where n/N<0,15 ...................................................... 74 Table C.3: Example calculation of Pa(10%) where n/N<0,15 ...................................................... 76 Table C.4: Sampling data for ASL = 0,25% ................................................................................ 78 Table C.5: Sampling data for ASL = 0,40% ................................................................................ 79 Table C.6: Sampling data for ASL = 0,65% ................................................................................ 80 Table C.7: Sampling data for ASL = 1% ..................................................................................... 81 Table C.8: Sampling data for ASL = 1,5% .................................................................................. 82 Table C.9: Sampling data for ASL = 2,5% .................................................................................. 83 v GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Contents Cont… Table C.10: Sampling data for ASL = 4% ................................................................................... 84 Table C.11: Sampling data for ASL = 6,5% ................................................................................ 85 Table C.12: ALARP ASLs for various lot sizes .............................................................................. 86 Table C.13: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 26-50 ................ 87 Table C.14: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 51-90 ................ 88 Table C.15: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 91-150 .............. 89 Table C.16: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 151-280 ............ 90 Table C.17: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 281-500 ............ 91 Table C.18: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 501-1 200 ......... 92 Table C.19: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 1 201-3 200 ...... 93 Table C.20: Lot quality for various sample sizes and rejection numbers ...................................... 94 Table D.1: Inspection schedule for Ex 'd', 'e' and 'n' equipment................................................. 96 Table D.2: Inspection schedule for Ex 'i' equipment.................................................................... 97 Table D.3: Inspection schedule for Ex 'p' equipment (pressurisation or continuous dilution) ....... 98 Figures: Figure 1.1: Overview of various Ex electrical equipment inspection strategies ............................... 2 Figure 1.2: Continuous improvement model ................................................................................ 6 Figure B.1: Flowchart illustrating steps in developing a sampling plan by applying RBI sampling strategy to manage Ex electrical equipment ignition risks.......................................... 46 Figure B.2: Example of process for defining lots of Ex electrical equipment ................................ 49 Figure B.3: Using change rules to determine category of inspection ........................................... 68 Figure C.1: Example determination of Pa(10%) and Pr(5%) from a graph of probability of acceptance of the lot, Pa verses percentage of faulty equipment in the lot D/N ........ 76 Figure C.2: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 26-50 ......................... 87 Figure C.3: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 51-90 ......................... 88 Figure C.4: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 91-150 ....................... 89 Figure C.5: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 151-280 ..................... 90 Figure C.6: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 281-500 ..................... 91 Figure C.7: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 501-1 200 .................. 92 Figure C.8: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 1 201-3 200 ............... 93 Boxes: Box 3.1: Example of using an Ex electrical equipment risk graph in an RBI inspection strategy.... 18 Box 3.2: Example of applying RBI principles to a sampling strategy ............................................ 19 vi GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ACKNOWLEDGEMENTS These Guidelines were commissioned by the Energy Institute’s Electrical Committee; most of these Guidelines were drafted by the following committee members: Robert Denham Peter Freeman Mark Scanlon Health and Safety Executive Shell U.K. Oil Products Limited Energy Institute The RBI sampling methodology (Annex B) and its technical basis (Annex C) are based on the developmental work of Bureau Veritas, whose contributors were: Bryan Eunson (Project Manager) Céline Labrune (Author) Hubert Ledoux (Technical Manager) Franck Mariet (Author) Jack Sneddon (Project Manager) In developing these Guidelines and during its peer review, significant technical contributions were made by: Phil Carpenter Mel Cockerill Duncan Crichton Robert Denham Peter Freeman Geoff Fulcher Kevin Hailes Terry Hedgeland Darren Hughes Ken Morton Tom Ramsey Paul Taylor Norman Turner Stephen Wilkinson Chevron Limited Total (Lindsey Oil Refinery) BP Health and Safety Executive Shell U.K. Oil Products Limited F.E.S. (Ex) Limited BP Consultant Petroplus Refining and Marketing Limited Health and Safety Executive Esso Petroleum British Pipeline Agency Limited Health and Safety Executive ConocoPhillips In addition, significant technical contributions were made by members of the Oil and Gas UK Electrical Network and the EEMUA Electrical Engineering Committee. The Institute wishes to record its appreciation of the work carried out by them and those that contributed to the development of these Guidelines. Affiliations refer to the time of participation. BSI is acknowledged for providing permission to reproduce extracts from IEC60079-17 (see Annex D). Mark Scanlon (Energy Institute) co-ordinated the project and carried out technical editing. Sonia Quintanilla (Energy Institute) and Andrew Sykes (Energy Institute) provided secretariat support to the Electrical Committee during the project. vii GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 FOREWORD Inspection of Ex electrical equipment is critical to assuring the continuing integrity of the types of protection that enable its use in potentially flammable atmospheres; yet such inspections are sometimes not carried out adequately both with regard to frequency of inspection, grade of inspection and completeness of the portfolio of Ex electrical equipment installed. This is due in part to the onerous requirements of IEC 60079-17 with respect to close inspection in three years of the several thousand pieces of Ex electrical equipment at a typical major hazards installation handling flammable fluids in the petroleum industry (both onshore and offshore) or allied process industries. In addition, inspection of Ex electrical equipment is often carried out at the same level of inspection (frequency of inspection, grade of inspection, etc.) without adjustment for the different ignition risks that might apply. Further, there is a lack of clarity in IEC 60079-17 regarding carrying out sample inspections, particularly with respect to detailed inspections. EI Guidelines for managing inspection of Ex electrical equipment ignition risk in support of IEC 60079-17 provides guidance on managing the ignition risks of Ex electrical equipment located in hazardous areas arising from flammable fluids: this is mapped against a safety management system (SMS) framework which should be applied throughout its life cycle. These Guidelines promote adoption of risk-based inspection (RBI) principles to inspection of Ex electrical equipment: this should result in high risk Ex electrical equipment being inspected to a more rigorous level of inspection (e.g. frequency of inspection) than lower risk items. These Guidelines set out an approach for establishing an RBI strategy which should be targeted, balanced and effective. Guidance is provided on implementing the strategy and ensuring that it is effective on a continuing basis. Therefore, these Guidelines constitute a benchmark of good practice. These Guidelines further develop the RBI concept by providing an RBI sampling methodology that takes into account as low as reasonably practicable (ALARP) principles. The RBI sampling methodology draws from and bridges ISO 2859-1 and IEC 60079-17: it provides an audit trail to the established general sampling methodology of ISO 2859-1 and meets the Ex electrical equipment inspection requirements of IEC 60079-17. In order to adapt the general sampling methodology to the specific application of inspection of Ex electrical equipment, additional management, sampling methodology and Ex electrical equipment requirements have been added to the criteria considered in ISO 2859-1. The RBI sampling methodology is intended for application to detailed inspections of Ex electrical equipment as defined in IEC 60079-17; however, it can be similarly applied to close inspections where a complete equipment register and records are available. The methodology applies random sampling to lots. Applying the RBI sampling methodology to the inspection of Ex electrical equipment should: C C C C C C Assure the continuing safety integrity of its types of protection. Enable compliance with pertinent legislation, regulations and standards. Reduce the possibility of introducing maintenance induced human failure due to intrusive inspection. Identify deficiencies such as corrosion, vibration, inadequate design, etc. Over time, help improve its performance. Be cost beneficial compared to the additional requirements on managing the process. These Guidelines are based primarily on the GB legislative and regulatory framework and international standards; yet its guidance is globally applicable provided it is read, interpreted and applied in conjunction with relevant national and local statutory legislation and standards. Where the requirements differ, the more rigorous should be adopted. viii GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 The information contained in this publication is provided as guidance only and while every reasonable care has been taken to ensure the accuracy of its contents, the Energy Institute and the technical representatives listed in the Acknowledgements, cannot accept any responsibility for any action taken, or not taken, on the basis of this information. The Energy Institute shall not be liable to any person for any loss or damage which may arise from the use of any of the information contained in any of its publications. This publication may be reviewed from time to time. It would be of considerable assistance for any future revision if users would send comments or suggestions for improvement to: The Technical Department Energy Institute 61 New Cavendish Street LONDON W1G 7AR e: [email protected] ix GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 OVERVIEW Section 1 provides an introduction to the management of Ex electrical equipment ignition risks, defines the scope of these Guidelines, and describes how they should be applied. Section 2 sets out the requirements of pertinent legislation, regulations and international standards pertinent to the inspection of Ex electrical equipment. Section 3 sets out the safety management system (SMS) principles pertinent to managing the inspection of Ex electrical equipment. It is illustrated with pertinent examples. Section 4 provides guidance on managing inspection of Ex electrical equipment throughout its life cycle phases after design and construction. Annex A provides a gap analysis checklist for managing inspection of Ex electrical equipment ignition risk that aims to determine whether current practices and processes comply with pertinent legislation, regulations and standards. Annex B sets out the steps in developing a sampling plan by applying the RBI sampling methodology. It defines key parameters and provides guidance on determining suitable values and reviewing the values based on the findings from inspections. The RBI sampling methodology is illustrated with examples and includes rules for applying a sampling plan. Annex C provides the technical basis of the sampling methodology and includes the basis for assigning an as low as reasonably practicable (ALARP) principle threshold to rejection criteria using the RBI sampling methodology. Annex D provides inspection schedules for various Ex electrical equipment types of protection. Annex E provides glossaries of terms and abbreviations. Annex F provides details of publications referenced. x GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 1 INTRODUCTION, SCOPE AND APPLICATION 1.1 INTRODUCTION These Guidelines were commissioned and partly developed by the EI Electrical Committee, which comprises senior electrical engineers from companies operating in the offshore and onshore petroleum industry, consultants and the Health and Safety Executive (HSE). They set out what is generally regarded in the industry as good practice and should assist those with responsibilities to meet the requirements of pertinent legislation, regulations and standards. They are not mandatory and different standards may be adopted in a particular situation where to do so would maintain an equivalent, or better, level of safety. Currently, many inspections of Ex electrical equipment are carried out at the same level of inspection (frequency of inspection, grade of inspection, etc.) without adjustment for the different ignition risks that might apply. Yet the inventory of Ex electrical equipment is typically located in different hazardous areas (where the probability of a flammable atmosphere being present differs) and the various Ex electrical equipment type of protection concepts present different ignition risks. In addition, the equipment may have different ages or be located where the environmental conditions differ. Detailed inspections are typically carried out as part of initial inspections, and not always as part of routine inspections. Such intrusive inspections are very resource intensive and might lead to maintenance-induced human failure (e.g. damage to gaskets and seals, or leaving out bolts on reinstatement). However, in order to ensure that the internal parts are fit for purpose and safe users should carry out Ex detailed (intrusive) inspections. In addition to meeting requirements of relevant legislation, regulations and standards, there is a significant business driver to install and maintain Ex electrical equipment such that it does not provide a potential source of ignition. The impact on businesses of fires or explosions due to a failure to control sources of ignition in terms of personnel injury or fatality, repairs, loss margin or revenue, reputational damage and fines or other penalties, can be such as to pose a significant threat to the survival or profitability of the business. As all petroleum installations contain large numbers of sources of ignition such as instruments, lights, motors, junction boxes etc., any such business should ensure that they are installed and maintained properly so as to limit the risk of uncontrolled sources of ignition. EI Guidelines for managing inspection of Ex electrical equipment ignition risk in support of IEC 60079-17 provides guidance on managing the ignition risks of Ex electrical equipment located in hazardous areas arising from flammable fluids: this is mapped against a safety management system (SMS) framework which should be applied throughout its life cycle. These Guidelines promote adoption of risk-based inspection (RBI) principles to inspection of Ex electrical equipment; this should result in high risk Ex electrical equipment being inspected to a more rigorous level of inspection (e.g. frequency of inspection) than lower risk items. These Guidelines further develop the RBI concept by providing an RBI sampling methodology that takes into account as low as reasonably practicable (ALARP) principles. The RBI sampling methodology draws from and bridges ISO 2859-1 and IEC 60079-17. Therefore, these Guidelines constitute a benchmark of good practice. Application of RBI has the advantage of more efficient use and targeting of inspection resources. 1 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Figure 1.1 provides an overview of the various Ex electrical equipment inspection strategies that are applied to managing ignition risks arising from Ex electrical equipment in potentially flammable atmospheres: in particular, it identifies whether they are risk-based and are likely to meet ALARP principles. Ex electrical equipment inspection strategy to manage ignition risks IEC 60079-17: Periodic: visual close 100% < three years Sampling: visual, close, detailed Continuous supervision Progressive sampling Visual, close, detailed to a nominal % Reliability centred maintenance (IEC 60030-3-11) and fault tree analysis RBI applied to ISO 2859-1 and IEC 60079-17 Described in these Guidelines: provides guidance on implementation of RBI in an Ex sampling strategy Apply RBI: Ex electrical equipment treated differently according to ignition risk probabilities of flammable atmosphere and source of ignition No guidance on implementing a sampling strategy All Ex electrical equipment treated with same risk - not RBI Complete equipment register, equipment history and trend analysis N Periodic: visual, close 100% Sampling: detailed Unlikely to consider probability of flammable atmospheres and sources of ignition Unlikely to demonstrate ALARP Y Periodic: visual, 100% Sampling: close, detailed Likely to demonstrate ALARP Figure 1.1: Overview of various Ex electrical equipment inspection strategies 2 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 1.1.1 Objective The objective of these Guidelines is to provide guidance on establishing an Ex electrical equipment inspection strategy which accounts for ALARP principles. This should help in improving the continuing management of ignition risk by assuring the continuing integrity of Ex electrical equipment type of protection as inspection should identify faults such as corrosion, vibration, inadequate equipment selection, etc. It should also improve the quality of inspections of Ex electrical equipment and, over time, improve the inservice performance of Ex electrical equipment. These Guidelines should help to clarify the concepts and should facilitate compliance with the requirements of relevant legislation, regulations and standards. Users are likely to seek answers to the following questions regarding managing the inspection of Ex electrical equipment: C C C What legislation, regulations and standards do I have to comply with and are there other business benefits that might be accrued? What do these requirements imply in practice and how can I tell if what I already have is sufficient? How can I meet the requirements effectively (both in terms of cost and compliance) while at the same time leveraging the activity to provide added value/reduce risk for my business? These Guidelines provide guidance on answering those questions: they provide a pragmatic approach to achieving this by promoting a risk-based Ex inspection strategy; further they offer the option of adopting a robust sampling methodology that derives from IEC 60079-17 and ISO 2859-1, is balanced and should meet ALARP requirements. The sampling methodology provides an opportunity to utilise qualitative and/or quantitative analytical techniques within a defined strategy. Use of robust statistical data derived from ISO 2859-1, in conjunction with a complete equipment register and competent personnel should optimise the potential of the methodology. The success of an Ex electrical equipment inspection strategy is dependent on the complete life cycle of Ex electrical equipment being appropriately managed and inspected, having appropriate records, and being audited and reviewed (in accordance with the SMS principles of HSE Successful health and safety management) so as to ensure that all such Ex electrical equipment is fit for purpose and safe and can be demonstrated as being so. These Guidelines set out an approach for establishing an RBI strategy, which in doing so provides a targeted, balanced and effective Ex inspection approach. This should result in high risk Ex electrical equipment being inspected to a more rigorous level of inspection than lower risk items. For detailed Ex inspections it prevents the need for the routine opening of all Ex enclosures. Annex B provides a comprehensive sampling strategy based on ISO 2859-1. These Guidelines should encourage appropriate management of the complete Ex requirements of initial, visual, close and detailed inspections, as set out in IEC 60079-17, Figure A.1. In doing so, they should encourage a consistent approach in the petroleum and allied industries and consistency in its regulation and verification (where appropriate). 1.1.2 Ex sampling strategy The Ex sampling strategy set out in these Guidelines is based on the following international standards: C ISO 2859-1 (which is technically identical to BS 6001-1) provides a recognised 3 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C sampling standard for general inspection requirements for manufacturing. This standard alone is not suitable for its direct application to inspection of Ex electrical equipment. IEC 60079-17 (which is technically identical to BS EN 60079-17) provides guidance on the following types of Ex inspections: initial inspection (commissioning); periodic inspection (visual and close); detailed inspection; and continuous supervision. This standard refers to Ex sample inspections; however, it does not provide specific guidance on what is expected of a sampling strategy. These Guidelines provide a method of applying the sampling schemes set out in ISO 2859-1 (which then provides an audit trail to an established sampling method), together with the Ex electrical equipment inspection requirements set out in IEC 60079-17; therefore, these Guidelines bridge those standards. In order to achieve this, the following management, sampling methodology and Ex electrical equipment requirements have been added to the criteria considered in ISO 2859-1 so as to develop an RBI Ex electrical equipment sampling methodology: C C C 1.2 Management requirements: − Having a high quality SMS with a systematic approach and high quality of audit and review. − Having a complete equipment register and records. − Developing an RBI strategy. Sampling methodology requirements: − Defining lots and sample size. − Defining grade of inspection. − Defining frequency of inspection. − Defining rejection criterion including an ALARP principle threshold (i.e. a cliff-edge effect) in relation to the selection of acceptance safety levels (ASLs). − Defining rules for faulty equipment when the rejection criterion is exceeded. Ex electrical equipment requirements: − The probability of a flammable atmosphere being present, as indicated by the hazardous area classification (i.e. Zones 0, 1 and 2 (and nonhazardous)). − The probability of a source of ignition being present due to a fault. − Ignition risk due to the simultaneous presence of a flammable atmosphere and a potential source of ignition. − The effect of severity of the environment. − The effect of equipment age. SCOPE These Guidelines cover the inspection of Ex electrical equipment located in hazardous areas (other than mines) where the risk arises from flammable atmospheres. They apply to Ex electrical equipment supplied or put into service in accordance with the ATEX 'Equipment Directive' (see section 2.3) and electrical equipment that precedes that Directive ('pre-ATEX' electrical equipment). It is not intended for application to Ex electrical equipment used in hazardous areas arising from combustible dusts (including coal dust) as they are excluded from the scope of IEC 60079-17. It is applicable to petroleum production, storage and processing installations, both onshore and offshore e.g. offshore production installations, petroleum refineries, bulk storage installations, 4 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 etc. Whilst it covers maintenance as part of the life cycle of Ex electrical equipment, these Guidelines are not a maintenance guide. These Guidelines have been developed for implementation on electrical, instrumentation and communication equipment only; hereafter referred to as 'Ex electrical equipment'. Risks due to process and human failure (except maintenance induced human failure) are excluded from these Guidelines. They do not cover the details of inspection and testing requirements of BS 7671 and BS 6626 of associated LV and HV electrical systems respectively (e.g. earthing, cabling and overload protection devices); however, they recognise the possibility of efficiencies in carrying out such inspections as for any GB electrical installation, alongside Ex inspections. The principles of these Guidelines could also be applied to other types of Ex equipment e.g. the inspection of mechanical equipment in hazardous areas (other than mines). 1.3 APPLICATION These Guidelines are intended to be used by those who manage the inspection of Ex electrical equipment and should include electrical engineers, especially those at the technical person with executive function (TPEF) level working in the petroleum and allied industries. They should also be of use to those needing to improve their understanding of the concepts, those who want to keep in touch with the development of good practice or those who have outsourced inspection of Ex electrical equipment but need to remain an 'intelligent customer'. These Guidelines should need little modification for use in organisations. These Guidelines are based primarily on the GB legislative and regulatory framework and international standards; yet its guidance is globally applicable provided it is read, interpreted and applied in conjunction with relevant national and local statutory legislation and standards. Where the requirements differ, the more rigorous should be adopted. The pertinent legislation, regulations and standards to be complied with, and the SMS do not prescribe how compliance should be achieved: they are goal setting in approach. A key element in such an approach is the concept of ALARP. Installation duty holders (DHs) should be able to demonstrate that their practices and procedures lead to any residual risk levels being ALARP. The guidance provided here is not prescriptive, and should be considered as one possible methodology to achieve ALARP (or in meeting similar national or local criteria) for managing the inspection of Ex electrical equipment. These Guidelines should be applied to the inspection of both new and existing Ex electrical equipment. Application of these Guidelines is likely to increase the demands on management but should result in greater confidence in the continuing integrity of Ex equipment through more targeted application of inspection resources. For the purpose of these Guidelines, the interpretations of terms in annex E.2 and abbreviations in annex E.3 apply, irrespective of the meaning they may have in other connections. However, many replicate or are based on the interpretations in IEC 60079-17, ISO 2859-1, EI Electrical safety code and EI Area classification code for installations handling flammable fluids. Users of these Guidelines should first read and understand IEC 60079-17 before attempting to follow these Guidelines. Users should note that whilst the EI Electrical Committee has confidence in the technical integrity of these Guidelines, until published they have not been fully implemented at an installation. When applied, this may require several inspection and audit and review cycles so as to optimise the Ex electrical equipment inspection strategy such that is works successfully; this is particularly so where the Ex electrical equipment 5 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 inspection strategy includes the sampling methodology. Users’ attention is drawn to the request for feedback in the Foreword which should help to improve these Guidelines in any future revision. Managing inspection of Ex electrical equipment ignition risk by applying gap analysis In order to illustrate the practical implications of compliance with legislation, regulations and standards, Annex A provides a managing inspection of Ex electrical equipment ignition risk gap analysis checklist that enables users to compare their current practices with those that should be in place if fully compliant. The questions in the checklist (see Table A.1) derive from information given in these Guidelines and IEC 60079-17. The gap analysis should help users seeking answers to the following questions regarding managing inspection of Ex electrical equipment ignition risk: C C C Where is my organisation now? Where is it trying to get to? How can it get there by planning and making improvements? The gap analysis is set around the following SMS principles, as defined in HSE Successful health and safety management: C policy; C organisation; C planning and implementation; C measuring performance; C audit and review. throughout the Ex electrical equipment life cycle phases of: C design and construction; C installation/commissioning/handover; C operation; C maintenance and inspection; C modification and decommissioning. It should be noted from the gap analysis checklist (see Table A.1) that the continuous improvement model set out in HSE Successful health and safety management implies that a significant number of reviews should take place (see Figure 1.2). ck Review Plan Exe cute Fe edba 1.3.1 Figure 1.2: Continuous improvement model 6 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 2 LEGISLATION, REGULATIONS AND STANDARDS 2.1 INTRODUCTION This section sets out the Ex requirements of pertinent GB legislation, GB regulations (some of which implement European Community directives) and international standards as they apply to the inspection of Ex electrical equipment. It should be noted that some aspects of the regulations apply differently to onshore and offshore installations. The pertinent objective of the legislation, regulations and standards is to allow installations to safely use electricity (which has the potential to readily provide a source of ignition) in potentially flammable atmospheres, e.g. whether arising from vapours, gases or liquids. 2.2 THE HEALTH AND SAFETY AT WORK ETC. ACT AND MANAGEMENT OF HEALTH AND SAFETY AT WORK REGULATIONS The Health and Safety at Work etc. Act (HASAWA) places general duties on employers to ensure, so far as is reasonably practicable, the health and safety of their employees, and others who may be affected by their undertaking (e.g. contractors). Host employers must take a proper interest in the activities and methods adopted by their contractors; in particular, how contractors might be affected by the routine work activities or processes taking place on the installation. In addition, employers should be able to competently select contractors, specify, and audit and review their work. For Ex electrical equipment, general duties are placed on manufacturers to ensure, so far as is reasonably practicable, that it is safe to use. These general duties are supported by the requirement of the Management of Health and Safety at Work Regulations for employers to undertake risk assessments for the purpose of identifying the measures that need to be put in place to prevent accidents and protect people against accidents. 2.3 ATEX 'EQUIPMENT DIRECTIVE', ATEX 'WORKPLACE DIRECTIVE', THE EQUIPMENT AND PROTECTIVE SYSTEMS FOR USE IN POTENTIALLY EXPLOSIVE ATMOSPHERES REGULATIONS AND THE DANGEROUS SUBSTANCES AND EXPLOSIVE ATMOSPHERES REGULATIONS The ATEX Directives introduce specific legal requirements aimed at specifying the necessary properties of electrical and non-electrical equipment for use in potentially flammable atmospheres, and protecting personnel from the potential hazards of flammable atmospheres, respectively. The ATEX 'Equipment Directive' (ATEX 100a, 94/9/EC) (Approximation of the Laws of Member States concerning Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres) is implemented in GB by The Equipment and Protective Systems for use in Potentially Explosive Atmospheres Regulations (EPSR). ATEX equipment should be assessed against the essential health and safety requirements of the Directive and if it conforms, it should be CE marked and a certificate of conformity should be prepared. The marking also comprises other information as may be required by the European Communities directives applying to a particular product. The ATEX 'Workplace Directive' (ATEX 137, 99/92/EC) (Directive on Minimum Requirements for Improving the Safety and Health Protection of Workers Potentially at Risk from Explosive Atmospheres) is implemented in GB by the Dangerous Substances 7 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 and Explosive Atmospheres Regulations (DSEAR) which set out minimum requirements for the protection of workers from fire and explosion risks arising from dangerous substances, and potentially flammable atmospheres arising from work with them. They require the classification of areas where flammable atmospheres may occur into zones. As noted in section 1.2, this document applies to all Ex electrical equipment, whether pre-or post-ATEX. Pre-ATEX Ex electrical equipment typically will not have an ATEX technical file/certification, which is one way of demonstrating that it is fit for purpose and safe at the time of installation. In the absence of any ATEX technical file/certification, the Ex electrical equipment should comply with relevant standards at the time of design and construction. 2.4 PROVISION AND USE OF WORK EQUIPMENT REGULATIONS Council Directive (89/655/EEC) on the Minimum Health and Safety Requirements for the Use of Work Equipment by Workers at Work (as amended by Council Directive 95/63/EC), which is implemented in GB by the Provision and Use of Work Equipment Regulations (PUWER) aims to ensure that work equipment does not result in health and safety risks to workers. PUWER imposes absolute requirements on employers to ensure that work equipment is in an efficient state, working order and in good repair; inspection and maintenance are key aspects of achieving these requirements, together with keeping the last inspection record. PUWER applies to all Ex electrical equipment (i.e. both ATEX equipment and pre-ATEX equipment); in practice, it requires Ex electrical equipment to be inspected and maintained such that it continues to meet its original certification requirements. 2.5 OFFSHORE INSTALLATIONS (PREVENTION OF FIRE AND EXPLOSION, AND EMERGENCY RESPONSE) REGULATIONS For offshore installations electrical ignition risks are subject to Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations (PFEER). These regulations place a general duty to protect persons from fire and explosion by having in place suitable measures. This includes control of sources of ignition such as Ex electrical equipment, which are considered safety critical elements (SCEs). 2.6 OFFSHORE INSTALLATIONS (SAFETY CASE) REGULATIONS The Offshore Installations (Safety Case) Regulations (OSCR) require a DH to prepare, put in place and maintain a verification scheme for SCEs and specified plant. This requires a suitable written scheme for ensuring that SCEs and specified plant are suitable and remain in good repair and condition. The scheme should include performance standards stating availability and reliability criteria; for Ex electrical equipment, the reliability could be the probability of a fault. These requirements are typically presented to the electrical personnel in the form of planned maintenance routines (PMRs). 2.7 THE ELECTRICITY AT WORK REGULATIONS The Electricity at Work Regulations (EAWR) cover the requirements of electrical systems, work activities, protective equipment and the effects of adverse or hazardous environments (i.e. the use of Ex equipment). 