July 4

Functional Safety Audit for IEC 61511

If you own or operate any electrical / electronic or programmable system that has safety functions with a SIL (safety integrity level) rating, then you need to conduct periodic functional safety audit or FSA 4.

I hear you say, "functional safety audits and functional safety assessments are not a requirement, our installation pre-dates these new-fangled standards!"Read on to learn what we think.

The standards committees dealing with IEC 61511 (BS EN 61511 in UK , ISA 61511 in the USA) have been preparing a new part of the standard called IEC 61511-4.

This new part explains the rationale behind changes from the original 2004 edition, and the latest revision published in 2016/17.

IEC 61511-4 - Explanation and rationale for changes in IEC 61511-1 from Edition 1 to Edition 2

It is true to say that many owner/operators were relying on the so-called "grandfathering" clause of the original IEC 61511. This became a ready excuse to do avoid having to check what IEC 61511 was all about.

In this latest guidance document, it's now very clear that there was some serious thought put into changes around functional safety assessment (FSA), and the application of FSA to "existing systems".

The idea is that owner/operators, can still do a huge amount to improve safety by implementating functional safety principles. even without without making expensive physical system changes.

Here is a list of some effective "functional safety activities" that can be made without changing any system hardware or software:

  • Implement periodic process hazard and risk analysis, with SIL assessment of any existing trips or interlocks . If there are no resulting SIL requirements, then the following items will not apply, but you will at least have a documented justification for doing nothing further.
  • Assuming there are some SIL requirements, implement the requirements of IEC 61511 clause 5 - functional safety management; including planning, monitoring, assessment, auditing and configuration management.
  • Assign at least one "functional safety champion", and if they do not already have the required competence, then identify what level of detailed training and mentoring they will need.
  • Get a minimum level of functional safety competence training for everyone involved with operating and maintaining the SIL-rated functions.
  • For any trips or interlocks that result in a SIL requirement, implement an effective operations and maintenance procedure that includes periodic inspection and proof testing.
  • Implement an alarm management study to determine which alarms are critical, and provide clear guidance on how to respond to system alarms and other diagnostics.
  • Keep records of demands  and failures with root cause analysis to categorise failures for future studies and calculations.
  • Determine the theoretical "achieved probability of failure" and hardware fault tolerance (HFT) of the existing safety instrumented functions with a SIL requirement. This can help to focus attention in the right place(s) to drive future modifications if there are any significant conformance gaps.
  • Make sure that all modifications to functions with a SIL requirement follow a rigorous change management process, considering the full requirements of IEC 61511-1 clause 17: modification.

Functional safety assessment is an independent check that activities such as those suggested above are being carried out effectively. No organisation will be perfect, but conducting FSA 4 with a solid FSA checklist will help to highlight the gaps and provide a pathway towards improvement.

There will be no single measure that immediately improves or implements functional safety audit goals. However, with an ongoing process of implementing better management, procedures and improvement of competence; spurious trips, incidents and accidents may be significantly reduced.

About the author

Jon Keswick, CFSE

Jon Keswick is a Certified Functional Safety Expert (CFSE) and founder of eFunctionalSafety. Feel free to make contact via Linked-In or comment on any of the eFunctionalSafety blog pages.

Related posts

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Success message!
Warning message!
Error message!