The safety life-cycle for the process industry sector comes from the IEC 61511 standard. It is essentially a flowchart depicting the stages of different activities needed to assess hazards and then develop protection layers to prevent or mitigate risk. The life-cycle from IEC 61511 focuses on Safety Instrumented Systems (SIS) as one of the critical specialist protection layers that need careful specification, design, testing and maintenance.
A key element throughout the safety life-cycle is functional safety management (FSM). Companies that use SIS as part of their risk reduction measures will need to set up a solid FSM system. A well-designed FSM system will have measures to ensure that all personnel are competent in the part of the lifecycle they are responsible for. It will provide effective policies, planning and procedures to control all life-cycle activities that go into the the initial SIS design, and its upkeep or modification.
As activities occur in the life-cycle, another key theme of functional safety standards is the need for verification. This is nothing particularly new. Put in simple terms, if a person completes an activity then someone else should be responsible for checking or verifying it. This is something that is commonplace in engineering, but should take on a new level of rigour and importance when systems are being designed for safety.
A key element throughout the safety life-cycle is functional safety management (FSM)
The safety life-cycle was first defined in basic safety standard IEC 61508, which is the non sector-specific standard that IEC 61511 is based upon. It was designed to account for the unpredictability of dangerous failure and specifically in recognition that failure can creep into systems from multiple sources and stages of life.
The life-cycle origins were influenced by many different organisations, including UK regulator HSE - the Health and Safety Executive. The book "Out of Control" concluded that accidents involving control system failure were dominated by inadequate specification.
Although this was just one study, it did involve researching multiple accidents. It should be noted that the hazard owner is effectively responsible for setting requirements, as well as operating, maintaining and modifying an SIS after it has been placed in service. So, even if an end user contracts-out the design and installation of an SIS, this particular study suggests that around 80% of the primary causes of system failure are introduced before or after the design and installation stage.
It is perhaps just as important to know what is NOT specified as what is required in the many clauses referenced by the safety life-cycle. Many projects involving functional safety and SIS get off on the wrong footing by making the false assumption that simply copying the life-cycle from the standard will be sufficient.
© 2018 FIABLE Limited T/A eFunctionalSafety