8 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Employers have duties under EAWR. In addition, employees have a duty to cooperate with employers to enable compliance with duties placed on their employers: this should ensure the safety of the installation and those who work on or near it. EAWR requires persons working on all electrical equipment to be competent so as to prevent danger and injury. Owners, operators and contractors are deemed to be employers and therefore have duties in relation to electrical activities and equipment associated with installations. Contractors include companies who provide intermittent or infrequent electrical services as well as main contractor companies providing continuous or more regular services. 2.8 THE CONSTRUCTION (DESIGN AND MANAGEMENT) REGULATIONS The Construction (Design and Management) Regulations (CDM) apply to construction and demolition work onshore. This uses a life cycle approach that focuses on design and planning. For notifiable projects above particular duration or hours to be worked thresholds there are additional requirements including keeping a health and safety file. Whilst there are no specific requirements of CDM as regards inspection of Ex electrical equipment, project documentation (including the equipment register and results of initial inspections) for notifiable projects should be part of the health and safety file. Excluded from scope of CDM are work to or on vessels such as mobile offshore installations, fabrication of elements (e.g. equipment skids) which will form parts of offshore installations, and the construction of fixed offshore oil and gas installations at the place where they will be used. 2.9 IEC 60079-17 The IEC 60079 series of international standards provide the basis for designing Ex electrical equipment, but also contain in IEC 60079-17 information on its maintenance and inspection. 2.9.1 Maintenance Regardless of the Ex inspection strategy chosen (see section 3.2), Ex equipment should be maintained in accordance with its functional requirements (which could be based on the manufacturer’s guidance and factors governing its deterioration) and the ignition risks associated with faults for the various types of protection. Where functional maintenance is being carried out, the opportunity should be taken to inspect its Ex integrity at the same time and all findings (including faults) should be recorded. Doing so should maximise equipment availability. For example, with lamp replacement the opportunity should be taken to inspect the Ex integrity of the luminaire at the same time. Where appropriate, and on an opportunistic basis, suitable preservation techniques should be applied to mitigate against corrosion. If a person has performed work on Ex electrical equipment, before the work is completed they should inspect it so as to ensure that the integrity of the type of protection hasn’t been compromised. The grade of inspection should be proportionate to the work carried out. 2.9.2 Inspection The intention of inspection is to ensure that the Ex electrical equipment continues to comply with its original Ex certification requirements both externally and internally. 9 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 The results of all inspections (initial, visual, close and detailed), maintenance, repair and faults found should be recorded, audited and reviewed to provide an auditable trail for each Ex electrical equipment installed. During Ex inspections the opportunity should be taken to apply some form of identification to each Ex electrical equipment e.g. a coloured tag identifying the year of inspection provides a visual indication to what equipment has been inspected and that equipment which has not been inspected. All Ex electrical equipment should be recorded in an equipment register. Definitions for the types of inspection (initial inspection, periodic inspection, sample inspection and continuous supervision) and grades of inspection (visual, close and detailed) based on IEC 60079-17 are provided in Annex D. The following provides clarification on the requirements of IEC 60079-17: C C C 2.9.3 The interval between periodic inspections shall not exceed three years without seeking expert advice. Periodic Ex inspections only check the external integrity requirements for Ex electrical equipment (except for moveable equipment). Inspection strategies should ensure that both the internal and external parts of the Ex electrical equipment comply with its Ex certification throughout its life cycle (e.g. the condition of the flame path of Ex 'd' enclosures should be inspected to ensure that the flange faces are clean and undamaged, and gaskets, if any, are satisfactory; whereas, for Ex ‘e’ enclosures the condition of terminations should be checked for tightness and to ensure that there is no undue ingress of water). Following the initial inspection, planned detailed inspections are only considered as part of sample inspection and not usually part of periodic inspection in IEC 60079-17; however, such an inspection strategy is unlikely to meet the requirements for inspection of internal integrity. These Guidelines provide in Annex B an RBI sampling methodology to manage Ex electrical equipment ignition risks which should meet these requirements both for internal and external Ex integrity so as to ensure that Ex electrical equipment is fit for purpose and safe throughout its life cycle. Skilled personnel (electrical technicians) Skilled personnel are generally electrical technicians, responsible electrical persons (REPs) and nominated electrical persons (NEPs), whether they are in-house or contracted resource (see Annex E.2). They should be supported by senior management and the technical person with executive function (see 2.9.4). They should be competent on: C C C 2.9.4 The various types of Ex protection and installation practices. The relevant rules and regulations. The general principles of hazardous area classification. Technical person with executive function The technical person with executive function (TPEF) is a senior competent person who is responsible for ensuring the integrity of Ex equipment. They should be supported by senior management and other skilled persons as defined in 2.9.3. 2.10 ISO 2859-1 ISO 2859-1 provides an acceptance sampling system for inspection by attributes. It is indexed in terms of the acceptance quality limit (AQL). Its purpose is to seek and maintain a process average at least as good as the specified AQL, while at the same time 10 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 providing an upper limit for the risk to the client of accepting the occasional poor lot. Whilst primarily developed for manufacturing applications, the scope of the standard states that it is applicable to inspection of: C end items; C components and raw materials; C operations; C materials in process; C supplies in storage; C maintenance operations; C data or records, and C administrative procedures. These schemes are intended primarily to be used for a continuing series of lots, that is, a series long enough to allow change rules to be applied, which provide: C C Protection to the client (by means of switching to increased inspection using change rules or discontinuation of sample inspection) should a deterioration in quality be detected. An incentive (at the discretion of the responsible authority) to reduce inspection costs (by means of switching to reduced inspection using change rules) should consistently good quality be achieved. Sampling plans in ISO 2859-1 may also be used for the inspection of lots in isolation where the operating characteristic curves are used to find a plan that will yield the desired protection. Annex C of these Guidelines provides suitable adaptations of ISO 2859-1 to the inspection of Ex electrical equipment. 11 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 3 APPLYING SMS PRINCIPLES TO MANAGING THE INSPECTION OF EX ELECTRICAL EQUIPMENT 3.1 INTRODUCTION Managing the inspection of Ex electrical equipment should involve application of the SMS principles introduced in section 1.3.1. This section provides guidance on applying these SMS principles using pertinent examples. There will inevitably be variations between different organisation’s business models that will dictate to a greater or lesser degree how they choose to manage and operate their installations. The guidance set out in this section is not intended to comprise prescriptive information on how Ex electrical equipment inspections must be managed, but more a set of techniques that can be used to address some of the issues set out in the gap analysis checklist (see Table A.1). Therefore, the guidance should be adapted to fit into a particular organisation’s structure. 3.2 POLICY An appropriate policy for managing inspection of Ex electrical equipment, i.e. an Ex inspection strategy, should be defined, implemented, audited and reviewed and where necessary, modified so as to ensure the satisfactory integrity of Ex equipment throughout its life cycle phases. It should cover the general intentions, approaches and objectives of the organisation in managing inspection of Ex electrical equipment, together with the criteria and principles on which actions and responses are based. The Ex inspection strategy should be effective and should be supported by an effective management system to ensure the safe operation, maintenance, inspection and work on Ex electrical equipment. IEC 60079-17 is fundamental in determining an Ex inspection strategy for all grades of inspection of Ex electrical equipment; however, these Guidelines further develop the option introduced in that standard of carrying out sample inspections by adopting the sampling methodology set out in Annex B. Inspections should be completed to optimise resource and access requirements. Where appropriate, functional maintenance should be aligned to Ex integrity inspections; however, the functional maintenance frequency should not exceed the frequency required to maintain the Ex integrity of the equipment. The scope of Ex inspections should include inspecting the integrity of the whole system and include any special requirements as per the Ex certification which are normally identified on the Ex certificate of conformity number by the suffix 'X'. All inspections or repair and maintenance should be recorded together with the details of Ex faults found. The assignment of fault codes should assist in the process of reliability and trend analysis. A robust system of audit and review (see 3.6) together with actions taken resulting from these findings should be recorded. The results of this should demonstrate whether the strategy is effective and whether personnel competence is adequate. 3.2.1 Initial inspection The initial inspection should be an exhaustive inspection, i.e. all equipment should be inspected and it is not appropriate to consider sample inspections. The initial Ex inspection should be a detailed inspection grade as set out in Annex D. Once this initial Ex detailed inspection has been carried out (i.e. a baseline has been achieved for the 12 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 electrical installation) then periodic (visual or close) and sample inspections (visual, close or detailed) should be applied for subsequent inspections. Initial inspection might be considered as the first and most important of several lines of defence to protect against potential ignition risks: it is key to continuing integrity of Ex electrical equipment; however, it is not always carried out as well as it should be due to pressure at the back end of projects (see 4.3.3). DHs are responsible for ensuring that their Ex electrical equipment is fit for purpose and safe. Where Ex electrical equipment has been installed and had an Ex initial inspection by third parties, e.g. fabricators supplying assemblies or installation contractors, DHs should audit and review: the competence of those personnel; the quality of their work (by validating some of these inspections); associated Ex initial inspection records; and the equipment register. If an unreasonable percentage of faults are found in such a validation then further validation should be carried out. These inspections should be representative of the overall installation and should be a combination of visual, close and detailed grades of inspection. The initial (together with periodic, sample, functional and breakdown) Ex electrical equipment inspection records and associated equipment register (i.e. electrical equipment data e.g. apparatus group, temperature class, manufacturer, certification data, identification number (tag), etc) should be kept by the DH as part of the Ex inspection strategy. It is a requirement of PUWER that DHs shall ensure that the results of an inspection are recorded and kept until the next inspection (see section 2.4). The initial Ex electrical equipment inspection should include a check of installation against certification requirements. Particular care should be taken when the certification specifies conditions on how the equipment can be utilised and installed. 3.2.2 Periodic inspections As noted in section 2.9.2, IEC 60079-17 requires periodic inspections comprising visual and close inspections, which should be carried at a frequency of inspection that should not normally exceed three years without seeking expert advice; however, IEC 60079-17 provides flexibility over what grade of periodic inspection should normally be carried out in a particular inspection and how much equipment should be inspected. This flexibility has led in practice to a wide range of Ex electrical equipment inspection strategies being adopted ranging from 100% visual inspections with close inspections only for faulty equipment, through to some nominal percentage of visual and close inspections, e.g. 80%:20% respectively. Note that the scope of close inspections also covers the pertinent inspection points for visual inspections (see Annex D). IEC 60079-17 does not refer to detailed inspections as part of periodic inspections except where the findings of visual or close inspections require investigation of internal Ex integrity to fully ascertain the causes of faults, or for moveable electrical equipment. This flexibility has led in practice to a wide range of Ex electrical equipment inspection strategies being adopted for detailed inspections on a periodic basis ranging from 100% detailed inspections to 0% detailed inspections. Sometimes, detailed inspections have been carried out as sample inspections (see 3.2.3) as suggested by IEC 60079-17. Following SMS principles, users should be able to justify their Ex electrical equipment inspection strategy and demonstrate that their strategy remains robust over time. From the flowchart in IEC 60079-17 Annex A it can be seen that a longer frequency of inspection than the maximum three years should not be chosen until it can be demonstrated by good performance that the frequency of inspection can be reduced. As part of the demonstration the option of using close or detailed inspection is given. In developing an Ex electrical equipment inspection strategy, there should be a robust consideration as to what grades of inspection should be carried out on a continuing basis and at what frequency of inspection. 13 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Most DHs carry out 100% visual inspections as in general they do not require the Ex electrical equipment to be isolated. Therefore, they are able to be completed in a cost effective manner and provide a good indication to the external Ex integrity of the electrical equipment. This grade of inspection should be considered as the second of several lines of defence to protect against potential ignition risks. Close inspection of Ex electrical equipment should be considered as the third of several lines of defence to protect against potential ignition risks; it provides a more comprehensive indication than visual inspections of external Ex integrity of the electrical equipment. Where not readily accessible, this might require the use of access equipment (e.g. scaffolding) or the use of electrical technicians who are also competent abseilers. Both visual and close inspections check whether the external components of Ex electrical equipment comply with its original Ex certification; for example, that enclosures are not damaged or bolts are not missing. The Ex inspection of each area of an installation should be recorded together with the number of Ex electrical equipment items inspected, Ex faults found and actions taken. Whilst carrying out visual inspections, findings on several inspected items might lead to a need for further close and detailed inspections. The findings of all such inspections should be recorded, and an appropriate percentage should be audited and reviewed so as to robustly justify and demonstrate that the Ex strategy is capturing external faults, and where applicable internal faults. When carrying out visual or close inspections, the opportunity should be taken to identify (tag) Ex electrical equipment and to ensure that it is recorded in the equipment register. Consequently, all installations should have a complete equipment register within the three year period required by IEC 60079-17. Where Ex periodic inspections are not carried out within three years, IEC 60079-17 requires the provision of expert advice in the form of a robust justification for non-compliance. Movable electrical equipment (hand-held, portable and transportable) should be subject to a close or detailed inspection as determined by the use and nature of the equipment, at a frequency of typically every 12 months, and visually inspected before each use to check for obvious damage. Temporary or third party owned Ex electrical equipment should be supplied with appropriate Ex records or Ex inspection test certificates; in addition, ATEX marking and certificate of conformity documentation should be supplied in the case of temporary or third party supplied assemblies. DHs should consider carrying out a complete Ex visual inspection prior to its installation or use, together with a sample inspection of Ex close and detailed inspections so as to ensure that the Ex equipment is fit for purpose and safe. The duration installed or used should be used to determine whether third party or temporary Ex electrical equipment should be included in the DH's normal inspection strategy. Where a visual or close inspection indicates a need to investigate further to fully ascertain the causes of faults, a more rigorous grade of inspection should be applied (e.g. changing from close to detailed inspection). 3.2.3 Sample inspections For the reasons noted in 3.2.2, visual inspections can be completed in a cost-effective manner and they provide a good indication of the external integrity of Ex electrical equipment; consequently, they should not be included in a sampling strategy – sample inspections should only be applied to close and detailed inspections. Ex detailed inspections should be considered as the fourth of several lines of defence to protect against potential ignition risks. Detailed inspections check whether the internal components of Ex electrical equipment comply with its original Ex certification; for example, that Ex 'd' flame paths are not obstructed or damaged and Ex 'e' terminations are not loose. Furthermore, those installations not having appropriate Ex history/records 14 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 should only apply sample inspections to detailed inspections. Practical experience shows that intervening in detailed inspections, i.e. removing equipment covers, carries with the action the risk of introducing faults. If the probability of faults being present before inspection is low then the act of inspection may introduce more faults and reduce rather than improve performance. IEC 60079-17 recognises this effect and carries a warning that care must be taken that reassembly restores original design integrity. Although the severity of the environment and service will have an effect on performance the critical aspect is the original selection of Ex electrical equipment. If Ex electrical equipment is installed that has a known good performance in the intended application then the Ex electrical equipment inspection strategy can utilise this knowledge in determining the level of inspection for detailed inspections. Note that this assumes the initial inspection proves that the original installation is to a high standard. If the Ex electrical equipment is new to the installation and has no proven performance record, then the Ex electrical equipment inspection strategy should be more conservative and should include detailed inspection. Users should consider classifying their Ex electrical equipment according to their experience and knowledge of performance (e.g. fluorescent fittings by manufacturer): such assessments should be recorded together with the evidence supporting the assessments. Where appropriate Ex history/records exist together with Ex fault records and trend analysis, the DH should be in a position to robustly justify their Ex inspection strategy. Close and detailed inspection of 100% of a population of equipment is the Ex inspection strategy that gives the greatest confidence in the equipment continuing to meet its Ex integrity; whereas an Ex inspection sampling strategy provides a better balance between the cost of inspection and confidence in the Ex integrity of the equipment. Such a strategy is more likely to meet ALARP principles. In a sampling strategy, the quality of the entire population is not precisely known but a statistically valid estimation of that quality can be made. This estimation can then be analysed to update/modify the sampling strategy through audits and reviews, and confidence in the Ex integrity of the population should increase. In effect, sample inspections should allow the user to have sufficient confidence in the Ex integrity of the entire population without having to inspect all the items. Two types of sampling are available: progressive and random. Progressive sampling considers a population of equipment and takes a random sample of that whole population. Inspection is then carried out on that subset (e.g. 10 %), and the remaining items that had not been sampled on the first inspection noted. This reduced sample of uninspected items is then used as the population to be sampled on the second inspection. The remaining population after this second sample is then used for the third sample; this continues until the entire population has been inspected. Thereafter, inspection re-commences on a sample of the whole population. Random sampling considers the whole population at each inspection, and then takes a purely random subset of that whole population. Random sampling can lead to the same equipment being inspected on two or more consecutive inspections, even though the sample size may be relatively small. This may seem to be a disadvantage of random sampling; yet it is the key advantage that random sampling has over progressive sampling in inspection of equipment. By having the possibility of revisiting previously inspected items before the entire population has been inspected (i.e. potentially more frequently than would be the case for progressive sampling), it is significantly superior in highlighting maintenance-induced human failures due to poor re-assembly or human failure by the inspector on the last inspection. This allows greater confidence in the ability of the inspection strategy to cover not only randomly occurring faults and wear out faults, but damage and other human intervention related failures. 15 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 For sample inspections, the level of inspection should be determined; usually, its parameters should be varied based on inspection performance but could also be influenced by other business reasons. The findings of Ex sample inspections should be used in audits and reviews to support or modify the level of inspection. An Ex sampling strategy for Ex close and detailed inspections should not be carried out in isolation from other inspections. 3.2.4 Ex risk-based inspection Current Ex inspection strategies tend to inspect a nominal percentage of the total Ex electrical equipment inventory per annum, which for some installations might be 50 000 items; however, not all the equipment is exposed to the same potential risk of a flammable atmosphere (i.e. Zone 0, 1, and 2 and non-hazardous) being present or the same risk of ignition owing to the different Ex types of protection. Therefore, such an approach does not best target inspection resources on high risk equipment. An RBI approach to inspection of Ex electrical equipment should assess the ignition risk by considering the probability of a flammable atmosphere being present, as indicated by the hazardous area classification, and the probability of a source of ignition being present due to Ex integrity failure. Equipment with similar characteristics is then allocated to lots. Where it is not possible to define lots with similar characteristics, then more rigorous conditions for the lot should be taken. For the probability of a flammable atmosphere being present based on duration, the following approach uses the hazardous area classification criteria for unrestricted 'open air' release conditions from EI Area classification code for installations handling flammable fluids: C C C Zone 0 – continuous grade release, e.g. > 1 000 hours per annum. Zone 1 – primary grade release, e.g. 10-1 000 hours per annum. Zone 2 – secondary grade release, e.g. 1-10 hours per annum. A similar approach can be applied to the probability of a source of ignition being present by using electrical system rated currents: C C C low risk – intrinsically safe; medium risk –instrumentation, and high risk – HV/LV power circuits and emergency equipment. Both of these inputs are simple qualitative approaches which should suffice; however where necessary, users could apply more quantification to the determination of the probability of a source of ignition being present, for example using EI Research report: Ignition probability review, model development and look-up correlations. The risk graph (Table 3.1) uses these qualitative approaches to provide a reasonable starting point for defining lots of Ex electrical equipment in the absence of appropriate Ex inspection records: it assigns different ignition risks to Ex electrical equipment using a risk graph based on the probability of a flammable atmosphere being present (indicated by hazardous area classification) and the probability of a source of ignition being present (indicated by electrical system rated currents). Using this reasonable starting point simplifies the more comprehensive approach for defining lots of Ex electrical equipment described in annex B.3.1 that uses several criteria: it has the advantage of resulting in three lots (low, medium and high risk) with the consequent advantages of larger lot sizes and proportionately less inspection effort. In an RBI Ex inspection strategy, high risk Ex electrical equipment should be inspected to a more rigorous level of inspection (e.g. frequency of inspection, etc) than low risk Ex electrical equipment. This should provide more balanced, effective and 16 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 targeted inspections. Other factors can be used to adjust the Ex risk-based inspection strategy, e.g. equipment age, severity of the environment and findings of earlier inspections from records. These additional factors might move Ex electrical equipment to another level of risk: this concept is further developed in Box 3.2 using for example, acceptance safety level (ASL), which is a level of inspection criterion for sample inspections (see annex B.3.1). Lots of Ex electrical equipment should be of an appropriate size so that the number and results of inspections are easily auditable. The fundamental requirement of a risk-based approach to managing Ex electrical equipment inspection is the collection and analysis of equipment records in support of an equipment register. Historical records should include the grade of inspection, the frequency of inspection and the degree of confidence in the results of inspections. Historical records should be reliable; however, an assessment of the quality of the inspection and associated records should be made prior to using them in determining the level of inspection (e.g. frequency of inspection, etc.). This will apply more so to existing installations that are considering adopting RBI having previously applied other Ex inspection strategies. Key performance indicators (KPIs) (see 3.6.1.7) should be used for monitoring the continuing effectiveness of all Ex inspection strategies and they become more important when changing from one Ex inspection strategy to another, so that it is possible to measure the success of the transition. Use of RBI carries the advantage of more efficient use and targeting of inspection resources. From the outcomes of the inspections, audit and review should be carried out with a view to validating the RBI approach, and optimising it, as required. See 3.2.6. 3.2.5 Summary of coupling the sampling strategy with an RBI strategy Coupling an Ex inspection sampling strategy that gives an acceptable level of confidence (see 3.2.3) with a risk-based approach (see 3.2.4) provides a targeted, balanced and effective Ex inspection strategy. The methodology set out in Annex B is based on ISO 2859-1, suitably adapted to the inspection of Ex electrical equipment and adopts RBI. It contains an approach for setting level of inspection parameters based on the quality of historical records (see annex B.3.5.3) and its subsequent variation based on inspection performance (see annex B.3.10). The sampling methodology adopts random sampling; this is used to monitor the effects of the severity of the environment, vibration, inherent design weakness, etc. and to identify random faults. Note that the sampling methodology does not account for the consequences of a fire/explosion, nor does it take any credit for any mitigation measures. 17 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Box 3.1 Example of using an Ex electrical equipment risk graph in an RBI inspection strategy The risk graph (Table 3.1) provides a reasonable starting point for defining lots of Ex electrical equipment in the absence of appropriate Ex inspection records. Its objective is in assigning risks to Ex electrical equipment in various zones as part of an RBI approach, which could be used with or without sampling. The risk graph does not take into account the severity of the environment and equipment age, which might move Ex electrical equipment to another level of risk. Table 3.1 Ex electrical equipment risk graph - starting point for defining lots of Ex electrical equipment based on ignition risk Probability of source of ignition being present Groupings of Ex electrical equipment based on electrical system rated currents Onshore nonhazardous abnormal operations (Note 6) Offshore nonhazardous abnormal operations (Note 6) Intrinsically safe Low Instrumentation Low Probability of flammable atmosphere being present Zone 2 Zone 1 Zone 0 Low Low Low Low (Note 4) Low Low Medium N/A (Note 2) HV/LV power circuits and emergency equipment Low Medium (Note 3) Medium High N/A (Note 2) Notes: 1. The risk graph assumes correct selection of Ex type of protection in the first instance. 2. N/A – Such Ex electrical equipment is not appropriate for that zone. See Note 1. 3. Non-hazardous areas offshore typically contain SCEs that are energised during an emergency; consequently, risks for LV/HV power circuits are greater in offshore environments compared to onshore environments. 4. For Zone 0, use of intrinsically safe systems (Ex 'ia') means that there is an inherent low ignition risk as by design they do not have the potential to produce an incendive spark that can ignite a flammable atmosphere. Similarly, intrinsically safe circuits supplied from the Zener barrier (providing a connection to the equipotential bonding system and for TN-S systems only, connected to a high integrity earth system and routinely tested to be <1 ohm). or galvanic isolator might be considered to be low risk. 5. By design, intrinsically safe systems do not have the potential to produce an incendive spark; whereas, both instrumentation and HV/LV power circuits have the potential to produce an incendive spark that can ignite a flammable atmosphere. This is reflected in the risk graph; however, another factor to consider is the consequence of the electrical fault energy since HV/LV power circuits are likely to have a fault energy level that has the potential to cause severe electrical arcing which might damage the Ex enclosure and compromise the continuing integrity of its type of protection. Consequently, the Ex terminals and enclosure should be rated for these higher electrical systems rated currents for HV/LV power circuits. 6. In abnormal operations a flammable atmosphere may be present in areas designated non-hazardous in normal operations; some electrical equipment may be required to be in service then such that it should be Ex electrical equipment. Onshore installations typically have few equipment in such non-hazardous areas; however, offshore accommodation platforms have emergency lighting that would be expected to operate in abnormal operations. Applying such a risk-based approach to the allocation of lots would place Ex electrical equipment into low, medium and high ignition risk lots. This approach should result in the high risk Ex electrical equipment being inspected to a more rigorous level of inspection than medium and low risk Ex electrical equipment respectively. For example, applying RBI to these lots in Table 3.1, the frequency of inspection is varied. High ignition risk Ex electrical equipment is allocated a higher frequency of inspection than medium ignition risk Ex electrical equipment, etc. by applying a smaller multiplier. 18 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Box 3.1 Continued… Example of using an Ex electrical equipment risk graph in an RBI inspection strategy Table 3.2 Example application of RBI with or without sampling to Ex ignition risk in an Ex electrical equipment strategy by applying frequency of inspection multipliers Ignition risk (Note 1) Frequency of inspection multiplier Low x2 Medium x1 High x0,5 Notes 1. Ignition risk derived from Table 3.1. 2. In this example, the frequency of inspection is the only level of inspection criterion that is changed. 3. This approach applies whether or not sample inspection is part of the RBI inspection strategy. Box 3.2 Example of applying RBI principles to a sampling strategy For sampling strategies, other level of inspection criteria (as defined in Annex B) can be varied (e.g. ASL, global failure rate or category of inspection) to give further possibilities for RBI. For example, applying RBI to the lots from Table 3.1 in Table 3.3, ASL is the only level of inspection parameter that is varied (although this in turn adjusts the rejection number (Re) but not the sample size in this case): high ignition risk Ex electrical equipment is allocated an ASL lower than the ALARP ASL; consequently, Re is more rigorous than for medium ignition risk Ex electrical equipment, although the sample size remains the same. Table 3.3: Example application of RBI to Ex ignition risk in an Ex electrical equipment sampling strategy by varying ASL Sample Ignition risk ASL Re Data reference (Note 1) size Low > ALARP ASL = 1,5% 80 4 Table C.8 Medium ALARP ASL = 1% 80 3 Table C.7 High < ALARP ASL = 0,65% 80 2 Table C.6 Notes 1. Ignition risk derived from Table 3.1. 2. Lot size = 1 000, global failure rate = level II, ALARP ASL = 1% (see Table B.3). Sample size and Re derived from Tables C.6, C.7 and C.8. 