DNV-OSS-300: Risk Based Verification

OFFSHORE SERVICE SPECIFICATION

The content of thaccepts that it is verification servipursuant to this dconsequences aris

The electronic

DNV-OSS-300

Risk Based VerificationAPRIL 2004

This document has been amended since the main revision (April 2004), most recently in October 2011. See “Changes” on page 3.

DET NORSKE VERITAS AS

is service document is the subject of intellectual property rights reserved by Det Norske Veritas AS (DNV). The userprohibited by anyone else but DNV and/or its licensees to offer and/or perform classification, certification and/orces, including the issuance of certificates and/or declarations of conformity, wholly or partly, on the basis of and/orocument whether free of charge or chargeable, without DNV's prior written consent. DNV is not responsible for theing from any use of this document by others.

pdf version of this document found through http://www.dnv.com is the officially binding version

FOREWORD

DET NORSKE VERITAS (DNV) is an autonomous and independent foundation with the objectives of safeguarding life,property and the environment, at sea and onshore. DNV undertakes classification, certification, and other verification andconsultancy services relating to quality of ships, offshore units and installations, and onshore industries worldwide, andcarries out research in relation to these functions.

DNV service documents consist of amongst other the following types of documents:— Service Specifications. Procedual requirements.— Standards. Technical requirements.— Recommended Practices. Guidance.

The Standards and Recommended Practices are offered within the following areas:A) Qualification, Quality and Safety MethodologyB) Materials TechnologyC) StructuresD) SystemsE) Special FacilitiesF) Pipelines and RisersG) Asset OperationH) Marine OperationsJ) Cleaner EnergyO) Subsea Systems

© Det Norske Veritas AS April 2004

Any comments may be sent by e-mail to [email protected] subscription orders or information about subscription terms, please use [email protected] Typesetting (Adobe Frame Maker) by Det Norske Veritas

This service document has been prepared based on available knowledge, technology and/or information at the time of issuance of this document, and is believed to reflect the best ofcontemporary technology. The use of this document by others than DNV is at the user's sole risk. DNV does not accept any liability or responsibility for loss or damages resulting fromany use of this document.

Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover Changes –

CHANGES

INTRODUCTIONThis Service Specification was approved by the Director of Technology in April 2004.Publication of this Service Specification will make the Service Specification DNV-OSS-303 obsolete.

— This general document gives the common framework and an overview of processes in risk basedverification.

— It introduces a levelled description of verification involvement during all phases of an asset’s life.— The document facilitates a categorisation into risk levels High, Medium and Low, assisting in an evaluation

of the risk level.— The document assists in planning the verification through the making of a Verification Plan.— Providing an international standard allowing a transparent and predictable verification scope, as well as

defining terminology for verification involvement.

• Amendments October 2011

— A restricted use legal clause has been added on the front page.


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – Contents see note on front cover

CONTENTS

Sec. 1 General ................................................................................................................................................ 6

A. General ........................................................................................................................................................................... 6A 100 Introduction........................................................................................................................................................... 6A 200 Objectives ............................................................................................................................................................. 6A 300 Scope of application.............................................................................................................................................. 6A 400 Structure of DNV Offshore Service Specifications related to verification........................................................... 6A 500 Structure of this document .................................................................................................................................... 6A 600 Structure of related DNV documents ................................................................................................................... 7

B. Definitions and Abbreviations ..................................................................................................................................... 7B 100 General.................................................................................................................................................................. 7B 200 Definitions ............................................................................................................................................................ 7B 300 Abbreviations ...................................................................................................................................................... 9

C. References ...................................................................................................................................................................... 9C 100 General................................................................................................................................................................. 9

Sec. 2 Principles of Risk Based Verification ............................................................................................. 10

A. General ......................................................................................................................................................................... 10A 100 Objectives ........................................................................................................................................................... 10

B. General Verification Principles ................................................................................................................................. 10B 100 Purpose of Verification ....................................................................................................................................... 10B 200 Verification as a Complementary Activity ......................................................................................................... 10B 300 Verification Based on Risk ................................................................................................................................. 10B 400 Verification Management ................................................................................................................................... 10

C. Risk Based Verification Concept ............................................................................................................................... 10C 100 Elements of the service ...................................................................................................................................... 10C 200 Asset Planned...................................................................................................................................................... 11C 300 Asset Specification ............................................................................................................................................. 11C 400 Risk Assessment ................................................................................................................................................. 12C 500 Definition of Verification Involvement .............................................................................................................. 12C 600 Verification Plan ................................................................................................................................................. 12C 700 Verification Execution ........................................................................................................................................ 13C 800 Asset Completed ................................................................................................................................................. 13

D. Risk-Differentiated Levels of Verification................................................................................................................ 13D 100 Levels of verification .......................................................................................................................................... 13

E. Defining a Verification Plan....................................................................................................................................... 15E 100 Risk based verification planning ........................................................................................................................ 15E 200 Selection of Level of Verification....................................................................................................................... 15E 300 Acceptance criteria.............................................................................................................................................. 15

F. Simplified Verification Planning ............................................................................................................................... 18F 100 General................................................................................................................................................................ 18

G. Detailed Verification Planning................................................................................................................................... 18G 100 General................................................................................................................................................................ 18

H. Risk Based Verification and National Regulations .................................................................................................. 18H 100 General................................................................................................................................................................ 18

App. A Benefits of DNV Risk Based Verification....................................................................................... 19

A. General ......................................................................................................................................................................... 19A 100 Background information ..................................................................................................................................... 19A 200 Verification trends .............................................................................................................................................. 19A 300 Benefits of DNV Risk Based Verification.......................................................................................................... 19A 400 Other DNV services related to Risk Based Verification .................................................................................... 21

App. B Verification and Certification Documents ..................................................................................... 22

A. Verification Documents .............................................................................................................................................. 22A 100 Purpose of Verification Documents.................................................................................................................... 22A 200 Validity of Verification Documents.................................................................................................................... 22A 300 Verification Documents Provided ...................................................................................................................... 22

B. Certification documents ............................................................................................................................................. 23B 100 General................................................................................................................................................................ 23B 200 Validity of Certification documents ................................................................................................................... 23


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover Contents –

App. C Example List of Typical High Risk Elements ................................................................................ 25

A. High Risk Elements..................................................................................................................................................... 25A 100 Offshore installations .......................................................................................................................................... 25

App. D Detailed Performance Requirements and Verification Activity Descriptions 27

A. Performance Requirements ....................................................................................................................................... 27A 100 Setting performance requirements ...................................................................................................................... 27

B. Verification Activities ................................................................................................................................................. 27B 100 Developing Verification Activity Lists............................................................................................................... 27


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – Sec.1 see note on front cover

SECTION 1GENERAL

A. General

A 100 Introduction101 This DNV Offshore Service Specification (DNV-OSS) gives an overview of DNV Verification Services.

