Briefing: A fresh approach to functional safety

Changes to the IEC 61508 basis standard for functional safety significantly improve the guidance on functional safety management and competence. Ian Curtis from Siemens Industry Automation highlights these changes and emphasises the continuing importance of both topics for functional safety practitioners:

Manchester, UK – When it comes to ensuring functional safety in the process sector, compliance with best practise standards, such as IEC 61511, is really the only practical option for ensuring that legal obligations are met.

The IEC61511standard represents the ’start of the art’ - however it is not a directive. Compliance with such a standard is not therefore an absolute legal requirement and it is theoretically possible for a company to “go its own way” and take an alternative path.

However in this case the onus then falls on the trailblazer to prove that the approach taken is equivalent to, or better than that proposed in the existing standards.

Given the amount of expertise and effort that has gone in to the creation of the existing standards this ’reinventing of the wheel’ would be extremely time-consuming and therefore costly and would involve significant risk of falling short of the ultimate goal of reducing risk and protecting people.

If, on the other hand, a company complies with the relevant standards fully then those involved can sleep soundly at night in the knowledge that what they have implemented is in line with current best practise.

Talk of ’standards’ normally conjures up thoughts of burdensome documentation and added cost and it is undeniable that complying with IEC61511 requires that safety lifecycle activities are planned, enacted, verified, validated and, of course, documented for all stages of the project lifecycle.

If done badly this can be both costly and ineffective. If done well, there is a potential upside for organisations in complying with such performance-based standards.

One oil & gas company analysed a project using the performance-based IEC 61511 approach and found that some 65% of safety instrumented functions were over-engineered, 25% correct and 10% were under-engineered. This allowed extra focus on bolstering any under-engineered functions and gave an overall cost saving for the project as well.

The basis standard for functional safety of electrical and/or electronic and/or programmable electronic devices is IEC61508, the development of which started back in the mid 80’s with publication of various parts of the standard between 1998 and 2000. It spawned a number of daughter standards with IEC 61511, launched in 2003, being the most relevant for the process sector.

So both these standards have been with us for quite some time now. The creation of IEC61508 was an extremely ambitious undertaking. It covered a lot of ground and represented a major step forward.

However given the size of the task it is perhaps not surprising that, as people started to work with the standard, areas for improvement were identified and, after much work, Ed 2.0 of the standard was launched back in April 2010.

Ed. 2.0 revisits a number of areas of the original standard and one particular focus is that of functional safety management (FSM). This section has been completely restructured with the addition of more comprehensive normative requirements aimed at clarifying responsibilities and ensuring competence.

Identification of all persons undertaking defined activities is now a requirement and all those persons undertaking defined activities shall be competent for the duties they have to perform. In other words competence is now a normative requirement across all activities rather than just the functional safety assessment activity as was previously the case.

In terms of FSM, much of what has been added to IEC 61508 Ed. 2.0 is already in the IEC 61511 standard. The normative requirement for clarification of responsibilities and ensuring of competencies is already included, however this re-visiting of IEC61508 only serves to re-emphasise the importance of both FSM and competence.

This in turn means that companies involved in functional safety will need to be able to demonstrate they have the necessary competences and have adequate FSM.

We live in an ever changing world with advances in technology, regulations and standards occurring at a rapid rate. It follows, therefore, that companies will also have manage competence over time to ensure appropriate levels are maintained so a formal competency management system is also a requirement.

There are various individual qualifications that can be gained to help demonstrate individual competence. TUV’s Functional Safety Engineer (FSE) or the Certified Functional Safety Professional (CFSP) or expert (CFSE) qualifications are well recognised and are generally based on a combination of examined theoretical knowledge and experience.

It is often the case that organisations involved in functional safety will have one or more such qualified engineers at their disposal, either in their organisation or hired in as a safety consultant. However, there should not too much reliance on just one expert.

Everyone with duties to perform in respect of functional safety has to have the right level of competence to perform their function and have sufficient awareness to know how they fit into the overall picture and, importantly, to understand their limitations and, if necessary, flag if these limitations are being exceeded. This is all part and parcel of competence.

The Health and Safety Executive working in partnership with the IET and the BCS, has published guidance to help companies manage the competence of their staff who are involved with electronic safety-related systems

The publication “Managing Competence for Safety-related Systems” provides the essential requirements for a successful competence management system (CMS) suitable for all staff at all levels of responsibility within organisations working on safety-related systems.

The IET has also updated their industry leading publication “Competence Criteria for Safety-Related System Practitioners” to complement the above guidance.
There are also schemes to help companies demonstrate that they know IEC61508 and are able to develop product, systems or solutions in accordance with the standards.

End users will now likely be increasingly looking to suppliers to show their credentials in this area. To help with this there exists a UKAS accredited methodology known as the CASS scheme, that certification bodies are using to demonstrate the Management of Functional Safety in full compliance to IEC61508 and its related sector guidance standards such as IEC 61511.

This certification includes Competency Management Systems to meet the demands of the master standard BS EN 61508 (“IEC61508”) and is applicable for all of the sector based standards IEC61511, IEC62061 etc.

Alternatively other organisations such as TUV are increasingly being used to assess FSM and certify systems for manufacturers and system integrators alike.

As engineers working with safety instrumented systems we are generally drawn most strongly to the technical aspects of designing and implementing safety instrumented functions.

We like to concern ourselves with carefully selecting technology, architectures and suitable components which can combine to meet our SIL requirements and which will respond reliably to a demand placed upon them.

However we must always be mindful of the fact that addressing systematic errors is equally important, so the increased emphasis on competence and functional safety management expressed in IEC61508 Ed 2.0 will serve to remind functional safety practitioners of the fundamental importance of these other key aspects of functional safety.