4 field device maintenance, 5 module fault handling, Operation and maintenance plan – Rockwell Automation 8000 Series TMR System  User Manual

OPERATOR AND MAINTENANCE MANUAL

D o c N o 5 5 2 8 6 4

P a g e 2 o f 2 2

I s s u e 0 2 J u n e 2 0 0 4

1.4 FIELD DEVICE MAINTENANCE

During the lifetime of the system, it will be necessary to undertake a number of field
maintenance activities that will include re-calibration, testing and replacement of
devices. Facilities should be included within the system design to allow these
maintenance activities to be undertaken. Similarly, the operating and maintenance
plan needs to include these maintenance activities, and their effect on the system
operation and design. In general, adequate provision for these measures will be
defined by the client. Provided the facilities, i.e. maintenance overrides, are
implemented within the requirements specified within this document, no further
safety requirements are necessary.

It is highly recommended that the I/O forcing capability should NOT be used to
support field device maintenance. This facility is provided to support application
testing only. Should this facility be used, the requirements defined in para. 1.9 shall
be applied.

1.5 MODULE FAULT HANDLING

When properly configured and installed, the TMR system

is designed to operate

continuously and correctly even if one of its modules has a fault. When a module
does have a fault it should be replaced promptly to ensure that faults do not
accumulate, thereby causing multiple failure conditions that could cause a plant
shutdown. All modules permit live removal and replacement, and modules within a
fault-tolerant configuration can be removed with no further action. Modules in a
non-redundant or fail-safe configuration will require the application of override or
bypass signals for the period of the module removal to ensure that unwanted safety
responses are not generated inadvertently.

On-site repair of modules is not supported; all failed modules should be returned for
repair and/or fault diagnosis. The return procedure for modules should include
procedures to identify the nature and circumstances of the failure and the system
response. Records of module failures and repair actions shall be maintained.