• Home
  • /
  • Functional Safety Assessment and Audit

Why you may need a Functional Safety Assessment or Audit - FSA


You will need a functional safety assessment or pre-startup safety review if you are working on any project or industrial process plant that has safety functions with a safety integrity level (SIL) requirement.


Applications occur in oil & gas, power generation, chemical and pharmaceutical production, pulp and paper and others.

Example applications where FSA is needed:

  • Emergency shutdown systems (ESD) using programmable logic solvers / safety PLC's
  • Overfill protection on tank storage applications 
  • Burner Management Systems (BMS) in industrial process or power generation facilities
  • Gas turbine applications, both onshore and offshore
  • Pressure protection for piping and vessels

Projects involving SIL-rated safety instrumented systems (SIS) need FSA by an independent competent person due to the nature of risk-based international standards.


Stages of FSA have been defined; from FSA 1, where safety requirements are first assessed, to FSA 5, where a system has been installed.The IEC 61511, BS EN 61511 / ISA 61511 requirement for an operations FSA, called FSA 4, applies to existing running facilities, irrespective of age, even if there are no modifications being made to safety systems.

Frequently Asked Questions about FSA

What is a functional safety assessment?

Functional safety assessment is an important review activity required by IEC 61511 and IEC 61508 to be carried out at least once prior to start-up of a new or modified automated safety instrumented system.

The activity must be led by a senior, competent person, who is not involved with the step or steps being assessed.

The end expectation of a functional safety assessment is that a judgement is made about the functional safety conformance and safety integrity achieved by every safety instrumented function within the system(s) being assessed.

The hope is that duty holders will implement functional safety assessment planning at the outset of a new project or modification process. Every organisation involved in delivering functional safety equipment or services must be aware of their responsibilities.

What is a functional safety audit?

Functional safety audit is intentionally separated from functional safety assessment in the IEC series of functional safety standards. 

The goal is for an audit of procedures and records to determine whether an appropriate functional safety management system is in place, and it is being followed.

Somewhat like a Quality or Gap audit, a functional safety audit cannot be conducted until functional safety procedures are in place. The assessor is looking for sufficient evidence that procedures are being followed.

An audit alongside a functional safety assessment activity is an entirely valid prospect for an existing installation.

When is the best time to do a functional safety assessment?

The timing of a functional safety assessment depends largely on what type of project or installation is being assessed, and to which standard.

Projects looking at conformance with IEC 61511 have 5 recommended stages - see FSA 1 to FSA 5 in the remaining FAQ's in this section.

Who should get involved with functional safety assessment?

  • The duty holder or hazard owner technical resources and project management should lead the FSA activity.
  • At least one senior (functional safety competent) independent person not involved with the stage or stages being assessed.
  • Sub-contractors providing risk assessment or engineering services.
  • Suppliers of key equipment for the safety instrumented system or safety-related electrical control system.
  • Any certifying bodies required to approve an application or system.

    • Who should be involved with functional safety audit?

  • The duty holder or hazard owner management.
  • At least one senior (functional safety competent) independent person not involved with the stage or stages being assessed.

    • What is FSA 1?

    Stage 1  FSA - When the hazard and risk assessment is complete, and SIL target has been selected. Technically, it is possible to wait until the safety requirements are completed before starting functional safety assessment stage one, but only if this is available immediately following the SIL target allocation or SIL determination stage.
    DO NOT WAIT FOR REQUIREMENTS TO FULLY STABILIZE BEFORE STARTING FUNCTIONAL SAFETY ASSESSMENT.

    What is FSA 2?

    Stage 2 FSA - This is best completed alongside Factory Acceptance Testing, although it is advisable to start the stage two functional safety assessment activity when the instrumentation and logic solver selection has been made. Logic solver software review should commence when the software detailed design specification is available.

    What is FSA 3?

