Functional Safety Management: It’s more than just hardware and software
A common flaw in functional safety is to focus purely on the reliability of hardware and software, relying on calculations to demonstrate that the target Safety Integrity Level (SIL) for a Safety Instrumented Function (SIF) will be achieved, giving relatively little thought to the management processes. The reality is, however, that a Safety Instrumented System (SIS) is only as reliable as the processes used to manage specification, design, installation, proof-testing and maintenance.
The functional safety standards, BS EN 61508 and BS EN 61511, set out a lifecycle approach – a form of quality plan – for functional safety management to root out systematic failures that might otherwise compromise safety. It is the responsibility of duty holders to ensure that the key stages within this lifecycle model, or similar, are adequately covered by their own safety management systems and if they are not, to ensure that steps are taken to upgrade their systems, standards and procedures accordingly. Responsibility for this often lies at several levels within an organisation, and third parties may also be employed, but all those involved should be asking themselves:
The SRS is a key document within functional safety management and is required for both design and validation of the SIS. All lifecycle activities should be aligned to the SRS with an understanding that the SIS must meet and continue to perform as per the specification. FSAs are conducted to independently verify that functional safety has been achieved at the relevant stage, acting as an assessment of the adequacy of the work performed at key stages of the safety lifecycle.
Recent changes in the BS EN 61511 Edition 2 (2017) standard include the mandatory requirement for FSA stages 4 and 5 during the operational and maintenance phases of the lifecycle. Organisations now need to collect data and determine if the SIS is performing as detailed within the SRS, conducting impact assessments on any changes made.
The work involved in designing, installing, testing and maintaining SIS requires significant time and effort and is further complicated in the case of legacy equipment which might pre-date the latest standards. Does this mean that you need to replace existing equipment with certified systems? … Fortunately, not. Functional safety standards place no requirement at all to certify equipment or people. The only requirement is to have competent people and equipment which is fit for its intended purpose. And since Edition 2 of the standard places a requirement to measure the on-going performance of all SIS (new or old), organisations can potentially benefit from data collection to support a “prior use” demonstration, avoiding the need for costly re-engineering.
All of this requires effective management systems, procedures and metrics to be in place so that those involved understand what needs to be done, why and when, and those in charge receive the information they need to remain confident that SIS are performing as intended.