3. In this example, only the ASL is changed (and consequently Re): other level of inspection criteria also could be adjusted (e.g. frequency of inspection, global failure rate, category of inspection). 4. Adjustment of ASL only applies to sample inspections. 19 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 3.2.6 Audit and review of Ex inspection strategy The primary objectives of audit and review of an Ex inspection strategy are to identify if there are any weaknesses, where necessary to improve it, and to be able to demonstrate that the Ex inspection strategy is appropriate, robust and justified. The success of an Ex sampling inspection strategy is significantly dependent on the quality of the Ex inspections and the quality of the associated records (together with faults identified). To ensure high quality, there should be rigorous audits and reviews of Ex inspections and associated records. Should critical faults be identified to the TPEF, they should evaluate any potential ignition risk, apply appropriate control measures, initiate remedial action (within an appropriate timescale), or isolate the faulty Ex electrical equipment. The TPEF should initiate further inspections to determine the extent of the failure mode and take the necessary corrective action. Trend analysis is able to be carried out more readily if Ex fault codes are assigned; these facilitate computer search fields to be generated to highlight generic equipment faults or areas of the installation which might have an adverse affect on the integrity of the Ex electrical equipment, e.g. deluge systems. Whichever inspection strategy is applied, analysis of the inspection data should be performed regularly to ensure that inspection resource is focused on the appropriate areas and equipment where faults are found. An annual audit and review should be followed by a more rigorous three-yearly audit and review; these should involve a cross-section of all personnel involved in the management and carrying out of the inspections e.g. REP, ICP, TPEF and electrical technicians. All audits and reviews together with actions taken should be recorded. IEC 60079-17 suggests that Ex inspection personnel should be independent of the demands of functional maintenance inspections. Where this is not practical, installations that employ competent personnel might merge the task of maintenance and inspection as long as the Ex integrity inspections are not compromised. See 3.6 for guidance on audit and review of all aspects of managing inspection of Ex electrical equipment. 3.3 ORGANISATION Clear authority, responsibility and accountability should be allocated to, and understood by, the various organisations, management and competent personnel involved with managing the inspection of Ex electrical equipment throughout its life cycle. These aspects should be unambiguously defined in organisational structures and management systems for all organisations involved. Senior managers should understand that managing the inspection of Ex electrical equipment is an important safety matter, which requires appropriate numbers and competencies of personnel, adequately supported by maintenance and inspection procedures and records. In managing the electrical function, competent persons should ensure that ignition risks of Ex electrical equipment located in hazardous areas are given appropriate attention. 3.3.1 Roles and responsibilities Employers, employees and contractors have responsibilities under EAWR (see section 2.7). Regardless of this; many of these fall on the DH; pertinent ones include: 20 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C C Appointing NEPs to be responsible for managing aspects of the electrical function, which are under their control. With regard to Ex electrical equipment the petroleum industry generally nominates a TPEF (see section 2.9.4). Ensuring that regular audits are performed so that all pertinent personnel are fully aware of their responsibilities and accountabilities in relation to Ex electrical equipment. Typical examples of Ex inspection activities that should be carried out by DHs include: C C C 3.3.2 Reviewing maintenance and inspection completion and backlog reports to check that the correct information has been recorded and that deferred maintenance will not result in unsatisfactory safety risks. An example is a supervisor being made responsible for weekly reviews and the TPEF carrying out regular audits to determine if the relevant procedures are being implemented. All audits and review should be documented and recorded outlining: − which sections have been audited and reviewed; − what Ex findings/faults have been revealed; − whether there are generic faults; − recommended actions e.g. further inspections required on Ex electrical equipment, and − changes to the Ex inspection strategy. Performing ongoing competence assessments of personnel involved in electrical work e.g. checking the quality of Ex electrical equipment inspections and associated Ex records. Periodically reviewing approvals of change requests, subsequent modifications and changes to operational constraints that might impact the integrity of Ex electrical equipment. Competence A competence assurance system should be in place to secure the competence of all personnel involved with Ex electrical equipment. As part of achieving competence, Ex electrical technicians should be adequately trained and experienced. See 3.3.2.1. For other roles (e.g. REP, TPEF, ICP) additional competence requirements apply (e.g. see section 2.9.4). Competence with Ex electrical equipment requires thorough knowledge of its construction, type of protection, operation and failure mechanisms to determine whether they are fit for purpose and safe. 3.3.2.1 Inspector competence The inspection of electrical equipment installed within hazardous areas should be carried out by competent personnel, typically Ex electrical technicians. This should be achieved by the personnel meeting the requirements of a competency based scheme. In GB, a recognised training, assessment and certification scheme for electrical technicians is the CompEx National Training and Assessment Scheme. Competency should be refreshed regularly and there should be satisfactory performance on training course and workplace assessments to ensure that current good practice is applied. The minimum training requirements of IEC 60079-17 for Ex electrical technicians are described in section 2.9.3. The competency level of personnel lies within the responsibility of the TPEF. This responsibility should be endorsed by the DH or equivalent, and should be supported by the relevant competency assurance processes. 21 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 To be qualified for the inspection of electrical equipment installed within hazardous areas, a person should justify initial competences in electrical equipment and have successfully been assessed on: C C A training course with the minimum content required by the standard and several years of practical experience of working with Ex equipment, or A training course with the minimum content described above and a mentoring period implemented and validated by experienced inspectors. Evidence of the relevant experience and training should be available. Audits are necessary to ensure that the inspectors do their tasks in accordance with site procedures. All audits and reviews should be formally recorded together with actions taken. The knowledge of Ex electrical technicians should be regularly refreshed (for example to comply with the requirements of CompEx) due to changes in regulations, standards, new types of protection and development of good practice. In addition to electrical technicians carrying out Ex inspections, other competent personnel will also inspect Ex electrical equipment, e.g. TPEF, ICP, REPs and NEPs. 3.3.2.2 Competence of employers using contractor resources As noted in section 2.2, employers should be 'intelligent customers' and so should be able to competently select contractors, and specify, audit and review their work. Where employers do not possess in-house Ex electrical equipment competence, they should consider delegating this responsibility to a consultant so as to ensure that the requirements for inspection of Ex electrical equipment are complied with; if this is the case, these roles and responsibilities should be clearly defined and documented. 3.4 PLANNING AND IMPLEMENTATION A pre-requisite to establish an Ex risk-based inspection strategy (see 3.2.4) is to have an Ex electrical equipment register and records that cover all such equipment. Where this is the case, the sampling methodology provided in Annex B might be applied to both Ex detailed and close inspections. Figure 3.1 illustrates the key steps. For those existing installations not having a complete equipment register and appropriate records (i.e. those from the initial detailed inspection and subsequent records), the three-phase implementation plan described in 3.4.1-3.4.3 should be applied, which provides a process to move towards an Ex risk-based inspection strategy (see Figure 3.1). The intent of this three-phase approach is to get DHs moving towards a robust Ex electrical equipment inspection strategy in a step-wise manner. In doing so, they would carry out some inspections and gather information that should feed into an equipment register, as well as carrying out some auditing and reviewing. This has the advantage of spreading out the considerable effort required to populate an equipment register. Whilst this approach offers the option of including some sample inspections as part of the Ex electrical equipment inspection strategy, this is only an option and in some cases it may be inefficient to apply (e.g. with small lots): 3.4.1 Phase 1 of implementation plan Carry out gap analysis to determine the current status of the Ex strategy (see section 1.3.1), define forward Ex strategy (see 3.2) and determine a plan of action to progress to the forward Ex strategy. This may typically include: 22 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C C C C C C C C C C C 3.4.2 Periodic inspections: Carry out Ex visual and close inspections and create a 100% equipment register in a timescale of three years (the timescale normally required by IEC 60079-17 for periodic inspections (see section 2.9.2)). Sample inspections: Carry out a representative random sample of Ex detailed inspections. Assign equipment identification numbers (tags). Record Ex details. Assign fault codes. Carry out trend analysis to help identify the Ex electrical equipment integrity fault types that contribute to determining the probability of a source of ignition being present. Highlight high risk areas and high risk Ex electrical equipment. Implement appropriate control measures. Amend the Ex inspection strategy, as required. Carry out regular (yearly, three-yearly and as required) audits and reviews on the quality of the Ex inspections, associated records and the Ex inspection strategy, so as to ensure that all Ex electrical equipment is fit for purpose and safe. Where the findings of visual and close inspections raise concern regarding the Ex integrity, carry out appropriate detailed inspections. Phase 2 of implementation plan Apply the outcomes from phase 1 of implementation plan, carry out gap analysis to determine the current status of the Ex strategy (see section 1.3.1), define the forward Ex strategy (see 3.2) and determine a plan of action to progress to the forward Ex strategy. This may typically include: C C Use the data from phase 1 of implementation plan for the following three years to: − Define KPIs. − Robustly justify any modifications to the level of inspection for periodic inspections. − Robustly justify use of a risk-based approach in the Ex electrical equipment sampling inspection strategy by identifying Ex ignition risk using Boxes 3.1 and 3.2. Manage Ex visual, close and detailed inspections. Specifically, the following tasks should also be carried out: − Periodic visual (100%) and sample inspections (close and detailed) on a continuing basis, and record results. − Effective management of all Ex electrical equipment ignition risks. − Identify generic faults. − Record how the Ex inspection strategy has been continually improved or adjusted to cover any common faults using evidence of trend analysis. − Demonstrate the effectiveness of the Ex visual, close and detailed inspections, and what benefits they have provided in the control of ignition risks using appropriate evidence. − Use the outcomes of the audit and review carried out in phase 1 of implementation plan, which should identify the Ex electrical equipment integrity fault types and trend analysis, to determine the probability of a source of ignition being present. Combine this with the probability of a flammable atmosphere being present, to determine the overall ignition risk: this forms the basis of an RBI Ex inspection strategy. − Monitor KPIs to determine whether performance is adequate. 23 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 − 3.4.3 Carry out annual and a more rigorous, three-yearly audit and review to review Ex faults found, the faults found from Ex visual, close and detailed inspections, changes in process conditions. The ICP, TPEF, and an electrical technician should be involved in a team-based approach, as well as process safety engineers. Phase 3 of implementation plan Apply the outcomes from phase 2 of implementation plan, carry out gap analysis to determine the current status of the Ex strategy (see section 1.3.1), define the forward Ex strategy (see 3.2) and determine a plan of action to progress to the forward Ex strategy. This may typically include: C C As phase 2, but: − Identify Ex ignition risk using Annex B. − Review and monitor KPIs. − Promote continuous improvement throughout life cycle phases. Manage Ex visual, close and detailed inspections together with audits and reviews on an ongoing basis. This should provide a robust justification for the Ex inspection strategy, demonstrate that it is appropriate, and achieve continual improvement in the integrity of Ex electrical equipment so as to ensure that the actual condition remains fit for purpose and safe. RBI Ex inspection strategy Non-RBI Ex inspection strategy Ex electrical equipment inspection strategy to manage ignition risks Phase 2 (three years) Gap analysis Periodic - visual (100%) Identify Ex ignition risk using Boxes 3.1 and 3.2 RBI sampling - close and detailed, and record results Define and monitor KPIs Audit and review by TPEF, ICP, REP and NEP (including Ex register and records) Phase 1 (three years) Y Equipment register and records N Gap analysis Periodic - visual and close (100%) and establish Ex register and records Sampling - detailed, and record results Audit and review by TPEF, ICP, REP and NEP Phase 3 (ongoing) As phase 2, but: Identify Ex ignition risk using Annex B Review and monitor KPIs Continuous improvement throughout life cycle phases Figure 3.1: Process for implementing Ex inspection strategies and the process for moving from non-RBI to RBI 24 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 3.5 MEASURING PERFORMANCE 3.5.1 Initial Ex inspection target levels Where risk-based Ex inspections use sampling, the inspection results provide an overview of the condition of Ex equipment in a lot based upon a statistically representative sample of the equipment. If review of the inspection results indicates that the number of faults found is equal to or above the rejection criterion (e.g. due to poor severity of the environment or equipment design faults) then action should be taken to improve the Ex integrity of the equipment before it creates a potentially dangerous situation. Conversely, if the number of faults found is below the rejection criterion, then it should be determined whether the quality of the Ex inspection and associated records is appropriate. Furthermore, future inspections for that lot should be adjusted to reflect the results of inspections within the lot. Such information can form the basis of some KPIs (see section 3.6.1.7). 3.5.2 Faults Faults should be recorded using fault codes (see section 3.6.1.8). Faults should be analysed by the TPEF to establish the root cause and decide what actions are required to eliminate recurrence of faults, such as by modifying/replacing the equipment or increasing maintenance intervention. 3.6 AUDIT AND REVIEW OF PERFORMANCE 3.6.1 Reviewing performance Organisations should learn from all relevant experience and apply the lessons to move forward and improve the inspection of Ex electrical equipment to assure its continuing integrity. There should be a systematic review of performance based on data from monitoring and from independent audits of the whole Ex SMS. There should be a strong commitment to continuous improvement involving the development of the Ex strategy, systems and techniques of risk control. Ex electrical equipment integrity performance should be recorded in annual reports. The key to an effective Ex inspection strategy is good planning being applied to control risks, and resources allocated according to risk priorities. Performance should be measured by setting up suitable monitoring arrangements. The actual 'as found' integrity of Ex equipment when inspected is the ultimate test of the effectiveness of the Ex inspection strategy (and maintenance strategy). The TPEF, who is responsible for the integrity of the Ex electrical equipment, should ensure that these inspections and associated records are audited and reviewed, that Ex faults are reviewed, and that appropriate trend analysis techniques are applied to identify generic faults. As part of this process an annual and a three-yearly detailed review of the Ex strategy together with the Ex faults identified should be carried out, together with the control measures identified, to vary the level of inspection proportionately with the faults found. Where appropriate, the ICP should be involved in this matter. The TPEF and ICP should carry out independent Ex inspections to confirm the performance, output measures and verification criteria are appropriate for each grade of inspection, so as to ensure that the Ex inspection strategy is satisfactory and that the Ex electrical equipment is fit for purpose and safe; these independent inspections should be recorded. 25 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Modifications (using computerised maintenance management system (CMMS) data) and repetitive faults (data from previous inspections) for equipment should be taken into account. To enable consistency, where possible, generic fault codes should be used. Inspection data should be analysed to monitor the effectiveness of the Ex inspection strategy. The information obtained should be shared with other installations in order to promote shared learning and good practice. Regular reviews of inspection data should be carried out to confirm the integrity of the Ex electrical equipment over its life cycle. These data should be used to support or modify the level of inspection. All Ex inspections and associated records for initial, visual, close, detailed, continuous supervision, breakdowns, independent audits by the TPEF and ICP, should be audited and reviewed. The Ex inspection strategy should accordingly be revised so as to ensure that all Ex electrical equipment is safe to use in potential hazardous areas. 3.6.1.1 Review meetings As noted in section 1.3.1, the continuous improvement model set out in HSE Successful health and safety management implies that a significant number of reviews should take place. From a practical standpoint these can often either be combined with other similar activities or several reviews can be combined into one review, provided that in each case the correct people participate and the agenda of such meetings allows sufficient time/focus on the Ex electrical equipment reviews intended to be covered. A good technique is therefore to identify: C C C What reviews should take place and at what frequency. Who should attend. What information should be available. From this it should be possible to map these requirements against existing meetings to determine if they can be accommodated within them or if additional stand-alone meetings are required. Decisions as to how reviews should be carried out should be recorded formally: for example, either in the Ex electrical equipment inspection strategy or elsewhere in the organisation’s quality assurance documentation if a suitable location exists. In the latter case, there should be a cross-reference in the Ex electrical equipment inspection strategy to where the information on review implementation is located. One method of identifying and recording review processes is to adapt the flowchart provided in Annex A of IEC 60079-17 to suit the particular organisation’s structure: this can then show where reviews should take place and how the output of the reviews should feed back into the process. It should be recognised that reviewing and making improvements based upon feedback is a key process; however, this is often the part of the process which is least well executed. Formally assigning where such reviews should take place is one method of encouraging discipline in execution of the reviews and driving improvements. 3.6.1.2 Output measures Performance standards for SCEs for offshore installations provide measurable target values for availability/reliability. For other equipment, these can be expressed as KPIs (see 3.6.1.7). These provide a reasonable indication of Ex integrity performance, provided the input data are representative of data over a period in excess of the frequency of inspection. The TPEF should review current performance against this criterion, together with the KPIs (see 3.6.1.7), and use these to set goals for improvement. This may initiate intervention measures such as a concerted effort to eliminate faults or, conversely, to 26 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 review the existing level of inspection where the occurrence of faults has proved to be rare. To be able to perform this analysis, when any work is completed on Ex electrical equipment the grade of inspection and, where faults are revealed, fault codes should be recorded. 3.6.1.3 Verification of initial Ex inspections To ensure that the initial inspection of Ex electrical equipment is completed with a suitable audit trail of documentation, a representative inspection should be carried out where required for verification (e.g. for offshore installations subject to OSCR (see section 2.6)), e.g. by taking typically 10% of the total Ex inventory. All inspection results should be recorded and included in the commissioning documentation which should be transferred to the DH’s Ex inspection record system, e.g. a CMMS. 3.6.1.4 Verification of continuing Ex inspections Where required for verification (e.g. for offshore installations subject to OSCR (see section 2.6)), the TPEF should ensure that an annual independent verification of the Ex electrical equipment inspected and documentation completed is carried out to provide assurance of the quality of work undertaken. 3.6.1.5 Annual review The TPEF should carry out an annual review of all Ex inspection results. This should be recorded as part of the DH’s demonstration that they are appropriately managing potential ignition risks etc. The results of inspections should be reviewed with Ex electrical inspection personnel to foster ownership and promote a team culture. The desired outcome from this approach is to encourage the recording of all Ex inspections and develop a greater shared understanding of faults found and how to eliminate them. 3.6.1.6 Three-yearly review The TPEF should carry out a detailed review of the inspection results on a 3-yearly basis. The review team should consist of those involved in inspection of Ex electrical equipment and should typically include: electrical technicians; contract electrical technicians; the TPEF; the REP; and the ICP. This three-yearly review should confirm that all Ex periodic (i.e. visual and close) inspections and a representative random sample of Ex detailed inspections have been completed in this time period or provide the expert advice for non-compliance (see section 2.9.2). This team should review the existing Ex inspection strategy and associated inspection data and complete a gap analysis to determine future modifications to the level of inspection and/or change to maintenance procedures to maintain/improve the level of equipment integrity so as to meet the performance standard. All Ex inspection results and audit and reviews should be recorded as part of the DH’s demonstration that they are appropriately managing potential ignition risks. 3.6.1.7 Key performance indicators Used correctly, KPIs should be a good method of providing an overview of the health of a system and early warning of a decline in standards: they can be used to trigger action before risk levels rise above what is acceptable. KPIs comprise leading and lagging indicators: the former indicate what will happen in the future; whereas, the latter show what happened in the past. Good practice is to have a balance of both types of KPIs. It is possible to conceive many other KPIs that could be used; however, KPIs should be used sparingly and there should be a clear identifiable reason for collecting and reviewing the information. It is not uncommon for KPIs to be established to monitor specific areas of under-performance and for such KPIs to be discontinued once there is confidence that good performance exists and has become a normal part of the business 27 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 processes. A good test for the need for a KPI is to ask what action will be taken if the value moves adversely from the target value, such as that defined in performance standards. Where it is determined that an inspection schedule or sample number will not be met, a further risk assessment should be undertaken, or the electrical equipment concerned should be electrically isolated. If there is more than one group or contractor responsible for different parts of the installation it is useful to have the results arranged per contractor so any difference in performance of the various workgroups can be identified. Typical examples of KPIs that may be used for performance of Ex equipment, performance of Ex strategy and new installation audits are: Performance of Ex equipment: C Failure rate for the period = number of faults found during the period/(period of evaluation (days) x number of Ex electrical equipment inspected for the period). (This KPI is typically used as part of a performance standard for reliability of SCEs for offshore installations.) C Total number of action items resulting from an inspection, which can be subdivided by severity into: − Number of safety items: these are faults where corrective action should be taken in the short term (e.g. <one week). − Number of integrity items: these are faults where corrective action should be taken in the medium term (e.g. <three months). − Number of housekeeping items: these are faults that do not affect level of risk but represent a non-compliance with standards (e.g. missing or damaged labelling) where action should be taken in the long term (e.g. <12 months, such as during the next planned maintenance). (The safety, integrity and housekeeping items could be further subdivided by fault code (see 3.6.1.8). Comparing the number of each type of action item against the number of equipment inspected and trending the results should enable monitoring of the performance of each type of action item as well as overall performance.) C Number of action items resulting from an inspection for each lot, which can be subdivided by severity into safety, integrity and housekeeping items (as above) and could be further subdivided by fault code (see 3.6.1.8). (This should enable trending of the performance of various lots.) Performance of Ex strategy: _ % Ex detailed inspections carried out (e.g. in a particular year) = number of Ex detailed inspections carried out x 100 total number of Ex electrical equipment installed _ % Ex close inspections carried out (e.g. in a particular year) = number of Ex close inspections carried out x 100 total number of Ex electrical equipment installed _ % Ex visual inspections carried out (e.g. in a particular year) = number of Ex visual inspections carried out x 100 total number of Ex electrical equipment installed _ % Ex electrical with no recorded Ex inspection (e.g. in a particular year) = number of equipment with no recorded Ex inspection x 100 total number of Ex electrical equipment installed = number of overdue inspections x 100 total number of Ex electrical equipment installed (This KPI may be part of a broader KPI for all types of SCE.) _ Inspection backlog 28 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 New installation audits: C Total number of faults found during a new installation audit after initial inspection has been completed, which can be subdivided by severity into: − Number of safety items: faults where corrective action should be taken in the short term (e.g. <one week). − Number of integrity items: faults where corrective action should be taken in the medium term (e.g. <three months). − Number of housekeeping items: faults that do not affect level of risk but represent a non-compliance with standards (e.g. missing or damaged labelling) where action should be taken in the long term (e.g. <12 months such as during the next planned maintenance). 3.6.1.8 Fault codes While KPIs may be useful to gain an overview of performance they are not sufficient to be able to analyse where faults have been found and what type of fault was identified. Such information is necessary to be able to start identifying the causes of faults, and hence to be able to take appropriate corrective actions. If only free text is allowed when recording faults it becomes impractical to undertake any form of analysis within a reasonable timescale since there is no means of grouping or classifying the information; therefore fault codes should be used to group or classify faults. Doing so gives an overview of the types of faults, which often is sufficient to identify possible causes. It also should allow the faults to be grouped into smaller, more manageable sets if an in-depth assessment becomes necessary. Fault codes should be linked to the Ex electrical equipment on which the fault was found: this should allow analysis based upon equipment type rather then type of fault. Ideally, there should also be links to the equipment register such that analysis of fault codes against other factors such as location and age can be carried out. Often this is possible if using a CMMS since such links should already exist to the identification number, tag or whatever system of identification is used. There follow two examples of the use of fault codes: the former uses the inspection schedules provided in Annex D; whereas the latter is a simpler approach used in a company. Example Fault codes are set based upon the items in Table D.1, Table D.2 and Table D.3 for each Ex electrical equipment type of protection concept. For example using Table D.1, code dA7 would mean there has been an unauthorised modification to Ex 'd' electrical equipment; whereas, code nA6 would mean an unsatisfactory enclosure, glass parts and glass-to-metal sealing gaskets and/or compounds for Ex 'n' equipment. Example A simpler set of fault codes based upon the type of faults typically encountered are set out in Table 3.4. This includes faults that are likely to be revealed by external inspection (i.e. visual and/or close inspection) as well as faults that are only likely revealed by internal inspection (i.e. detailed inspection). 29 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table 3.4: Simple set of fault codes based upon the type of faults typically encountered Fault description Severity Internal inspections (detailed): Z Is Zener barrier earth bond <1 ohm Q Inadequate segregation Is and power T Ex 'e' loose terminations N Ex 'e' unconnected cores W Ex 'e' terminations, insulation degradation (water ingress) F Ex 'd' flame path damaged F Ex 'd' flame path impeded P Ex 'p' pressurisation control system fault X Ex 'p' certification special requirements X External inspections (visual and close): B Covers/bolts G Glands/stop ends E Earthing U Uncertified equipment used H Certificate inadequate S Fed-from labels I Ingress D Damage M Mounting C Corrosion R Redundant L Duty/tag numbers Normal priority Fault code Safety Safety Safety Integrity Safety 1 1 1 2 1 Z1 Q1 T1 N2 W1 Safety Integrity Safety Safety 1 2 1 1 F1 F2 P1 X1 Safety Integrity Integrity Safety Integrity Safety Housekeeping Housekeeping Housekeeping Housekeeping Housekeeping Housekeeping 1 2 2 1 3 1 4 4 4 4 5 5 B1 G2 E2 U1 H3 S1 I4 D4 M4 C4 R5 L5 In Table 3.4, code B1 would mean a cover damaged or bolts missing with a safety severity and normal priority of 1; whereas, code C4 would mean evidence of corrosion (e.g. paint surface damaged) with a housekeeping severity and normal priority of 4. Whatever codes are used, the severity of the fault should be indicated by the priority assigned: this can then be used not only in any subsequent analysis but also to ensure any corrective action is taken within an appropriate timeframe (see 3.6.1.7). In Table 3.4, the severity is classified as: C C C Safety: priority 1 faults where corrective action should be taken in the short term (e.g. < one week). Integrity: priority 2-3 faults where corrective action should be taken in the medium term (e.g. ≤ three months). Housekeeping: priority 4-5 faults that do not affect level of risk but represent a non-compliance with standards (e.g. missing or damaged labelling) where action should be taken in the long term (e.g. ≤12 months such as during the next planned maintenance). The severity assigned here could also be coupled with the probability of a flammable atmosphere being present, as indicated by the pertinent hazardous area classification such that code B1 would be given greater priority where the fault occurred on Ex electrical equipment located in Zone 1 compared to that located in Zone 2. 30 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 3.6.2 Auditing Managing the quality of Ex electrical equipment inspections and records should ensure that the Ex electrical equipment is fit for purpose and safe; data should be of high quality, and supported by trend analysis and auditing. The auditing process should establish the baseline of Ex electrical equipment integrity, the intended status and provide a clear plan of action on how to make necessary improvements. Active monitoring of the Ex inspection findings gives an organisation feedback on its performance before an incident occurs and is essential in ensuring that the Ex inspection strategy is fit for purpose. Organisations should maintain and improve their ability to manage risks by learning from experience through the use of audits and performance reviews. The structured process of collecting independent information (e.g. from electrical TAs and ICPs) on the efficiency, effectiveness and reliability of the Ex inspection strategy and associated inspections and records, and the drawing up of plans for corrective actions should demonstrate management’s commitment to safety. As part of this auditing process DHs should assure themselves that the safety culture, attitudes, perceptions, competencies and patterns of behaviour of their personnel (including third parties) is appropriate. Organisations with positive safety culture throughout are characterised by open communications founded on trust, by shared perceptions of the importance of safety and by confidence in the efficacy of preventative measures. 