A 200 Objectives201 The main objectives of this document are to:

— describe DNV’s Risk Based Verification services— provide a common communication platform for describing the extent of verification activities, i.e. how to

define a verification scope— give guidance to owners and other parties for selecting the level of involvement of the verifier— provide an opportunity to establish efficient, cost effective, predictable and transparent verification plans.

A 300 Scope of application301 This specification applies to verification during the asset owner’s control of the process leading up tothe completion of a physical asset, and further during the lifetime of the asset until abandonment. 302 This specification is primarily aimed at oil and gas related facilities and installations located onshore oroffshore. The principles may also be applied to general industrial developments.303 This specification may be adopted for full field development, particular phases of an asset realisationprocess or for particular elements. The owner may chose to utilise DNV’s resources for all or selected parts ofthe scope.304 DNV’s Risk Based Verification services may be carried out on assets specified in:

— DNV’s Offshore Standards,— International or national standards, or— Owner’s specification

A 400 Structure of DNV Offshore Service Specifications related to verification401 The DNV Offshore Service Specifications related to verification are organised according to thepyramidal principles in Figure 1.

Figure 1 Hierarchy of DNV’s offshore service specifications for verification

402 The top level document DNV-OSS-300, describes the overall philosophy and services. The object-specific documents describe the principles and give detailed information regarding the potential scope of workfor the verification of each object. 403 An object-specific DNV-OSS provides a basis for the development of scope of work for verificationactivities. Section 2 gives the service overview and principles for scope of work descriptions. Detailedexamples of scope of work tables are found in appendices to the object specific documents. 404 Some of the object-specific documents also give requirements to achieve and maintain a DNVCertificate of Conformity (Ref. Appendix B).

A 500 Structure of this document501 This document contains two sections and four appendices:Section 1 gives the scope of the document, definitions and references.

DNV-

OSS-300

General service overview

DNV-OSS-3nn Object specific detailed specifications


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover Sec.1 –

Section 2 explains the philosophy and principles of Risk Based Verification. It explains the risk-differentiatedlevels of involvement, the elements in the RBV chain and the different methodologies within risk assessmentto develop a Verification Plan.

Appendix A gives the benefits of a targeted and planned verification.

Appendix B gives an overview of the main verification and certification documents issued by DNV, includingthe DNV Certificate of Conformity and the DNV Statement of Compliance.

Appendix C is an example list of typical high risk elements for the main types offshore installations

Appendix D gives information on how to develop detailed performance requirements and verification activities.

A 600 Structure of related DNV documents

601 The DNV document systems consist of a three-level hierarchy with these main features:

— Principles and procedures related to DNV’s services are separate from technical requirements and arepresented in DNV Offshore Service Specifications. The documents described in Figure 1 belong here.

— Technical requirements are issued as self-contained DNV Offshore Standards.— Associated product documents are issued as DNV Recommended Practices.

602 The hierarchy is designed with these objectives:

— Offshore Service Specifications present the scope and extent of DNV’s services.— Offshore Standards are issued as neutral technical standards to enable their use by national authorities, as

international codes and as company or project specifications without reference to DNV’s services.— The Recommended Practices give DNV’s interpretation of safe engineering practice for general use by

industry.

Guidance note:The latest revision of all DNV documents may be found in the publications list on the DNV web site www.dnv.com.

---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---

B. Definitions and Abbreviations

B 100 General

101 The following definitions should be applied only in the context of this document, and may not necessarilybe appropriate for services outside the Risk Based Verification approach as described.

B 200 Definitions

201 Asset: Loose term used to describe the item to be made or maintained. Can refer to a full fielddevelopment, a topside facility, a pipeline system, a compressor station etc. or a part of these. It isinterchangeable with the term Object.

202 Certificate of Conformity: A document signed by a qualified party affirming that, at the time ofassessment, the product or service met the stated requirements (BS 4778: Part 2).

Guidance note:For this OSS, a Certificate is a short document (often a single page) stating conformity with specified requirements.The results from associated verification shall be contained in a separate (single or multiple volume) report.


203 Certification: Used in this document to mean all the activities associated with the process leading up tothe Certificate.

Guidance note:In the DNV- OSS when Certification is used it designates the overall scope of work or multiple activities for the issueof a Certificate, whilst Verification is also used for single activities associated with the work. This in essence meansthat Certification is Verification for which the deliverable includes the issue of a Certificate.Other (related) definitions are:BS 4778: Part 2: Certification: The authoritative act of documenting compliance with requirements.EN 45011: Certification of Conformity: Action by a third party, demonstrating that adequate confidence is providedthat a duly identified product, process or service is in conformity with a specific standard or other normativedocument.ISO 8402: 1994: Verification: Confirmation by examination and provision of objective evidence that specifiedrequirements have been fulfilled.




204 Element: Loose term which can mean anything from a drilling rig to a system or a component. the levelof detail will depend on the situation. In a hierarchic structure elements are below asset.

205 Hazard: A deviation (departure from the design and operating intention) which could cause damage,injury or other form of loss (Chemical Industries Association HAZOP Guide).

206 HAZOP (HAZard and OPerability study): The application of a formal systematic critical examination tothe process and engineering intentions of new or existing facilities to assess the hazard potential of mal-operation or mal-function of individual items of equipment and their consequential effects on the facility as awhole (Chemical Industries Association HAZOP Guide).

207 HAZID, (HAZard IDentification): A technique for the identification of all significant hazards associatedwith the particular activity under consideration. (ISO-17776)

208 Life cycle: Loose term which includes all phases of an asset; concept studies, front end engineeringdesign (FEED), design, procurement, fabrication, hook-up, commissioning, operation/ production,maintenance, inspection and abandonment.

209 Object: Loose term used to describe the item to be made or maintained. Can refer to a full fielddevelopment, a topside facility, a pipeline system, a compressor station etc. or a part of these. It isinterchangeable with the term Asset.

210 Owner: In the document used not just to describe the actual owner, but also to used to reflect DNV’scontractual partner. In many projects the owner authorises the contractor to act on his behalf and it shall thenmean the contractual partner.

211 Performance requirement: A description of the essential requirements to be met, maintained or provideon demand by an element. Appendix D may be used for guidance.

212 Risk: The qualitative or quantitative likelihood of an accident or unplanned event occurring, consideredin conjunction with the potential consequences of such a failure. In quantitative terms, risk is the quantifiedprobability of a defined failure mode times its quantified consequence.

Guidance note:Risk is not only related to physical failure modes, but also to operational errors, human errors and so on. For somerisks the functional failures or physical failure modes contribute less than 20% while more than 80% of the risk relatesto other devices.


213 Risk Reduction Measures: Those measures taken to reduce the risks to the operation of the system andto the health and safety of personnel associated with it or in its vicinity by:

— Reduction in the probability of failure.— Mitigation of the consequences of failure

Guidance note:The usual order of preference of risk reduction measures is:

a) Inherent Safety.

b) Prevention.

c) Detection.

d) Control.

e) Mitigation.

f) Emergency Response.


