​​This Appendix provides additional information and guidance on the assessment of existing interlock system (referred to as grandfather rights risk assessment) as well as key considerations for legacy systems that are currently in operation.

B.1 GRRA Purpose

The grandfather rights risk assessment (GRRA) needs to be carried out on existing legacy interlock systems that would be covered by SC40. It is the process that will determine whether a legacy, pre-existing, safety interlock system can continue to operate of under it’s ‘grandfather rights’ or that it needs to be reviewed and updated to current standards of interlock design and implementation for future facility safe operation. It relies on identifying the hazards and associated controls that are implemented and assessing the reliance on interlocks systems as part of the safety risk reduction strategy. The purpose of the GRRA is to highlight where existing controls rely solely, or very heavily, on interlock systems and therefore where there is a need to provide additional layers of protection or upgrade the existing controls.

B.2 GRRA Process

The process of carrying out the GRRA needs to, as far as possible, ensure that all existing systems that would be covered by SC40 are included. The following would be key steps in this process:

1. Identification of legacy interlock systems – systems across the department/Site identified and their name, location, purpose and system owner identified.
2. Carry out GRRA for each system – keep a documented record of the GRRA for future review.
3. Director Sign off – director reviews the legacy systems that are still in operation and approves their continued use to assure their safe operation based on the GRRA outcomes.
4. Periodic Review – the continued use and assessments of legacy systems are reviewed on a periodic basis to ensure that the system is still safe for use.

B.3 GRRA Considerations

As part of the GRRA the following elements should be identified and considered when assessing the suitability of legacy systems for operation:

• Hazards – Identify all of the potential hazards that are present on the equipment and whether the system addresses these.
• Level of risk – What is the level of risk present from the equipment, how is the equipment going to be used in all of its lifecycle phases (operations, maintenance, etc.) and what tasks are going to be performed?
  
• Controls – What controls, or layers of protection, are in place to protect against the hazardous scenarios? Do the existing controls provide a suitable breadth of protection against these?
  
• Amount of reliance on interlocks – are there limited other controls and the primary protection is the legacy interlock system? Depending on the level of risk, is this a suitable application for a legacy interlock system?
  
• Level of regular testing – is it tested, if so how frequently should it be tested to maintain GRRA approval?
  

B.4 People Involved

The GRRA process should involve a range of competent personnel involved in the full lifecycle of the equipment. This should include:

• System Owner (Leads the GRRA)
• Operators
• Maintenance teams
• Design team

B.5 Upgrading Legacy Systems

Although the use of legacy system is not time limited and their continued use can be justified through the use of the GRRA, there are some conditions that should be considered as triggers for upgrading legacy systems (not renewing legacy systems).

Examples of such triggers would be:

• Major upgrade – A significant change to a legacy system should trigger serious consideration of a full replacement.
• Defined lifetime – when the system was installed did it have a defined operational lifetime? If so, what are the implications of exceeding this on the reliability of the system, both as a whole and for individual components?​
  
• Performance – have there been any performance issues with the system or repeatable hazardous conditions that have identified?
• Spares availability – consideration given to whether the system can be maintained going forwards or if an upgrade is required to ensure continued safe operation.
• Documentation – what is available? If there is limited documentation available and/or also limited expertise in the system’s operation then consideration should be given to whether safe operation is possible and whether it could be maintained.
• High reliance on operation – where a legacy interlock system is providing all, or a significant proportion, of the protection against the identified hazards consideration should be given to whether this is appropriate.​
  

B.6 Director guidance

Where a director requires expert guidance, in the first instance they should approach SHE Group who can direct them to sources of in-house and external interlock expertise.