3.6.2.1 Audit controls There should be controls to ensure that audits are applied rigorously and consistently. An unreliable system may lead to a loss in confidence in its relevance and validity. Typical controls include: C C C Ensuring that audits are seen as a positive management tool. Securing the competence of auditors. Securing the effective implementation of their results and recommendations. To maximise the benefits, audits should be conducted by competent people independent of the area or activities being audited. Feeding information on success and failure back into the system is an essential element in motivating personnel to maintain and improve performance. Successful organisations emphasise positive reinforcement and concentrate on encouraging progress on those KPIs that demonstrate improvement in risk control. Furthermore, subsequent inspections should be adjusted to reflect the results of previous inspections: where the sampling methodology is applied, this should be achieved by modifying the level of inspection. Inspection data should be analysed to monitor the effectiveness of the Ex inspection strategy. The findings also should be shared with other installations in order to promote shared learning and good practice. 31 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 4 MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT THROUGHOUT ITS LIFE CYCLE PHASES 4.1 INTRODUCTION Managing the inspection of Ex electrical equipment should extend across its life cycle phases introduced in section 1.3.1. This section provides guidance on managing inspection of Ex electrical equipment throughout its life cycle phases mainly after design and construction; however, it should be noted that decisions made during design and construction can affect the subsequent life cycle phases: e.g. where possible, inherent safety principles should be applied such that electrical equipment ideally should not be located in hazardous areas and instrumentation equipment should be intrinsically safe. Attention is drawn to those aspects of design and construction that can have a significant contribution. 4.2 DESIGN AND CONSTRUCTION DHs should ensure that Ex electrical equipment is correctly used in accordance with the manufacturer’s requirements and that the electrical installation is designed, constructed, installed, commissioned, operated, maintained and inspected so that it is fit for purpose and safe. Note that these Guidelines focus on Ex electrical equipment life cycle phases after design and construction; however, guidance is provided in 4.3.1 on data needs in handover from design and construction teams. Ex initial inspection records must be completed and appropriately recorded, and as noted in 3.2.1, audited and reviewed if carried out by other personnel. All such inspections together with findings/faults revealed, and actions taken should be recorded. Particular care should be taken when the certification specifies conditions on how the equipment can be utilised and installed. On existing installations particular care is required with installation and commissioning of Ex electrical equipment given the potential for flammable atmospheres. DHs should ensure that appropriate information, certificates, inspection records, identification (tagging) of the Ex electrical equipment are provided and that the Ex register is complete. 4.2.1 Equipment selection and implications for inspection and maintenance There are significant advantages for a variety of reasons to standardise on common materials used in a location. One of these reasons is that previous site experience and knowledge of equipment performance can allow the optimum inspection and maintenance strategies to be adopted; however, often there are commercial pressures to select the lowest bidder, which can lead to significant equipment diversity. Practical experience shows that notionally equivalent components may perform very differently to each other when exposed to installation service conditions. This could lead to an unmanageable situation where different strategies have to be adopted for the same Ex electrical equipment. New Ex electrical equipment (which satisfies the installation’s requirements) should undergo a trial on the installation before being accepted onto the vendor list. Ideally the trial location should be in one of the most severe environments existing on installation so that weaknesses are exposed. Any such trial should be for a minimum of six months. At the end of the trial period there should be a review of performance 32 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 achieved in practice and confirmation that the Ex electrical equipment is suitable for use with the existing installation Ex electrical equipment inspection and maintenance strategies. 4.3 INSTALLATION/COMMISSIONING/HANDOVER 4.3.1 Handover of data The collection and handover of data between the design and construction groups and those responsible for subsequent commissioning or maintenance is often an area of weakness: this in part may be due to such activities not being seen as core to the design process and can require additional effort to that needed to complete the design. Design information should be collected in project specific documents such as design books and is generally well covered by project processes. The data needed by commissioning or maintenance teams is often a subset of the full design data and hence requires extraction from different sections of the project documentation. It is possible to address this issue by requiring in the project processes for a separate set of documentation containing the subset of information needed by commissioning or maintenance teams to be assembled by the project team as the design progresses: this may result in some increase in design costs but should ensure the data needed are readily available and avoids loading the back end of any project with an intensive data collection exercise. Practical experience is that such intensive data collection exercises nearly always fail to deliver a complete set of data. Alternatives now exist with the use of computer based design software: these tools can usually be configured to allow import of data and to produce reports with content as required. This means that the data collected during normal project design activities, e.g. from data sheets completed by suppliers, can be readily imported and should be comprehensive and complete. The required subset of this high accuracy data can then be extracted with very little extra effort and again should be comprehensive and complete. This is of course subject to the original data from the supplier being correct. As the imported data will be used in the design process there is an incentive on the design team to check and verify such data before accepting into their design. Integration of data collection into the routine project processes and easy extraction of relevant information at any stage of the design process should result in a large improvement in the quality and accuracy of information given to commissioning or maintenance teams. 4.3.2 Equipment register It is a fundamental assumption that a comprehensive and accurate equipment register is available: the lack of such an equipment register will make demonstration of compliance with legislation, regulations and standards very difficult if not impossible and will similarly dramatically affect the ability to properly inspect, maintain and operate parts of the installation. Whilst any new equipment register or modification to an equipment register is essentially part of the design group function, the verification of a new equipment register or modifications to an existing equipment register should form part of the installation and commissioning group’s scope. As noted in 4.3.1, the accuracy of any equipment register is very dependent on the quality of data provided by the design and construction group. The installation and commissioning team have an important role in verifying that the data provided are correct by comparing these data with the installed Ex electrical equipment nameplates. Practical experience shows that, especially with late changes in design, some errors can 33 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 often occur. As part of the commissioning process, checklists with the data provided by the design group should be compared against nameplates and any discrepancies should be noted and fed back to the design team for updating of the data and drawings. In practice, this means a deliverable should be set for the design group for checklists with the current design data pre-entered. If the design group provide no data, then the installation and commissioning team will have to record nameplate data as the basis for an outline of a comprehensive equipment register. This represents an inefficient duplication of data already collected by the design group and often is expensive and very time consuming. If no such equipment register is made available and reliance is placed on an equipment register provided later by the design group, then any errors would not be identified or corrected before that part of the installation is put into service. A hold point should be placed in the project plan such that commissioning cannot proceed without the data from the design group being available. Experience has shown it is necessary to agree this at the start of any project and to routinely remind those in control of the project of this hold point to ensure others meet their commitments. There will always be considerable pressure for any impediment to project progress to be relaxed, especially if there is no physical manifestation or obvious reason for the delay: this often results in the pressure being applied to the installation and commissioning team rather then the design team who are the group at fault. Identification of the problem of late or inadequate delivery of data well before it becomes critical should avoid this situation. 4.3.3 Initial inspection As noted in section 2.9.2, IEC 60079-17 requires that initial inspection shall be to a detailed grade of inspection. The checks of design-supplied data against nameplate data described in 4.3.2 should form part of the initial inspection; however, reference should be made to the checklists provided in Annex D for the remainder of the specific checks to be completed. The timing of the initial inspection is important: it should usually follow completion of commissioning or other checks that may require the installation to be disturbed by removal of covers, disconnection of wiring, etc. To minimise such disturbance, ideally the detailed inspection should be completed before covers are replaced for the last time so that covers should not be removed solely to allow the inspection to take place. The electrical technician carrying out the inspection should be competent to do so (see 3.3.2.1). To increase confidence that the initial inspection has been carried out by a competent electrical technician, the checklist of data should also include entries for elements covered by the initial inspection and that the sheets are signed by the electrical technician. Practical experience is that errors made in original construction are often the largest cause of corrective actions in subsequent inspections. A very high level of importance should be placed on the quality and comprehensive nature of initial inspections and that sufficient time should be allowed within project plans for the work to be carried out. As with transfer of project data, experience has shown that those in control of projects should be regularly reminded that delays caused in earlier parts of the project should not be compensated by reducing the time allowed for inspections. As part of the quality control procedures, these initial inspections should be audited. It is good practice, if possible, for the planning of the works to permit such an audit to take place once a representative proportion of the work has been finished and 34 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 well before the works are completed. This has several benefits: C C C 4.4 It ensures the required standard is made clear to the installation contractor, their staff and those responsible for carrying out initial inspections. The contractor workforce has not been reduced so labour to correct faults should still be available. It helps to reduce further faults being introduced and hence reduces the risk of future remedial works being necessary. OPERATION The operational phase of the life cycle should take account of issues such as: C C C C 4.4.1 The duty cycle, i.e. whether Ex electrical equipment is continuously operated or used in batch operations (as indicated by the number of start-ups per day). Equipment age compared to design life (e.g. lamp ageing). Severity of the environment (e.g. wet/dry, ambient temperature; temperature cycling, etc.). Vigilance of installation personnel of the continuing external integrity (i.e. in 'walk rounds'). Equipment location Experience shows that, especially for large or complex installations, finding equipment can be a major undertaking especially if the electrical technicians are not intimately familiar with the installation. Two practical approaches have been found to help resolve this problem: C C Using drawings already produced as part of the design package that show the equipment location: this has the advantage of not requiring additional effort; however, such drawings are produced for construction and their extent, layout and clarity are not ideal for inspection purposes. Often separate drawings are needed for electrical equipment and instrumentation. Using much simplified dedicated drawings or sketches that show only the major plant and the location of the Ex electrical equipment to be inspected: this has the advantage that they can be arranged to match the inspection requirements and have cross-references to entries in the equipment register. This allows a subset of the equipment register to be used together with the associated drawing thereby clarifying to the electrical technician the Ex electrical equipment that requires inspection and its location. Use of these approaches should lead to efficiencies in use of electrical technicians and also confidence that Ex electrical equipment in the scope of a particular inspection has been inspected. However, the downside of this approach is that such sketches or drawings may have to be prepared by the installation and commissioning team if they do not form part of the design group deliverables: this is often the case since such drawings are not required for design or construction. Use of colour coded tags on equipment also provides a visual indicator of location: this also may be used to include colour coding for year last inspected. 35 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 4.5 MAINTENANCE AND INSPECTION Ex electrical equipment requires an effective management system for inspection and maintenance to ensure that it is fit for purpose and safe. Typically on large installations, a CMMS is used. Appropriate standards and PMRs should be set for inspection and maintenance of Ex electrical equipment (e.g. using principles of IEC 60079-17). For GB offshore installations performance and verification schemes are required by PFEER (see section 2.5) and OSCR (see section 2.6). Maintenance and inspection management systems should ensure that: C C C C C 4.5.1 All Ex electrical equipment is identified and recorded along with important details (e.g. Ex certificates, special instructions, maintenance requirements) and records of inspection and maintenance. Maintenance and inspection instructions are clear and relevant to the competencies of persons who will perform the work. All maintenance and inspection history (including breakdowns) is clearly recorded including equipment condition, faults and remedial/replacement work performed. Competent personnel (e.g. NEPs) should regularly audit and review inspection, test and maintenance reports to determine the adequacy of inspection and maintenance routines. See 3.6.2. Frequency of inspection, test, care and replacement are appropriate. These can be based initially on manufacturers’ recommendations and/or applicable standards but should be amended to reflect experience. For offshore installations these should reflect what is stated in the Ex SCE’s performance standard/written scheme of verification. Functional maintenance Functional maintenance should be carried out in accordance with the equipment maintenance strategy. Its scheduling should be aligned with other trades to maximise Ex equipment availability. Any visit to a piece of Ex electrical equipment for inspection, maintenance or repair should also include an inspection of its continuing Ex integrity by an Ex electrical technician (see 3.3.2.1). 4.5.2 Inspection of systems Ex electrical equipment inspections should include inspecting the integrity of the whole system and include any special requirements as set out in the Ex certification, which are usually identified on the Ex certificate of conformity number by the suffix 'X'. It should not be assumed that the inspection schedules (as defined in IEC 60079-17, Tables 1-3 – replicated in Annex D) typically applied to Ex electrical equipment will necessarily be sufficient. In determining the inspection criteria for electrical systems that are installed inside storage tanks and vessels etc, consideration should be given to what form and frequency of inspection and test will be required so as to ensure the overall safety requirement; e.g. electric heaters inside open/closed drains or vessels, or switches (i.e. reed switches) inside storage tanks/vessels and supplied from a non-intrinsically safe Ex 'ia' source of supply are likely to rely on the outer shell (body) of the electrical equipment to ensure that the electrical circuit is outside the hazardous area. Ex electrical equipment inspections should include an inspection of the physical condition (e.g. for the presence of corrosion) of such equipment together with checking the protection 36 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 sensors for over-temperature and low liquid level as required. The same requirements also apply to rotating equipment e.g. condition of bearings. 4.5.3 Efficiency in inspections For Ex detailed inspections, the electrical equipment should be isolated: in order to make effective use of resources it would be prudent to carry out at the same time inspections in accordance with BS 7671 and BS 6626 respectively for LV and HV electrical systems as described in EI Electrical safety code. 4.6 MODIFICATION AND DECOMMISSIONING There should be in place effective and safe management of change controls in relation to changes to Ex electrical equipment. The procedures should ensure that changes are carefully evaluated, designed, risk assessed and managed by competent electrical personnel who fully understand: C C C Reasons for change. Effects of change on existing Ex electrical equipment. Principles and methods of managing change safely. 37 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX A MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK GAP ANALYSIS CHECKLIST A.1 MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK GAP ANALYSIS CHECKLIST The managing inspection of Ex electrical equipment ignition risk gap analysis checklist (Table A.1) aims to determine whether current practices and processes comply with pertinent legislation, regulations and standards (see Section 2). When applying the checklist, users should discriminate between whether procedures are in place and are robustly followed: the latter is because having procedures in place is not sufficient as a means of demonstrating compliance; they should be practical and robustly followed by staff (or contractors) to achieve the desired result. Each item should be scored on a simple 'traffic-light' basis, without adjustment for multiple questions per row: C C C red = no; yellow = work in progress; green = yes. Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist Life cycle phase Policy Design and construction Activity description Is there an Ex electrical equipment inspection strategy covering all life cycle phases? Is there an SMS in place? Is there an independent inspection policy to determine the actual status of the Ex electrical equipment so as to ensure that the Ex inspection strategy is appropriate? Are there current area classification drawings? If so, is the relevant code specified? Are details of all Ex electrical equipment from the equipment register (e.g. certification, identification tags, location, etc) made available to the maintenance and inspection organisations? If yes, is an audit or review held to ensure data are comprehensive and correct? Is there evidence such audits have taken place and any follow-up actions have been completed? 38 Are procedures in place? Are procedures robustly followed? GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist (cont…) Are Are procedures Life cycle procedures Activity description Phase robustly in place? followed? Design and Is the Ex electrical equipment selection based Construction upon actual installation performance under cont… field conditions? If no, is there a means for determining inspection and maintenance requirements (e.g. by following existing site maintenance and inspection practices for all the new Ex electrical equipment installed)? Is equipment which differs in its installation, operation or inspection from the norm for the installation, identified to the maintenance/inspection organisations? Is there evidence that feedback from initial inspection and subsequent maintenance/re-inspection is reviewed and the learnings applied to new designs? Is all Ex electrical equipment installed such that it is readily accessible for inspection or maintenance? If no, how are the exceptions identified to maintenance/inspection organisations? Installation and Is there a comprehensive equipment register commissioning which contains Ex electrical equipment details such as Ex or ATEX certificate numbers? Are copies of the Ex or ATEX certificates relating to installed Ex electrical equipment readily available to maintenance/inspection organisations? If yes, does this apply to manufacturers’ obsolete and current ranges of products? Is the location and identification tagging of Ex electrical equipment such that any electrical technician can find them in the field? Is there evidence that the persons carrying out the installation and inspection have sufficient competence? Is there a quality assurance competence audit of their work and inspections? Are there records of the initial inspection as required by IEC 60079-17? If yes, is there evidence that results of such inspections and any faults have been reviewed and fed back to design and construction groups? 39 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist (cont…) Are Are Life cycle procedures procedures Activity description Phase robustly in place? followed? Installation and Is there evidence of independent audits of commissioning initial inspections carried out by the duty cont… holder to ensure that the installation is fit for purpose and safe? If yes, is there evidence that feedback of results of such audits and corrective actions have been taken where deficiencies are found? Operation Is there evidence that operational practices (e.g. Ex electrical equipment duty cycles (e.g. continuously operated vs. batch operation, number of pump starts/day, etc.), environmental factors (e.g. wet, corrosion, etc); ambient temperature; temperature cycling, etc) comply with the requirements of the Ex or ATEX certification (such requirements are placed on the certification label by ‘X’)? If yes, is there evidence of audits of operational practices and feedback of the results of such audits such that corrective action is taken where deficiencies are found? Maintenance and Is there an Ex electrical equipment inspection inspection strategy describing what Ex electrical equipment inspections should take place with a robust justification for the scope and level of inspection chosen? Is there a method for classifying inspection results to allow reviews to take place and for setting priorities for any remedial works needed? Does the justification for the scope and level of inspection take account of: C Feedback of actual performance from inspection reports both from initial/periodic inspections and routine maintenance activities? C Differences in severity of the environment found at different locations on the installation and the effects on the Ex electrical equipment? C The Ex electrical equipment type of protection and/or any requirements of the Ex or ATEX certification? continued… 40 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist (cont…) Are Are Life cycle procedures procedures Activity description Phase robustly in place? followed? Maintenance and continued… inspection cont… C The probability of a flammable atmosphere being present, as indicated by the hazardous area classification? Is there evidence that inspections are completed as per Ex electrical equipment inspection strategy and is there evidence that results of such inspections are fed back for corrective actions and reviews? If yes, is there evidence that such corrective actions are completed? Is there evidence that difficult to access equipment (e.g. lamp fittings) is inspected and that such inspections comply with the Ex electrical equipment inspection strategy? Is there evidence of audits of inspections? If yes, is there evidence that feedback of results of such audits and corrective action taken in the event that non-compliances are found? Is there evidence that the electrical technicians carrying out inspections have sufficient competence? Is there a quality assurance audit of their competence in their work, inspection and reports? Is there evidence that inspections are completed before their due date (i.e. is there an inspection backlog, and does it exceed the KPI target)? Is there evidence that any corrective actions arising from inspections are completed by their due date taking account of the priority set for each action? Is there evidence that failure to meet an action due date results in reviews of reasons why (e.g. a risk assessment that justifies continuing operation) and corrective actions taken to prevent re-occurrence? 41 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist (cont…) Are Are procedures Life cycle procedures Activity description Phase robustly in place? followed? Maintenance and For periodic inspections: inspection cont… C Are 100% visual or close inspections carried out at least every three years? C Is there a robust justification where the above visual and close inspections are not carried out at least every three years (e.g. where close inspection is part of sample inspections)? C Is there evidence of the findings of these visual and close inspections? Are detailed inspections carried out? If not, is there evidence to demonstrate that the internal components of the Ex enclosures are fit for purpose and safe (e.g. Ex 'd' flame paths are correct, Ex 'e' terminations are not loose, etc.)? Is there a current and complete equipment register in place? If scope includes sample inspections does Ex electrical equipment inspection strategy provide a robust justification for the sampling plan, i.e.: C Lots (and implicitly their sizes). C Grade of inspection. C Sample size (and implicitly ASL and global failure rate). C Rejection number (Re) (and implicitly category of inspection). C Frequency of inspection. C Risk basis using RBI parameters (i.e. high risk items inspected to a more rigorous level of inspection). C Selection of a random sample (i.e. it is not left to the electrical technician to select the sample). C Scoring and rules for determining requisite actions for faulty equipment. C Audit and review of the results from the inspection. C If yes, is there evidence that reviews of inspection results have taken place and any requisite actions are implemented? 42 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table A.1: Managing inspection of Ex electrical equipment ignition risk gap analysis checklist (cont…) Are Are procedures Life cycle procedures Activity description Phase robustly in place? followed? Maintenance and Is information on the faults found during inspection cont… routine maintenance fed back into the inspection process so it forms part of the reviews looking at reported defects? Is there an audit and review process carried out by the TPEF/ICP/REP/NEP for the inspection scope/level of inspection that takes account of feedback from initial/periodic/sample inspections and maintenance reports, which verifies or otherwise that they remain valid? If yes, is there evidence that such audits and reviews take place, are documented and any actions arising are implemented? Modification and Are there processes in place to ensure any decommissioning changes that may affect Ex electrical equipment (e.g. changes to hazardous area classification, replacement, modification to, or removal of Ex electrical equipment) are subject to adequate management of change controls? If yes, are there audits of these controls and evidence of feedback/corrective action taken if deficiencies are found? Is there evidence that the persons approving changes that may affect Ex electrical equipment have sufficient competence? Is there evidence that modifications or changes to Ex electrical equipment are subject to initial inspection, as for new installations? Is there evidence that the details of changes or modifications are reflected (where appropriate) in the equipment register? All Are there KPIs and associated target levels set for the inspection process? Is there evidence that these KPIs are reviewed and where necessary more detailed investigation takes place when they move adversely away from their target levels? 43 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX B DEVELOPING SAMPLING PLANS BY APPLYING THE RBI SAMPLING METHODOLOGY B.1 INTRODUCTION This annex sets out the steps in developing a sampling plan by applying the RBI sampling methodology: after commencing with an overview, it proceeds to define key parameters and provides guidance on determining suitable values with an initial sample inspection in mind. For subsequent sample inspections, values of some parameters should be reviewed and revised on the basis of findings from inspections. To help users, the sampling methodology is illustrated with examples and includes rules for applying a sampling plan. The technical basis of the sampling methodology is provided in Annex C. B.2 OVERVIEW OF DEVELOPING A SAMPLING PLAN BY APPLYING THE RBI SAMPLING STRATEGY TO MANAGE EX ELECTRICAL EQUIPMENT IGNITION RISKS An overview of the initial steps in developing a sampling plan by applying the RBI sampling strategy to manage Ex electrical equipment ignition risks is set out in the 'preinspection' part of the flowchart provided in Figure B.1. The initial steps are used to define the RBI parameters which are input data to the process. All Ex electrical equipment in the equipment register (e.g. a CMMS) should be divided into different lots as defined by various factors. See B.3.1. Once lots have been defined, sampling plans are defined for each lot. The grade of inspection (i.e. close or detailed) should be defined. See B.3.2. The sample size of each lot should be determined. See B.3.3. Applying the principles of ISO 2859-1, the sample size is determined by four criteria: C lot size; C global failure rate; C category of inspection (normal, reduced or increased inspection), and C ASL. In order to adjust the sampling plan to take into account the performance of a lot in previous inspections, change rules for modifying the sample size should be defined (see B.3.9.3); this is achieved by varying the category of inspection. This step does not apply to the first time sample inspections are carried out. The rejection criterion is defined for each sample size (see B.3.4). The frequency of inspection should be defined by considering four criteria (see B.3.5): C equipment criticality; C lot size and ASL; C confidence in historical records, and C other constraints. Like adjustment of the category of inspection, the frequency of inspection can also be adjusted by applying change rules based on performance of a lot in previous inspections (see B.3.9.3). Note that its adjustment is quite separate from the determination of the sample size. The frequency of the inspection is set to find faulty equipment before they reach an accumulated number that is unacceptable; whereas the sample size is set to give confidence that the sample taken is representative (and that faulty equipment in the 44 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 lot can be detected with statistical confidence). For each lot, once lot size, grade of inspection, sample size, rejection criterion and frequency of inspection have been defined (and implicitly global failure rate, category of inspection and ASL), the sampling plan is ready for implementation in an inspection. This completes the ‘pre-inspection’ part of the flowchart provided in Figure B.1. When implementing a sampling plan by inspecting a sample of a lot, the initial steps involve choosing a random sample (see B.3.6), inspecting the sample (see B.3.7) and recording inspection data (see B.3.8). Note that progressive sampling is not applied in the sampling methodology. These steps are set out in the ‘post-inspection’ part of the flowchart provided in Figure B.1. Following an inspection, some faulty equipment may be identified: there may be one or more faults on equipment, each having different equipment criticalities. An approach is provided in B.3.9 for scoring such faulty equipment based on ignition (i.e. fire/explosion) risk, as this is the key risk to manage. In this process, weighting factors are applied to faulty equipment based on ignition risk so as to determine a weighted faulty equipment score for the sample, which is compared against the pertinent Re. Depending on the findings inspection of a second sample or the whole lot may be necessary. This process includes determination of the causes of faults and consideration of the possibility of common mode faults. Rules are provided for the repair of faulty equipment and its prioritisation in B.3.9.2.2-B.3.9.2.3. Similarly, rules for carrying out remedial actions and their prioritisation are provided in B.3.9.2.4-B.3.9.2.5. This includes the possibility of raising the level of inspection for faulty equipment (e.g. close to detailed) to further investigate causes of faults. The final steps in the sampling plan are its audit and review. See B.3.10. This should enable adjustment in future inspections of the RBI parameters: frequency of inspection; ASL; category of inspection; and global failure rate, which in turn affects the sample size and rejection criterion. This allows observed variations in performance to be compensated for by adjusting the sampling plan. B.3 STEPS IN DEVELOPING A SAMPLING PLAN BY APPLYING THE SAMPLING METHODOLOGY B.3.1 Define lots Lots of equipment should be defined by applying the following factors to the contents of an equipment register of Ex electrical equipment used in hazardous areas: C hazardous area classification; C type of protection; C environmental conditions, and C age. Therefore, equipment in a lot should be similar for one or more of the following: C be used in the same hazardous area classification; C have the same type of protection; C be used in the same environmental conditions, including the same installation area, and C have the same/similar age. Each factor is further considered in turn in B.3.1.1-B.3.1.4. Thereafter, guidance is provided on exclusion of equipment from lots and assigning equipment to specific lots, and examples are provided. 