214 Safety Objectives: The safety goals for the construction, operation and decommissioning of the assetincluding acceptance criteria for the level of risk acceptable to the Owner.

215 Statement of Compliance: A statement or report signed by a qualified party affirming that, at the time ofassessment, the defined asset phase, or collection of activities, met the requirements stated by the Owner.

216 Verification is confirmation by examination and provision of objective evidence that specifiedrequirements have been fulfilled (ISO 8402: 1994).

Guidance note:The examination shall be based on information, which can be proved true, based on facts obtained throughobservation, measurement, test or other means.

See also Certification.




B 300 Abbreviations 301

C. References

C 100 General101 A guide to Hazard and Operability studies, 1979, Chemical Industries Association Limited. London102 ISO 8402 Quality – Vocabulary, 1994, International Organization for Standardization, Geneva103 BS4778 Quality Vocabulary, Part 2 Quality concepts and Related Definitions, 1991, British StandardInstitute, London104 EN 45011 General Criteria for Certification Bodies Operating Product Certification, 1998, EuropeanCommittee for Standardization, Brussels105 ISO 17776 Petroleum and natural gas industries – Offshore production installations - Guidelines onTools and Techniques for Hazard Identification and Risk Assessment, 2000, International Organization forStandardization, Geneva.

DNV Det Norske VeritasOS Offshore Standard, used in the form DNV-OSOSS Offshore Service Specification, used in the form DNV-OSSQRA Quantitative Risk AnalysisRBV Risk Based Verification



SECTION 2PRINCIPLES OF RISK BASED VERIFICATION

A. General

A 100 Objectives

101 The objectives of this section are to provide:

— an introduction to the DNV Risk Based Verification Concept and the elements of the Risk BasedVerification Chain

— an introduction to the principles of risk differentiated levels of verification activities— guidelines on the selection of levels of verification.

B. General Verification Principles

B 100 Purpose of Verification

101 Verification constitutes a systematic and independent examination of the various lifecycle phases of anasset to determine whether it is (or continues to be) in compliance with some or all of the asset specifications.

102 Verification activities are expected to identify errors or failures in the work associated with the asset andto contribute to reducing the risks to the operation of the asset and to the health and safety of personnelassociated with it or in its vicinity or other unwanted situations.

B 200 Verification as a Complementary Activity

201 Verification shall be complementary to routine design, construction and operations activities and not asubstitute for them. Therefore, although verification will take into account the work, and the assurance of thatwork, carried out by the owner and its contractors, it is inevitable that verification will duplicate some workthat has been carried out previously by other parties involved in the asset or system.

B 300 Verification Based on Risk

301 Verification based on risk is founded on the premise that the risk of failure can be assessed in relationto a level that is acceptable and that the verification process can be used to manage that risk. The verificationprocess is therefore a tool to maintain the risk below the acceptance limit.

302 Verification based on risk aims to be developed and implemented in such a way as to minimiseadditional work, and cost, but to maximise its effectiveness. The development of a risk based verification planshall depend on a risk assessment and the findings from the examination of quality management systems,documents and production activities.

B 400 Verification Management

401 The philosophy and verification methods used shall be described in a Verification Plan to ensuresatisfactory completion of verification.

The philosophy and these methods should ensure that verification:

— has a consistent and constructive approach to the satisfactory completion and operation of the asset— is available world-wide wherever the owner or his contractors operate— uses up-to-date methods, tools and procedures— uses qualified and experienced personnel.

402 All verification activities shall be carried out by competent personnel. Competence includes having thenecessary theoretical and practical knowledge and experience of the activity being examined. An adequateverification of some activities may require access to specialised technical knowledge.

403 As well as demonstrating competence of individuals, the verification organisation shall also be able toshow competence and experience in verification work for relevant assets.

C. Risk Based Verification Concept

C 100 Elements of the service

101 The risk based verification concept can be visualised to involve the elements in Figure 1. It is a chainwith iterative loops.



Figure 1 The DNV Risk Based Verification Chain

102 Asset is used collectively. It is an onshore or offshore installation or part thereof, a system or process, ora development phase such as feasibility, design, construction, commissioning, operation and decommissioning.103 The Asset Planned and Asset Decommissioned are the boundaries of the Risk Based Verification process.104 Asset Specification, Risk Assessment and Definition of Verification Involvement are inputs into theVerification Plan, while Verification Execution is the implementation of the Verification Plan. The Risk Based Verification service comprises of one, some or all of these main elements.

C 200 Asset Planned201 Asset Planned is the starting point for any project or project phase and is the decision of the owner. Itcomprises a general description of the project in the form of functionality, safety, capacity, economics etc.

C 300 Asset Specification301 Asset Specification has been identified as a separate element to focus on the need to address objectives,acceptance criteria and performance requirements to the asset.302 This element in the chain comprises:

— detailing of the description at the system level of the project in the form of functionality, safety, capacity,economics etc.

— identification or definition of verification philosophy, safety objectives etc., including selection of safetyand/or business and/or environmental focus and goals

— identification of codes and technical specifications (e.g. standard company material specifications) to beadopted

— definition of high level performance requirements for the asset and identification of main elements andspecific performance requirements thereof.

Asset Planned

Verification Planincluding list of verification activities

Verification Executionincluding reporting of compliance or non-

compliance

Asset Completed

Definition of Verification Involvementincluding detailing of acceptance criteria and

performance requirements

Risk Assessmentincluding identification of hazards and

ranking of hazards based on risk evaluation

Asset Specificationincluding overall Owner acceptance criteria,performance requirements and verification

objectives



303 The detailing of elements and requirements will vary from project to project. The timing for detailingwill also vary and is affected by matters like contract type and philosophy, owners involvement in the process,level of innovative elements in the project, life time business philosophy etc.

C 400 Risk Assessment

401 Risk Assessment is the identification of hazards, frequencies of occurrence, consequences and riskdrivers. The risk can be defined on a general level for the project, for different phases of a project or for detailedelements of the asset.

402 The risk can be evaluated based on safety, environmental impact, economics, schedule, PublicRelations, reputation or other criteria set by the owner.

403 Risk Assessment can be based on engineering judgement (pragmatic) or on analytical processes. Insection E different methods have been described to arrive at the conclusions necessary to formulate a risk basedverification plan.

404 Once the risks have been identified their extent can be reduced to a level as low as reasonably practicableor as low as corporately required, by means of one or both of:

— reduction in the probability of failure— mitigation of the consequences of failure.

