Safety Instrumented System FSA 4 – An operations assessment

Functional safety assessment 4 - FSA 4

Did you know, if you own/operate ANY form of electrical / electronic or programmable system that has one or more safety functions with a potential SIL (safety integrity level) rating, then you need to conduct periodic functional safety assessment during operations; also known as FSA 4?


I hear you say, "that's not a requirement, our installation pre-dates these new-fangled functional safety standards!" Well, that may simply be a misunderstanding which was never intended.

The standards committees dealing with IEC 61511 (BS EN 61511 in UK) have been preparing a new part of the standard called IEC 61511-4. This new part explains the rationale behind changes from the original standard published in 2004, and the latest revision published in 2016 (with further 2017 amendments).

IEC 61511-4 - Explanation and rationale for changes in IEC 61511-1 from Edition 1 to Edition 2

It is true to say that many owner/operators have been relying on the so-called "grandfathering" clause of the original standard. This became a ready excuse to do very little, or even nothing, about compliance to IEC 61511 if a system was installed prior to publication of the standard.

In the draft version of IEC 61511-4, it is now very clear that there was some serious thought put into changes around functional safety assessment (FSA), and the application of FSA to "existing systems".

The fundamental idea is that owner/operators (duty holders for the hazard) can still do a huge amount to improve safety by considered implementation of functional safety principles, even without without making expensive physical system changes.

Here is a list of some effective "functional safety measures" that can be done without changing any system hardware or software:

  • Implement periodic process hazard and risk analysis, with SIL assessment of any existing trips or interlocks . If there are no resulting SIL requirements, then the following items will not apply, but you will at least have a documented justification for doing nothing further.
  • Assuming there are some SIL requirements, implement the requirements of IEC 61511 clause 5 - functional safety management; including planning, monitoring, assessment, auditing and configuration management.
  • Assign at least one "functional safety champion", and if they do not already have the required competence, then identify what level of detailed training and mentoring they will need.
  • Get a minimum level of functional safety competence training for everyone involved with operating and maintaining the SIL-rated functions.
  • For any trips or interlocks that result in a SIL requirement, implement an effective operations and maintenance procedure that includes periodic inspection and proof testing.
  • Implement an alarm management study to determine which alarms are critical, and provide clear guidance on how to respond to system alarms and other diagnostics.
  • Keep records of demands  and failures with root cause analysis to categorise failures for future studies and calculations.
  • Determine the theoretical "achieved probability of failure" and hardware fault tolerance (HFT) of the existing safety instrumented functions with a SIL requirement. This can help to focus attention in the right place(s) to drive future modifications if there are any significant conformance gaps.
  • Make sure that all modifications to functions with a SIL requirement follow a rigorous change management process, considering the full requirements of IEC 61511-1 clause 17: modification.

An FSA 4 is an independent check that measures such as those suggested above are being carried out effectively. No organisation will be perfect, but conducting FSA 4 with a solid FSA checklist will help to highlight the gaps and provide a pathway towards improvement.

There will be no single measure that immediately improves or implements functional safety goals. However, with an ongoing process of implementing better management, procedures and improvement of competence; spurious trips, incidents and accidents can be significantly reduced.


To The Safety Instrumented System Safety Life-Cycle.