When do you need Functional Safety Assessment or Audit - FSA ?

Functional safety assessment is an important review activity required by IEC 61511 and IEC 61508 to be carried out at least once prior to start-up of a new or modified automated safety instrumented system.

The activity must be led by a senior, competent person, who is not involved with the step or steps being assessed.

The end expectation of a functional safety assessment is that a judgement is made about the functional safety conformance and safety integrity achieved by every safety instrumented function within the system(s) being assessed.

The hope is that duty holders will implement functional safety assessment planning at the outset of a new project or modification process. Every organisation involved in delivering functional safety equipment or services must be aware of their responsibilities.

Functional safety audit is intentionally separated from functional safety assessment in the IEC series of functional safety standards. 

The goal is for an audit of procedures and records to determine whether an appropriate functional safety management system is in place, and it is being followed.

Somewhat like a Quality or Gap audit, a functional safety audit cannot be conducted until functional safety procedures are in place. The assessor is looking for sufficient evidence that procedures are being followed.

An audit alongside a functional safety assessment activity is an entirely valid prospect for an existing installation.

The timing of a functional safety assessment depends largely on what type of project or installation is being assessed, and to which standard.

Projects looking at conformance with IEC 61511 have 5 recommended stages - see FSA 1 to FSA 5 in the remaining FAQ's in this section.

Stage 1  FSA - When the hazard and risk assessment is complete, and SIL target has been selected. Technically, it is possible to wait until the safety requirements are completed before starting functional safety assessment stage one, but only if this is available immediately following the SIL target allocation or SIL determination stage.
DO NOT WAIT FOR REQUIREMENTS TO FULLY STABILIZE BEFORE STARTING FUNCTIONAL SAFETY ASSESSMENT.

Stage 2 FSA - This is best completed alongside Factory Acceptance Testing, although it is advisable to start the stage two functional safety assessment activity when the instrumentation and logic solver selection has been made. Logic solver software review should commence when the software detailed design specification is available.

Stage 3 FSA - This must be complete before the safety instrumented system enters into service. To achieve this in practice, it is crucial that FSA 1 and FSA 2 stage actions are closed out.

Key documents for this stage include the installation, commissioning and validation planning, and witnessed records that validation testing of each SIS and SIF is complete.

Also known as an FSA stage 4 - since IEC 61511 edition 2 was published, it has been a requirement to conduct functional safety assessment of existing safety instrumented systems after some time in operation and maintenance.

This activity must led by someone independent of the operations and maintenance team.

FSA stage 5 - this is an assessment of any modification of a safety instrumented system (SIS) or safety instrumented function (SIF) hardware or software.

Except for fully like-for-like hardware changes, an FSA 5 may repeat elements of FSA 1, 2 and 3 for a limited part of the system.

ALL changes to software MUST undergo FSA 5.