Guidance note:Reasonable PracticabilityThe term “as low as reasonably practicable (ALARP)” has come into use through the United Kingdom’s “The Healthand Safety at Work etc. Act 1974”. Reasonable Practicability is not defined in the Act but has acquired meaning byinterpretations in the courts.It has been interpreted to mean that the degree of risk from any particular activity can be balanced against the cost,time and trouble of the measures to be taken to reduce the risk.It follows, therefore, that the greater the risk the more reasonable it would be to incur substantial cost, time and effortin reducing that risk. Similarly, if the risk was very small it would not be reasonable to expect great expense or effortto be incurred in reducing it.


405 The systematic assessment of risks and the implementation of measures to reduce these, results in arelative ranking of the risk level of the elements and /or sub-elements of the asset.

406 The ranking of the elements will differ depending on the acceptance criteria; safety, environmentalimpact, economics, schedule, public relations, reputation or others. Different criteria may be applied to factorthe importance of these.

C 500 Definition of Verification Involvement

501 Definition of verification involvement or level(s) includes defining the cut-off level under which noverification activity shall be performed and to define the appropriate level of involvement for the others.

502 Based on the relative risk level of the elements the verification intensity should increase towards thehighest risk elements.

Guidance note:Verification of risk reducing measures e.g. in the form of risk reducing barriers, should be directed towards the riskreducing measures (barriers) which claims to have the highest risk reducing effects.


503 In this process the overall acceptance criteria from the Asset Specification should be cascaded down tomore detailed performance requirements for individual elements or groups of elements.

504 The risk ranking is used in the selection of the appropriate verification activity level and type to bedescribed in the verification plan.

C 600 Verification Plan

601 The Verification Plan is the pivot element in the DNV Risk Based Verification systematics.

602 The Verification Plan is the scope of work (SOW) for verification. It should be revisited, re-evaluatedand possibly revised as the project progresses and new information becomes available.

603 The more specific the Verification Plan, the more predictable the verification activities will be.

604 The Verification Plan repeats the verification objective and the criteria for selecting the highest riskelements and the verification involvement, as given by the Owner. It includes the findings from the riskassessment step, defines which asset specifications shall be verified, and also the level of involvement by partyand type of verification activity.



605 The Verification Plan further consists of listing the elements and their performance requirementstogether with the type and depth of scrutiny to which each shall be subjected.

606 The verification involvement level can be described using the tables in Sect.2 of the relevant objectspecific DNV-OSS.

607 Detailed scope of work tables listing all the sub-elements of an asset, can either be developed from thetables in Sec. 2 of the relevant object specific DNV-OSS or they can be based on the example tables includedin the appendices.

608 For information typical high risk elements with respect to safety of personnel, often termed SafetyCritical Elements, are presented in Appendix C.

C 700 Verification Execution

701 Verification Execution is document review, independent analyses, inspection, monitoring, site visits,process audits, technical audits, testing, etc. according to the Verification Plan.

702 Information arising from execution should be used to identify continuous improvements to theVerification Plan. E.g. evidence of good systematic control may be used to reduce the verification activities.

703 The purpose of verification activities is to confirm compliance or identify non-compliance with the assetspecification.

C 800 Asset Completed

801 Asset Completed is the end point of any lifecycle phase or phases, which complies with the relevantplanned asset and the asset specification.

D. Risk-Differentiated Levels of Verification

D 100 Levels of verification

101 The level of verification activity should be differentiated according to the risk to the asset or element orphases thereof. If the risk to the asset is higher, the level of verification involvement is higher. Conversely, ifthe risk to the asset is lower, the level of verification activities can be reduced, without any reduction in theireffectiveness.

102 It is emphasised that the activity level describes the depth of the verification involvement. It follows,therefore, that an increase in the level of involvement above that considered necessary, based on an evaluationof the risks, involves minimal extra risk reduction for increased cost. This practice is unlikely to be cost-effective.

103 Verification of assets or elements thereof are typically categorised into Low, Medium and High.

Low is the level of verification applied where the risks to the asset are lower than average. For example, it hasbenign contents, it is located in congenial environmental conditions, or the contractors are well experienced inthe design and construction of similar assets. This level may also be appropriate when the Owner (or otherparties) performs a large degree of verification and/or quality assurance work.

Medium is the customary level of verification activity and is applied to the majority of assets.

High is the level of verification applied where the risks to the asset is higher than average. For example, it hashighly corrosive contents, it is in adverse environmental conditions, it is technically innovative or thecontractors are not well experienced in the design and construction of similar assets. This level may also beappropriate when the Owner chooses to have a small technical involvement or performs little own verification.

Guidance note:The terms Basic, Regular and Special are sometimes used to describe the level of involvement. If these are used inconnection with DNV Risk Based Verification, then Basic shall mean Low, Regular shall mean Medium and Specialshall mean High.


104 Illustrations of the levels of involvement are given in Figures 2 and 3. Figure 2 illustrates the levels asa function of probability and consequence of failure. Figure 3 illustrates how increasing depth of scrutiny isassigned to elements with increasing risk levels.

Guidance note:An element can be everything from a drilling rig to an important component or system, depending on the detailinglevel of the risk assessment being carried out.




Figure 2 Levels of verification

Figure 3 Increasing verification scrutiny as a function of increasing risk level for each element

105 It is the prerogative of the owner of the asset system to choose the level of verification. The selectionshould be documented.

106 Different levels of verification can be chosen for different lifecycle phases of the asset, or even withinthe same phase if necessary. For example, asset design may be innovative and considered high risk whereas theinstallation method is well known and considered low risk. The converse might be true also.

107 The level of verification can be reduced or increased during a phase if the originally chosen level isconsidered too rigorous or too lenient, as new information on the risks to the asset becomes available. Careshould be taken to ensure that short term gains do not influence the reduction of verification, which could leadto a long term detriment.

108 Verification should be planned in close co-operation with the Owner and each of the contractors, toprovide a scope of work that is adjusted to the schedule of each lifecycle element, i.e. to make the verificationactivities, surveillance and hold points, an integrated activity and not a delaying activity.

Guidance note:Many Contractors have adequate quality control systems and quality control departments, with competent personnelto perform, for example, inspection at plants and specialist engineers competent to review and verify the performanceof plants.In that case, all verification work need not be done by DNV personnel. Where applicable, the various inspections maybe carried out by competent persons other than DNV personnel. In that situation a substantial part of DNV’s verification activities may be encompassed by:

- reviewing the competence of the Contractor’s personnel,- auditing their working methods and their performance of that work, and- reviewing the documents produced by them.


109 Verification should direct greatest effort at those elements of the asset or system whose failure or reducedperformance will have the most significant impact on safety or the other defined project risks. These elementsare termed high risk elements or sometimes Critical Elements.

Increasing

Risk

Consequence of Failure

Pro

babi

lity

of

Fai

lure

Low High

Low

Hig

h

LOW

MEDIUM

HIGH

Axis of increasing risk

Ele

men

ts

and depth of scrutiny

ABCDEFGHI



110 The degree of confidence placed in verification reports depends on the degree of confidence in theverification activities carried out. Therefore, the verification plan must be transparent and give clear details ofthe level of verification for both elements and phases.

