Professional Documents
Culture Documents
240-119638133 Control Systems Design For Redundancy and Diversity Standard
240-119638133 Control Systems Design For Redundancy and Diversity Standard
Standard
Management
Revision: 2
Total Pages: 20
17/01/2022
Date: …………………………… 18-Jan-2022
Date: …………………………… 2022-01-27
Date: ……………………………
Supported by SCOT/SC/TC
…………………………………..
Dr. Craig D. Boesack
Power Plant C&I SC
Chairperson
17/01/2022
Date: ……………………………
CONTENTS
Page
EXECUTIVE SUMMARY .............................................................................................................................................. 3
1. INTRODUCTION ...................................................................................................................................................... 4
2. SUPPORTING CLAUSES ........................................................................................................................................ 4
2.1 SCOPE .............................................................................................................................................................. 4
2.1.1 Purpose ..................................................................................................................................................... 4
2.1.2 Applicability................................................................................................................................................ 5
2.2 NORMATIVE/INFORMATIVE REFERENCES .................................................................................................. 5
2.2.1 Normative .................................................................................................................................................. 5
2.2.2 Informative ................................................................................................................................................. 5
2.3 DEFINITIONS .................................................................................................................................................... 6
2.3.1 Disclosure Classification ........................................................................................................................... 6
2.4 ABBREVIATIONS .............................................................................................................................................. 6
2.5 ROLES AND RESPONSIBILITIES .................................................................................................................... 7
2.6 PROCESS FOR MONITORING ........................................................................................................................ 7
2.7 RELATED/SUPPORTING DOCUMENTS ......................................................................................................... 7
3. CONTROL SYSTEMS DESIGN FOR REDUNDANCY AND DIVERSITY .............................................................. 8
3.1 GENERAL REQUIREMENTS FOR REDUNDNACY ...................................................................................... 10
3.2 CONTROL SYSTEM DESIGN FOR RELIABILITY ......................................................................................... 12
3.3 INDEPENDENCE OF CONTROL SYSTEMS ................................................................................................. 13
3.4 REDUNDANT CONTROL SYSTEMS AND DIVERSITY ................................................................................ 13
4. REDUNDANCY AND DIVERSITY IMPLEMENTATION ........................................................................................ 15
4.1 USE OF NON-REDUNDANT CONTROL SYSTEMS ..................................................................................... 15
4.2 CONTROL SYSTEM REDUNDANCY AND DIVERSITY ................................................................................ 16
4.3 IO REDUNDANCY REQUIREMENTS ............................................................................................................ 19
4.4 HMI INTERFACING REQUIREMENTS FOR REDUNDANCY ....................................................................... 19
5. CONCLUSION ........................................................................................................................................................ 20
6. AUTHORISATION .................................................................................................................................................. 20
7. REVISIONS ............................................................................................................................................................ 20
8. DEVELOPMENT TEAM ......................................................................................................................................... 20
9. ACKNOWLEDGEMENTS ...................................................................................................................................... 20
FIGURES
Figure 1 – Basic Principles of Control System Redundancy (modified based upon [5]) .............................................. 8
Figure 2 – Control System Redundancy Architecture [5] ............................................................................................. 9
TABLES
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 3 of 20
EXECUTIVE SUMMARY
This standard presents guiding principles for implementing control system redundancy and diversity.
Redundant systems are designed to ensure the availability of process plant, systems and within the
context of this standard, the dependability of control systems. Diversity focuses on the design of
control systems to protect against common cause failures, and therefore redundantly diverse control
systems forms the basis of modern power plant automation and control.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 4 of 20
1. INTRODUCTION
This standard presents guiding principles for implementing control system redundancy and diversity.
Redundant systems are designed to ensure the availability of process plant, systems and within the
context of this standard, the dependability of control systems. Diversity focuses on the design of
control systems to protect against Common Cause Failures (CCF) or Common Mode Failures
(CMF), and therefore redundantly diverse control systems forms the basis of modern power plant
automation and control.
Furthermore, the terms CCF and CMF are used synonymously within this standard and describes
the potential causes of common control system failure, which should be considered during the
development of risk assessments to influence the design of C&I systems to prevent CCF’s or
CMF’s. To prevent CCF’s, focus during C&I design should be applied to both the design of control
system hardware, and the design of control system software with their varied components to
mitigate failure.
