Fundamental to IEC 61511 and the prevention of systematic failures is the safety lifecycle. The objective of the safety lifecycle is to define the various phases from concept to decommissioning of a SIS. When applied, each phase should be documented to demonstrate all phases of the safety lifecycle have been clearly defined and the appropriate requirements realised. The following presents the IEC 61511 safety lifecycle. International Electrotechnical Commission (IEC)61511-1:2016, 3.2.24 – investigation, based on evidence, to judge the functional safety achieved by one or more Safety Instrumented System (SIS) and/or other protection layers. Functional Safety Assessments (FSA)(s) are judgements made by assessors so as to ensure that functional safety is achieved. The assessments rely more on the awareness and technical competence of the assessor. The Functional Safety (FS) assessment will focus more on the technical aspects in addition to the procedural aspects. To ‘achieve functional safety’ means that the specified levels of risk reduction are achieved by applying electrical, electronic or programmable electronic safety related systems. To do that we need to demonstrate that the probability of dangerous failures (or the rate of dangerous failures) is sufficiently low to meet the risk reduction target. That means we need to show that both the probability of random hardware failures and the probability of systematic failures have been controlled. FSA is a feedback mechanism for senior management. It is a way of monitoring the effectiveness of risk management strategies that rely on automated safety systems (i.e. functional safety). FSA provides evidence of due diligence in duty of care: Have we made a reasonable effort to reduce the risks that people or the environment are exposed to. IEC61511-1:2016, 3.2.25 – systematic and independent examination to determine whether the procedures specific to the functional safety requirements comply with the planned arrangements, are implemented effectively and are suitable to achieve the specified objectives. Note: A functional safety audit may be carried out as part of a FSA. The purpose of the Functional Safety Audit is to determine if functional safety procedures are being correctly and effectively implemented during the project execution. The audit provides a useful means of assessing how effectively systematic failures are being controlled by using procedures to prevent errors in design, construction or operation. Note that it does not provide any judgement on whether functional safety has been achieved or maintained during the project. It typically forms part of the Quality Management System (QMS) of the organisation responsible for the respective phase of the safety lifecycle. The records of the audits are reviewed as part of the FSAs. Audit is also a feedback mechanism for senior management. Its purpose is to monitor how well people understand and apply procedures, and whether those procedures are practicable and effective. IEC61511-1:2016, 3.2.27 – confirmation by examination and provision of objective evidence that the requirements have been fulfilled. Verification
achieved by demonstrating for each phase of the relevant SIS safety lifecycle
by analysis and/or tests, that, for specific inputs, the outputs meet in all
respects the objectives and requirements set for the specific phase. Verification
is simply the process of confirming that something (anything at all) has been
produced correctly. Within the safety lifecycle, verification is a functional
safety management activity which should be carried out at every stage to ensure
systematic integrity. It is part of the normal engineering quality process
carried out through checking, review, inspection or testing. Verification
records could include check prints, completed checklists or inspection and test
records. Validation in comparison to verification is a specific lifecycle phase
which takes a wider view because it looks at the overall completed system.
Validation always relies on verification techniques as a way of showing the
system meets all of the specified requirements in every regard. It should be
noted that the validation process must also be verified. Verification
is at a lower level and relates to individual components or documents.
Verification never relies on validation. FSA looks for evidence that
verification has been completed effectively. IEC61511-1:2016, 3.2.86 – confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled. Validation
means demonstrating that the Safety Instrumented Functions (SIF)(s) and SIS
after installation meet the Safety Requirement Specification (SRS) in all
respects. Validation is part of the normal engineering quality process and is a
fundamental feedback mechanism. Its purpose is to show that a finished product
has been built to meet the specified requirements. The
purpose of validation is to demonstrate the end product works correctly as
required. This may be demonstrated during commissioning, if the commissioning
tests were planned with traceability to the SRS.Validation
never considers FSA but in contrast, FSA must always assess the validation
process and results.