45 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 RBI sampling strategy to manage Ex electrical equipment ignition risks RBI parameters (see B.3.1-B.3.5) Hazardous area classification Type of protection Environmental conditions Age Several lots. Lot size: N equipment Define lots (see B.3.1) Initial and periodic inspection findings (e.g. visual, close), continuous supervision For each lot, define grade of inspection: close detailed (see B.3.2) Grade of inspection: close, detailed Lot size: N equipment Global failure rate: Level I, II or III Define sample size (see B.3.3) Category of inspection: normal, reduced or increased Define rejection criterion (see B.3.4) Acceptance safety level (ASL) Post-inspection Rejection number (Re) Frequency of inspection, F Define frequency of inspection (see B.3.5) Equipment criticality Confidence in historial records Other constraints Sampling plan Sample size: n equipment Pre-inspection Choose random sample (see B.3.6) Inspect sample (see B.3.7) Record inspection data (see B.3.8) Audit and review (see B.3.10) Review frequency of inspection (see Figure B.3) Define scoring and rules for handling faulty equipment (see B.3.9) =0 < Re Weighted faulty equipment score Determine causes of faults (see B.3.9.2.1) Review ASL Review category of inspection (see Figure B.3) > Re Determine causes of faults (see B.3.9.2.1) Common fault mode Y Review global failure rate Common fault mode Y Deselect faulty and similar equipment N Include faulty equipment Inspect another sample < 2Re Weighted faulty st equipment score (1 and 2nd inspections) > 2Re Inspect complete lot or TPEF provides robust justification for alternative action N Inspect other similar equipment Define prioritisation of repair of faulty equipment (see B.3.9.2.2) Repair faulty equipment (see B.3.9.2.3) Define prioritisation of remedial actions (see B.3.9.2.4) Remedial actions. Consider increasing level of inspection for faulty equipment (e.g. close to detailed) (see B.3.9.2.5) Figure B.1: Flowchart illustrating steps in developing a sampling plan by applying RBI sampling strategy to manage Ex electrical equipment ignition risks 46 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 B.3.1.1 Hazardous area classification Equipment should be divided according to the following four hazardous area classification zones for the purpose of defining lots: C Zone 0; C Zone 1; C Zone 2, and C non-hazardous. Note: In the case of offshore installations, which are compact, it might be prudent to consider external non-hazardous areas as Zone 2 areas for the purpose of defining lots and inspecting Ex electrical equipment. B.3.1.2 Type of protection Equipment should be divided according to the following five types of protection for the purpose of defining lots: C type 1: flameproof (Ex ‘d’); C type 2: increased safety (Ex ‘e’) and type 3 non incendive (Ex ‘n’); C type 3: intrinsic safety (Ex ‘ia’, Ex ‘ib’); C type 4: pressurised apparatus (Ex ‘p’), and C type 5: other type of protection (oil filled (Ex ‘o’), powder filled (Ex ‘q’), encapsulated (Ex ‘m’)). Note: As a first approach, type of protection Ex ‘n’ is grouped in type 2. If such equipment is prevalent, it could be divided into its specific types of protection (‘nA’, ‘nC’, ‘nR’, ‘nL’ and ‘nZ'); however, this has the potential disadvantage of generating very small lots for which applying the sampling methodology adds little value. B.3.1.3 Environmental conditions Equipment in the same installation area should be divided according to the following five environmental conditions for the purpose of defining lots: C water, corrosion (salt, humidity, SO2, etc.), chemicals; C dust/sand; C ultraviolet (UV) radiation; C ambient temperature or temperature cycling, and C mechanical damage, vibration. Such environmental conditions have the potential to accelerate equipment ageing. B.3.1.4 Equipment age Equipment should be divided according to the following three age classes for the purpose of defining lots: C ≤5 years old; C >5 years old but ≤20 years old, and C >20 years old. Equipment age may affect its protection; where possible, such criteria should be referenced to design life. For simplicity and to avoid defining small lots, a pragmatic approach would be to select a single conservative age for all equipment on a particular installation, equal to the age of the installation. B.3.1.5 Define lots according to these criteria Ex electrical equipment should be allocated to lots using the criteria of B.3.1.1-B.3.1.4; to facilitate this, a matrix should be defined. The number of equipment in each lot will 47 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 vary. See B.3.1.6 regarding exclusion of equipment from lots and assigning equipment to specific lots. Note that as more of the factors in B.3.1 are applied when determining lots the equipment will tend to be more homogeneous (e.g. same hazardous area classification, same type of protection, etc); however, this has the disadvantage of resulting in small lots (see B.3.3.4.6) except where the equipment is prevalent (e.g. junction boxes, luminaries, etc.). Users should carefully consider how to best define lots based on their portfolio of equipment, its location in installation areas, typical shutdown areas, etc. Some 80% of Ex electrical equipment in a typical installation may be located in Zone 2 hazardous areas: with such numbers, it should be beneficial to apply the sampling methodology. However, the number of Ex electrical equipment located in Zone 0 and Zone 1 hazardous areas of a typical installation may preclude application of the sampling methodology since lot sizes may be small, and more so once the additional criteria of B.3.1.2-B.3.1.4 are used to further subdivide the equipment into lots. See B.3.3.4.6 for further guidance on applying the sampling methodology to small lots. Following this process fully is likely to result in many small lots which is disadvantageous as it would require proportionately more inspection effort. The simplified approach to defining lots in the absence of appropriate Ex inspection records described in section 3.2.4 and Box 3.1 can be used as a reasonable starting point; this is based upon ignition risk which is itself determined by the probability of a flammable atmosphere being present (based on duration) and the probability of a source of ignition being present (based on electrical system rated currents). B.3.1.6 Exclusion of equipment from lots and assigning equipment to specific lots Some circumstances may preclude equipment from being allocated to lots and including it in a sampling plan. For example, where: C C Specific grades and frequencies of inspection are required by overriding legislation, standards, etc. (e.g. for fire and gas detection equipment). The equipment design life is relatively short compared to the frequency of inspection such that it is unlikely to be inspected whilst in service. Other circumstances may necessitate equipment being allocated to specific lots and including it in a sampling plan. This may apply to: C C C Moveable electrical equipment (hand-held, portable and transportable), which may be used in various hazardous areas and is particularly prone to damage or misuse. Equipment with a particular safety integrity level (SIL) requirements. SCEs, which will be energised during emergencies (e.g. fire and gas detection equipment, emergency lighting, public address (PA), general alarm (GA), etc.) (see B.3.5.1). Having such specific lots may facilitate allocation of a particular level of inspection proportionate to the additional equipment criticality. In addition, it ensures that some higher risk equipment is inspected, rather than it possibly not being randomly selected if part of a lot of mixed equipment. B.3.1.7 Examples of lots There are various possibilities as to how to define lots that meet the criteria of B.3.1. For example a lot could comprise mixed equipment (e.g. motors, junction boxes, luminaries, etc.) from a specific plant; defining such a lot has the advantage that in a shutdown, a sample of a mixture of equipment in that area is inspected. This also has the advantage 48 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 of not introducing small lots for which applying the sampling methodology adds little value. Other factors that may determine the subdivision of equipment into lots include the installation size, shutdown areas, etc. Note that some equipment may need to be excluded from lots or assigned to specific lots; see B.3.1.6. Example Lots are defined for a 15 year old offshore installation by allocating Ex electrical equipment to a matrix using the following steps: C C The installation is divided into three hazardous areas (Zone 0, Zone 1, Zone 2) and non-hazardous. Equipment in each sub area is divided into three types according to equipment electrical system rated currents. This process is illustrated in Figure B.2 with equipment allocations summarised in a matrix (see Table B.1). Three hazardous areas defined and non-hazardous: - Zone 0 - Zone 1 - Zone 2 - offshore non-hazardous Hazardous area classification for installation: - Zone 0 - Zone 1 - Zone 2 - offshore non-hazardous Zone 0 Zone 1 Zone 2 Electrical system rated currents: - intrinsically safe - instrumentation - HV/LV power circuits and emergency equipment non-hazardous Seven homogeneous lots defined (low, medium and high risk) see Table B.1 Figure B.2: Example of process for defining lots of Ex electrical equipment Note: In this example, Ex electrical equipment age and severity of the environment are the same. 49 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table B.1: Simplified approach to defining lots using a matrix for an offshore installation Probability of source of ignition being present Groupings of Ex electrical equipment based on electrical system rated currents Onshore nonhazardous abnormal operations (Note 6) Offshore nonhazardous abnormal operations (Note 6) Intrinsically safe Low Instrumentation Low HV/LV power circuits and emergency equipment Medium Probability of flammable atmosphere being present Zone 2 Low (Note 3) Low (Note 3) Medium (Note 3) Zone 1 Zone 0 Low Low Medium N/A (Note 4) High N/A (Note 4) Notes: 1 Table B.1 is an example based on Table 3.1; clearly, the ‘onshore non-hazardous’ column is not relevant. 2 Greyed-out cells indicate where there is no such Ex electrical equipment at this installation. 3 Most of the inventory of Ex electrical equipment is located in Zone 2; in the absence of historical records, this approach provides a reasonable starting point in determining lots. However, where records exist, the next step should be to apply the full criteria for defining lots set out in B.3.1.1-B.3.1.4 for Ex electrical equipment located in Zone 2. 4 N/A – Such Ex electrical equipment is not appropriate for that zone. 5 For this offshore installation with several thousand Ex electrical equipment, seven lots would be defined: four low risk; two medium risk; and one high risk. Whereas, for a smaller installation with much less Ex electrical equipment, the four low risk lots may be grouped into one low risk lot, and similarly, the two medium risk lots may be grouped to one medium risk lot. 6 In abnormal operations a flammable atmosphere may be present in areas designated non-hazardous in normal operations; some electrical equipment may be required to be in service then such that it should be Ex electrical equipment. Offshore accommodation platforms have emergency lighting that would be expected to operate in abnormal operations. B.3.2 Define grade of inspection The grade of inspection should be defined: C C close inspection, and detailed inspection. The findings of initial and periodic inspection findings (e.g. visual inspection, close inspection) should be considered when developing a sampling plan. These findings may enable application of the sampling methodology to either or both detailed inspection and close inspection. Developing sampling plans for detailed inspection and/or close inspection should constitute only part of an overall Ex inspection strategy (see section 3.2). Such a strategy also should include visual inspection (for which sampling should not be applied), and detailed inspection and/or close inspection of equipment for which sampling is not applied (e.g. due to small lots, etc.). 50 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 B.3.3 Define sample size Once lots have been defined, the rest of the sampling methodology is applied to each lot such that a series of sampling plans are defined. The next step in the sampling methodology is to define the sample size for each lot, which is the number of random equipment that should be selected from each complete lot for inspection. Four main criteria are required to define the sample size of a lot: C lot size (see B.3.3.1); C global failure rate (see B.3.3.2); C category of inspection (see B.3.3.3), and C ASL (see B.3.3.4). B.3.3.1 Define lot size The lot size is the number of equipment in a lot. It is determined using the equipment register (e.g. a CMMS). The lot size should be adapted according to the confidence in the exhaustiveness of the database. Lot size should be defined in the following ranges of number of equipment: C <26; C 26-50; C 51-90; C 91-150; C 151-280; C 281-500; C 501-1 200, and C 1 201-3 200. These ranges are used in the sampling tables (see B.3.3.4). B.3.3.2 Define global failure rate The global failure rate of a lot is its observed failure rate. In this context failures mean those compromising integrity of the type of protection. The global failure rate could be in the form of a mean time between failures (MTBF) or some other statistical value for the performance of the population over time (such as a Weibull plot (see Weibull (1951), BS IEC 61649)). The ability to determine this failure rate is highly dependent on the quality of the historical records (see B.3.5.3). Once the actual observed failure rate has been defined, it should be compared with the commonly assumed failure rate, and the sample size and rejection criterion should be modified accordingly. For the purposes of simplicity, the following three global failure rates are defined: C level I: less than or equal to half the commonly assumed failure rate; C level II: between half and the commonly assumed failure rate, and C level III: greater than the commonly assumed failure rate. The commonly assumed failure rate of a lot is the mean failure rate of a similar lot in a similar location. Considering further the three global failure rates: C C Level I applies if the observed failure rate of the current lot is less than or equal to half the mean failure rate of similar lots in similar locations; in such cases the sample size can be reduced and tested against the pertinent rejection criterion, as determined from the pertinent sampling table (see B.3.3.4). Level II applies if the observed failure rate of the current lot is between half and the mean failure rate of similar lots in similar locations; in such cases the sample 51 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C size should be the default value and tested against the pertinent rejection criterion, as determined from the pertinent sampling table (see B.3.3.4). Level III applies if the observed failure rate of the current lot is greater than the mean failure rate of similar lots in similar locations; in such cases the sample size should be increased and tested against the pertinent rejection criterion, as determined from the pertinent sampling table (see B.3.3.4). In the absence of any specific information, a default value of level II should be assumed. However, a more rigorous global failure rate is one of several level of inspection criteria that could be applied to high risk Ex electrical equipment in a risk-based approach (see Table 3.2). Normally, the global failure rate is fixed for a sampling plan; however, it should be adjusted in subsequent inspections (where appropriate) if additional fault data become available for similar lots in other locations that indicate different failure rates. B.3.3.3 Define category of inspection There are three categories of inspection: C reduced; C normal, and C increased. These categories of inspection should not be confused with the grades of inspection defined in IEC 60079-17 (i.e. visual, close and detailed); they refer to the degree of effort required to carry out an inspection. In general, a reduced inspection requires a smaller population to be sampled, or to a more rigorous rejection criterion than does normal inspection, than does increased inspection. The initial sample inspection for a sampling plan should be to a normal category of inspection. If the reduced category of inspection is chosen initially, there should be a robust demonstration of the technical basis for its selection (e.g. historical records (see B.3.5.3) indicate a high MTBF for that lot). However, a more rigorous category of inspection together with a lower ASL and a high global failure rate might be applied to high ignition risk Ex electrical equipment when applying an RBI strategy. If it is not the first sample inspection, the category of sample inspection should be defined by the results of the previous inspections and application of change rules; these govern the movement between categories of inspection for sample inspections. See B.3.9.3. B.3.3.4 Define ASL The ASL is defined as the number of faulty equipment that is declared as being unacceptable (i.e. ≥Re) on average, expressed as a percentage (i.e. for which the weighted faulty equipment score for the sample is ≥Re). The ASL should be chosen from standard values: 0,25%; 0,4%; 0,65%; 1%, 1,5%; 2,5%; 4% and 6,5%. Sampling tables for other standard values are not included (e.g. 0,01%, 0,015%, 0,025%, 0,04%, 0,065%, 0,1%, 0,15% and 10%); however, they could be calculated using the methodology set out in annex C.3-annex C.6. Notwithstanding this, note that: C C C ASLs of <0,25% only apply to lot sizes ≥501; for lot sizes <501, the whole lot would be inspected (i.e. there would be no benefit of applying the sampling methodology). ASLs of <0,25% introduce a disproportion between inspection cost and quality. ASL ≥ 10% is considered intolerable. 52 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 An example sampling table is provided for ASL = 1% in Table B.2; its use is described in B.3.3.4.1. Note that by providing it here it should not be inferred that it is the preferable ASL for all sampling plans. The ASL should be selected for each sampling plan based on the pertinent lot size by applying ALARP principles (see B.3.3.4.3), by analysis of historical records (see B.3.3.4.4) or where there are overriding considerations (e.g. high ignition risk Ex electrical equipment (see B.3.3.4.5). Sampling tables for other ASLs are provided in annex C.7. Sampling tables refer to the parameters Pa(10%) and Pr(5%). With sample inspections there is a possibility that the safety level of the sample is acceptable, whereas the safety level of the lot is not acceptable (i.e. greater than the ASL). This is quantified by the maximum percentage of faulty equipment in a lot, so that the safety level of a lot is acceptable within a probability of 10%. This value is called Pa(10%) and is a means of indicating the confidence in the sampling plan being applied to the lot. Further, with sample inspections there is a possibility that the safety level of the sample is unacceptable whereas the safety level of the lot is acceptable (i.e. lower than the ASL). This is quantified by the minimum percentage of faulty equipment in a lot, so that the safety level of a lot is unacceptable within a probability of 5%. This value is called Pr(5%) and is a means of indicating the cost induced by applying the sampling plan to the lot. B.3.3.4.1 Example sampling data For example, sampling data for ASL = 1% are provided in Table B.2. Each ASL table provides for particular lot sizes and global failure rates, the pertinent Pa(10%) and Pr(5%) for normal inspection. In addition, they provide for each category of inspection (normal, reduced and increased) the pertinent sample size and Re (see B.3.4). B.3.3.4.2 Changing the ASL and impact on statistical confidence in the inspection results A smaller ASL means a more conservative (i.e. smaller) number of faulty equipment per sample is tolerable, leading to greater confidence in the condition of the remaining population of the lot. Conversely, the higher the ASL, the lower the quality and inspection cost. For further consideration of this issue and the impact on Pa(10%) and Pr(5%) see annex C.2. B.3.3.4.3 Selecting an ASL for a particular lot size by applying ALARP principles In the absence of historical records (see B.3.3.4.4), ALARP principles should be applied to a particular lot size when selecting an ASL; the following approach ensures that there is a reasonable balance between the cost of inspection and the quality of the lot. To facilitate determination of ALARP ASLs, the discrimination ratio Pa(10%)/Pr(5%) has been plotted versus ASL for each lot size (see annex C.8) and 'cliff edge' effects have been identified. Based on that analysis, Table B.3 provides ASLs for various lot sizes that apply ALARP principles. For any lot size, changing to a lower ASL than the ALARP ASL disproportionately increases inspection cost for little improvement in quality; conversely, changing to a higher ASL than the ALARP ASL reduces inspection quality albeit at possibly reduced inspection cost (generally, this is not due to a change in sample size but the greater value of Re which means that additional inspections are less likely (see Figure B.1)). Therefore, ASLs should not be numerically smaller than ALARP ASLs, unless there are overriding reasons (e.g. historical data indicates otherwise (see B.3.3.4.4), or for high ignition risk Ex electrical equipment when as part of an RBI strategy (see B.3.3.4.5). Where equipment has been allocated to specific lots such as SCEs (see B.3.1.6), there should be additional consideration of what constitutes an appropriate ASL given the need to assure its integrity whilst energised during emergencies. 53 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table B.2: Sampling data for ASL = 1% Lot size Global failure rate level ≤25 26-50 51-90 91-150 151280 281500 5011,200 1,2013,200 I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 13 13 13 13 13 13 13 13 13 13 13 50 13 50 50 13 50 80 50 80 125 50 125 200 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 3 2 3 4 2 4 6 Reduced inspection Sample Re size 5 5 5 5 5 5 5 5 5 5 5 32 5 32 32 5 32 32 32 32 50 32 50 80 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 Increased inspection Sample Re size 20 20 20 20 20 20 20 20 20 20 20 80 20 80 80 20 80 80 80 80 125 80 125 200 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 Pa(10%) Pr(5%) for for normal normal inspection inspection (%) (%) 12* <4* 12* <4* 12* <4* 15* <2* 15* <2* 15* <2* 16,2 0,4 16,2 0,4 16,2 0,4 16,2 0,4 16,2 0,4 6,6* 1,33* 16,2 0,4 7,56 0,72 7,56 0,72 16,2 0,4 7,56 0,72 6,52 1,03 7,56 0,72 6,52 1,03 5,27 1,1 7,56 0,72 5,27 1,1 4,59 1,32 Notes: 1 Table replicated as Table C.7. 2 * = The probability is calculated using hypergeometric law instead of binomial law (see annex C.3). 3 The rejection criterion is defined by Re. 4 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). Table B.3: ALARP ASLs for various lot sizes Lot size ≤50 51-90 91-150 151-280 281-500 501-1 200 1 201-3 200 ALARP ASL (%) Not determinable – assume 4 4 4 2,5 1,5 1 0,65 Notes: 1 Table replicated as Table C.12. B.3.3.4.4 Selecting an ASL based on historical records Historical records can be used to determine ASLs; this has the advantage of being based 54 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 on actual inspection data that may show a lower ASL than that determined using the ALARP ASL approach of Table B.3. In this approach, the historical failure rate is used to select the closest ASL from standard values given in B.3.3.4. Examples Consider electrical equipment in a Zone 1 hazardous area and emergency electrical equipment e.g. PA/GA, emergency lighting, etc. for which the DH has historical records indicating a failure rate of 1% for a lot of 200 equipment. Applying the approach of B.3.3.4.3, an ASL of 2,5% would be chosen; however, based on historical records, an ASL of 1% would be chosen. Using an ASL of 1% would incur a greater sample size against a reduced rejection criterion but achieve better quality; however, this would be consistent with an RBI approach, i.e. a greater number of high risk equipment in Zone 1 being inspected and to a more rigorous rejection criterion than historical records indicate is reasonable. Consider electrical equipment in a Zone 2 hazardous area for which the duty holder has historical records indicating a failure rate of 5% for a lot of 200 equipment. Applying the approach of B.3.3.4.3, an ASL of 2,5% would be chosen; however, based on historical records, an ASL of 4% would be chosen, as there is no sampling table for 5%. Using an ASL of 4% would incur a reduced sample size against a less rigorous rejection criterion and achieve reduced quality; however, this would be consistent with an RBI approach, i.e. a lower number of low risk equipment in Zone 2 being inspected and to less rigorous rejection criterion than historical records indicate is reasonable. B.3.3.4.5 Selecting an ASL for high, medium and low risk Ex electrical equipment A more rigorous ASL is one of several level of inspection criteria that could be applied to high risk Ex electrical equipment in a risk-based approach (see Box 3.1). B.3.3.4.6 Application of sampling methodology to small lots For small lots, the very small values of the rejection criteria in the sampling tables of annex C.7 (especially for ASLs below the pertinent ALARP ASL) make it likely that a lot will be rejected when there is just one faulty equipment (see B.3.9.1.1); this may drive users towards inspection of another sample, inspection of the complete lot, and difficulty in moving towards reduced inspection by applying change rules (see B.3.9.3 and Figure B.1). Therefore for small lots, the sampling methodology may add little value and it may be best to carry out 100% close and detailed inspections on such lots. B.3.3.5 Define sample size Once the lot size, global failure rate and category of inspection have been defined, the sample size is determined using sampling tables for a particular ASL, which is itself defined as described in B.3.4. Note that the sample size and ASL are inversely proportional; reducing the ASL increases the sample size for a given global failure rate and category of inspection. B.3.4 Define rejection criterion The rejection criterion is defined by Re: if the number of faulty equipment found in the sample is less than Re, the safety level of the lot should be considered acceptable. Re is determined from the pertinent sampling table for a particular sample size (see B.3.3). B.3.5 Define frequency of inspection The frequency of inspection is how often inspection of a lot is carried out. It should be varied depending on the following factors, the first three of which provide an option for 55 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 enhancing RBI: C equipment criticality (see B.3.5.1); C lot size and ASL (see B.3.5.2); C confidence in historical records (see B.3.5.3), and C other constraints (see B.3.5.4). In practice, the frequency of inspection should be within the limits defined in IEC 60079-17 (see section 2.9.2), where either the equipment records are unknown or poor quality, or where no records exist (such as in a new installation). In the absence of any specific information, an annual frequency of inspection should constitute a reasonable starting point providing inspections are not restricted by infrequent shutdown intervals (see B.3.5.4). B.3.5.1 Equipment criticality Equipment criticality is a key factor in determining the level of inspection for a lot. When applied correctly, it should result in high risk equipment located in high risk areas being inspected at a higher level of inspection than other equipment located in other areas. For example, in an RBI strategy, lots in Zones 1 (i.e. high risk areas) should be inspected more frequently than those in less critical areas (i.e. Zone 2 and non hazardous areas). This will result in a more targeted, effective and balanced approach, which should meet the requirements of risk-based Ex inspection. Equipment criticality is influenced by ignition risk, severity of the environment and equipment age, as described in B.3.5.1.1-B.3.5.1.3. B.3.5.1.1 Ignition risk The ignition risk due to the simultaneous presence of a potential source of ignition (caused by a fault in Ex electrical equipment) and a flammable atmosphere (i.e. ignition risk) is a key factor in determining Ex electrical equipment criticality and the necessary level of inspection. The methodology presented in this section provides an estimation of ignition risk when using Ex electrical equipment that may be subject to some degradation of its type of protection. The methodology enables discrimination between equipment whose protection is no longer assured when operating in a Zone 0 hazardous area compared to a lower risk situation when similar faulty equipment is operating in a Zone 2 hazardous area. The ignition risk is the product of the probability of a source of ignition being present and the probability of a flammable atmosphere being present. There follows guidance on this determination. Probability of source of ignition being present The probability of equipment used in a zone becoming faulty which leads to it constituting a source of ignition in that zone is defined as: C low ignition risk; C medium ignition risk, and C high ignition risk. Probability of flammable atmosphere being present The probability of a flammable atmosphere being present is defined by reference to the pertinent hazardous area classification; the methodology of EI Area classification code for installations handling flammable fluids refers to the following zones: C C Zone 2 (low risk): That part of a hazardous area in which a flammable atmosphere is not likely to occur in normal operation and, if it occurs, will exist only for a short period. Zone 1 (medium risk): That part of a hazardous area in which a flammable 56 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 atmosphere is likely to occur in normal operation. Zone 0 (high risk): That part of a hazardous area in which a flammable atmosphere is continuously present or present for long periods. C Strictly, Ex electrical equipment is not required in non-hazardous areas as there is no probability of a hazardous area being present in routine operations; however, in the case of offshore installations which are compact, it might be prudent to consider external non-hazardous areas as Zone 2 areas as they may contain Ex electrical equipment that is energised in a major hazards emergency. Ignition risk The ignition risk is the product of the probability of a source of ignition being present and the probability of a flammable atmosphere being present and forms the basis for an RBI strategy. This is defined by three levels and determined by Table B.4: Table B.4: Ignition risk Probability of source of ignition Low Medium High Probability of flammable atmosphere Zone 2 Zone 1 Zone 0 (Low) (Medium) (High) Low Low Low (Note 3) Low Medium Low (Note 3) Medium High Low (Note 3) Key Low risk Medium risk High risk Notes: 1. Table replicated as Table B.6. 2. The table assumes correct selection of Ex type of protection in the first instance. 