The Functional Safety Management (FSM) is the glue that holds the safety lifecycle in IEC61511 together. Achieving compliance and SIL requirements needs a plan that covers all phases of the safety lifecycle.
FSM is about the 3 P's: People, Paperwork, and Procedures. It is specifically intended for reducing and preventing systematic failures that creep into the lifecycle. In fact, functional safety standards require a cross-checking of all activities involved. This approach is applied to the whole lifecycle of safety equipment. Both risk analysis (SIL requirement) and the process of implementing risk reduction measures must be evaluated accordingly. Then, it is explicitly necessary to specify the importance of processing the full safety lifecycle, including mandatory documentation.
Functional Safety Management avoids systematic failures and ensures that all activities and outputs (documents, hardware, software) that affect risk reduction can be monitored and verified. A safety management system has to be designed to ensure that safety instrumented systems (SIS) are able to maintain the process in a safe condition.
Functional Safety Management planning defines activities, criteria, techniques, measures, procedures, organization, and responsibilities to ensure that SIS and SIF functional integrity and safety requirements are achieved after installation, maintaining safety integrity during operations (test, coverage, failures analysis) and managing process risks during maintenance activities.
Safety lifecycle
SIS lifecycle is defined during safety planning, including application programming activities. Each phase of the SIS safety lifecycle is defined in terms of inputs, outputs, and activities check. Process safety implies keeping processes under control and stopping the loss of hazardous materials from pipes, tanks, and process equipment. This is the concern of many different disciplines and materials, process, mechanical, electrical, control and instrumentation experts, as well as process safety professionals.
Functional safety is a part of the overall approach to plant process safety. When hazardous events occur, instrumentation and automation devices such as sensors, logic controllers, and final elements (e.g. valves) will bring the process to a safe state. When properly applied, functional safety principles should ensure that any hazardous event is prevented or mitigated by equipment designed with the right and suitable level of integrity for the considered risk.
IEC 61511 standard establishes the safety lifecycle for the process industry. It is essentially a staged representation of the different activities needed to assess hazards, to prevent or enumerate risks. Safety lifecycle focuses on safety instrumented systems (SIS) as one of the critical layers of specialized protection that need careful specification, designing, testing, and maintenance.
A well-designed FSM scheme has to contain measures to ensure that all personnel should be competent in lifecycle part for which they are responsible. It must also provide effective policies, planning, and procedures to control all lifecycle activities, from the initial SIS designing to its maintenance or modification. Another key topic of functional safety standard is the need for verification. If a person completes a task, a different one should be responsible for its verification. This approach is fairly common in engineering, but should take on a new level of accuracy and importance when systems are designed for safety.
Standard complexity
IEC61511 is largely non-prescriptive in how it can be applied; this provides great flexibility in SIF and SIS designing and entails additional complexity in terms of compliance. Then, the standard does not recommend who is responsible for each activity in the SIS safety lifecycle, does not require any specific techniques (HAZOP, LOPA, etc.), does not oblige to follow special requirements for not instrumented safety functions, and does not require any specific SIL level.
To comply with IEC 61511-1:2016, it must be demonstrated that each of the requirements outlined from clause 5 to clause 19 are met according to the defined criteria. Therefore, by following the requirements of the fifteen clauses, from 5 to 19, and meeting objectives of each of them, it should be possible to demonstrate compliance with IEC61511 and implementation of the requirements of clause 5 (functional safety management). But the standard doesn’t assign any responsibility to any organization or discipline, so a main challenge in any SIS project is represented by shared activities among responsible parties.
Ultimately, a safety manager must agree to accept the risk, assuming its main role. In addition to that, although there are hundreds of requirements, few specific techniques or methods are prescribed by IEC 61511. This means that many different techniques can be used to achieve the same goal, so conformity assessment requires the knowledge of many techniques and a pragmatic approach to eligibility. Then, IEC 61511 standard can be traced back to the IEC 61508 in many hardware and software compliance aspects. Without a detailed understanding of IEC 61508, a compliance assessment can be difficult. Moreover, with the advent of cyber security issues, new standards and requirements have been added to the cross-reference list. Each clause in IEC 61511 contains many sub-clauses. In total, there are more than 590 sub-clauses and bullet points to check. Some requirements are similar in the purpose and are often linked between clauses. Distinguishing and implementing them correctly is far from simple.
Would you like to know more? Watch our webinar “Functional Safety Management”