E. Defining a Verification Plan

E 100 Risk based verification planning 101 The selection of the level of verification shall depend on the risk level of each element having an impacton the management of hazards and associated risk levels of the asset. 102 The effort spent to select the overall level of verification and the detailing and differentiation betweendifferent elements will vary from project to project. It is a business decision on how to balance the effort of up-front planning with that of some additional effort during verification execution.103 The tools used to arrive at a Verification Plan range from engineering judgement risk assessment toanalytical risk assessments. The former generally reflects less effort in the up-front planning stage while thelatter directs more efforts into the particulars of a specific project. 104 The span in the method is illustrated in Figure 4. Most projects will utilise a combination of tools.

Guidance note:Typically, for a tender phase it may be useful to utilise engineering judgement to make an initial Verification Plan.When updating the Verification Plan the appropriate analytical tools can be utilised.


E 200 Selection of Level of Verification201 Suitable selection factors include:

— overall asset specification— assessment of the risks associated with the asset and the measures taken to reduce these risks— degree of technical innovation in the asset system— experience of the contractors in carrying out similar work— quality management systems of the Owner and their contractors.

202 To facilitate the selection of the level of verification a set of trigger questions based on the above list ofselection factors, has been prepared and is included in the object specific DNV-OSS. 203 To further assist in the selection of general level of verification Table E1 can give some guidance.204 The level of verification is selected for each individual element and should reflect the risk level as wellas the type of performance requirements.

Guidance note:To achieve a consistent verification involvement relative to risk level a practical and visual approach can be to plotthe elements and relative risk levels as in Figure 3. Decide on the maximum level of involvement (L, M or H) anddraw the line to the left of which no verification shall be made. The area enveloping the elements to be verified canthen be split in to areas with uniform verification involvement.


E 300 Acceptance criteria301 Defined acceptance criteria are essential to confirm compliance and identify non-compliance.



302 The format and detailing may differ. Assets, elements or lifecycle phases for which technical standardsor company specifications exist, may have relatively short and simple acceptance criteria. For assets, elementsor lifecycle phases not readily covered by prescriptive standards, greater effort is directed into the particularsof the specific project and this often results in more detailed performance requirements.

Table E1 Levels of verification and guidance on typical involvement at system levelLevel Typical System Characteristics Description of typical verification involvementLow — Proven designs with relatively harmless

content and/or installed in benign environmental conditions.

— State of the art design, manufacturing and installation by experienced contractors.

— Low consequences of failure from a commercial, safety or environmental point of view.

— Relaxed to normal completion schedule.

— Review of General Principles and production systems during design and construction.

— Review of principal design documents, construction procedures and qualification reports.

— Site attendance only during system testing.— Less comprehensive involvement than level

Medium.

Medium — Asset in moderate or well controlled environmental conditions.

— Plants with a moderate degree of novelty— Medium consequences of failure from a

commercial, safety or environmental point of view.

— Ordinary completion schedule.


— Detailed review of principal and other selected design document with support of simplified independent analyses.

— Full time attendance during (procedure) qualification and review of the resulting reports.

— Audit based or intermittent presence at site.High — Innovative designs.

— Extreme environmental conditions.— Plants with a high degree of novelty or large

leaps in technology.— Contractors with limited experience or

exceptionally tight completion schedule.— Very high consequences of failure from a

commercial, safety or environmental point of view.


— Detailed review of most design document with support of simplified and advanced independent analyses.

— Full time attendance during (procedure) qualification and review of the resulting reports.

— Full time presence at site for most activities.— More comprehensive involvement than level

Medium.



Figure 4 Verificaton planning

ConsequenceFrequency of occurrence

RiskAssessment

VerificationPlan

AssetSpecification

PrepareVerificationPlan based onpredefinedtables.

Includeadjustments totailor for theparticular asset.

Confirmacceptancecriteria to besufficient.

HAZID for the asset. This may be donestepwise with increasing detailing on themore complex components/processes.

The predefined tables may be usefulreferences

Risk assessmentbased on triggerquestions.

Conclude onoverallverificationinvolvement;H, M or L

Prepare Verification Plan based on theassessed risks, risk drivers and acceptancecriteria as defined above.The type and depth of verification isdescribed using the same terminology as usedin the predefined tables.

Analytical assessment of risk andidentification of relative risk levels.

The relative risk may be grouped intoLow, Medium or High

Identifyelements forverificationand prepareverificationplan basedon anycombinationof thesimplifiedand detainedverificationplanning.

Definition ofVerification

Level

Define acceptance criteria or performancerequirements in more detail

Simplified verificationplanning, based on

Engineering judgement

Combinedverification

planningplanning, based on

Analytical risk assessment:

Detailed verification



F. Simplified Verification Planning

F 100 General

101 Simplified verification planning is mainly based on engineering judgment and reflects DNV's in-houseexperience as well as the industry experience as reflected in a number of technical standards. Both have beenused to make up the object specific DNV-OSS’s.

102 The steps in the simplified verification planning are as follows:

— Use trigger questions to assess the overall risk level of the project (or manageable elements thereof).— Evaluate the risk against the relevant owner or project acceptance criteria (often this can be directly tied to

the owner core values or a sub-set of these) and decide whether the general verification involvement shallbe Low, Medium or High.

— Use the detailed scope of work tables in the object DNV-OSS to make a first draft of a Verification Plan— Generate the project specific Verification Plan by include a project specific engineering judgment to adjust

the table to suit the project— Perform the verification execution according to the Verification Plan, making revision to the plan if and

when necessary.

103 Care shall be taken not to use this process without sufficient attention to its built-in simplifications.Particularly the use of example tables in the appendices can never replace the need for project specificassessments. They can, however, be very useful starting and reference points.

G. Detailed Verification Planning

G 100 General

101 The analytical verification planning is based on the use of (quantitative) risk methods to establish projectspecific identification of the relative risk level of the project elements.

102 Depending on the project size and type the risk assessment will often include an initial qualitative riskassessment screening prior to a full quantitative risk analysis, QRA.

103 A description on how to carry out HAZID, HAZOPD and QRA in general is not given in this DNV-OSS.The methodology is described in numerous books and publications on the subject.

104 Particularly for projects or project elements were there are limited or inadequate prescriptive technicalstandards or if the performance requirements are of a nature that make available prescriptive standardsinadequate, it is advisable to invest more time and effort in the planning stages.

