The MHF regulations require that safety critical elements (SCEs) are verified to be suitable, but what does this actually mean in practice? We could say it means fit for purpose, which is true but doesn't help us understand just what is required to demonstrate suitability.
The SCEs at a facility are suitable if all four of the criteria below are satisfied.
All major incident hazards (MIH) are identified.
The purpose of a SCE is to prevent or mitigate a major incident, so how can we tell if it is suitable unless we know what major incident hazards (MIH) we are trying to prevent? For example, how can we say that a pressure relief valve is suitable if we haven't identified all of the overpressure cases that it needs to protect against? To demonstrate suitability, we must verify the safety assessment, including hazard identification, consequence analysis and risk assessment.
Control measures are identified SFAIRP.
The next step is to know what control measures will eliminate or minimise the risk of the MIH identified above, so far as is reasonably practicable (SFAIRP). This includes defining what performance is required of the SCEs to achieve this risk reduction. How can we tell if a SCE is suitable, if we don't know what performance is required of it? This means verifying that the performance standard documents what is required of each SCE, and that SFAIRP has been demonstrated for each MIH.
SCEs are properly implemented.
The devices and systems that make up the control measures must be properly implemented. To be suitable, the SCE must adequately perform the task assigned to it from the safety assessment. Verification involves an audit or review of the design, procurement, manufacture, installation and commissioning to confirm that the installed SCE achieves its performance standard.
4. SCEs are cared for adequately.
The SCEs and other control measures need ongoing care and attention (maintenance, inspection and testing) to ensure that they remain effective. The nature and frequency of this care varies for the different types of SCEs. A site audit is used to verify that these maintenance and test activities are happening and to verify that the SCE is in good condition and effective for its purpose, as per the performance standard.
Verification of SCEs means more than just redoing a PRV sizing calculation and checking that the device still looks ok on site. Items 1, 2 and 3 above verify the initial suitability of an SCE and applies for the whole facility, and for each change to the plant or procedures. The 4th item above verifies ongoing suitability and is typically conducted more frequently.