The Functional Safety Assessment (FSA) is a process required to manage the operational stages in a process plant. It consists of evaluating whether a device or a system meets functional safety requirements.
The Functional Safety Assessment (FSA) concept is associated with the development of engineering and commissioning stages and concurrently it is required by regulations for the operational and modification stages too. Based on IEC 61511 edition 2.0, testing in functional verification stages is required and applicable both in programming stage and in hardware testing. The purpose of the FSA is to have an independent and expert judgment based on a procedure that is part of the functional safety management plan. Key point of this assessment is the technical, operational, and regulatory expertise referred to IEC 61511. On the other hand, the result of an FSA needs to prove that the functional safety and integrity requirements of each Safety Instrumented Function (SIF) and Safety Instrumented System (SIS) are met. The previous edition of IEC 61511 required minimum one FSA lifecycle to be carried out, typically divided in 3 stages. The current edition 2.0 requires all five stages to comply with the standard and the involvement of independent expert personnel in the various technologies the application encompasses, in applicable regulations, and in safety standards.
The FSA team shall review in detail the work carried out on all stages of the lifecycle prior to continue to the next one and shall be identified during safety planning and part of the Functional Safety Management (FSM) plan.
IEC 61511 Safety Life Cycle Management
FSA - Stage 1
Once the Safety Requirement Specification (SRS) - the primary safety document of a process plant - is completed and before releasing it to the design team for SIS determination, stage 1 of the FSA shall be carried out. Typically, in this stage the hazard risk analysis is evaluated and confirmed along with the HAZOP (HAZard and OPerability analysis) or LOPA (Layers of Protection Analysis) reports. The SRS document is able to cross check every single SIF description in comparison with the IEC61511 chapter 10 requirements.
FSA - Stage 2
Once the SIS has been built by the system integrator/manufacturer, then stage 2 of FSA shall be carried before shipping the SIS to the end user. Stage 2 FSA is executed during or along with the Factory Acceptance Test (FAT) as a witness test that all of SIF and SIS content as per SRS have been built correctly and tested. Typically, in stage 2, SIF design requirements, SIL target estimation, SRS requirements, safety PLC configuration, and application program functionality are evaluated and confirmed.
FSA - Stage 3
Prior to hazards being assessed, the FSA team shall carry out stage 3 often referred to as PSSR (Pre-Startup-Safety-Review) to implement the Health Technology Assessment (HTA) and design change procedures. Recommendations from previous stages are resolved while the SIS is designed, implemented, and commissioned in accordance with the SRS. Safety, maintenance, and emergency procedures related to the SIS are carried out. Employee training is completed, and appropriate information is provided to the personnel with additional strategies for implementing the FSA.
FSA - Stage 4
After gaining experiences in the operations and maintenance phase, a periodic FSA (stage 4) shall be carried to ensure that activities are being carried out according to the assumptions made during design, and that IEC 61511 requirements for safety management and verification are being met. The frequency for periodic FSA is often driven by regional regulatory authorities but is typically anything between 1 - 3 years. Typically, proof tests, SIF requests, and field-detected failures data are evaluated and validated.
FSA - Stage 5
FSA stage 5 includes a modification activity that shall not begin until a FSA is completed and after proper authorization. Once the modification activity is completed, another FSA stage 5 shall be carried out again to assess and confirm that the requested modification is meeting safety integrity requirements. The authorized Management of Change (MOC) procedure has been followed ensuring safety status and functional safety. Concurrently, as-built documentation is updated.
Conclusions
The importance of functional safety assessments should not be underestimated. Of course, the expertise of the FSA team is critical, starting from the judgment skills of senior experts. IEC 61511 compliance implies that all applicable FSAs have been performed. From stage 1 (risk analysis) through stage 5 (installation, commissioning, and validation) of Safety Lifecycle Management, FSA judgment must be made by a competent senior person not involved in the design of the SIS activities. From stage 6 (SIS operation and maintenance) through to stage 8 (decommissioning), the FSA assessment must be performed by a high-level competent person who is also not involved in the operation and maintenance of the SIS system. Concerning FSA stages 1, 2, 3, 5, all FSA experts’ judgments must be compliant with the IEC 61511 edition 2.0. A certification is not required for FSA compliance, while verification, validation, and audit activities are provided. Furthermore, IEC 61508 requires an assessment for SIL1 done by an independent person, an assessment for SIL2 done by an independent department, and an independent tout court assessment for a SIL3. FSA outcome is a document, or a report, that demonstrates how the functional safety and integrity of a given SIF/SIS is met. Thus, there are many factors that contribute to being in compliance with IEC 61511. FSM and FSA are evidence of the quality of a project. End-users and process managers often required certifying a SIF function and a SIS system, and in this case the certificate purpose is to demonstrate that all devices/instruments are suitable for that particular SIL application.