The design of these systems to meet the objectives is of great interest to C&I design and give
assurance to the reliable operation of control action during both normal and abnormal events. The
degree of assurance and quality obtained in C&I design is proportional to the principles of
redundancy implemented and the operational and maintenance practices followed throughout the
life of the control system.
It should be noted as well, that strict analysis is needed in control system development, to
investigate failure mechanisms and to design accordingly to mitigate failure. This requires clear
functional specifications, of logical design, requirements for testing and especially the separation of
control and protection systems. These are largely influenced during conceptual design studies and
specific failure modes analysis of control systems and technology.
Therefore, this Standard provides guidance and best practice on the design of power plant control
systems to meet the objectives of highly available and reliable control system operations.
2. SUPPORTING CLAUSES
2.1 SCOPE
This document sets forth requirements for performing C&I design to meet the functional objectives
for Redundancy and Diversity. It is particularly focused on control system design and in some
measure relates to all aspects of power plant automation and control. It provides guidelines in terms
of redundancy, control system independency and design through diversity. It focuses especially on
digital control systems, such as modern DCS technologies and solutions and has application to both
control and protection systems. However, the applications under control systems are presently
given preference in this standard.
It should be noted that this Standard does not replace sound engineering practice and processes
but aims at providing a process to document principles for use during the engineering and
construction of control systems. To this end, the document provides sufficient information to
successfully implement Control System Design for Redundancy and Diversity.
2.1.1 Purpose
The purpose of this Standard provides minimum guidelines for Control System Design to meet the
following objectives.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 5 of 20
4. To consider acceptable hardware architecture, for Field, Automation Systems, Networks, HMI
and Actuation, for the design of redundant and diverse C&I application.
2.1.2 Applicability
The Standard is applicable to the Generation fleet of Coal Fired Power Plants only.
Excluded are.
1. Nuclear Power Plants, Hydro Stations, Gas Stations and Renewables Stations.
2. Transmission and Distribution.
The Standard is intended for those in the control systems design and application fraternity and
includes the follow people.
3. Control System Engineers (e.g., Power Plant C&I System Engineers).
4. Control System Design Engineers (e.g., C&I OEM’s and Contractors).
5. Instrumentation and Control Technicians (e.g., those Operating and Maintaining of C&I
Systems).
This Standard is to be used throughout the lifecycle of the redundantly diverse control system and is
to be used in the following project stages.
6. Design.
7. Installation.
8. Configuration.
9. Logical Programming.
10. Testing and Commissioning.
11. Operations and Maintenance of Systems.
2.2.1 Normative
[1] ISO 9001 Quality Management Systems.
[2] Engineering Change Management Procedure.
2.2.2 Informative
[3] “Defences Against Common-Mode Failures in Redundancy Systems – A Guide for
Management, Designers and Operators”, SRD R196, AJ Bourne, GT Edwards, DM Hunns,
DR Poulter, IA Watson, January 1981.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 6 of 20
[4] “Common Cause Failures and Ultra Reliability”, Harry W. Jones. NASA AMES Research
Center.
[5] “4 Design of Fail-Safe Computer System”, Dr. Charles Kim. Electrical and Computer
Engineering Howard University.
[6] Patrick D.T. O’Connor (1985). “Practical Reliability Engineering”, 2nd Ed.
2.3 DEFINITIONS
Definition Description
Common Mode Failure A Common Mode Failure is the result of an event(s) which
because of dependencies, causes a coincidence of failure
states of components in two or more separate channels of a
redundancy system, leading to the defined systems failing to
perform its intended function [3].
Common Cause Failure A common cause failure is a specific type of dependent
failure where several failures result from a single shared
cause. A common event failure is a specific type of common
cause failure where multiple failures result from one single
external event. The failures are usually simultaneous or
nearly so. Or, common event failures can occur in an
extended cause and effect sequence, called a cascade
failure. Common event failures are a concern for on-line
redundant systems [4].