3. For Zone 0, use of intrinsically safe systems (Ex 'ia') means that there is an inherent low ignition risk. Table B.4 should be used as a starting point in determining the frequency of inspection in an RBI sampling strategy on the basis: high risk > medium risk > low risk The guidance that follows in B.3.5.1.2-B.3.5.1.3 should be used to adjust the frequency of inspection, e.g. Ex electrical equipment exposed to a severe environment category might be moved from low ignition risk to medium ignition risk. Note that the sampling methodology does not take into account the consequences of fires/explosions to evaluate the ignition risk; it is assessed only by their probability. A more practical approach to Table B.4 using common equipment types is set out in Table 3.1. B.3.5.1.2 Severity of the environment The severity of the environment in which Ex electrical equipment is used should be determined using Table B.5. Where water is an environmental factor, it could be in the form of ‘green’ water, as encountered on floating production, storage and offloading 57 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 units (FPSOs), or deluge system water. Mechanical damage could refer to drill floor areas of offshore installations. For the purpose of varying the frequency of inspection, the severity of the environment should be classified as: C C C Severe – if at least one environmental factor is considered severe. Moderate – if no environmental factor is considered severe, but at least one is considered moderate. Benign – in all other cases. Table B.5: Severity of the environment Environmental factor Water, corrosion (salt, humidity, SO2, etc.), chemicals Dust/sand UV radiation Ambient temperature (°C) Temperature cycling Mechanical damage, Vibration Key N/A = not applicable Severe Outside, deluge areas, green water (e.g. FPSOs) Dust layer visible in ≤1 day Outside with high sunlight >40 or <-20 Outside or inside enclosure having high temperature variation High (e.g. offshore installation drill floor) Environmental category Moderate Inside Dust layer visible in >1 day but <1 week Outside with moderate sunlight N/A Outside or inside enclosure having moderate temperature variation Moderate Benign Inside, in a controlled environment Dust layer visible in >1 week Inside -20<T<40 Outside or inside enclosure having low temperature variation Low (e.g. inside an enclosure) B.3.5.1.3 Equipment age For the purpose of varying the frequency of inspection, equipment should be divided according to the following three age classes: C ≤5 years old; C >5 years old but ≤20 years old, and C >20 years old. Equipment age may affect its protection; where possible, such criteria should be referenced to design life. For simplicity and to avoid defining small lots, a pragmatic approach would be to select a single conservative age for all equipment on a particular installation, equal to the age of the installation. These criteria are similar to those used in defining lots (see B.3.1.4). B.3.5.2 Lot size and ASL A consequence of requiring broadly consistent statistical confidence in inspection results for a particular ASL is that samples randomly selected from large lots typically comprise only some 15% of a lot; whereas, for small lots, random samples may typically comprise some 25% of a lot. Some risk analysts may consider that 15% is too small an amount to sample, given that inspections may be carried out annually, or maybe less frequently (e.g. petroleum refineries having four-yearly shutdowns); if so, the frequency of inspection could be reduced and/or other level of inspection criteria could be adjusted, 58 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 e.g. the ASL could be reduced. Reducing the ASL increases Pa(10%), which indicates the confidence in the sampling plan being applied to the lot (see B.3.3.4). B.3.5.3 Confidence in historical records The frequency of inspection may be varied using knowledge of the fault modes and frequencies of faults of equipment; in practice, the frequency of inspection should be set based on known performance. This confidence in historical records database should be classified as: C C C High – there is a database where all equipment and its history is recorded and there is a confidence level of at least 70% in its accuracy. Moderate – there is either a database where all equipment and its history is recorded and there is a confidence level of at least 40% in its accuracy, or a person highly competent with such equipment has validated/challenged the historical data. Low – in all other cases. Once several inspections have been carried out, confidence in historical records should improve as the exhaustiveness of the database improves; further, confidence in its accuracy should increase and more history should be recorded. When this is so, the level of inspection should be reviewed. B.3.5.4 Factors governing frequency of inspections In the absence of any specific information, an annual frequency of inspection should constitute a reasonable starting point providing inspections are not restricted by infrequent shutdown intervals. Applying the change rules (see B.3.9.3) to such a sampling plan would take five acceptable inspections to go from normal to reduced inspection (i.e. five years), two unacceptable inspections to go from normal to increased inspection (i.e. two years) and five acceptable inspections to revert from increased to normal inspection (i.e. five years). For process plants, an annual frequency of inspection for Ex detailed inspections (which requires the equipment to be isolated) might not be possible owing to infrequent shutdown intervals (e.g. four-yearly). In such cases, selection of a sampling plan requires further consideration. An alternative approach would be to consider that the annual sampling plan is applied four times at each shutdown (the number of times being equal to the number of years between inspections); each sample would be considered as a separate inspection and tested against the unadjusted rejection criterion. This approach has the advantage of more quickly invoking the change rules. In the same way that circumstances may necessitate equipment being allocated to specific lots (see B.3.1.6), moveable equipment (hand-held, portable and transportable) or SCEs should be given particular frequencies of inspection. For moveable equipment, the frequency of inspection should consider factors such as the pattern of use and working environment. B.3.6 Select a random sample from a lot Samples should be randomly chosen from the complete lot; this means that the same equipment could be inspected in successive inspections. By selecting a genuinely representative random sample, monitoring of maintenance-induced faults can be carried out. Randomly means that samples should not be selected intentionally by any criterion (e.g. installation area, manufacturer, period since last inspection, ease of access, etc.). Samples should be randomly chosen by a random number generator or similar 59 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 means applied to the complete lot. At the discretion of the TPEF it might be acceptable to substitute a small number of the representative sample for similar equipment installed in a similar location; e.g. inspection of high level equipment where personnel access would require additional scaffolding could be substituted in the sample by local identical equipment that is more accessible to personnel. Note that progressive sampling is not applied in this sampling methodology. B.3.7 Inspect sample Before starting an inspection of a random sample of electrical equipment, the following should be available: C C C C B.3.8 Hazardous area classification (i.e., Zone 0, 1, 2 or non-hazardous), gas group (IIA, IIB or IIC) and temperature class ('T' class) (T6 to T1). This information is necessary to validate the adequacy of the equipment marking, in relation to the location where the equipment is installed or used. For moveable, portable and transportable equipment, this should cover all foreseeable locations. Documents necessary to maintain the equipment in accordance with its type of protection, for example: technical information; manufacturer’s instructions; and, information about spares. These documents allow identification of risks arising from: − Inconsistencies between conditions of use of equipment and manufacturer's requirements. − Deterioration of integrity following use, wear or misuse. Certificate number. For example, special conditions for safe use apply to any type of Ex electrical equipment where the certificate number has a suffix marking 'X' or other suffix. The certification documents should be checked against the conditions of use. System certificate of conformity or system conformity statement, or loop calculation for intrinsic safety (type of protection Ex 'i'). The combination of certified intrinsic safety equipment with associated intrinsic safety equipment should be detailed in a document showing that their combination complies with the requirements of IEC 60079-25. If this document exists, the calculation should be checked and this information should be recorded for future inspections. If the document does not exist, the calculation should be carried out. Record inspection data To enable demonstration of the continuing management of ignition risk and to facilitate verification, all inspection data should be recorded. If only faulty equipment is recorded, the equipment database will not be best exploitable for future inspections. Consequently, for each equipment inspected, the following information should be recorded: C C C Date, type of inspection, sampling data: date, frequency of inspection, grade of inspection, lot size, category of inspection, global failure rate, sample size, ASL, Re, etc. These data enable the traceability of the inspection. Equipment references: identification number (tag), description, model, type, serial number, manufacturer, location, etc. These data make it possible to identify and locate the equipment. Hazardous area classification (i.e., Zone 0, 1, 2 or non-hazardous), gas group 60 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C C C C C C C B.3.9 (IIA, IIB or IIC) and temperature class ('T' class) (T6 to T1). This information is necessary to validate the adequacy of the equipment marking, in relation to the location where the equipment is installed or used. For moveable, portable and transportable equipment, this should cover all foreseeable locations. Date of commissioning (before or after 1 July 2003). Equipment installed on or after 1 July 2003 should carry the 'new' marking, as required by ATEX 100a, which also refers to its ATEX category. Equipment already existing on 30 June 2006 is presumed to meet the requirements of ATEX Directive until that date. After that, it would continue to benefit from this presumption of conformity, provided that it has been validated explicitly before 1 July 2006 by the explosion protection document required by ATEX 137. Note that under DSEAR, marking requirements do not apply to mobile installations offshore (e.g. FPSO, jack-up, semi-submersibles, etc.). Feedback about equipment faults and modifications. Repetitive faults and modifications (data from CMMS) for equipment should be taken into account. To enable consistency, where possible, generic fault codes should be used. Whether equipment maintenance is in accordance with manufacturer's recommendations. If this condition is not validated, some premature malfunctions could occur with the equipment that affects its type of protection. Complete ATEX marking such as: − II 2 G − EEx d IIC T4 − The marking is necessary to validate the adequacy of the ATEX marking, in relation to the location(s) where the equipment is installed or used. Certificate number (e.g. LCIE 04 ATEX 6434 X). For example, special conditions for safe use apply to any type of Ex electrical equipment where the certificate number has a suffix marking 'X' or other suffix. The certification documents should be checked against the conditions of use. Faults with equipment. Inspection schedules according to the type of protection presented as Tables 1, 2 and 3 of IEC 60079-17 are replicated in Annex D. All faults should be recorded. If the equipment has several faults, all should be recorded, even those that are repaired during the inspection (e.g. tightening cable entry devices). Remedial actions, e.g. type of action, date action carried out, etc. (see annex B.3.9.2). Define scoring and rules for handling faulty equipment B.3.9.1 Define scoring for handling faulty equipment Following an inspection, some faulty equipment may be identified; there may be one or more faults per equipment, each having different ignition risk, depending on the nature of each fault and the hazardous area in which the equipment is used. This section sets out an approach for scoring such faulty equipment based on ignition risk, as this is the key risk to manage; note, however that this analytical approach does not include other equipment criticality factors, such as the severity of the environment, equipment age, etc. The approach for categorising faulty equipment based on ignition risk uses the methodology for analysis of ignition risk, as described in B.3.5.1.1. The probability of ignition of a flammable atmosphere leading to a fire/explosion (e.g. ignition risk) is the product of the probability of a source of ignition being present and the probability of a flammable atmosphere being present. This is defined by three levels and determined by Table B.6. 61 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table B.6: Ignition risk Probability of source of ignition Low Medium High Probability of flammable atmosphere Zone 2 Zone 1 Zone 0 (Low) (Medium) (High) Low Low Low (Note 3) Low Medium Low (Note 3) Medium High Low (Note 3) Key Low risk Medium risk High risk Notes: 1. Table replicated as Table B.4. 2. The table assumes correct selection of Ex type of protection in the first instance. 3. For Zone 0, use of intrinsically safe systems (Ex ‘ia’) means that there is an inherent low ignition risk. When applying Table B.6, if equipment has several faults, all should have been recorded but only the most severe should be taken into account in determining the ignition risk. There follow some examples of the results of inspections by sampling; equipment faults are identified for both a sample of a lot in Zone 1 (see Table B.7), and similarly for Zone 2 (see Table B.8). In fact, the same equipment and faults are used in the examples albeit that some of the faults result in higher ignition risks in Zone 1 than Zone 2. Note that these lots comprise a mixture of equipment but are used in the same hazardous area, gas group IIB and temperature classification T4. B.3.9.1.1 Applying risk-based ignition risk weighting factors to faulty equipment There follows an approach for applying risk-based ignition risk weighting factors to faulty equipment: its intent is to emphasise the differences in ignition risk from Table B.6 for faulty equipment and calculate a weighted faulty equipment score. The scoring system uses the following factors: C C C High ignition risk – weighting factor of 1. Medium ignition risk – weighting factor of 0,5. Low ignition risk – weighting factor of 0,25. Each number of faulty equipment is multiplied by the pertinent weighting factor and the weighted faulty equipment score for the sample is compared to the pertinent Re. This approach is intended as a starting point for a scoring system that aligns with the Re values in the ASL tables: as inspections are completed, users should audit and review this scoring system and accordingly recalibrate and adjust the weighting factors using actual inspection data, where appropriate. Hereafter in Annex B, the concept of weighted faulty equipment score is used when determining whether a lot is acceptable, rather than using just the number of faulty equipment. Example for Zone 1 In a mixed lot of size 1 000 equipment used in a common equipment location, ASL = 0,65 (which is lower than the ALARP ASL as the equipment is used in Zone 1), global failure rate = level II, normal inspection, sample size = 80 and Re = 2 (see 62 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.6). Four equipment were found to be faulty: Table B.7 provides a summary of these faults and their ignition risk. Applying the above risk-based ignition risk weighting factors to the faulty equipment in Table B.7, a weighted faulty equipment score of 3,5 results, which is above Re; therefore, the lot is rejected. The flowchart in Figure B.1 should be applied to determine the subsequent action. Table B.7: Results of inspection by sampling for equipment in a Zone 1 hazardous area Hazardous area Equipment Motor EEx d IIB T4 Zone 1, IIB, T4 (High risk) Pressure switch EEx d IIA T4 Motor EEx d IIC T6 Junction box EEx d IIB T4 Luminaire EEx n IIB T5 Probability of ignition Faults Lack of two bolts on the 'd' enclosure; the type of protection is no longer guaranteed Loose electrical connection which has been arcing The gas group is inadequate compared to the IIB requirements Risk of damage to cable, which exceeds minimum bending radius None Type of protection for Zone 2, unsuitable for Zone 1 Ignition risk Summary Low Medium High Ignition risk Number of faulty equipment High 1 High High 1 Medium Medium 1 Low Low 0 (N/A) High High 1 Weighting factor Number of faulty equipment 0,25 0,5 1 0 1 3 High High Weighted faulty equipment score 0 0,5 3 3,5 Total Notes: 1 The analysis counts the number of faulty equipment, not the number of faults; hence only one high ignition risk fault is counted for the motor (EEx d IIB T4). 2 If equipment has several faults, all faults should be recorded but only the most severe should be taken into account in determining the ignition risk. Example for Zone 2 In a mixed lot of size 1 000 equipment, used in a common equipment location, ASL = 1 (which is the ALARP ASL as the equipment is used in Zone 2), global failure rate = level II, normal inspection, sample size = 80 and Re = 3 (see Table C.7). Three equipment were found to be faulty: Table B.8 provides a summary of these faults and their ignition risk. Applying the above risk-based ignition risk weighting factors to the faulty equipment in Table B.8, a weighted faulty equipment score of 1.25 results, which is below Re; therefore, the lot is acceptable. The flowchart in Figure B.1 should be applied to determine the subsequent action. 63 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table B.8 Results of inspection by sampling for equipment in a Zone 2 hazardous area Hazardous area Equipment Motor EEx d IIB T4 Zone 2, IIB, T4 (Medium risk) Pressure switch EEx d IIA T4 Motor EEx d IIC T6 Junction box EEx d IIB T4 Luminaire EEx n IIB T5 Lack of two bolts on the 'd' enclosure; the type of protection is no longer guaranteed Loose electrical connection which has been arcing The gas group is inadequate compared to IIB requirements Risk of damage to cable, which exceeds minimum bending radius None None Ignition risk Summary Ignition risk Number of faulty equipment Medium 1 High Medium 1 Medium Low 1 Low Low 0 (N/A) Low Low 0 (N/A) Weighting factor Number of faulty equipment 0,25 0,5 1 1 2 0 Probability of ignition Faults Low Medium High High High Weighted faulty equipment score 0,25 1 0 1,25 Total Notes: 1 The analysis counts the number of faulty equipment, not the number of faults; hence only one medium ignition risk fault is counted for the motor (EEx 'd' IIB T4). 2 If equipment has several faults, all faults should have been recorded but only the most severe is taken into account in determining the ignition risk. 3 In this example, if the risk-based ignition risk weighting factors were not applied, the lot would have failed the inspection as there are three faulty equipment and Re = 3; however, the three faulty equipment are low and medium risk such that applying the weighting factors makes the lot acceptable as weighted faulty equipment score (1,25) < Re (3). B.3.9.2 Define rules for handling faulty equipment Remedial actions for handling faulty equipment could range from a review of causes of faults through to their repair, depending on the weighted faulty equipment score compared to the pertinent rejection criterion, and whether a lot is acceptable or unacceptable. The rules of B.3.9.2.1-B.3.9.2.6 should be applied to each lot. The process is summarised in the flowchart of Figure B.1. Because only a random sample of a lot is inspected in a sampling plan, confidence in the integrity of the lot relies on a thorough audit and review of the causes of any faults, whose aims should meet the requirements of section 3.2.6 and should be to: C C Identify and take remedial actions (e.g. organisational measures, inspection of the whole lot, modification, etc.) to correct the identified faults. Prevent faults becoming an ignition risk. 64 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 The steps of this thorough audit and review should be: C C Determine the causes of faults in faulty equipment. Determine common causes of faults that could induce faults in equipment that has not been inspected (e.g. defective gasket material in deluge areas or unexpected degradation from chemical exposure, etc.). This thorough audit and review should be carried out by competent personnel who are competent in the various types of protection, their installation practices, the site, the maintenance strategy and the environmental conditions. Causes of the faults could include: C C C C C C Degradation due to severity of the environment (e.g. due to corrosion, chemicals, accumulation of dust or sand, ambient temperature and temperature cycling, UV radiation, vibration, ingress of water, mechanical effects, etc.). Inherent design weaknesses (e.g. inadequate design/protection for the location(s) where the equipment is installed or used). Incorrect technical specifications. Inadequate maintenance strategy (e.g. frequency, check points, personnel competence, manufacturer’s instructions are not met, etc.). Lack of complete documentation. Random faults. B.3.9.2.1 Handling of faulty equipment in a lot Depending on the sampling plan’s rejection criterion, the weighted faulty equipment score may render the lot acceptable (<Re) or unacceptable (≥Re). Faulty equipment in each case are treated differently, as described in the following sections and illustrated in the flowchart of Figure B.1. Handling of faulty equipment in an unacceptable lot (≥Re) As illustrated in Figure B.1, where a lot is found to be unacceptable due to the weighted faulty equipment score ≥Re, the causes of faults should be determined. There should be a thorough audit and review of the faulty equipment to determine if there is a common fault mode e.g. a problem with a particular type of equipment/manufacturer, damage due to maintenance activities (e.g. scaffolding impact along a corridor), etc. The cause analysis should be recorded. If there is a common fault mode, the faulty equipment and other similar equipment should be deselected and another sample should be taken for inspection. If there is no common fault mode, the faulty equipment should remain in the lot and another sample should be taken for inspection. The weighted faulty equipment score found in the second inspection should be added to that for the first inspection and tested against twice Re. If the sum of the weighted faulty equipment score is: C C <2Re – the lot is acceptable. Actions should be taken as described in the following section for handling faulty equipment in an acceptable lot. ≥2Re – the lot is unacceptable. The complete lot should be inspected during the current inspection or the TPEF should provide a robust justification for alternative action. For large lot sizes (e.g. 501 - 1 200 and 1 201 - 3 200), inspecting the whole lot may be onerous and difficult to do in a shutdown; if in such cases, the whole lot is not inspected, there should be a robust justification of this decision by the TPEF. For example, such a decision may be pertinent where the faults relate to a specific area of plant, a particular equipment 65 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 manufacturer, etc.; if so, all such equipment should be inspected and remedial action taken. Faulty equipment found during the first, second and complete inspections should be repaired using the prioritisation described in B.3.9.2.2. Similarly, other remedial actions should be carried out using the prioritisation described in B.3.9.2.4. An unacceptable lot may invoke change rules and the possibility of moving from normal to increased inspection, or reduced to normal inspection for the next inspection of that lot (see B.3.9.3). Handling of faulty equipment in an acceptable lot (<Re) As illustrated in Figure B.1, where a lot is found to be acceptable and there is some faulty equipment in the sample but the weighted faulty equipment score <Re, the causes of faults should be determined. There should be a thorough audit and review of the faulty equipment to determine if there is a common fault mode e.g. a problem with a particular type of equipment/manufacturer, damage due to maintenance activities (e.g. scaffolding impact along a corridor), etc. The cause analysis should be recorded. If the cause of faults found during the inspection demonstrates that they could similarly affect other equipment (i.e. it is a common mode fault), similar equipment in that lot should be inspected for the same fault during the current inspection. Faulty equipment should be repaired using the prioritisation described in B.3.9.2.2. Similarly, other remedial actions should be carried out using the prioritisation described in B.3.9.2.4. B.3.9.2.2 Define prioritisation of repair of faults in faulty equipment The equipment criticality of faulty equipment and number of faults should be used to prioritise their repair. The following risk-based prioritisation should be applied using the ignition risks determined from Table B.6 as a starting point for equipment criticality: high ignition risk >> medium ignition risk > low ignition risk for which the following risk-based schedule should be applied: C C C high ignition risk: ≤ one week; medium ignition risk: ≤ three months; low ignition risk: ≤12 months (e.g. during planned maintenance). Note that this schedule should not necessarily be applied to the prioritisation of remedial actions other than repair (see B.3.9.2.4). Additional prioritisation should be given to the repair of faulty equipment that has several faults (e.g. assemblies). B.3.9.2.3 Repair of faults in faulty equipment Faults should be repaired so as to reinstate the Ex type of protection according to the schedule given in B.3.9.2.2. Such repairs should not introduce other faults that compromise Ex integrity. The repairs carried out should be recorded in the equipment register. B.3.9.2.4 Define prioritisation of remedial action other than repair for faults in faulty equipment The equipment criticality of faulty equipment and number of faults should be used to prioritise their repair. The following risk-based prioritisation should be applied using the ignition risks determined from Table B.6 as a starting point for equipment criticality: high ignition risk >> medium ignition risk > low ignition risk 66 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 A schedule is only provided for repair of faults (see B.3.9.2.2). Additional prioritisation of remedial action should be given to remedial actions for faulty equipment that has several faults (e.g. assemblies). B.3.9.2.5 Remedial actions other than repair for faults in faulty equipment As noted in section 3.2.2, where a visual or close inspection indicates a need to investigate further to fully ascertain the causes of faults, a more rigorous grade of inspection should be applied (e.g. changing from close to detailed inspection to better understand the status of internal Ex integrity). This applies whether the lot is acceptable or unacceptable. Such remedial work should be prioritised as described in B.3.9.2.4. The remedial actions and modifications should be determined from the findings of the thorough audit and review (see B.3.9.2) and may include: C C C C C C C C C Updating the maintenance strategy (frequency, check points, equipment vibrations). Better assuring personnel competence. Replacing unsuitably protected Ex electrical equipment by suitably protected Ex electrical equipment. Replacing incorrect cable entry devices. Tightening bolts of Ex 'd' enclosures. Improving equipment maintenance. Investigating equipment vibrations. Tightening Ex 'e' terminations. Cleaning Ex 'd' flame paths. The remedial actions and modifications should be recorded in the equipment register. B.3.9.2.6 Weighted faulty equipment score = 0 If there is no faulty equipment in an acceptable lot, no specific action is required (see Figure B.1). However, in such cases the TPEF should consider a quality assurance check on the quality of the Ex inspections and associated records. B.3.9.3 Review category of inspection by applying change rules As illustrated in Figure B.3, the category of inspection and the frequency of inspection for the next inspection should be defined based on the results of the previous inspections using change rules. These change rules are based on ISO 2859-1. Normal to increased When normal inspection is being carried out, increased inspection should be implemented when two consecutive normal inspections have been to unacceptable safety levels. Increased to normal When increased inspection is being carried out, normal inspection should be reinstated when five consecutive increased inspections have been to acceptable safety levels. Normal to reduced When normal inspection is being carried out, reduced inspection should be implemented when both: C C Five consecutive normal inspections have been to acceptable safety levels. Reduced inspection is considered desirable by the DH. 67 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Reduced to normal When reduced inspection is being carried out, normal inspection should be reinstated if any of the following conditions apply: C C C A reduced inspection has been to an unacceptable safety level. A reduced inspection has been to an acceptable safety level but there is some faulty equipment at each inspection. Changes of condition occur (e.g. modification of the process, different environmental conditions, etc). Start - Two consecutive safety levels unacceptable - Five consecutive safety levels acceptable - DH endorses change Reduced inspection F Inscreased inspection F Normal inspection F - Safety levels unacceptable - Nonconforming equipment at each inspection - Changes of condition occur - Five consecutive safety levels acceptable Figure B.3: Using change rules to determine category of inspection Key F = frequency of inspection (yr.) (see B.3.5.). Note that it is not necessarily in integers. B.3.9.3.1 Review frequency of inspection by applying change rules The frequency of inspection for the next inspection should be reviewed and should be defined based on the results of the previous inspections. This process uses change rules; see Figure B.3. Clearly, the frequency of inspection decreases for reduced inspection, and vice versa. Note that the frequency of inspection is not necessarily in integers. The frequency of inspection should be determined as described in section B.3.5. As noted in Table 3.2, where normal inspections are based on an annual frequency, then a reasonable starting point for the frequency of inspection for increased inspection should be half that for normal inspection; conversely, the frequency of inspection for reduced inspection should be double that for normal inspection. Where the frequency of inspection is subject to constraints such as shutdowns (see B.3.5.4), there should be a robust consideration of whether and how it should be modified. 68 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 B.3.10 Audit and review of sampling plans To meet the requirements of section 3.6, the results of applying each sampling plan should be formally reviewed and accordingly revised on an annual basis or following application of sampling plans (see section 3.6.1.5); this should be supplemented by a more rigorous audit and review every three years (see section 3.6.1.6). The following parameters should be reviewed and modified in the light of operational experience, and the basis of any changes should be formally recorded: C ASL (see B.3.3.4); C category of inspection by applying change rules (see B.3.9.3); C frequency of inspection by applying change rules (see B.3.9.3.1), and C global failure rate (see B.3.3.2). Normally, the global failure rate is fixed for a sampling plan; however, it should be adjusted in subsequent inspections (where appropriate) if additional fault data become available for similar lots in other locations that indicate different failure rates. 69 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX C TECHNICAL BASIS OF RBI SAMPLING METHODOLOGY C.1 INTRODUCTION The objective of this annex is to provide information that should help users to understand the basis of the sampling methodology provided in Annex B. In addition, it should help advanced users to build their own sampling tables. Note that the sampling tables presented in C.7 are based on ISO 2859-1, but adapted by developing suitable sample sizes, categories of inspection and Pa(10%) and Pr(5%). Also, for simplicity, the concept of applying risk-based ignition risk weighting factors to the number of faulty equipment in a sample to give a weighted faulty equipment score (see annex B.3.9.1.1) is not applied in Annex C. C.2 LIMITATIONS OF INSPECTION BY SAMPLING The goal of inspection by sampling is to reduce the number of inspected equipment belonging to a lot by using the inspection findings of the lot as an indicator of the quality of the rest of the lot. This should result in a targeted, risk-based balanced and effective Ex inspection strategy that meets the objectives of section 3.2.4. As the complete lot is not inspected, there is a risk in declaring that a lot is acceptable when only part of it has been inspected; it is possible that there is an unacceptable number of faulty equipment in a lot which were not represented in the random sample. For example, consider the following lot: C lot size (N) = 1 000, which contains 100 faulty equipment; C sample size (n) = 50, and C Re = 10 (i.e. a sample of the lot is acceptable with <10 faulty equipment). It is possible that there is no faulty equipment in the random sample; however, the lot would be accepted. Consequently, there is a need for an indicator of the quality of sample inspections to reduce this possibility to a good probability; this indicator is called Pa (10%). Similarly, considering the same lot, there could be 15 faulty equipment for the random sample, which is unrepresentative of the lot. In this case, the lot should be rejected and the flowchart in Figure B.1 should be applied to determine the subsequent action. Consequently, there is also a need of an indicator of the cost of sample inspections to reduce this possibility to a low probability: this is called Pr (5%). C.2.1 Varying ASLs and applying Pa(10%) and Pr(5%) for an example lot Annex B.3.3.4.2 introduced the possibility of changing the ASL and its impact on statistical confidence in the inspection results in sample inspections: this is further developed here for an example lot at two ASLs by also referring to the parameters Pa(10%) and Pr(5%). In sample inspections it is possible that the performance of the sample is better or worse than the lot even though the sample is randomly selected: the likelihood that the lot will be accepted or rejected is indicated using the Pa(10%) and Pa(5%) values from the pertinent ASL table. Example A lot comprises 1 000 equipment, ASL = 1% (i.e. the ALARP ASL (see annex B.3.3.4.3)), global failure rate = level II, sample size = 80 and Re = 3 (see Table C.7). Proportionately, 70 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 if a sample was not taken but the whole lot was inspected, Re would be 38 (=3*1,000/80) such that the lot should be accepted with up to 37 faulty equipment. The target is to have ≤10 faulty equipment (i.e., 1% of 1 000) for the lot. From Table C.7: C C Pa(10%) = 6,52%, therefore, the safety level of the lot is considered acceptable with a probability of 10% (i.e. one in ten inspections), even though there is up to 65 faulty equipment for the 1 000 equipment lot (i.e. <6,52%). Pr(5%) = 1,03%; therefore, the safety level of the lot is considered unacceptable with a probability of 5% (i.e. one in 20 inspections) even though there is a minimum of 11 faulty equipment for the 1 000 equipment lot (i.e. >1,03%). Example A lot comprises 1 000 equipment, ASL = 4% ((which is less rigorous than the ALARP ASL (see annex B.3.3.4.3)), global failure rate = level II, sample size = 80 and Re = 8 (see Table C.10). Proportionately, if a sample was not taken but the whole lot was inspected, Re would be 100 (= 8*1 000/80) such that the lot should be accepted with up to 99 faulty equipment. The target is to have ≤40 faulty equipment (i.e., 4% of 1 000) for the lot. From Table C.10: C C Pa(10%) = 14,3%, therefore, the safety level of the lot is considered acceptable with a probability of 10% (i.e. one in 10 inspections), even though there is up to 142 faulty equipment for the 1 000 equipment lot (i.e. <14,3%). Pr(5%) = 5,08%; therefore, the safety level of the lot is considered unacceptable with a probability of 5% (i.e. one in 20 inspections) even though there is a minimum of 51 faulty equipment for the 1 000 equipment lot (i.e. >5,08%), Therefore, a smaller ASL means a more conservative (i.e. smaller) number of faulty equipment per sample is tolerable, leading to greater confidence in the condition of the remaining population of the lot, as indicated by the narrower range of Pa(10%) and Pr(5%). Conversely, the higher the ASL, the lower the quality and inspection cost. C.3 DEFINE KEY SAMPLING PARAMETERS The purpose of this section is to set out the basis for defining Pa and Pr, and to set out the technical basis of the sampling tables. In addition, this approach should help users to build their own sampling tables, e.g. for ASLs not provided here. C.3.1 Calculation of P(X=d) using hypergeometric law The number of combinations of d faulty equipment in the population of D faulty equipment of the lot is: C Dd If there are d faulty equipment in the sample of n equipment, there are (n-d) conforming equipment in the sample. If there are D faulty equipment in the lot of N equipment, there are (N-D) conforming equipment in the lot. The number of combinations of (n-d) conforming equipment in the sample of (N-D) conforming equipment in the lot is: 71 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C Nn −−dD Therefore, the number of combination of samples with d faulty equipment and (n-d) conforming equipment in a lot of N equipment including D faulty equipment is: C Dd × C Nn −−dD The number of combination of different samples of n equipment in the lot of N equipment is: C Nn As a consequence, the probability P(X=d) of having a sample with d faulty equipment and (n-d) conforming equipment in a lot of N equipment including D faulty equipment is: P( X = d ) = C Dd × C Nn −−dD C Nn This is termed hypergeometric law. C.3.2 Calculation of Pa(X=Re-1) using hypergeometric law The probability Pa(X=Re-1) to accept a lot with D faulty equipment when the sample has <Re faulty equipment is: Pa ( X = Re− 1) = P ( X = 0) + P( X = 1) + K + P( X = Re− 1) Pa ( X = Re− 1) = Re −1 ∑ P( X = k ) k =0 Pa( X = Re− 1) = C Dk × C Nn −−kD ∑ C Nn k =0 Re −1 where k is an integer (k = 0, 1, ….Re-2, Re-1). This is the hypergeometric law for Pa. C.3.3 Calculation of P(X=d) and Pa(X=Re) using binomial law The hypergeometric law is very difficult to apply when the lot size becomes high due to the calculation of N! (i.e. factorial N). Another method of calculation can be applied if n is very small compared to N (i.e. for small sample sizes compared to the lot size), typified by n/N<0,15. In such cases, the following approach is valid. The number of combinations of d faulty equipment in a sample of n equipment is: C nd The probability that equipment in a lot of N equipment including D faulty equipment is faulty equipment is: p= 72 D N GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Since n/N is small, the probability that d equipment in a lot of N equipment (including D faulty equipment) are all faulty equipment is: ⎛D⎞ pd = ⎜ ⎟ ⎝N⎠ d Further, the probability that (n-d) equipment in a lot of N equipment (including D faulty equipment) are all conforming equipment is: (1 − p ) d = (1 − D n−d ) N As n<N is small (n/N<0.15), the probability P(X=d) of having a sample with d faulty equipment and (n-d) conforming equipment in a lot of N equipment including D faulty equipment is: P( X = d ) = C nd × ( D d D ) × (1 − ) n − d N N This is termed binomial law. Consequently, Pa according to binomial law is given by: Pa( X = Re− 1) = Re −1 ∑C k n k =0 ×( D k D ) × (1 − ) n −k N N where k is an integer (k = 0, 1, ….Re-2, Re-1). This is the binomial law and applies where n/N<0,15. C.4 DETERMINATION OF Pa(10%) Pa(10%) is the ratio D/N in percent of faulty equipment (D) that could be in a lot of N equipment, so that the lot is accepted with a probability of 10% if there is <Re faulty equipment in the sample of n equipment. This value depends on Re, the sample size (n) and the lot size (N). But if binomial law can be applied (i.e. n/N<0.15), Pa(10%) only depends on Re and on the sample size; it does not depend on the lot size. C.4.1 Determination of Pa(10%) where n/N≥0,15 The binomial law cannot be applied where n/N≥0,15: in this case, a calculation should be done for each lot size. The only approach is to calculate Pa(X=Re) with D varying from 0 to N and to find the most suitable value of D so that Pa(X=Re) = 10%. Example Lot size (N) = 280; sample size (n) = 80; Re = 2 (n/N=80/280=0,29, i.e. ≥0,15). The results of the calculation are given in Table C.1. As indicated by the light grey highlighting, Pa(10%) = 4,3%. 