105 With limited prescriptive standards the need and also the effort required to define the acceptance criteriafor individual or groups of elements will normally increase. Appendix D addresses how to formulate detailedperformance requirements and also how these and the risk elements are developed into verification activitylists, which are finally included in the Verification Plan

H. Risk Based Verification and National Regulations

H 100 General

101 Many national authorities have specific requirements to the verification activities. These can be in theform of minimum requirements to documentation of risk and risk reducing measures, which documents shallbe presented to the authorities, mandatory use of standards etc. The authorities may also have requirements toroles and responsibility, independence of verifier, content and form of verification activities, terminology etc.

102 The particulars of the relevant national requirements shall be observed when planning and performingRisk Based Verification.

Guidance note:

The Offshore Installations (Safety Case) Regulations in UK can be an example of particular National Authorityrequirements. The risk based verification approach fits very well with these regulations, but one needs to ensure thatthe correct documents and terminology are used and understood e.g. Major Accidents Hazards, Safety-CriticalElements, Performance Standards etc.



Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover App.A –

APPENDIX A BENEFITS OF DNV RISK BASED VERIFICATION

A. General

A 100 Background information

101 This appendix gives background information on verification and the possible benefits thereof.

A 200 Verification trends

201 Verification has historically been carried out with a variety of scope and depth of involvement. The depthof involvement, or level of verification, has not always been very transparent.

202 There are national authorities requiring verification or even certification of offshore or onshoreinstallations (assets) and have appointed specific organisations qualified for this work.

203 Some of these national authorities may have detailed requirements to the verification or certificationactivity, while others leave the definition of the necessary work up to the appointed organisation. Other nationalauthorities require specific documents to be verified and approved by them, some hold the owner responsiblefor the verification activities, others again may not have any specific requirements.

204 The trend is that authorities remove themselves from the prescriptive regimes and convert to functionalrequirements and safety and risk approaches. It is therefore believed that there will be a stronger demand formeasurable objectives to be presented by the owners. The objectives are linked, as a minimum, to theexpectations from the authorities on safety to the work force, the public and the environment. Economics maybe an additional minimum requirement from the owner and his partners.

205 As a means to fulfilling these expectations business today is often characterised by a defined desire tosystematically balance expected costs and benefits. The aim is an optimum control of the uncertainties (or risks)related to the objectives.

206 Even where national authorities do not require verification of installations (assets), verification (orcertification) is a convenient tool for the owner to get an independent evaluation of the contractor(s) work orto show financiers, partners, insurers and the public that the asset complies with relevant safety levels and otherrequirements in the asset specification.

207 It is good business practice to subject important work to a third-party check as this reduces the possibilityof errors remaining undetected. Third-party verification will ensure that the verifier has an independent viewand perspective when performing this activity. Furthermore, it will avoid the situation where errors could beoverlooked by engineers or others because of their closeness to the work with the asset.

208 Systematic risk based assessment methods are more often used to identify the risk associated with theelements. Based on this identified risk, focus is put on the relevant acceptance criteria pertaining to integrity,functionality, survivability, availability, reliability, maintainability, and environmental impact of an assetthroughout its lifecycle.

209 The result of the systematic identification of risk can be utilised in the design and construction by theContractor and by the Owner or a 3rd party to optimise the verification activities through a well defined andtransparent verification plan.

210 Not all projects nor all high risk elements have great degrees of novelty or innovation requiring a largedegree of sophistication when predicting risk. The high risk elements or phases can often be determined bywhat is addressed in international technical standards and from general experience. For these projects theability to communicate the correct or desired level of verification may be the most time consuming exercise.

211 At the other end of the scale are the projects that have greater uncertainty, and often appears to be highrisk, but which need to be systematically addressed to be able to identify the hazards, the probability andconsequences of occurrence and the risk levels of the elements. For these projects the correct identification andranking of the risk of the elements is essential for the project optimisation process and planning of theverification activities. However, it is also for these necessary to be able to communicate the level of verificationand link it to the associated risk.

212 For almost all projects, interface activities are important and many have experienced that inadequateinterface management can be very costly and time consuming.

A 300 Benefits of DNV Risk Based Verification

301 Business today is characterised by the need to balance cost and benefits through a better understandingand mastering of the assets and their associated risks. Risk Based Verification aims at balancing the efforts tocontrol the operational and technological risks and for an optimum control of risks and uncertainties from theconcept stage to decommissioning or abandonment of any asset. It may provide cost and time savings comparedwith prescriptive verification or certification by focusing on risk and by prioritising verification efforts.


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – App.A see note on front cover

302 The use of a more elaborate analytical method to plan the verification may give substantial cost benefitsduring the verification execution. Particularly for projects characterised by the following:

— a high degree of complexity— significant elements of new or unproven technology— proven elements being introduced to new operating conditions or applications— participants having limited experience in a type of asset or development— challenging development programmes.

303 DNV aims through Risk Based Verification, to instil confidence in our customers. Through independentand competent scrutiny the intent is to confirm that the asset is designed, constructed and/or operated so that:

— it is fit for its intended purpose,— its level of integrity is as high as reasonably practicable— the associated risk to health, life, property and environment is as low as reasonably practicable.

304 Such confidence arising from Risk Based Verification is not necessarily limited to DNV’s traditionalcustomers – it can be extended to contractors or other project participants, owners, financiers, partners, insurersetc. that an asset complies with a relevant basis, even in areas where formal references may be missing or areunder development.

305 The advantages for DNV’s customers in applying a Risk Based Verification approach may include:

— reduced probability of undesirable events— improved availability and reliability— cost and time savings through avoiding undue attention to areas and activities that are low contributors to

risk— contributing to optimised expenditure (CAPEX, OPEX and RISKEX) in high risk areas— early involvement in projects to ensure correct decisions and minimal rework— a demonstrable and auditable case for safety or other owner or project core values— active support to, and demonstration of achievement of, these core values— confirmation, and increased visibility, of the above to (project) partners and other stakeholders and to

Regulatory Bodies.

306 For a new asset development Risk Based Verification services should seek to reduce any uncertainty inthe design as early as possible, and if any weaknesses are revealed allow for effective management of necessarychanges, ref. Figure 2 “Effects of Early Involvement”. DNV’s verification experience reinforces the importantmessage of early involvement and the need for in-depth knowledge of the activities required to obtain optimalresource allocation for the verification process. A proactive approach is required and places particular emphasison roles and responsibilities.

Figure 1 Effect of early involvement

307 The above processes should consider all phases of the asset lifecycle. For example during the offshorecommissioning phase of a new asset there may be temporary items of equipment provided which should beidentified as high risk elements (e.g. temporary fire/gas detection).

308 DNV believes that a strong focus on the development of the Verification Plan will support a commoninterpretation of verification philosophies and requirements (which may differ from one project to another),and this should facilitate a more cost effective verification execution and provide for greater potential value tobe obtained from the overall verification process.

309 Database applications (for example DNV’s Verifier software) can be implemented to assist withdevelopment and execution of Verification Plans, including the capability to record the status of all verification

Incr

ease

Concept Commissioning

Ability toInfluence

Cost of Change

Time


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover App.A –

activities, and provide reports on their status. Such database applications can assist co-ordination by makingthe status available to all involved in verification, including the customer, simultaneously.