2.4 ABBREVIATIONS
Abbreviation Description
C&I Control and Instrumentation
CCF Common Cause Failure
CMF Common Mode Failure
DCS Distributed Control System
EMI Electro-Magnetic Interference
HMI Human Machine Interface
IO Input / Output
OEM Original Equipment Manufacturer
PLC Programmable Logic Controller
SCADA Supervisory Control and Data Acquisition
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 7 of 20
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 8 of 20
Control Output
Sensor Module A (Main)
Error Detection
Error / Alarm
Module B
Redundancy Principle A
Sensor Module A
Voting System
Control Output
Module B
Redundancy Principle B
Figure 1 – Basic Principles of Control System Redundancy (modified based upon [5])
The principles of control system redundancy are illustrated in Figure 1. It is clear to see that
redundancy bears with it aspects of fault detection, reliability of operation and principles of fault
tolerance.
These are applied to all aspects of the control system design and includes although not limited to
the following C&I components.
1. Controllers, PLC’s and DCS’s.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 9 of 20
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 10 of 20
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 11 of 20
f. Via Software.
g. Technology specific Switchover is to be clearly known and documented.
7. The overview of the requirements for control system redundancy is tabulated in Table 1. (The
checklist below gives some additional design considerations for redundancy. However, a word of
caution on the use of checklists (or templates) especially when designing of control systems, is
briefly given. During the development of the checklist, effort has been given to the accuracy of
the template and of its content; it has been consulted with stakeholders. However, it should not
be blindly applied; a working knowledge of the system engineering is required for the
implementation of redundant system. A full understanding of the design, its context and rationale
is required).
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 12 of 20
12. What are the failure modes of networked devices, communication interfaces and
how is the network architecture tolerate to failure and its mitigation?
13. It is important to consider Control System Interfaces and its given boundaries.
This includes aspects of dependencies and also interfaces to external system
components.
14. Document the effects of system failures on interfacing systems.
15. Configuration management of DCS systems to implement necessary redundant
control functions shall be defined.
16. Operational and Maintenance aspects of the life cycle of control system
technologies need to be considered during design stages.
Modern power plant control systems are large integrated systems, varying in technology and digital
complexity and in order to meet the objectives of reliability, effective design principles needs to be
followed. Reliability is concerned with the likelihood of failure and all aspects of design which
contributes to failure.
The reliability of control systems depends upon the structure and architecture of the system, its
components, and sub-systems. It is further dependent upon the probability that the system will
perform according to the specifications of the design. It is therefore necessary to understand these
design aspects, and to implement design solutions within control systems for mitigating the effects
of failure.
The intent of this discourse is not to focus on the mathematical aspects of reliability (this is
contained within referenced texts), but to give practical insight into the design of reliable and robust
control systems.
Systems shall be carefully designed and shall consist of the following design elements:
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 13 of 20
Control Systems for power plant automation are to be designed functionally separate. This includes
elements of systems interdependence and system separation. This is especially true in the case of
Control Systems and Protection Systems; however, depending upon the design requirements
systems can have some measure of separate independence. This includes elements of different
systems, physical separation and having different automation systems performing different
functions.
As an example of this, functional separation of control systems according to functional areas
implemented on different automation processes for part of the independence of control systems. In
this case, failure of one functional system does not impact failure of the entire system but may
cripple the capability of the system. Therefore, physical redundancy of systems is followed
functional independency according to functional area dictates.
Design diversity has been applied to protect against Common Mode Failures and has been used in
both the design of hardware systems and that of software systems. In general, CMF’s or CCF’s
include errors in design, operational failures and can also be attributed to interferences such as
Electro-Magnetic Interferences (EMI) or power supplies to name but a few. A large percentage of
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 14 of 20
these can be mitigated through defence in depth of design and by considering the principles
contained in this Standard.
The use of redundancy in C&I control system design is to enhance the reliability and dependability
of the system. The assumption used during the application of redundancy principles is that if one
component fails, the remaining systems will continue to give the correct control response. This
inherently makes the control system resistant to faults and failures. Therefore, different systems are
required to fail independently and to have no common or overlapping failure mechanisms.
To achieve this, diversity focuses on implementing control functions, two or more redundant
systems or components with different attributes. In practice, this may be achieved through varied
components based upon different designs, design principles or may even consist of different OEM
solutions. The motivation behind this approach is that although system may functionally perform the
same function, because of its diversity, its respective mode of failure will be different.
The principles of diversity are applied to all aspects of control system design.
