How to write a Safety Manual

Feb 15, 2022 / by GM International

Topics: Functional safety

The Safety Manual is a mandatory document for any SIL device according to IEC 61508. Furthermore, the Functional Safety Manual is addressed to SIS projects and complies with IEC 61511 standard.

A Safety Manual describes the conditions of use of equipment compliant with IEC 61508 in safety applications. It typically includes requirements, usage restrictions, environmental limits, software configurations, failure data rate, service life data, estimated causes of failure, inspection and testing procedures. A manufacturer of safety-related products shall inform users on what they can and cannot do with those products. Therefore, a Safety Manual is a key requirement of IEC 61508 standard for any safety-related product or device. Both part 2 and part 3 of the mentioned standard have a normative “Annex D” section describing Safety Manual requirements.

A Safety Manual can be a stand-alone document or a separate section of a product’s general manual. The key point is that all relevant information of the product usage in a functional safety application should be readily available to the user. For every compliant item, the manual shall contain functional specifications, identify affected hardware and software, specify constraints and conditions of use. Hardware Fault Tolerance (HFT), failure modes and their rates, stress testing, diagnostics, software configuration, Systematic Capability (SC), and other key information shall also be described for each function. From a firmware/software point of view, additional requirements such as safety functions integrity, application by system integrators and everything related to software usability (configuration, revisions, backward compatibilities, interface constraints, security measurements, change control) must be precisely described. Concerning this point, GM International manuals are extremely rigorous. For each product, installation method, functioning, maintenance, stress tests, instrument’s useful life, failure rate in relation to SIL verification are described and illustrated.

 

Functional Safety Manual

A step forward allows us to extend the concept from Safety Manual to Functional Safety Manual. It shall provide information that defines how a SIS component or system can be safely applied. A Functional Safety Manual includes useful inputs from the manufacturer as well as from the user. This definition of ‘Functional’ safety manual deviates from the definition in IEC 61508-4:2010 to reflect differences in process sector terminology used in IEC61511. More specifically, a Functional Safety Manual helps engineers and end users to ensure that systematic safety integrity is maintained for the target SIL level. However, the document customization depends on the information available for each single subsystem or functionality of a Safety Instrumented Function (SIF) of the entire Safety Instrumented System (SIS). From an operational point of view, it is important to identify typical loop configurations and SIFs classification. Then, each SIF subsystem introduces critical analysis and differentiating factors (stress test, useful life, hardware, firmware, and software versions).

A Functional Safety Manual ultimately includes a brief description of the system and its architecture, constraints identification, limitations and revisions, operational activities (including fail safe and safe states, stress testing and maintenance), failure modes and rates, and other parameters and measures related to possible failures and malfunctions. Functional safety manual requirements, for a project compliant with the IEC 61511:2016/2017 edition 2.0, can effectively be a single stand-alone document that has the advantage of keeping review in a single document. Of course, a disadvantage is that a single stand-alone document for an entire SIS is continuously exposed to potential changes or revisions. On the other hand, the use of multiple documents might facilitate revisions in the first instance. However, the greater the number of documents describing the functional safety of the SIS, the greater the effort to maintain rigorous revision control.

 

TAB ENG-2

Safety Manual vs Functional Safety Manual

 

New call-to-action