Figure 2 The asset realisation process

310 The optimisation can be regarded as the process to shrink the total volume of the circle in Figure 2 andto find the ideal balance between Contractor and 3rd party volumes within that circle.311 Alternatively, the volume of the ball can be used to indicate the cost of the process. The correct balancebetween the two sides may reduce the total volume of the whole process and at the same time achieve theoptimum asset. By optimum asset we mean one that through its lifecycle is suitable for the operation and hasthe correct balance between the quality, cost, environmental impact, safety, schedule and any other elementsdefined by Owner.

A 400 Other DNV services related to Risk Based Verification401 Any of the areas of Risk Based Verification involvement can be integrated with other DNV services,potentially with enhanced effectiveness, such as:

— Project Risk Management— assisting with development of project HSE philosophy— conducting, or participating in, Hazid— risk studies or assessments (e.g. QRA)— reviewing the customer’s formal safety assessment (safety case) to confirm the adequacy and robustness of

the process— providing a suitable computer application to manage verification requirements and findings— managing other legislative compliance requirements on behalf of the customer or asset owner— developing or reviewing Reliability Centred Maintenance (RCM) and Risk Based Inspection (RBI)

philosophies and procedures.

Ver

ific

atio

n Design

Construction

Operation

Management

Ris

k M

anag

emen

t

Ver

ific

atio

n P

lann

ing

Management

Input

Optimum output


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – App.B see note on front cover

APPENDIX B VERIFICATION AND CERTIFICATION DOCUMENTS

A. Verification Documents

A 100 Purpose of Verification Documents101 Verification documents are issued by DNV. The purpose of these documents is to provide documentationthat objective evidence has been presented to confirm compliance with the requirements and to document thework performed by DNV.

Guidance note:Examples of document forms are found in the objects specific DNV-OSS.


102 Intermediate verification documents act as a form of progress reporting showing satisfactory completionof complete life cycle verification activities for various issues, items or phases of the asset.103 The verification documents follow the hierarchy shown below and in Figure 1:

— Statement of Compliance— Verification Report— Intermediate documents

— Audit reports— Verification Comments— Visit reports

104 A description of each of these is given in the respective object specific DNV-OSS.

Figure 1 Document hierarchy for verification

A 200 Validity of Verification Documents201 Verification documents are, in principle, documents confirming that an examination has been carried out,and are valid only at the time of issue.

A 300 Verification Documents Provided 301 The types of documents issued by DNV relative to the different stages of the verification process are

Statement of Compliance with accompanying verification report

Verification Report

Intermediate documents


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover App.B –

illustrated by Table B1.

B. Certification documents

B 100 General101 DNV Certification is a special form of verification where the total scope is defined by DNV. Referenceis given to the section on definitions. For statutory certification the scope should in principle be defined by theregulating body. 102 The certification documents consist of the verification documents described above with an overlyingCertificate of Conformity. Hence, the hierarchy of documents are as illustrated in Figure 2. In relation to theproject phases, reference is given to Table B1.

B 200 Validity of Certification documents201 In general the same validity, i.e. the time of issue, applies as for verification documents.202 However, for Certificates of Conformity, a specified period of validity and maintenance conditions forensuring this validity may be given in the certificate.

Figure 2 Document hierarchy for certification

Table B1 Asset VERIFICATION – Documents provided by DNVReference Standard

for verification DNV Offshore Standard or other agreed technical standard

Project Phases

Design Construction Operation

Con

cept

ual

Des

ign

Det

ail D

esig

n

Man

ufac

turi

ng

of C

ompo

nent

s

Man

ufac

turi

ng

of E

quip

men

t an

d A

ssem

blie

s

Inst

alla

tion

Pro

ject

C

ompl

etio

n

Ope

rati

on,

Mai

nten

ance

an

d R

epai

r

Types of Verification Documents Provided

Statement of Compliance for individual phase or natural part thereof

Certificate of Conformity with accompanying verification report

Statement of Compliance with accompanying verification report

Verification Report

Intermediate documents


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – App.B see note on front cover

Table B1 Asset CERTIFICATION – Documents Provided by DNVReference Standard

for certification DNV Offshore Standard

Project Phases

Design Construction Operation

Con

cept

ual

Des

ign

Det

ail D

esig

n

Man

ufac

turi

ng

of C

ompo

nent

s

Man

ufac

turi

ng

of E

quip

men

t an

d A

ssem

blie

s

Inst

alla

tion

Pro

ject

C

ompl

etio

n

Ope

rati

on,

Mai

nten

ance

an

d R

epai

r

Types of Certification Documents Provided

Statement of Compliance for individual phase or natural part thereof

Cer

tifi

cate

of

Con

form

ity

Cer

tifi

cate

of

Con

form

ity

(ret

enti

on)

Certification phasePre - Certification Certification

Maintenance of Certification


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover App.C –

APPENDIX C EXAMPLE LIST OF TYPICAL HIGH RISK ELEMENTS

A. High Risk Elements

A 100 Offshore installations

101 The following table presents typical high risk elements with respect to safety of personnel for the maintypes of offshore installation. These are often called safety critical elements (ref e.g. UK Safety Case regime).This list is intended as a tool to help to ensure that key systems identified as high(est) risk are not omitted.However, the list can never be guaranteed to be exhaustive and shall never be used without due considerations.

TYPICAL HIGH RISK ELEMENTS

MO

DU

FL

OT

EL

FP

SO

/FP

U

FO

I

STRUCTUREJackets and Piles - - - XGravity Based Structure - - - XJack-up Legs and associated Jacking and Locking Systems X X - -Hull (including Watertight Closures) X X X -Drilling Derrick X - - XFirewater Caisson and Supports - - - XTopsides Primary Structure including Bridge and Flare Tower X X X XHelideck X X X XLifting (cranes) and Hoisting (drilling equipment) X X X XCrane Pedestal X X X XFoundations X X X XBlast Protection including Blast Venting Provisions X - X XDropped Object Protection incl. Subsea Protective Structures X X X XTurret - - X -DRILLINGMud Systems X - - XBlowout Preventer System X - - XChoke and Kill (including Emergency Blowdown) X - - XCement System X - - XMarine Riser System X - - XWell Control Instrumentation X - - XDiverter system X - - XPOWEREmergency Power X X X XBattery Systems X X X XProtection of Electrical Equipment X X X XIGNITION PREVENTIONElectrical Earthing Continuity X X X XElectrical Equipment in Hazardous Areas X X X XProtection of Hot Surfaces X X X XNatural Ventilation X X X XFIRE AND GASGas (Flammable and Toxic) Detection System X X X XFire Detection System X X X XDeluge X X X XSprinklers X X X XFire Pumps X X X XFirewater Ring Main X X X XFoam System X X X X