1. Design Diversity.
2. Equipment Diversity.
3. Functional Diversity.
4. Signal Diversity.
5. Logical (or Software) Diversity.
Strategies for realising diversity consist of the following general approaches and can be applied to
power plant automation in its entirety.
1. Diversity strategies based upon different technologies.
2. Diversity strategies based upon different approached within the same technology.
3. Diversity strategies based upon different architectures within the same technology.
It is important to note that the overall dependability of the control system is enhanced by the
application of diversity principles, and enhances the reliability of the control system architecture, its
configuration and design.
The implementation of hardware diversity is well understood since it yields a low probability of
failure. However, software diversity requires design effort and may require specific design
dedication and engineering. It should be noted as well, that the more complex systems become, the
more difficult the implementation of diversity becomes. Aspects relating to design, development,
installation, operation, and maintenance become immediate design challenges which is needs to be
carefully considered along with practical and financial restraint.
In the case of software diversity, one of the more applied concepts to achieve software diversity is to
acquire multiple versions of the software using different software development teams. The
reasoning behind this approach is that different software developers will make different mistakes
within their software and using different logical algorithms.
Depending upon the criticality of the control and protection system, there is a compromise between
simplicity of design and reliability. As the complexity of the design increases, the number of
components to the system also increases which can have a negative impact on system
performances and may lead unexpected failures or system interactions.
Therefore, the first rule in control system design is simplicity of design to meet the functional intents
of the design objective. This is then verified through both pre and post analysis.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 15 of 20
It is mindful to consider the application of when redundancy is not required, and for this reason not
all control systems are configured redundantly. The use of single automation processors (PLC’s,
standalone controllers or simplex control systems) is feasible in many situations; however,
engineering analysis and design is thoughtfully required.
In most cases the level of redundancy required for control systems needs to match the level of
redundancy of the physical plant. Depending upon the control topology selected, and the control
architecture designed, the availability of the control system needs to be higher than that of the
physical plant.
Examples of where simplex systems can be used are as follows:
1. Simple skid control systems – many standalone systems use single automation systems, and
this is where the availability of the system is not high.
2. Considerations of cost – increasing redundancy increases cost, therefore many control system
installations weighs aspects of cost.
3. Levels of availability – the levels of control system availability will dictate the levels of
redundancy required.
a. Field Networks – Simplex control systems typically are configured with single networks and
provides a means of communication between networked field devices and the automation
processor. Examples include various forms of Fieldbus, such as Profibus.
b. Control Level Networks – the automation networks are very seldom selected as simplex
networks. However, in smaller control applications, or standalone applications (such as
individual control skids), these are selected as simplex.
c. Actuator / Sensor Interfaces – The interface between actuators and sensors (instrumentation)
takes place through hardwired IO, remote IO, and in some cases via fieldbus.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 16 of 20
The generally accepted methodology form implementing principles of redundancy and diversity is to
follow modular and scalable hardware architecture. This makes provision for modifications and
changing control system requirements throughout the life of control system equipment.
Control systems shall follow the following design principles for achieving redundancy and diversity:
1. Individual control systems shall be used for the Units.
a. Individual control systems for every Unit.
b. Individual control systems for the Common Plant.
2. Each control system (depending upon its specific application) shall in principle consist of the
following elements.
a. An automation system for performing basic automation and control task, such as the
acquisition of measured variables from the field, performs open loop and closed loop control
functions, and commands for actuation.
b. Automation system processors shall be based upon a 1 out of 2 principles, and switches from
“master” to “slave” in the event of a fault.
c. Safety related automation and protections systems. A separate protection system from the
automation system shall be installed.
i. Turbine Protection.
ii. Boiler Protection.
d. Communication modules for networked integration with third party systems, such as PLC’s,
DCS’s and standalone controllers.
e. Operating and Monitoring Systems, this includes all HMI systems. The HMI system for each
Unit / Common Plant shall be redundantly configured.
f. All servers form part of control systems shall be redundantly configured.
3. Networked communication shall be redundant and single fault tolerant.
4. The control system architecture is designed in such a manner that no single component failure
can results in a major plant failure. The basic concept of system (or plant control function)
allocation to automation processes is given in Table 2 and Table 3. All AP’s are redundant,
which include communication networks.
