characteristically have safety-significant SSCs. They may need safety-class SSCs as well,
although this is not typically expected.
Hazard Category 2 and 3 facilities do not have the consequence potential associated with
Hazard Category 1 facilities, such as Class A reactors. Consequently, in keeping with the
use of a graded approach, the means of safety assurance expected of Class A reactors,
such as formal design reconstitution and full, formal environmental qualification, are
generally unsuitable for Hazard Category 2 and 3 facilities. DSA preparers (and
subsequent revie wers) should not expect this level of information to be attained, especially
for SSCs for which the original design is not documented.
Precedent for dealing with facilities where the original technical information is
undocumented and must be estimated has been provided by OSHA in the PSM
rulemaking where it was stated "OSHA believed that a properly conducted process
hazard analysis should systematically identify technical information regarding the
process and allow adequate estimation of safe parameters for the process." The actual
requirement imposed by OSHA was "where the original technical information no longer
exists, such information may be developed in conjunction with the process hazard
analysis in sufficient detail to support the analysis."
The DSA specifically requires determination of safety functions and functional
requirements for safety SSCs and designation of performance criteria. However, a DSA
prepared in accordance with this Standard is focused on identifying functional
requirements that, in general, are neither absolute nor subject to fine safety margin
resolution. Further, associated performance criteria are only defined for critical
operational aspects of SSCs, not general design. As noted in the preceding paragraph, if
the design information no longer exists, new information may be developed as part of the
process hazard analysis. However, pertinent existing safety analyses and design
information (requirements and their bases) that is immediately available or can be
retrieved through reasonable efforts should be used. For additional technical information
that is critical to the DSA development and is not retrievable through such efforts, new
information may be developed as part of the hazard analyses and accident analyses.
Documented e ngineering judgments (including their bases) and testing can be used to
extrapolate the available existing information and hence establish the performance
capabilities of the existing SSCs. In general, safety-class SSCs require more formality in
establishing functional requirements and performance criteria than safety-significant SSCs
due to their public protection function.