The Ultimate Guide to the Process Safety Life-cycle
4.1 A conformance example
To conform to IEC 61511, the standard requires that:
"Each of the requirements outlined in Clause 5 through Clause 19 has been satisfied to the defined criteria and therefore the clauses' objectives have been met" IEC 61511-1 Clause 4.
In practice, however, this is somewhat easier said than it is achieved. Let's take a relatively simple example from one of the shortest IEC 61511 clauses:
14.1 Objective - SIS installation and commissioning
"The objective of the requirements of Clause 14 are to:
- install the SIS according to the specification and drawings;
- commission the SIS so that it is ready for final system validation."
Meeting the above stated objectives will require reading the remaining clause 14.2 and its sub-clauses 14.2.1 to 14.2.5:
14.2.1 requires "installation and commissioning planning", and lists four (4) elements that must be in the plan.
14.2.2 requires that devices are properly installed based on the design and installation plan(s).
14.2.3 requires commissioning activities, and lists a minimum of nine (9) specific confirmation checks.
14.2.4 requires commissioning records to be kept, including any failures and reasons for failure.
14.2.5 requires impact assessment by a competent person of all non-conformances found during commissioning.
So, to conform with the stated objectives of Clause 14 there are five (5) specific sub-clauses that must be met. However, sub-clause 14.2.1 and 14.2.3 have 13 different elements for checking. A functional safety assessment leader would be looking to raise questions and/or create a checklist for specific evidence that 16 elements in total have been fulfilled.
4.2 Demonstrating conformance
All relevant clauses in the whole IEC 61511 standard can be broken down in a similar way to the above example. Although there is still expert judgement required, it is entirely possible to create a checklist and questionnaire which looks for evidence that "shall" requirements have been met in each clause and sub-clause.
The following sections in this chapter explain the concept of Functional Safety Assessment (for conformance demonstration) and then estimates the number of questions that typically come up in each part of the standard. Hopefully this is a clear indication of the level of effort required for demonstrating conformance at each stage.
Do you want to print this guide?
We plan to have a free printable PDF version of this guide which you can download and keep. Request your copy now.
4.3 Assessment and Audit
Functional Safety Assessment is an activity which is proposed at several stages in the SIS safety lifecycle, and mandated in IEC 61511 to be carried out at least once prior to startup of an SIS and at intervals during the operations stage. The activity must be led by a senior competent person, who is not involved with the step or steps being analyzed.
Note that FSA planning should be included at the start of any project where an SIS is expected to be needed. If the SIS already exists, then plan for an operations and maintenance FSA stage 4.
There are five stages at which functional safety assessment is recommended, as shown in the following diagram.
Producing huge amounts of paper should not be a goal of any SIS project or operation. However, there must be sufficient evidence upon which an independent assessor can make a judgement for FSA conformance purposes. The goal should be to produce a trail of evidence at each stage to allow an effective independent assessment to take place.
From experience, it is highly recommended to start FSA review activities as early as possible after the hazard and risk assessment and SIL determination stage. Don't wait for the safety requirements specification to be complete.
4.4 Assessment table
The following table is a summary created by eFunctionalSafety for this Ultimate Guide To The Process Safety Life-cycle which summarizes the approximate level of effort required for each stage of conformance, separated by the relevant IEC 61511 clause numbers.
The intent is to provide an overview of the level of effort required for those planning to undertake a Functional Safety Assessment.
The table columns are as follows:
- Life-cycle stage and clause number.
- Number of sub-clauses and sub bullet-points or sections.
- Number of FSA questions (according to the eFunctionalSafety FSA protocol).
Turn to LANDSCAPE if using mobile:
# FSA Questions
Information and documentation
Process hazard and risk assessment
Factory Acceptance Test (FAT)
Functional safety management / life-cycle planning and verification
(Clauses 5, 6 and 7)
Allocation of safety functions to protection layers
SIS installation and commissioning
SIS safety validation
SIS design and engineering
SIS operation and maintenance
SIS Safety requirements specification
SIS application program development
The stages of FSA suggested in the standard do not necessarily line up in a linear way with how projects work in practice. This is perhaps best explained with FSA Stage 1 which is intended to analyze all stages up to and including clause 10 (the SRS). However, it is fairly commonplace for requirements to be split into multiple documents which gather in detail as a project progresses. A specific case is the Application Program (software) requirements. These will not be available in any depth until logic solver equipment selection has taken place, which often happens much later in a project than would be advisable for the FSA 1 activity to take place.
In some cases the number of clauses and associated conformance questions may be limited by the type of project, or by decisions made during a project.
For example, if a programmable logic solver system is not part of the SIS scope, then Clause 12 of the standard will not be applicable, and the SRS elements that relate to software will not be needed. Likewise, if equipment is not selected based upon prior use claims, then this will reduce Clause 11 requirements from 110 to around 80. This limitation of the relevant clauses for conformance should be something that is clearly outlined in FSA planning at each stage by the lead independent assessor.
Some companies have the impression that a simple system with very few SIF will somehow limit the conformance assessment activity significantly. However, this is a bit of a misunderstanding. For example, assessing the SRS for a single SIS and SIF will still require asking and answering at least 50 questions related to that part of the life-cycle. There is certainly additional effort if there are a large number number of uniquely designed SIF, but this effort does not reduce to zero even if there is only one SIF in the system.
4.6 Assessment by FSA stage
For the 5 stages recommended by IEC 61511 for FSA, the following summary table provides a breakdown of the level of effort required:
Turn to LANDSCAPE if using mobile:
# Key Documents
(after PHRA and the SRS has been produced
10 + # Drawings
(after the SIS has been designed)
FSA 1 + 15 + # SIS & SIF FAT RECORDS
(after I&C, validation & O&M manuals have been developed)
FSA 1 + FSA 2 + 10 + # SIS & SIF VALIDATIONS
(after gaining experience in operation and maintenance)
15 to 20 + # SIS & SIF PROOF TEST RECORDS
(after modification and prior to decommissioning)
* The level of effort will depend on the previous FSA stages completed and number of SIS and SIF being validated
** The level of effort may be affected by the age of the installation and available documentation.
*** The effort and required documents are only possible to estimate when the full size and scope of the modification is known.
Need to complete an FSA or Audit?
GET THE FSA TEMPLATE SET
4.7 Conformance results
From experience of conducting many different FSA's including all the stages listed above, the results can depend highly on the functional safety maturity of the Duty Holder's personnel and the personnel leading the project activities from supporting companies.
Typical results for conformance to IEC 61511 shows that around 60% to 75% of clauses can be shown to be adequately met when concluding an FSA activity on a new-build project (ie. not including operations, maintenance and decommissioning).
IEC 61511 conformance assessment typically results in around 60% to 75% of clauses adequately met when concluding an FSA activity on a new-build project.