5. Power supplies shall be configured redundantly. No load sharing distribution shall be allowed.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 17 of 20
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 18 of 20
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 19 of 20
It should be noted as well that the distribution of AP’s according to functional areas shall be
diligently implemented; taking the number of AP’s available as per design and an effective cost
compromise between the numbers of AP’s used.
A knowledgeable and experienced control system engineer shall follow a systematic approach in
the design allocation of AP’s to functional areas and subsystems. The design principles in the
allocation of AP’s shall consider aspects of redundancy, mitigation of control system failure,
mitigation of MUT risk, and on performing the necessary critical design decisions for control system
architecture and functions. A conservative and systematic approach shall maximise availability of
plant control systems.
IO modules provide the hardware interfacing requirements for the control system. This interface
consists of field instrumentation, transduces, sensors and actuators. The configuration of the
automation system defines the IO architecture and the requirements for IO redundancy.
Most IO modules can be configured for redundant (duplex) or non-redundant (simplex) operations.
The wiring configuration of the IO module shall allow for redundant connections. The modules shall
be located within the same IO module base, or completely within separate IO module bases. It is
recommended that redundant IO modules be separately located on different bases.
IO modules perform analogue to digital conversion of process variables (such as temperature,
pressure, or other measurable quantity). These modules then perform the data conversion required
for analogue, digital, current or voltage and input or output into digital format or vice versa.
Typical redundant configurations for IO are:
1. One out of two (1oo2).
2. Two out of three (2oo3).
3. Two out of two (2oo2).
One out of two (1oo2) configurations is safe, while two out of three (2oo3) configurations provide
both safe and reliable operations. Two out of Two (2oo2) configurations are less safe and is not
recommended without an overall assessment of the safety requirements.
In addressing common mode failure, IO configurations 1oo2 and 2oo3 shall be used.
High availability control systems make extensive use of redundancy for all control system
components, which includes the Human Machine Interface (HMI). The intent of HMI redundancy
ensures the operational integrity of the control system in the presence of hardware failure, and it
enables plant operation during failure.
As discussed before, redundancy is implemented through automation redundancy, IO redundancy
and through HMI redundancy.
HMI redundancy shall consider the following aspects in its design:
1. HMI client workstation redundancy – each HMI workstation shall be designed with a specific HMI
function in mind, and segregated in its control, distributed function and in concept of power
supply.
2. HMI servers are redundantly configured – each server is active and in the case of failure the
“standby” redundant server shall take over.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.
Control Systems Design for Redundancy and Diversity Unique Identifier: 240-119638133
Standard Revision: 2
Page: 20 of 20
3. HMI redundancy assumes redundant network communication – this is providing for reliable and
undisrupted control operation. This also applies to redundant network switches.
5. CONCLUSION
Redundancy and Diversity of Control System design are important concepts to mitigate technical
risk and to improve on the reliability and availability of control systems. This standard has given
some guidance on redundantly diverse control systems and their application.
6. AUTHORISATION
This document has been seen and accepted by:
Name Designation
Andrew Botshe Manager: C&I (Generation)
Christoph Kohlmeyer Chief Engineer: C&I
Cornelius Visagie Chief Technologist: C&I
Jorge Nunes Chief Engineer: C&C
Khaya Sobuwa Chief Engineer: C&I
Paul Du Plessis Chief Technologist: C&I
Prudence Madiba Senior Manager: C&I.
Zubair Moola Chief Engineer: C&I
7. REVISIONS
Date Rev. Compiler Remarks
September 2016 0.0 CD. Boesack First Draft for internal Review
February 2017 0.1 CD. Boesack Final Draft for Formal Comments Review Process
February 2017 0.2 CD. Boesack Updated Final Draft after Comments Review Process
February 2017 1 CD. Boesack Final Document for Authorisation and Publication
January 2022 1.1 CD. Boesack Minor updates for renewal.
January 2022 1.2 CD. Boesack Updated Final Draft after Comments Review Process
January 2022 2 CD. Boesack Final Rev 2 Document for Authorisation and Publication
8. DEVELOPMENT TEAM
The following people were involved in the development of this document:
• Dr. Craig D. Boesack
9. ACKNOWLEDGEMENTS
• Cornelius Visagie.
• Jorge Nunes.
CONTROLLED DISCLOSURE
When downloaded from the EDMS, this document is uncontrolled and the responsibility rests with the user to ensure it is in line
with the authorised version on the system.