    Stage 3 FSA - This must be complete before the safety instrumented system enters into service. To achieve this in practice, it is crucial that FSA 1 and FSA 2 stage actions are closed out.

    Key documents for this stage include the installation, commissioning and validation planning, and witnessed records that validation testing of each SIS and SIF is complete.

    What is FSA 4?

    Also known as an FSA stage 4 - since IEC 61511 edition 2 was published, it has been a requirement to conduct functional safety assessment of existing safety instrumented systems after some time in operation and maintenance.

    This activity must led by someone independent of the operations and maintenance team.

    What is FSA 5?

    FSA stage 5 - this is an assessment of any modification of a safety instrumented system (SIS) or safety instrumented function (SIF) hardware or software.

    Except for fully like-for-like hardware changes, an FSA 5 may repeat elements of FSA 1, 2 and 3 for a limited part of the system.

    ALL changes to software MUST undergo FSA 5.

    Experiences with FSA 1, 2, 3

    Our experience shows that projects involving SIL-rated Safety Instrumented Systems (SIS) often fall short of meeting the requirements of IEC 61511.

    This is a challenge for all concerned, but tackling functional safety head-on can bring huge side benefits in organisation improvement.

    35%
    average

    Compliant without comment

    57%
    average

    Require long-term improvement

    8%
    average

    Need action before start-up

    Recommended Resources

    Get some help

    Hire a professional independent FSA Chair

    If you need to conduct a fair yet objective FSA, independent expertise is often crucial. It would help if you had someone who has sufficient experience, authority and technical capability to lead and guide you to a conclusion.

    PROPOSED checklist for the right CANDIDATE TO LEAD AN FSA
    • Experience of having conducted FSA previously, or at a minimum, having been involved in an FSA team
    • Demonstrable technical knowledge of IEC 61508, IEC 61511 (or IEC 62061 / ISO 13949 for machinery safety)
    • Complete independence from project decisions (or independent of the facility for FSA 4/5)
    • Suitable qualifications, training and/or independent certification (e.g. TüV FS Expert or exida CFSE)
    Learn More
    Purchase a template

    Get a head start with our templates

    Like several of the safety life-cycle steps, templates and procedures are necessary to get a good outcome. We provide several procedures and templates for purchase individually, or as a full set.

    Learn More
    Take some learning

    Learn online now, with one of our self-paced courses

    We started developing self-paced online eLearning courses in 2013. Now, we have a full-featured Learning Management System which provides the platform for both TEAMS and individuals to learn at their own pace, 24/7.

    Learn More

    Jon Keswick

    Certified Functional Safety Expert

    If you need to conduct a fair yet objective FSA, independent expertise is often crucial. It would help if you had someone with sufficient experience, authority and technical capability to lead and guide you to a conclusion.

    Download CV

    Get the FSA resumé

    Download Now

    CASE STUDY
    Functional Safety Assessment

    A Stage 5 Functional Safety Assessment (FSA) was required for a safety instrumented system (SIS) undergoing upgrade on a Top Tier COMAH* chemical plant. We provided the lead assessor to scope, plan and deliver an independent assessment report. 

    We reviewed the safety instrumented system modification scope, including a revised hazard study, layer of protection analysis, safety requirements and the design changes to hardware and software of the system. The FSA stage 4 concluded with witnessed validation of the entire SIS prior to start-up.

    eFunctionalSafety also completed a Stage 4 FSA by reviewing operations and maintenance procedures and proof test records for the existing system.

    *COMAH - Control of Major Accident Hazards - UK legislation.

    Functional Safety BLOG Articles

    Functional Safety Assessment – FSA 4 – for IEC 61511

    If you own or operate any electrical / electronic or programmable system


    Safety Instrumented System Functional Safety Assessment Experiences

    Functional Safety Assessment may be a dry topic even at the best


    Is 100% functional safety compliance possible?

    Achieving complete compliance with "risk-based" functional safety standards like IEC 61511 is


    >