Do you want to print this guide?
We plan to have a free printable PDF version of this guide which you can download and keep. Request your copy now.
5.3 External resources
Companies responsible for delivering services and products also require competence assessment and management. Achieving this for every phase of the life-cycle and all potential suppliers of good and service is not trivial. To recognise the difficulty around external supplier competence, suppliers are required to have their own quality management system . If a supplier make any functional safety claims (e.g. a claimed SIL capability for a product) then they are additionally required to have a functional safety management system in place (IEC 61511-1 clause 220.127.116.11).
5.4 Functional safety assessment
See the chapter on conformance.
5.4 Functional safety audit
See the chapter on conformance.
5.4 Document and configuration management
Documentation is a key aspect of the functional safety standards. Some have even said that "if it isn't documented, then it didn't happen". This is certainly very true when it comes to functional safety assessment and audit. Without good documentation, there is very little an assessor or auditor can do except conclude the worst outcome.
The need for SIS documentation has now been made normative. It is now a shall, not should requirement to describe the installation, have it accurate and up to date, easy to understand and fit for purpose. In addition to these requirements, all SIS documentation must show traceability back to the hazard and risk analysis phases. This means demonstrating a clear link from each SIF in an SIS back to each hazard, other protection layers, and the risk gap the SIF is designed to fill.
There are some very simple, yet effective, things that can be done to manage documentation:
- Use a document management system, or better still, a dedicated safety life-cycle database. See the blog article on this topic.
- Ensure all documents have a unique reference and date, a table of contents, numbering and a traceable revision history.
- When changes are made to any document, include the reason for the change in the document history and make sure a new revision is issued.
- Ensure each document is reviewed by someone competent (independent of the document author) and includes a sign-off by an authorised signatory.
These things sound very simple, but it is surprising how many organisations fall short of some of these simple to implement aspects.
By the very nature of the likely different suppliers and system elements, all Safety Instrumented Systems have a unique configuration of hardware, firmware and software. IEC 61511 requires every piece of the SIS to be uniquely identified. There are several reasons for this, including knowing when any required replacement is an exact like-for-like, controlling restore of any software or settings that are lost, as well as providing traceability for failures during the system lifetime.
When looking at a typical programmable SIS, the following parts will need careful registration in the configuration management environment:
- Non-intelligent sensors: model, serial number;
- Intelligent sensors: model, serial number, firmware version, configuration settings;
- Logic solver input modules: model, serial number and firmware version;
- Logic solver controllers / CPU's : model, serial number, firmware version, application program version, CRC (or other unique software identifier);
- Logic solver output modules: model, serial number and firmware version;
- Non-intelligent final elements: model, serial number;
- Intelligent final elements: model, serial number, firmware version, configuration settings;
- Utility tools: intelligent sensor or final element configuration tools;
- Utility software: SIS logic solver configuration tool, compiler, HMI software and HMI application version.
Many organisations outsource things like application programming to others, so managing the safe backup and storage of software is something that needs careful control.