73 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.1: Example calculation of Pa(10%) where n/N≥0,15 Number of faulty equipment, D Ratio D/N Pa(X=Re-1) (%) (%) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0,004 0,007 0,011 0,014 0,018 0,021 0,025 0,029 0,032 0,036 0,039 0,043 0,046 0,050 0,4 0,7 1,1 1,4 1,8 2,1 2,5 2,9 3,2 3,6 3,9 4,3 4,6 5,0 1,000 0,919 0,803 0,677 0,557 0,450 0,358 0,281 0,218 0,168 0,128 0,097 0,073 0,055 100,0 91,9 80,3 67,7 55,7 45,0 35,8 28,1 21,8 16,8 12,8 9,7 7,3 5,5 15 0,054 5,4 0,041 4,1 Table C.2: Example calculation of Pa(10%) where n/N<0,15 D/N Pa(X=Re-1) Number (%) Ratio (%) 0,0025 0,0050 0,0075 0,0100 0,0125 0,25 0,50 0,75 1,00 1,25 0,996 0,975 0,932 0,869 0,794 99,6 97,5 93,2 86,9 79,4 0,0150 0,0175 0,0200 0,0225 0,0250 0,0275 0,0300 1,50 1,75 2,00 2,25 2,50 2,75 3,00 0,711 0,626 0,543 0,464 0,393 0,329 0,273 71,1 62,6 54,3 46,4 39,3 32,9 27,3 0,0325 0,0350 0,0375 0,0400 0,0425 0,0450 3,25 3,50 3,75 4,00 4,25 4,50 0,224 0,183 0,148 0,120 0,096 0,076 22,4 18,3 14,8 12,0 9,6 7,6 0,0475 4,75 0,060 6,0 74 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C.4.2 Determination of Pa(10%) where n/N<0,15 The binomial law can be applied where n/N<0,15: in this case, the calculation does not account for each lot size. The only approach is to calculate Pa(X=Re-1) with D/N varying from 0 to 1 and to find the most suitable value of D/N so that Pa(X=Re-1) = 10%. Example: Sample size (n) = 125 and Re = 3. The results of the calculation are given in Table C.2. As indicated by the light grey highlighting, Pa(10%) = 4,25%. C.5 DETERMINATION OF Pr(5%) Pr(5%) is the ratio D/N in percent of faulty equipment that could be in a lot of N equipment so that the lot is rejected with a probability of 5% if there is ≤Re faulty equipment in the sample of n equipment. This value depends on Re, the sample size (n) and the lot size (N). But, if binomial law can be applied (i.e., n/N<0,15), Pa(10%) only depends on the Re and on the sample size; it does not depend on the lot size. This means that the lot is accepted with a probability Pa(X=Re) equal to 95%: Pr(5%) = D/N so that Pa(X=Re-1) = 95% Consequently, determining Pr(5%) is equivalent to determining the ratio D/N where Pa(X=Re-1) equals 95%. C.5.1 Determination of Pr(5%) where n/N≥0,15 The binomial law cannot be applied where n/N≥0,15: in this case, a calculation should be done for each lot size. The only approach is to calculate Pa(X=Re-1) with D varying from 0 to N and to find the most suitable value of D so that Pa(X=Re-1) = 95%. Example In the example given in C.4.1, as indicated by the dark grey highlighting in Table C.1, Pr(5%) is between 0,4 and 0,7%, but it not possible to extract a more precise value from the table. C.5.2 Determination of Pr(5%) where n/N<0,15 The binomial law can be applied where n/N<0,15: in this case, the calculation does not account for each lot size. The only approach is to calculate Pa(X=Re-1) with D/N varying from 0 to 1 and to find the most suitable value of D/N so that Pa(X=Re-1) = 95%. Example In the example given in C.4.2, as indicated by the dark grey highlighting in Table C.2, Pr(5%) (i.e. Pa(X=Re-1) = 95%) is between 0,50 and 0,75%. However, a more precise value can be determined using closer D/N values. The results of the calculation are given in Table C.3. As indicated by the dark grey highlighting, Pr(5%) = 0,66%. 75 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.3: Example calculation of Pa(10%) where n/N<0,15 D/N C.6 Pa(X=Re-1) Number (%) Ratio (%) 0,0063 0,0064 0,0065 0,0066 0,0067 0,0068 0,63 0,64 0,65 0,66 0,67 0,68 0,955 0,953 0,951 0,949 0,948 0,946 95,5 95,3 95,1 94,9 94,8 94,6 0,0069 0,69 0,944 94,4 EXAMPLE GRAPHICAL DETERMINATION OF Pa(10%) AND Pr(5%) Consider the determination of Pa(10%) and Pr(5%) from a graph of probability of acceptance of a lot versus percentage of faulty equipment in a lot (D/N), for an example lot where: C lot size (N) = 3 200; C sample size (n) = 200; C ASL = 2,5%, and C Re = 11 (global failure rate = level III and normal inspection). The complete curve of the probability of acceptance of the lot versus percentage of faulty equipment in that lot is given in Figure C.1. 100 Probability of acceptance of the lot, Pa (%) 90 80 70 60 50 40 30 20 10 Pa(10% ) Pr(5%) 0 0 2 4 6 8 10 Faulty equipm ent in the lot, D/N (%) Figure C.1: Example determination of Pa(10%) and Pr(5%) from a graph of probability of acceptance of the lot, Pa versus percentage of faulty equipment in the lot, D/N 76 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 As n/N<0,15, binomial law can be applied to plot the relationship between Pa(10%) and D/N. With this example, the general formula can be written as: 10 k Pa( X = 10) = ∑ C 200 ×( k =0 D k D ) × (1 − ) 200− k N N Pa(10%) should be read off Figure C.1 as 7,60%; this means that the probability to accept a lot of 3 200 equipment containing 243 (i.e., 7,60% of 3 200) faulty equipment is 10% with this sampling plan. In other words, in one in 10 times, there is ≤10 faulty equipment in a sample of 200 equipment (proportionately, this would be ≤160 faulty equipment in the lot of 3 200 equipment) although there are 243 faulty equipment in the lot. With an ASL of 2,5%, the target is to have ≤80 (i.e., 2,5% of 3,200) faulty equipment in the lot. Conversely, Pr(5%) should be considered so as not to have too high an inspection cost. Therefore, in this example, a lot with only 100 faulty equipment (3,11% of 3 200) would be rejected one in 20 times even though it should be accepted. The values determined in this example, i.e. Pr(5%) = 3,11% and Pa(10%) = 7,60%, are included in the bottom row of the sampling table for ASL = 2,5% (see Table C.9). C.7 SAMPLING TABLES FOR VARIOUS ASLs Data in the sampling tables provided in Table C.4 - Table C.11 are based on ISO 2859-1 and derived using the formulae presented in the previous sections. Each table is for a particular ASL and provides suitable sample sizes, categories of inspection and Pa(10%) and Pr(5%) for normal inspection. 77 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.4: Sampling data for ASL = 0,25% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 25 25 25 50 50 50 50 50 50 50 50 50 50 50 50 50 50 50 50 50 200 50 200 200 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 Reduced inspection Sample Re size 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 125 20 125 125 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 Increased Pa(10%) Pr(5%) inspection for for normal normal Sample Re inspection inspection size (%) (%) 25 1 N/A N/A 25 1 N/A N/A 25 1 N/A N/A 50 1 N/A N/A 50 1 N/A N/A 50 1 N/A N/A 80 1 2,2-3,3* <1,1* 80 1 2,2-3,3* <1,1* 80 1 2,2-3,3* <1,1* 80 1 3,3-4* <0,7* 80 1 3,3-4* <0,7* 80 1 3,3-4* <0,7* 80 1 4* <0,4* 80 1 4* <0,4* 80 1 4* <0,4* 80 1 4,5 0,1 80 1 4,5 0,1 80 1 4,5 0,1 80 1 4,5 0,1 80 1 4,5 0,1 315 2 1,93 0,18 80 1 4,5 0,1 315 2 1,93 0,18 315 2 1,93 0,18 Notes: 1 N/A = Not applicable. 2 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 3 The rejection criterion is defined by Re. 4 There are no lot sizes for which this ASL is the ALARP ASL (see Table B.3). 78 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.5: Sampling data for ASL = 0,40% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 25 25 25 32 32 32 32 32 32 32 32 32 32 32 32 32 32 125 32 125 125 32 125 200 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 3 Reduced inspection Sample Re size 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 80 13 80 80 13 80 80 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 Increased Pa(10%) Pr(5%) inspection for for normal normal Sample Re inspection inspection size (%) (%) 25 1 N/A N/A 25 1 N/A N/A 25 1 N/A N/A 50 1 4-6* <2* 50 1 4-6* <2* 50 1 4-6* <2* 50 1 5,5-6,6* <0,67* 50 1 5,5-6,6* <0,67* 50 1 5,5-6,6* <0,67* 50 1 6,6* <0,67* 50 1 6,6* <0,67* 50 1 6,6* <0,67* 50 1 6,94 0,16 50 1 6,94 0,16 50 1 6,94 0,16 50 1 6,94 0,16 50 1 6,94 0,16 200 2 2,7* <0,4* 50 1 6,94 0,16 200 2 3,08 0,29 200 2 3,08 0,29 50 1 6,94 0,6 200 2 3,08 0,29 200 2 2,64 0,41 Notes: 1 N/A = Not applicable. 2 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 3 The rejection criterion is defined by Re. 4 There are no lot sizes for which this ASL is the ALARP ASL (see Table B.3). 79 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.6: Sampling data for ASL = 0,65% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 20 80 80 20 80 125 80 125 200 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 3 2 3 4 Reduced inspection Sample Re size 8 8 8 8 8 8 8 8 8 8 8 8 8 8 50 8 50 50 8 50 50 50 50 80 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 Increased Pa(10%) Pr(5%) inspection for for normal normal Sample Re inspection inspection size (%) (%) 25 1 4-8* <4* 25 1 4-8* <4* 25 1 4-8* <4* 32 1 6,7-10* <2* 32 1 6,7-10* <2* 32 1 6,7-10* <2* 32 1 8,8-10* <1,1* 32 1 8,8-10* <1,1* 32 1 8,8-10* <1,1* 32 1 10,9 0,26 32 1 10,9 0,26 32 1 10,9 0,26 32 1 10,9 0,26 32 1 10,9 0,26 125 2 4,3* <0,3* 32 1 10,9 0,26 125 2 4,78 0,45 125 2 4,78 0,45 32 1 10,9 0,26 125 2 4,78 0,45 125 2 4,20 0,65 125 2 4,78 0,45 125 2 4,20 0,65 200 3 3,31 0,69 Notes: 1 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 2 The rejection criterion is defined by Re. 3 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). 80 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.7: Sampling data for ASL = 1% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011,200 1,2013,200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 13 13 13 13 13 13 13 13 13 13 13 50 13 50 50 13 50 80 50 80 125 50 125 200 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 3 2 3 4 2 4 6 Reduced inspection Sample Re size 5 5 5 5 5 5 5 5 5 5 5 32 5 32 32 5 32 32 32 32 50 32 50 80 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 Increased inspection Sample Re size 20 20 20 20 20 20 20 20 20 20 20 80 20 80 80 20 80 80 80 80 125 80 125 200 1 1 1 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 Pa(10%) Pr(5%) for for normal normal inspection inspection (%) (%) 12* <4* 12* <4* 12* <4* 15* <2* 15* <2* 15* <2* 16,2 0,4 16,2 0,4 16,2 0,4 16,2 0,4 16,2 0,4 6,6* 1,33* 16,2 0,4 7,56 0,72 7,56 0,72 16,2 0,4 7,56 0,72 6,52 1,03 7,56 0,72 6,52 1,03 5,27 1,1 7,56 0,72 5,27 1,1 4,59 1,32 Notes: 1 Table replicated as Table B.2. 2 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 3 The rejection criterion is defined by Re. 4 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). 81 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.8: Sampling data for ASL = 1,5% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 8 8 8 8 8 8 8 8 32 8 32 32 8 32 50 32 50 80 32 80 125 50 125 200 1 1 1 1 1 1 1 1 2 1 2 2 1 2 3 2 3 4 2 4 6 3 6 8 Reduced inspection Sample Re size 3 3 3 3 3 3 3 3 20 3 20 20 3 20 20 20 20 32 20 32 50 20 50 80 1 1 1 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 2 4 6 Increased Pa(10%) Pr(5%) inspection for for normal normal Sample Re inspection inspection size (%) (%) 13 1 20-24* <4* 13 1 20-24* <4* 13 1 20-24* <4* 13 1 22-24* <2* 13 1 22-24* <2* 13 1 22-24* <2* 13 1 28,8 0,64 13 1 28,8 0,64 50 2 10* 1-2* 13 1 28,8 0,64 50 2 10,7* 1,3* 50 2 10,7* 1,3* 13 1 28,8 0,64 50 2 11,6 1,12 50 2 10,3 1,66 50 2 11,6 1,12 50 2 10,3 1,66 80 3 8,16 1,73 50 2 11,6 1,12 80 3 8,16 1,73 125 4 7,29 2,11 50 2 10,3 1,66 125 4 7,29 2,11 200 6 5,82 2,01 Notes: 1 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 2 The rejection criterion is defined by Re. 3 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). 82 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.9: Sampling data for ASL = 2,5% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 5 5 5 5 5 20 5 20 20 5 20 32 20 32 50 20 50 80 32 80 125 50 125 200 1 1 1 1 1 2 1 2 2 1 2 3 2 3 4 2 4 6 3 6 8 4 8 11 Reduced inspection Sample Re size 2 2 2 2 2 13 2 13 13 2 13 13 13 13 20 13 20 32 13 32 50 20 50 80 1 1 1 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 2 4 6 3 6 7 Increased Pa(10%) Pr(5%) inspection for for normal normal Sample Re inspection inspection size (%) (%) 8 1 34* <4* 8 1 34* <4* 8 1 34* <4* 8 1 36,9 1,02 8 1 36,9 1,02 32 2 18,1 1,81 8 1 36,9 1,02 32 2 18,1 1,81 32 2 18,1 1,81 8 1 36,9 1,02 32 2 18,1 1,81 32 2 15,8 2,60 32 2 18,1 1,81 32 2 15,8 2,60 50 3 12,9 2,78 32 2 18,1 1,81 50 3 12,9 2,78 80 4 11,3 3,32 32 2 15,8 2,60 80 4 11,3 3,32 125 6 9,24 3,22 50 3 12,9 2,78 125 6 9,24 3,22 200 9 7,60 3,11 Notes: 1 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 2 The rejection criterion is defined by Re. 3 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). 83 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.10: Sampling data for ASL = 4% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 3 3 13 3 13 13 3 13 20 13 20 32 13 32 50 20 50 80 32 80 125 50 125 200 1 1 2 1 2 2 1 2 3 2 3 4 2 4 6 3 6 8 4 8 11 6 11 15 Reduced inspection Sample Re size 2 2 8 2 8 8 2 8 8 8 8 13 8 13 20 8 20 32 13 32 50 20 50 80 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 2 4 6 3 6 7 4 6 9 Increased inspection Sample Re size 5 5 20 5 20 20 5 20 20 20 20 32 20 32 50 20 50 80 32 80 125 50 125 200 1 1 2 1 2 2 1 2 2 2 2 3 2 3 4 2 4 6 3 6 9 4 9 13 Pa(10%) Pr(5%) for for normal normal inspection inspection (%) (%) 52* <4* 52* <4* 24* 4-8* 53,6 1,7 24 2-4* 24 2-4* 53,6 1,7 26,8 2,81 24,5 4,22 26,8 2,81 24,5 4,22 19,7 4,39 26,8 2,81 19,7 4,39 17,6 5,36 24,5 4,22 17,6 5,36 14,3 5,08 19,7 4,39 14,3 5,08 12,1 5,02 17,6 5,36 12,1 5,02 9,91 4,68 Notes: 1 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 2 The rejection criterion is defined by Re. 3 Shaded rows indicate lot sizes for which this ASL is the ALARP ASL (see Table B.3). 84 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.11: Sampling data for ASL = 6,5% Lot size ≤25 26-50 51-90 91-150 151280 281500 5011 200 1 2013 200 Global failure rate level I II III I II III I II III I II III I II III I II III I II III I II III Normal inspection Sample Re size 2 8 8 8 8 13 8 13 20 8 20 32 13 32 50 20 50 80 32 80 125 50 125 200 1 2 2 2 2 3 2 3 4 2 4 6 3 6 8 4 8 11 6 11 15 8 15 22 Reduced inspection Sample Re size 2 5 5 5 5 5 5 5 8 5 8 13 5 13 20 8 20 32 13 32 50 20 50 80 1 2 2 2 2 2 2 2 2 2 3 4 2 4 6 3 6 7 4 7 9 6 9 11 Increased inspection Sample Re size 3 13 13 13 13 13 13 13 20 13 20 32 13 32 50 20 50 80 32 80 125 50 125 200 1 2 2 2 2 2 2 2 3 2 3 4 2 4 6 3 6 9 4 9 13 6 13 19 Pa(10%) Pr(5%) for for normal normal inspection inspection (%) (%) 64-68* <4* 40,6 4,64 40,6 4,64 40,6 4,64 40,6 4,64 36,0 6,60 40,6 4,64 36,0 6,60 30,4 7,14 40,6 4,64 30,4 7,14 27,1 8,50 36,0 6,60 27,1 8,50 22,4 8,22 30,4 7,14 22,4 8,22 18,6 7,91 27,1 8,50 18,6 7,91 15,7 7,54 22,4 8,22 15,7 7,54 13,8 7,57 Notes: 1 * = The probability is calculated using hypergeometric law instead of binomial law (see C.3). 2 The rejection criterion is defined by Re. 3 There are no lot sizes for which this ASL is the ALARP ASL (see Table B.3). 85 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C.8 DETERMINATION OF ALARP ASLs FOR VARIOUS LOT SIZES In selecting an ASL, ALARP principles should be applied such that there is a reasonable balance between the cost of inspection and the quality of the lot. Table C.12 provides ASLs for various lot sizes that apply ALARP principles. For any lot size, changing to a lower ASL than the ALARP ASL disproportionately increases inspection cost for little improvement in quality; conversely, changing to a higher ASL than the ALARP ASL reduces inspection quality albeit at reduced inspection cost. Therefore, ASLs should not be numerically smaller than ALARP ASLs, unless there are overriding reasons (see annex B.3.3.4.3). Table C.12: ALARP ASLs for various lot sizes Lot size ALARP ASL (%) Not determinable – assume 4 4 4 2,5 1,5 1 0,65 ≤50 51-90 91-150 151-280 281-500 501-1 200 1 201-3 200 Notes: Table replicated as Table B.3. Table C.12 was derived by identifying cliff edges from graphs of the discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for each lot size across the global failure rates (see Figure C.2-Figure C.8), using data from the corresponding sampling tables (see Table C.4-Table C.11). Note that for small lots, the ALARP ASL is not determinable and should be taken as 4. In Figure C.2-Figure C.8, the shape of the curves for each lot size can be interpreted as: C C C As ASL decreases, Pa(10%) decreases; the quality of the lot improves because the number of faulty equipment that could result in a lot being accepted within a probability of 10% decreases. As ASL decreases, Pr(5%) decreases; the cost increases because with a given number of faulty equipment in a lot (and even if this number is below the ASL), the probability of rejecting a lot is higher. Overall, the cost increases faster than the quality when ASL is decreasing hence the discrimination ratio increases rapidly at lower ASLs. 86 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.13: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 26-50 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa Level I Pr Pa/Pr 36,9 53,6 40,6 1,02 1,70 4,64 36,2 31,5 8,75 Pa Level II Pr Pa/Pr Pa Level III Pr Pa/Pr 36,9 1,02 18,1 1,81 40,6 4,64 36,0 6,60 40 Pa/Pr 30 20 10 0 0 2 Key Global failure rate level 4 6 8 ASL I Figure C.2: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 26-50 87 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.14 Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 51-90 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa 16,2 28,8 36,9 53,6 40,6 Level I Pr Pa/Pr 0,40 0,64 1,02 1,70 4,64 40 Pa/Pr Level II Pr Pa/Pr 16,2 28,8 18,1 26,8 36,0 0,40 0,64 1,81 2,81 6,60 40,5 45,0 10,0 9,54 5,45 Pa Level III Pr Pa/Pr 16,2 0,40 40,5 18,1 24,5 30,4 1,81 4,22 7,14 10,0 5,81 4,26 ALARP ASL 50 40,5 45,0 36,2 31,5 8,75 Pa 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.3: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 51-90 88 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.15 Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 91-150 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa 10,9 16,2 28,8 36,9 26,8 40,6 Level I Pr Pa/Pr 0,26 0,40 0,64 1,02 2,81 4,64 41,9 40,5 45,0 36,2 9,54 8,75 Pa Level II Pr Pa/Pr Pa Level III Pr Pa/Pr 10,9 16,2 0,26 0,40 41,9 40,5 10,9 0,26 41,9 18,1 24,5 30,4 1,81 4,22 7,14 10,0 5,81 4,26 15,8 19,7 27,1 2,60 4,39 8,50 6,08 4,49 3,19 ALARP ASL 50 Pa/Pr 40 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.4: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 91-150 89 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.16: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 151-280 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa 6,94 10,9 16,2 28,8 18,1 26,8 36,0 Level I Pr Pa/Pr 0,16 0,26 0,40 0,64 1,81 2,81 6,60 43,4 41,9 40,5 45,0 10,0 9,54 5,45 Level II Pr Pa/Pr Pa 6,94 10,9 7,56 11,6 15,8 19,7 27,1 0,16 0,26 0,72 1,12 2,60 4,39 8,50 43,4 41,9 10,5 10,4 6,08 4,49 3,19 Pa Level III Pr Pa/Pr 6,94 0,16 43,4 7,56 10,3 12,9 17,6 22,4 0,72 1,66 2,78 5,36 8,22 10,5 6,20 4,64 3,28 2,73 ALARP ASL 50 Pa/Pr 40 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.5: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 151-280 90 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.17: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 281-500 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 40 Pa/Pr Level I Pr 0,10 0,16 0,26 0,40 1,12 1,81 4,22 7,14 Pa/Pr 45,0 43,4 41,9 40,5 10,4 10,0 5,81 4,26 Pa 4,50 6,94 4,78 7,56 10,3 12,9 17,6 22,4 Level II Pr 0,10 0,16 0,45 0,72 1,66 2,78 5,36 8,22 Pa/Pr 45,0 43,4 10,6 10,5 6,20 4,64 3,28 2,73 Pa 4,5 4,78 6,52 8,16 11,3 14,3 18,6 Level III Pr Pa/Pr 0,10 45,0 0,45 1,03 1,73 3,32 5,08 7,91 10,6 6,33 4,72 3,40 2,81 2,35 ALARP ASL 50 Pa 4,50 6,94 10,9 16,2 11,6 18,1 24,5 30,4 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.6: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 281-500 91 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.18: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 501-1 200 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa 4,50 6,94 10,9 7,56 11,6 15,8 19,7 27,1 Level I Pr 0,10 0,16 0,26 0,72 1,12 2,60 4,39 8,50 Pa/Pr 45,0 43,4 41,9 10,5 10,4 6,08 4,49 3,19 Pa 4,50 3,08 4,78 6,52 8,16 11,3 14,3 18,6 Level II Pr 0,10 0,29 0,45 1,03 1,73 3,32 5,08 7,91 Pa/Pr 45,0 10,6 10,6 6,33 4,72 3,40 2,81 2,35 Pa 1,93 3,08 4,20 5,27 7,29 9,24 12,1 15,7 Level III Pr 0,18 0,29 0,65 1,10 2,11 3,22 5,02 7,54 Pa/Pr 10,7 10,6 6,46 4,79 3,45 2,87 2,41 2,08 ALARP ASL 50 Pa/Pr 40 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.7: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 501-1 200 92 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table C.19: Discrimination ratio (Pa(10%)/Pr(5%)) for various ASLs for lot size 1 2013,200 Global failure rate ASL (%) 0,25 0,4 0,65 1 1,5 2,5 4 6,5 Pa 4,50 6,94 4,78 7,56 10,3 12,9 22,4 22,4 Level I Pr 0,10 0,60 0,45 0,72 1,66 2,78 8,22 8,22 Pa/Pr 45,0 11,6 10,6 10,5 6,20 4,64 2,73 2,73 Pa 1,93 3,08 4,20 5,27 7,29 9,24 12,1 15,7 Level II Pr 0,18 0,29 0,65 1,10 2,11 3,22 5,02 7,54 Pa/Pr 10,7 10,6 6,46 4,79 3,45 2,87 2,41 2,08 Pa 1,93 2,64 3,31 4,59 5,82 7,60 9,91 13,8 Level III Pr 0,18 0,41 0,69 1,32 2,01 3,11 4,68 7,57 Pa/Pr 10,7 6,44 4,80 3,48 2,90 2,44 2,12 1,82 ALARP ASL 50 Pa/Pr 40 30 20 10 0 0 2 4 6 8 ASL Key Global failure rate level I II III Figure C.8: Discrimination ratio (Pa(10%)/Pr(5%)) versus ASL for lot size 1 201-3 200 93 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C.9 LOT QUALITY FOR VARIOUS SAMPLE SIZES AND REJECTION NUMBERS The effect on the quality of a lot of using various sample sizes and Re is illustrated in Table C.20. The quality of a lot depends on the balance between Re and the sample size. If the lot is accepted when the number of faulty equipment is high (i.e. Re is high), the quality of the lot will be very poor even if the sample size is high. The data of Table C.20 were derived using C.3-C.5, rather than just the values in the sampling tables (see Table C.4 - Table C.11). Table C.20 Lot quality for various sample sizes and rejection numbers Lot size Sample size 33 100 13 20 66 200 32 50 333 1 000 80 Re 1 2 3 4 5 1 3 1 4 7 4 2 11 34 3 8 Pa(10%) (%) 6,0 10,0 14,0 18,0 21,0 16,2 24,5 3,0 9,0 14,5 19,7 7,6 4,3 12,0 6,5 14,3 Pr(5%) (%) 1,0 1,0-2,0 3,0-4,0 5,0-6,0 7,0-8,0 0,4 4,2 0,5 3,0 6,0 4,4 0,7 2,0 8,0 1,0 5,1 Example Consider sampling of the following lot: C C C lot size = 100; sample size = 33, and Re = 5. In this case, Pa(10%) = 21,0% (see light grey highlighted cells in Table C.20). In fact, better quality can be obtained by using a lower sample size if Re is lower, as illustrated in the following example for the same lot size. Example Consider sampling of the following lot: C C C lot size = 100; sample size = 13; Re = 1. In this case, Pa(10%) = 16,2%, which indicates better quality (see dark grey highlighted cells in Table C.20). However, these sampling data also reduce Pr(5%); therefore, the probability of rejecting the lot decreases. 94 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX D INSPECTION SCHEDULES FOR Ex 'd', 'e', 'n', 'i' AND 'p' ELECTRICAL EQUIPMENT D.1 INTRODUCTION This annex provides the inspection schedules for Ex 'd', 'e', 'n', 'i' and 'p' electrical equipment; these are replicated without technical amendment from IEC 60079-171. 1 Permission to reproduce extracts from BS EN 60079 -17 : 2003 is granted by BSI. British Standards can be obtained in pdf or hard copy formats from the BSI online shop: www.bsigroup.com/Shop or by contacting BSI Customer Services for hard copies only: Tel: +44(0)20 8996 9001; email: [email protected] 95 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table D.1: Inspection schedule for Ex 'd', 'e' and 'n' equipment Ex 'd' Check that: A 1 2 3 4 5 6 7 8 APPARATUS Apparatus is appropriate to area classification Apparatus group is correct Apparatus temperature class is correct Apparatus circuit identification is correct Apparatus circuit identification is available Enclosure, glass parts and glass-to-metal sealing gaskets and/or compounds are satisfactory There are no unauthorised modifications There are no visible unauthorised modifications Bolts, cable entry devices (direct and indirect) and blanking elements are of the correct type and are complete and tight 9 – physical check – visual check 10 Flange faces are clean and undamaged and gaskets, if any, are satisfactory 11 Flange gap dimensions are within maximal values permitted 12 Lamp rating, type and position are correct 13 Electrical connections are tight 14 Condition of enclosure gaskets is satisfactory 15 Enclosed-break and hermetically sealed devices are undamaged 16 Restricted breathing enclosure is satisfactory 17 Motor fans have sufficient clearance to enclosure and/or covers 18 Breathing and draining devices are satisfactory B INSTALLATION 1 Type of cable is appropriate 2 There is no obvious damage to cables 3 Sealing of trunking, ducts, pipes and/or conduits is satisfactory 4 Stopping boxes and cable boxes are correctly filled 5 Integrity of conduit system and interface with mixed system is maintained Earthing connections, including any supplementary earthing bonding connections are satisfactory (for example connections are tight and conductors are of sufficient cross-section) 6 – physical check – visual check 7 Fault loop impedance (TN systems) or earthing resistance (IT systems) is satisfactory 8 Insulation resistance is satisfactory 9 Automatic electrical protective devices operate within permitted limits 10 Automatic electrical protective devices are set correctly (auto-reset not possible) 11 Special conditions of use (if applicable) are complied with 12 Cables not in use are correctly terminated 13 Obstructions adjacent to flameproof flanged joints are in accordance with IEC 60079-14 14 Variable voltage/frequency installation in accordance with documentation C ENVIRONMENT Apparatus is adequately protected against corrosion, weather, vibration and other adverse 1 factors 2 No undue accumulation of dust and dirt 3 Electrical insulation is clean and dry Key: D = detailed C = close V = visual Ex 'e' Grade of inspection V D C V D C D C x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x V x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x Notes: 1. General: The checks used for apparatus using both types of inspection Ex ‘e’ and Ex ‘d’ will be a combination of both columns. 2. Items B7 and B8: Account should be taken of the potential for a flammable atmosphere in the vicinity of the apparatus when using electrical test equipment. 96 Ex 'n' x x x x x x x x x x x GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table D.2: Inspection schedule for Ex 'i' equipment Ex 'i' Grade of inspection D C V Check that: A 1 2 3 4 5 6 7 APPARATUS Circuit and/or apparatus documentation is appropriate to area classification Apparatus installed is that specified in the documentation – fixed apparatus only Circuit and/or apparatus category and group correct Apparatus temperature class is correct Installation is clearly labelled There are no unauthorised modifications There are no visible unauthorised modifications Safety barrier units, relays and other energy limiting devices are of the approved type, installed in accordance with 8 the certification requirements and securely earthed where required 9 Electrical connections are tight 10 Printed circuit boards are clean and undamaged B INSTALLATION 1 Cables are installed in accordance with the documentation 2 Cable screens are earthed in accordance with the documentation 3 There is no obvious damage to cables 4 Sealing of trunking, ducts, pipes and/or conduits is satisfactory 5 Point-to-point connections are all correct 6 Earth continuity is satisfactory (for example connections are tight and conductors are of sufficient cross-section) 7 Earth connections maintain the integrity of the type of protection 8 The intrinsically safe circuit is isolated from earth or earthed at one point only (refer to documentation) Separation is maintained between intrinsically safe and non-intrinsically safe circuits in common distribution boxes 9 or relay cubicles 10 As applicable, short-circuit protection of the power supply is in accordance with the documentation 11 Special conditions of use (if applicable) are complied with 12 Cables not in use are correctly terminated C ENVIRONMENT 1 Apparatus is adequately protected against corrosion, weather, vibration and other adverse factors 2 No undue external accumulation of dust and dirt Key: D = detailed C = close V = visual 97 x x x x x x X X X X X x X x X x X X x x X x x x x X x x x X X x x x x x x x x x x x x x x GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 Table D.3: Inspection schedule for Ex 'p' equipment (pressurisation or continuous dilution) Ex 'p' Grade of inspection D C V Check that: A 1 2 3 4 5 6 7 8 9 B 1 2 APPARATUS Apparatus is appropriate to area classification Apparatus group is correct Apparatus temperature class is correct Apparatus circuit identification is correct Apparatus circuit identification is available Enclosure, glass parts and glass-to-metal sealing gaskets and/or compounds are satisfactory There are no unauthorised modifications There are no visible unauthorised modifications Lamp rating, type and position are correct INSTALLATION Type of cable is appropriate There is no obvious damage to cables Earthing connections, including any supplementary earthing bonding connections are satisfactory, for example connections are tight and conductors are of sufficient cross-section 3 – physical check – visual check 4 Fault loop impedance (TN systems) or earthing resistance (IT systems) is satisfactory 5 Automatic electrical protective devices operate within permitted limits 6 Automatic electrical protective devices are set correctly 7 Protective gas inlet temperature is below maximum specified 8 Ducts, pipes and enclosures are in good condition 9 Protective gas is substantially free from contaminants 10 Protective gas pressure and/or flow is adequate 11 Pressure and/or flow indicators, alarms and interlocks function correctly 12 Pre-energizing purge period is adequate 13 Conditions of spark and particle barriers of ducts for exhausting the gas in hazardous area are satisfactory 14 Special conditions of use (if applicable) are complied with C ENVIRONMENT 1 Apparatus is adequately protected against corrosion, weather, vibration and other adverse factors 2 No undue accumulation of dust and dirt Key: D = detailed C = close V = visual 98 x x x x x x x X X X x X X x x X x X x x x x x X x x x x x x x x x x x x X X X x x x x x X X x x GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX E GLOSSARIES E.1 INTRODUCTION For the purpose of these Guidelines, the interpretations of terms in E.2 and abbreviations in E.3 apply, irrespective of the meaning they may have in other connections. However, many are based on the interpretations in IEC 60079-17, ISO 2859-1, EI Electrical safety code and EI Area classification code for installations handling flammable fluids. E.2 GLOSSARY OF TERMS as low as reasonably practicable (ALARP): a level of risk which is tolerable compared to cost, effort and time needed to further reduce it. See as low as reasonably practicable acceptance safety level (ALARP ASL). as low as reasonably practicable acceptance safety level (ALARP ASL): an acceptance safety level (ASL) that is as low as reasonably practicable (ALARP) for a particular lot size. Changing to a lower ASL than the ALARP ASL disproportionately increases inspection cost for little improvement in quality. See as low as reasonably practicable (ALARP) and acceptance safety level (ASL). acceptance quality limit (AQL): see acceptance safety level (ASL). acceptance safety level (ASL): (synonymous with acceptance quality limit (AQL)) the number of faulty equipment that is declared as being acceptable on average, expressed as a percentage (i.e. the number of faulty equipment found in the sample is less than or equal to the rejection number (Re)). See faulty equipment and rejection number (Re). area classification: See hazardous area classification. assembly [of equipment]: separate products chosen and assembled from a modular range of parts according to the manufacturer’s instructions to form a working equipment. The manufacturer is required to have had the modular range of parts conformity assessed prior to placing it on the EU market. Excluded from this are separate, individually conformity assessed, products assembled at the user’s premises provided that the manufacturer’s instructions for the products are complied with and a 'new' product is not created by that assembly. The result of such construction work is an 'installation' and is outwith the scope of EPSR. ATEX category: a grouping of equipment according to the intended zone of use (and environment – mining and non-mining), as defined in ATEX 100a. See category, Zone 0, Zone 1 and Zone 2. ATEX electrical equipment: electrical equipment that is subject to the requirements of the ATEX 'Equipment Directive'. See pre-ATEX electrical equipment. audit: process carried out by own staff or third parties, which complement review activities by looking to see if the policy, organisation and systems in the safety management system (SMS) are achieving the right results. They give information about the reliability and effectiveness of those systems. See review and safety management system (SMS). 