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – App.C see note on front cover

Gaseous Systems (e.g. Halon, CO2) X X X XPassive Fire Protection (including Doors, Walls and Penetrations) X X X XVentilation Systems X X X XEMERGENCY RESPONSE AND EVACUATIONTemporary Refuge X X X XEscape Routes X X X XHelideck Systems (Markings, Nets, Obstacle Marking/Lighting etc.) X X X XEscape (battery-backed) Lighting X X X XInternal Communications (e.g. Public Address,/General Alarm, Manual Alarm Call Points, Telephones)

X X X X

External Communications (including Marine and Aviation) X X X XTEMPSC X X X XPPE (incl. Lifejackets, Survival/Immersion Suits, Helideck Crash Equip.) X X X XESCAPE SYSTEMSDescent to Sea Systems (Personal Descent Devices, Knotted Ropes, Nets) X X X XLadders to Sea X X X XLife rafts X X X XStandby Vessel and associated Fast Rescue Craft X X X XHYDROCARBON CONTAINMENTHydrocarbon Piping and Equipment (including Valves and Instrumentation) - - X XEmergency Shutdown System including Software, Process Shutdown, High Integrity Protection Systems, Overpressure Protection Systems etc.

X X X X

Relief and Blowdown System X X X XHigh Speed Machinery Trips X - X XLocal Atmospheric Vents X - X XDrains (Open and Closed Hazardous) X X X XRisers and Riser Emergency Shutdown Valves - - X XPipelines - - X XPipeline Subsea Isolation Valves - - X XMARINEMooring (including Move-off) X X X -Navaids (including Lights, Foghorns, Marine/Weather Monitoring Systems) X X X XRadar Early Warning System X X X XBallast and Bilge (Stability) X X X -Inert Gas System - - X -Dynamic Positioning System X X X -Thrusters X X X -TEMPORARY EQUIPMENTBridge Connections to Support Vessels X X X XGas Cylinders and Attachments X X X XPower Generators X X X XTemporary Public Address/General Alarm Systems X X X XWell Test Equipment X - - XRadioactive Source Store X - X XExplosives Store X - - XSAFETY MANAGEMENT SYSTEM X X X X


Amended October 2011 Offshore Service Specification DNV-OSS-300, April 2004see note on front cover App.D –

APPENDIX D DETAILED PERFORMANCE REQUIREMENTS AND VERIFICATION

ACTIVITY DESCRIPTIONS

A. Performance Requirements

A 100 Setting performance requirements

101 Performance requirements should describe the essential requirements that a high risk element must meet,maintain, or provide on demand. Ideally it is a statement, which can be expressed in qualitative or quantitativeterms, of the performance required of a system, item of equipment or procedure and which is used as the basisfor managing a risk and any events requiring emergency response, through the lifecycle of the asset.

102 The most suitable performance requirement should ideally satisfy all of the following conditions:

— it requires measurement of the performance/capability of a parameter of the component/system— the measured parameter provides evidence of the ability of the component/system to prevent, or limit the

effect of, an unplanned event— acceptance criteria/range are defined for the parameter in question— the parameter can be monitored/measured.

Guidance note:

DNV’s experience is that performance requirements should be at a level that sets an objective for the element inquestion, they should not describe how that objective is to be achieved, or how it is to be demonstrated (verified), thisis part of the verification plan.


103 As a minimum the following characteristics should be considered in generating performancerequirements:

— functionality – what the element must achieve— reliability – how often it will be required to operate satisfactorily— availability – how often it will be required to operate on demand— survivability – the conditions under which it will be required to operate, e.g. if exposed to fire, blast,

vibration, ship impact, dropped objects, adverse weather etc.

104 The consequence of a performance requirement not being met (demonstrated) should also be considered.If the consequences are such that an unplanned event cannot result, or a significant reduction in theeffectiveness to prevent, detect, control, mitigate, or monitor a major unplanned event cannot result, then theperformance requirement should not be considered as necessary.

105 In the same way that parts of an asset may be considered as high risk for certain periods of its lifecycleit is possible for performance requirements to be applicable during specific phases of an asset’s lifecycle only.At all times that a part of an asset is high risk, there must be at least one performance requirement.

Guidance note:

Quantitative performance requirements for reliability or availability of an element are essential for high risk elementscontaining instrument-based protective systems. Where such performance requirements are specified, it isrecommended that the precise requirements are fully defined (i.e. not just “reliability to be ....”), that there is a clearmeans of verifying the requirement, and that verification can provide positive demonstration of the element’ssuitability. DNV’s preferred style of such performance requirements is to specify the maximum probability of failureon demand for each safety function (complete loop), consistent with the concept of Safety Integrity Level (SIL) asdescribed in IEC 61508.


B. Verification Activities

B 100 Developing Verification Activity Lists

101 The objective of an activity is to confirm that the performance requirements are achieved. Theverification activity list constitutes the main pert of the Verification Plan and corresponds to the example tablesincluded as Appendix to the object specific DNV-OSS.


Offshore Service Specification DNV-OSS-300, April 2004 Amended October 2011 – App.D see note on front cover

102 The list should give details of what needs to be done, by whom and when. For each performancerequirement there should be at least one examination activity. The activity list should include:

— what is to be done – a description of the examination activity to be performed to verify that the criteriaspecified in each performance requirement is met

— type of examination activity to be performed, e.g. inspection, witness, review, monitoring— extent of involvement in activity, where applicable (e.g. percentage of sample)— how often it is to be repeated (if at all, e.g. for initial suitability only)— unique identifier for each activity, for control and reporting purposes (ideally aligned to high risk element

and performance requirement identifier)— a clear reference to a specific performance requirement and high risk element for each activity— note of specific documents or processes (e.g. planned maintenance activities, rolling inspection

programmes) which will be used as a basis for verification or for reference as part of the examinationactivity.

103 The activity list should state which examinations shall only be performed prior to the high risk elementbeing put into service (examination for “initial suitability”). No further activities of this type will be performedduring operation, unless modifications are made to the element. Other examination activities (examination forcontinued suitability), especially during the operational phase, should be repeated at intervals specified toensure that the high risk element to which it refers maintains its suitability and adequacy. 104 The following may contribute to the specification of interval or frequency of examination:

— requirements of recognised codes and standards,— risk assessments— assumptions and conclusions of risk and/or reliability studies on relevant systems— extent of installation maintenance routines and inspection plans— interval between the asset operator’s assurance activities,— manufacturer’s recommendations for the equipment— findings of previous examination activities (including those for related high risk elements or performance

requirements).

105 The activity list may often (but optionally) be contained in a database application in order to facilitatethe dynamic process of modifications and updates, and also provides for a powerful management and reportingtool.


DNV-OSS-300: Risk Based Verification

Documents

Transcript of DNV-OSS-300: Risk Based Verification