99 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 binomial law: a discrete probability distribution that describes the number of successes in a sequence of draws from a large lot without replacement. The probability of success for a single trial is fixed for all trials and each trial is independent. See hypergeometric law. breakdown: not performing the required function. See fault. category of inspection: normal, increased and reduced inspection. See normal inspection, increased inspection and reduced inspection. certificate of conformance: see certificate of conformity. certificate of conformity (synonymous with certificate of conformance): document certified by a competent authority that the supplied goods of service meet the required specifications. change rules: rules that govern the movement between categories of inspection and variation in the frequency of inspection based on the performance of a lot in previous inspections. See category of inspection, frequency of inspection and lot. close inspection: grade of inspection which encompasses those aspects covered by a visual inspection and, in addition, identifies those faults, such as loose bolts, which will be apparent only by the use of access equipment, for example step ladders (where necessary) and tools. Such inspections do not usually require the enclosure to be opened or the equipment to be deenergised. See visual inspection and grade of inspection. common mode faults: faults attributed to the same causation in more than one equipment. For example impact damage from scaffold poles along a corridor or water damage from activation of water deluge equipment. See fault. commonly assumed failure rate: the mean failure rate of a similar lot in a similar location. See global failure rate. competent person: a person having suitable qualifications, experience and authority to adequately carry out a designated task. For an electrical technician working on Ex electrical equipment in potentially flammable atmospheres, the CompEx scheme provides a means of competency assurance. Other higher levels of electrical competency apply. See CompEx, electrical technician, nominated electrical person (NEP), responsible electrical person (REP), skilled personnel and technical person with executive function (TPEF). CompEx: GB national scheme for training, assessment and certification of persons working in potentially flammable atmospheres. See competent person. computerised maintenance management system (CMMS): a maintenance and inspection management system that is computer-based. See equipment register and management system. continuous grade release: a release that is continuous or nearly so (e.g. > 1 000 hours per annum). See primary grade release and secondary grade release. continuous supervision: type of inspection using visual or close grades of inspection requiring frequent attendance, inspection, service, care and maintenance of equipment by competent personnel who have experience in the specific installation and its environment in order to maintain the equipment’s type of protection in satisfactory condition. See close inspection, competent person, explosion protected equipment, grade of inspection, inspection, maintenance, type of protection and visual inspection. 100 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 defect: see fault. detailed inspection: grade of inspection which encompasses those aspects covered by a close inspection and, in addition, identifies those faults, such as loose terminations, which will only be apparent by opening the enclosure, and/or using, where necessary, tools and test equipment. Such inspections are intrusive inspections and require the enclosure to be opened and the equipment to be de-energised. See close inspection, grade of inspection and intrusive inspection. discrimination ratio: ratio of Pa(10%)/Pr(5%) which indicates the balance between quality and cost of an inspection. See Pa(10%) and Pr(5%). duty holder (DH): employers responsible for managing Ex electrical equipment, as well as other aspects of the electrical function. In this context, employers may also include owners, installation operators and contractors. electrical technical authority (TA): a company-role which may include the requirements of the technical person with executive function (TPEF). See technical person with executive function (TPEF). electrical technician: a competent person that typically carries out Ex electrical equipment inspection. See competent person, CompEx and inspection. equipment criticality: a means of judging the ignition risk of faulty Ex electrical equipment that constitutes a potential source of ignition in a flammable atmosphere. See risk-based inspection (RBI), safety critical elements (SCEs) and source of ignition. equipment register: database containing information on Ex electrical equipment, including identification number (tag), manufacturer, date installed, Ex (or ATEX) certificate number, etc. This may be in the form of a listing, database or computerised maintenance management system (CMMS). See computerised maintenance management system (CMMS). Ex electrical equipment: Ex equipment where electrical sources of ignition are explosion protected by various type of protection concepts. Its scope includes electrical, instrumentation and communication equipment, whether fixed or moveable. See explosion protected equipment and type of protection. Ex equipment: equipment that is explosion protected by having special precautions for the construction, installation and use. The scope of these Guidelines only includes Ex electrical equipment. See Ex electrical equipment and explosion protected equipment. Ex inspection strategy: a policy for managing the continuing integrity of Ex electrical equipment. See Ex electrical equipment. Ex type of protection: see type of protection. exhaustive inspection: inspection of 100% of a lot. See inspection and lot. explosion protected equipment: equipment having a type of protection that prevents it from constituting a source of ignition when used in a flammable atmosphere. In this context, 'explosion protected' refers to both fire and explosions. Such equipment is termed Ex equipment. See Ex equipment, source of ignition and type of protection. explosive atmosphere: see flammable atmosphere. 101 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 failure: see fault, global failure rate, human failure and mean time between failures (MTBF). fault: (synonymous with defect, failure and nonconformity) non-fulfilment of a requirement in an Ex integrity inspection, e.g. specification or usage requirement from incorrect labelling through to degradation of protective features that assure its type of protection. See breakdown, faulty equipment and type of protection. fault code: means of classifying faults according to their type and severity such that it is possible to carry out trend analysis. See fault. faulty equipment: equipment with one or more faults which compromise the Ex integrity. Note that the faults may present differing risks. See fault. flammable atmosphere: (synonymous with explosive atmosphere) a mixture of flammable gases or vapours with air in such a proportion that, without any further admixture, it will burn when ignited. Note, in some cases there may also be an explosion. frequency of inspection: time interval between inspections. See inspection. gas group: a sub-division applied to electrical equipment based on ease of ignition of particular gases. global failure rate: the observed failure rate of the lot, e.g. in the form of mean time between failures (MTBF) or some other statistical value for the performance of the population over time (such as a Weibull plot). In this context failures mean those faults compromising the integrity of the type of protection. This global failure rate of a lot is compared to the commonly assumed failure rate to adjust the sample size and rejection criterion. See rejection criterion, commonly assumed failure rate, mean time between failures (MTBF), fault, sample size, type of protection and Weibull plot. grade of inspection: visual, close or detailed inspection. See visual inspection, close inspection and detailed inspection. green water: sea water from deluge systems or unbroken waves landing on offshore installations, especially floating production, storage and offloading units (FPSOs). hazardous area: a three-dimensional space in which a flammable atmosphere is or may be expected to be present in such frequencies as to require use of Ex equipment, including Ex electrical equipment. All other areas are referred to as non-hazardous in this context. Three hazardous areas zone are recognised: Zone 0, Zone 1 and Zone 2. See Ex equipment, Ex electrical equipment, hazardous area classification, non-hazardous area, Zone 0, Zone 1 and Zone 2. hazardous area classification: the notional division of a facility into hazardous areas and nonhazardous areas, and the subdivision of hazardous areas into zones. See hazardous area, nonhazardous area, Zone 0, Zone 1 and Zone 2. human failure: failure arising from human intervention but underpinned by weaknesses in an SMS ('human error') or when a person acted without complying with a known rule, procedure or good practice ('violations'). For example, maintenance-induced failure is a type of human failure. See maintenance-induced failure and safety management system (SMS). hypergeometric law: a discrete probability distribution that describes the number of successes in a sequence of draws from a small lot without replacement. It accounts for non-replacement of 102 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 the drawn item in the lot. See binomial law. ignition risk: the probability of ignition of a flammable atmosphere leading to a fire/explosion, which is the product of the probability of a source of ignition being present and the probability of a flammable atmosphere being present. See equipment criticality, flammable atmosphere and source of ignition. ignition source: see source of ignition. increased inspection: (synonymous with tightened inspection) category of inspection used in a sampling plan with a slightly greater sample size and/or with slightly more rigorous rejection criterion than for the corresponding sampling plan for normal inspection. The frequency of inspection also should be greater. See rejection criterion, category of inspection, frequency of inspection, normal inspection, sample size and sampling plan. independent competent person (ICP): person required to carry out various functions under the verification scheme for offshore installations to ensure that the process of managing risks associated with the major accident hazards is working effectively. initial inspection: type of inspection using detailed grade of inspection applied to equipment during commissioning, before being brought into service. Such inspections are intended to determine whether the selected type of protection and the equipment installation are appropriate. See detailed inspection, grade of inspection, inspection, routine inspection and type of inspection. initial sample inspection: the first occasion on which a sample inspection is carried out to implement a sampling plan. In this context, 'initial' does not refer to initial inspection at commissioning. See initial inspection, sample inspection, sampling plan and subsequent sample inspection. inspection: action comprising careful scrutiny of equipment carried out either without dismantling or partial dismantling, supplemented by means such as measurement, in order to arrive at a reliable conclusion as to its condition, and the presence of any faults compared to its specification and functional requirements. For Ex electrical equipment, the key issue is its type of protection. See Ex electrical equipment, intrusive inspection, fault and type of protection. inspection frequency: see frequency of inspection. intelligent customer: ability of a duty holder (DH) to competently select contractors and consultants, and specify, audit and review their work, e.g. when outsourcing inspection of Ex electrical equipment, such that they have a clear understanding and knowledge of the product or service being supplied. See duty holder (DH) and management of change. intrusive inspection: inspections that require opening of enclosures (e.g. detailed inspection). See detailed inspection. isolate: make safe by disconnection of all electrical (and other) services. key performance indicator (KPI): metric used to help an organisation define and measure progress towards organisational goals. See performance standard. level of inspection: criteria that provide proportionately varying rigour to inspections compared to ignition risk. Where a sampling strategy is not in place, the frequency of inspection is the only 103 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 such criterion; whereas the following additional criteria are applicable when a sampling strategy is in place: ASL, global failure rate and category of inspection. See ASL, category of inspection, frequency of inspection, global failure rate, ignition risk and sampling strategy. lot: a specifically defined and identifiable amount of equipment in which equipment has the same or similar characteristics, for example one or more of the following: C be used in the same hazardous area classification; C have the same type of protection; C be used in the same environmental conditions, including the same installation area; C have the same/similar age, and C have the same equipment manufacturer or similar equipment from different manufacturers. See hazardous area classification, lot, lot size and type of protection. lot size: number of equipment in a lot. See lot. maintenance: combination of any actions carried out to retain equipment in, or restore it by repairing faults to, condition in which it is able to meet the requirements of the relevant specification and perform its functional requirements. For Ex electrical equipment, the key issue is retention of its type of protection. See Ex electrical equipment, fault and type of protection. maintenance induced failure: during maintenance or intrusive inspection, human failure resulting in damage to gaskets or seals, omitting to reinstate bolts, etc. See human failure, maintenance and intrusive inspection. management of change: a structured process applied when amending people, teams, work and organisations from a current state to a desired future state by mapping out requirements. Typically, its scope includes organisational change, outsourcing, downsizing and delayering. See intelligent customer. management system: organisational arrangements (i.e. processes and procedures) used to ensure that an organisation fulfils all tasks required to achieve its business objectives. See computerised maintenance management system (CMMS) and safety management system (SMS). mean time between failures (MTBF): an indication of reliability expressed as the mean (average) time between failures of a system. method of protection: see type of protection. moveable equipment: portable, transportable and hand-held Ex electrical equipment. See Ex electrical equipment and temporary equipment. nonconformity: see fault. nominated electrical person (NEP): competent person appointed for carrying out some aspects of the electrical function, which are under their control (e.g. HV or LV or instrumentation). They should be given clear indication of the extent of their responsibilities and appropriate authority and resources to discharge them. Typically, they report to the responsible electrical person (REP) and TPEF. See competent person, Ex electrical equipment and responsible electrical person (REP), technical person with executive function (TPEF). non-hazardous area: a three-dimensional space in which flammable atmospheres are not 104 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 expected to be present in routine operations so that special precautions for the construction and use of electrical equipment (or for the control of non-electrical equipment) are not required. Note: Such an area may be part of a greater restricted area. See hazardous area and unclassified area. normal inspection: category of inspection used in a sampling plan with a sample size and rejection criterion that should result in a lot being accepted with a high probability when the performance is better than the acceptance safety level (ASL). See acceptance safety level (ASL), rejection criterion, category of inspection, and sampling plan. offshore: refers to oil and gas production in the UK continental shelf regardless of the type of installation. Pa(10%): the maximum percentage of faulty equipment in a lot so that the safety level of the lot is declared acceptable within a probability of 10%. This is a statistical measure indicating the confidence in a sampling plan being applied to a lot. See lot, faulty equipment, Pr(5%), safety level and sampling plan. performance standard: a qualitative or quantitative statement of the performance required of a system or equipment in order for it to satisfactorily fulfil its purpose. See key performance indicator (KPI), safety critical element (SCE) and verification scheme. periodic inspection: type of inspection carried out routinely using visual or close grades of inspection; these inspections may lead to the need for a further detailed grade of inspection. See close inspection, detailed inspection, grade of inspection, type of inspection and visual inspection. planned maintenance (/inspection) routine (PMR): a work order listing the maintenance and/or inspection activities to be completed. A record will be completed of this work together with updated maintenance and/or inspection history. pre-ATEX electrical equipment: electrical equipment that precedes the requirements of the ATEX 'Equipment Directive'. See ATEX electrical equipment. Pr(5%): the minimum percentage of faulty equipment in a lot so that the safety level of the lot is declared unacceptable within a probability of 5%. This is a statistical measure indicating the cost induced by applying a sampling plan to a lot. See lot, faulty equipment, Pa(10%), safety level and sampling plan. primary grade release: a release that is likely to occur in normal operation (e.g. 10-1 000 hours per annum). See continuous grade release and secondary grade release. progressive sampling: in a sampling plan, taking samples from the complete lot by selecting them intentionally using some criteria (e.g. nominal percentage of the lot, installation area, manufacturer, period since last inspection, ease of access, etc.). This means that the same equipment is unlikely to be inspected in successive inspections. For example the nominal percentage of the lot approach involves taking a random sample of the complete lot in the first inspection; in the second inspection, taking a random sample of the equipment not inspected in the first inspection. The remaining population after this second sample is then used for selecting the third sample, etc. This continues until the entire population has been inspected; after that, a sample is selected from the complete lot. See lot, progressive sampling, random sampling, sampling, and sampling plan. 105 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 protection concept: see type of protection. random fault: a non-systemic fault, e.g. a loose connection due to human failure. See human failure. random sampling: in a sampling plan, using a random number generator or similar means to take samples from the complete lot at each inspection without selecting them intentionally by any criterion (e.g. installation area, manufacturer, period since last inspection, ease of access, etc.). This means that the same equipment could be inspected in successive inspections. This approach is used to monitor the effects of environmental conditions, vibration, inherent design weakness etc. and to identify random faults. See lot, progressive sampling, sampling, and sampling plan. reduced inspection: category of inspection used in a sampling plan with a smaller sample size and/or slightly more rigorous rejection criterion than that for the corresponding sampling plan for normal inspection. The frequency of inspection also should be smaller. See rejection criterion, category of inspection, frequency of inspection, normal inspection, sample size and sampling plan. rejection criterion: the rejection number (Re), for a particular lot size/global failure rate/acceptance safety level (ASL). See acceptance safety level (ASL), global failure rate and rejection number (Re). rejection number (Re): the safety level of a lot should be considered unacceptable if the number of faulty equipment (or weighted faulty equipment score, if applied) found for a sample is greater than or equal to this value. See rejection criterion, acceptance safety level (ASL), faulty equipment, safety level, sample and weighted faulty equipment score. remedial actions: actions applied to faulty equipment, which could range from a review of causes of faults through to their repair. See faulty equipment, fault and review. responsible electrical person (REP): in the offshore industry, a competent installation-based person who typically reports indirectly to the TPEF. Their skills and abilities provide support and guidance to others and to provide a lead or proactive role for other important activities e.g. the signing of permits-to-work. REPs should be aware and have appropriate involvement in the risks of all electrical work on the installation. See competent person and technical person with executive function (TPEF). review: process for evaluating measured performance, e.g. for evaluating inspection findings with a view to adjusting the sampling plan for future inspections, i.e. by adjusting ASL; category of inspection, frequency of inspection; and global failure rate. See ASL, audit, category of inspection, frequency of inspection and sampling plan. risk-based inspection (RBI): a targeted, effective and balanced approach to inspection. When applied correctly, it should result in high risk equipment located in high risk areas being inspected more frequently than other equipment located in other areas. See equipment criticality. risk-based inspection (RBI) parameters: input parameters in the development of a sampling plan, including hazardous area classification, type of protection, severity of the environment, equipment age, initial and periodic inspection findings, lot size, global failure rate, category of inspection, ASL. See ASL, category of inspection, hazardous area classification, global failure rate, lot size and type of protection. 106 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 routine inspection: inspection carried out after the initial inspection, which may be periodic inspection, sample inspection or continuous supervision. See continuous supervision, periodic inspection and sample inspection. safety critical element (SCE): any part of the installation, plant, equipment or systems which if not operating as intended will either cause or contribute to a major accident, or the purpose of which is to prevent or limit the effect of a major accident. For offshore installations, this should include specified equipment referenced in PFEER Regulation 19. See equipment criticality and performance standard. safety level: the performance of a lot during inspection, as determined by the number of faulty equipment compared to the rejection criterion. See rejection criterion, acceptance safety level (ASL), inspection, lot, and faulty equipment. safety management system (SMS): organisational arrangements which should enable duty holders (DHs) to comply with relevant health and safety legislation by: C Formulating and developing policy; this includes identifying key objectives and reviewing of progress. C Planning, measuring, reviewing and auditing safety activities to meet legal requirements and minimise risks. C Ensuring effective implementation of plans and reporting on performance. See audit, computerised maintenance management system (CMMS), management system and review. sample: one or more equipment taken from a lot for inspection and intended to provide information on the safety level of the lot. See inspection, lot and safety level. sample size: number of equipment in the sample. See sample. sample inspection: type of inspection using visual, close or detailed grades of inspection involving inspection of a sample of a lot by taking a random sample. See close inspection, detailed inspection, grade of inspection, initial sample inspection, inspection, lot, random sample, sample, subsequent sample inspection, type of inspection and visual inspection. sampling methodology: a statistically robust risk-based approach to inspection that is used to develop sampling plans. See sample inspection and sampling plan. sampling plan: protocol implemented through sample inspections for inspecting lots of Ex electrical equipment by applying random sampling, rather than progressive sampling. Based on the sampling methodology, it considers a broad range of issues, from defining a rejection criterion and the frequency of inspection through to the review of inspection findings. See rejection criterion, Ex electrical equipment, frequency of inspection, lot, review and sampling methodology. secondary grade release: a release that is unlikely to occur in normal operation and, in any event, will be of short duration (e.g. 1-10 hours per annum). See continuous release grade and primary release grade. skilled personnel: these are generally electrical technicians that have been trained on: C The various types of protection and installation practices. C The relevant rules and regulations. C The general principles of area classification. See electrical technician and competent person. 107 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 source of ignition: (synonymous with ignition source) accessible source of heat or energy, electrical (or non-electrical) equipment, with the potential to ignite a flammable atmosphere. See flammable atmosphere. subsequent sample inspection: the second, third, etc. occasions on which a sampling inspection is carried out to implement a sampling plan. See initial sample inspection, sample inspection and sampling plan. technical authority (TA): see electrical technical authority (TA). technical person with executive function (TPEF): person for an installation providing technical management of the competent persons, having adequate knowledge in the field of explosion protection, having familiarity with the local environment, having familiarity with the installation and who has overall responsibility and control of the inspection systems for Ex electrical equipment. See competent person, electrical technical authority (TA), Ex electrical equipment, explosion protected equipment, nominated electrical person (NEP) and responsible electrical person (REP). temperature classification ('T' class): a sub-division applied to electrical equipment based on its maximum surface temperature. temperature cycling: a variation in external and internal enclosure temperature due to changes in night and day temperatures and heat dissipation from current carrying components respectively. temporary equipment: Ex electrical equipment that is supplied for temporary installation or use. Typically, such equipment is owned by a third party and may be installed or used by a third party or the duty holder (DH). Examples include lighting, generators and moveable equipment. See moveable equipment. tightened inspection: see increased inspection. type of inspection: initial inspection, periodic inspection, sample inspection and continuous supervision. See initial inspection, periodic inspection, sample inspection and continuous supervision. type of protection: (synonymous with method of protection and protection concept) measures applied in the construction of equipment to make it explosion-protected. The following groupings are applied for the purposes of defining lots: C type 1: flameproof ('d'); C type 2: increased safety ('e') and type 3: non incendive ('n'); C type 3: intrinsic safety ('ia', 'ib'); C type 4: pressurised apparatus ('p'), and C type 5: other type of protection (oil filled ('o'), powder filled ('q'), encapsulated ('m')). See explosion protected equipment and lot. unclassified area: see non-hazardous area. verification scheme: written schemes for offshore installations implemented to confirm, or otherwise, that SCEs are suitable and remain in good repair and condition. See performance standard. 108 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 visual inspection: grade of inspection which identifies, without the use of access equipment or tools, those faults, such as missing bolts, which will be apparent to the eye. Where appropriate, human vision should be supplemented the by use of binoculars and remote heat detecting equipment. See inspection and grade of inspection. weighted faulty equipment score: number of faulty equipment in an inspection weighted according to ignition risk. See faulty equipment, ignition risk and inspection. Weibull plot: a graphical technique for determining if a data set comes from a population that would logically fit a 2-parameter Weibull distribution (the location is assumed to be zero). The graph has special scales that are designed so that if the data do follow a Weibull distribution, the points will be linear (or nearly linear). The least squares fit of this line yields estimates for the shape and scale parameters of the Weibull distribution which may be used in determining the global failure rates. See global failure rate. Zone 0: that part of a hazardous area in which a flammable atmosphere is continuously present or present for long periods. See flammable atmosphere and hazardous area. Zone 1: that part of a hazardous area in which a flammable atmosphere is likely to occur in normal operation. See flammable atmosphere and hazardous area. Zone 2: that part of a hazardous area in which a flammable atmosphere is not likely to occur in normal operation and, if it occurs, will exist only for a short period. See flammable atmosphere and hazardous area. E.3 GLOSSARY OF ABBREVIATIONS ALARP ALARP ASL AQL ASL ATEX ATEX 100a ATEX 137 CDM [Regulations] CMMS CompEx d D DCR DH DSEAR EAWR EPSR Ex F as low as reasonably practicable as low as reasonably practicable acceptance safety level acceptance quality level acceptance safety level atmosphere explosiv (explosive atmospheres [directives]) Approximation of the Laws of Member States concerning Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres 94/9/EC Directive on the Minimum Requirements for Improving the Health and Safety of Workers Potentially at Risk from Explosive Atmospheres 99/92/EC The Construction (Design and Management) [Regulations] computerised maintenance management system GB national scheme for training, assessment and certification of persons working in potentially explosive atmospheres number of faulty equipment in a sample total number of faulty equipment in a lot Offshore Installations and Wells (Design and Construction, etc) Regulations duty holder The Dangerous Substances and Explosive Atmospheres Regulations The Electricity at Work Regulations The Equipment and Protective Systems for use in Potentially Explosive Atmospheres Regulations explosion protected frequency of inspection 109 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 FPSO GA GB HASAWA HV ICP IS KPI LV MTBF n N NEP OSCR PA Pa(10%) Pa(10%)/Pr(5%) Pr(5%) PFEER PMRs PUWER RBI Re REP SCE SIL SMS ‘T’ class TA TPEF UK UV floating production, storage and offloading unit general alarm Great Britain Health and Safety at Work etc Act high voltage independent competent person intrinsically safe key performance indicator low voltage mean time between failures sample size lot size nominated electrical person Offshore Installations (Safety Case) Regulations public address the maximum percentage of faulty equipment in a lot so that the safety level of the lot is declared acceptable within a probability of 10% discrimination ratio the minimum percentage of faulty equipment in a lot so that the safety level of the lot is declared unacceptable within a probability of 5%. Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations planned maintenance (/inspection) routine Provision and Use of Work Equipment Regulations risk based inspection rejection number responsible electrical person safety critical element safety integrity level safety management system temperature classification technical authority technical person with executive function United Kingdom ultraviolet 110 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 ANNEX F REFERENCES This annex provides information regarding publications that are referred to herein. All were current at the time of writing. Users should consult the pertinent organisations for details of the latest versions of publications. To assist, Internet addresses are provided. British Standards Institution (BSI) http://www.bsi-global.com C BS 6001-1 Sampling procedures for inspection by attributes: Sampling schemes indexed by acceptance quality limit (AQL) for lot-by-lot inspection. C BS 6626 Code of practice for maintenance of electrical switchgear and controlgear for voltages above l kV and up to and including 36 kV. C BS 7671 Requirements for electrical installations. IEE Wiring Regulations. Seventeenth edition. C BS EN 60079-17 Electrical apparatus for explosive gas atmospheres: Inspection and maintenance of electrical installations in hazardous areas (other than mines). Energy Institute (EI) http://www.energyinst.org Model codes of safe practice in the petroleum industry: C Part 1: Electrical safety code. C Part 15: Area classification code for installations handling flammable fluids. Other publications: C Research report: Ignition probability review, model development and look-up correlations. European Communities (EC) http://europa.eu.int/index-en.htm Directives: C Approximation of the Laws of Member States concerning Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres 94/9/EC (OJ L 100, 19.4.1994). C Council Directive on the Minimum Health and Safety Requirements for the Use of Work Equipment by Workers at Work 89/655/EEC (OJ L 393, 30.12.1989). C Council Directive 95/63/EC of 5 December 1995 amending Directive 89/655/EEC concerning the Minimum Safety and Health Requirements for the Use of Work Equipment by Workers at Work (OJ L 335, 30.12.1995). C Directive on the Minimum Requirements for Improving the Health and Safety of Workers Potentially at Risk from Explosive Atmospheres 99/92/EC (OJ L 23, 28.1.2001). Health and Safety Executive (HSE) (published by HSE Books) http://www.hsebooks.com Guidance: C HS(G)65: Successful health and safety management. International Electrotechnical Commission (IEC) http://www.iec.ch C IEC 60079-14 Electrical apparatus for explosive gas atmospheres: Electrical installations in hazardous areas (other than mines). C IEC 60079-17 Electrical apparatus for explosive gas atmospheres: Inspection and 111 GUIDELINES FOR MANAGING INSPECTION OF EX ELECTRICAL EQUIPMENT IGNITION RISK IN SUPPORT OF IEC 60079-17 C C C maintenance of electrical installations in hazardous areas (other than mines). IEC 60079-25 Electrical apparatus for explosive gas atmospheres: Intrinsically safe systems. IEC 60030-3-11 Dependability management – Part 3-11: Application guide – Reliability centred maintenance. IEC 61649 Procedures for goodness-of-fit tests, confidence intervals and lower confidence limits for Weibull distributed data. International Organization for Standardization (ISO) http://www.iso.ch C ISO 2859-1 Sampling procedures for inspection by attributes: Sampling schemes indexed by acceptance quality limit (AQL) for lot-by-lot inspection. Office of Public Sector Information (OPSI) http://www.opsi.gov.uk C Health and Safety at Work etc Act 1974. C Management of Health and Safety at Work Regulations 1999 (SI 1999/3242). C Offshore Installations and Wells (Design and Construction, etc) Regulations 1996 (SI 1996/913). C Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations 1995 (SI 1995/743). C Provision and Use of Work Equipment Regulations 1998 (SI 1998/2306). C The Dangerous Substances and Explosive Atmospheres Regulations 2002 (SI 2002/2776). C The Electricity at Work Regulations 1989 (SI 1989/635). C The Equipment and Protective Systems for use in Potentially Explosive Atmospheres (Amendment) Regulations 2001 (SI 2001/3766). C The Equipment and Protective Systems for use in Potentially Explosive Atmospheres Regulations 1996 (SI 1992/192). C The Offshore Installations (Safety Case) Regulations 2005 (SI 2005/3117). C The Construction (Design and Management) Regulations 2007 (SI 2007/320). Research papers C Weibull, W. (1951) A statistical distribution function of wide applicability, J. Appl. Mech.Trans. ASME 18(3), 293-297. 112 Energy Institute This publication has been produced as a result of 61 New Cavendish Street work carried out within the Technical Team of the London W1G 7AR, UK Energy Institute (EI), funded by the EI’s Technical Partners. The EI’s Technical Work Programme t: +44 (0) 20 7467 7157 provides industry with cost effective, value adding f: +44 (0) 20 7255 1472 knowledge on key current and future issues e: [email protected] affecting those operating in the energy sector, www.energyinst.org.uk both in the UK and beyond. ISBN 978 0 85293 513 2 Registered Charity Number 1097899