Changes to IEC 61511 … The Second Edition (Part Two)
Following my previous blog Changes to IEC 61511 … The Second Edition (Part One), here’s the final part of my summary of the key differences between edition one and the recently-released edition two of IEC 61511-1 (Functional safety – Safety instrumented systems for the process industry sector). As with any new revision, the first thing that pops to mind is What has changed and how does is affect me?
In Part One of this article we discussed clauses 1 to 5 or Part 1 of the standard and here I cover clauses 6 to 16.
Of course there are many minor changes to IEC 61511 (e.g. editorial changes) that have been made but which are not listed as such, so here’s a list of the major ones:
Clause 6: Safety Lifecycle
- The Application Program Safety Life Cycle is now included under this section
Clause 7: Verification
The Standard has added a few more items e.g. correctness of data that should be addressed when producing the Verification Plan.
- The Standard now includes a list of items that should be addressed as part of the test plan if testing is to be carried out in this phase.
- Where non-safety functions are integrated with safety functions, the Verification needs to give assurance and confidence that there is non-interference with the safety functions.
- Any modifications that will impact the SIS components will require re-verification.
Clause 8: Process Hazard and Risk Assessment
- With the ever growing global threat of hacking, the Standard now has a requirement to conduct a Security Risk Assessment. The assessment should be carried out to identify the security vulnerabilities associated with the SIS and measures to provide necessary resilience against the risks.
Clause 9: Allocation of Safety Functions to Protection Layers Process Hazard and Risk Assessment
- A great deal of caution is given in regards to the application of SIL 4 SIFs, the Standard strongly underlines the message to stay away and avoid SIL 4 SIFs if at all possible!
Clause 10: SIS Safety Requirements Specification (SRS)
- Further requirements have been added to the SRS, including proof test implementation and written procedures for the use of bypass systems.
- The SRS should now include the requirements for the Application Program.
Clause 11: SIS Design and engineering
- With regards to Cyber Security, there is a requirement for the design to provide resilience against any identified security risks.
- A requirement for a Safety Manual has now been formalised.
- The term Safe Failure Fraction (SFF) has been removed, so to address the Architectural Constraints of a device, the Standard adopts the approach of IEC 61508 Route 2H. Table 6 in this revision of the Standard provides the Hardware Fault Tolerance (HFT) requirements for each specific SIL. In addition, the Standard simply states that for any device which uses Fixed Programming Language (FPL) and Limited Variability Language (LVL), the diagnostic coverage must not be less than 60%.
- The use of credible, traceable, documented and justified reliability data when conducting reliability modelling is now heavily emphasised, furthermore the uncertainties associated with failure rate data should be accounted for when calculating the failure measure.
Clause 12: SIS Application Programme Development
- There has been major reorganisation of this clause to make it more streamlined and relevant for application programming (LVL and FPL), where Fully Variability Language (FVL) is used, the Standard refers to IEC 61508 for guidance.
Clause 16: SIS Operation and Maintenance
There is now a requirement to have suitable management procedures to review deferrals and prevent significant delay to proof testing.
- Operating procedures for bypass systems need to be in place which dictate when, how and the duration that the bypass is in operation.
Changes to IEC 61511 Parts 2 and 3
Parts 2 and 3 of the Standard which provide Guidance in the Application of IEC 61511 are generally more detailed and have more examples.
Assuming you have read Part One of this article check out our complementary seminar How does IEC61508 and IEC61511 compliance affect you? One of the key topics is the changes to IEC 61511 and how it effects you, which is presented by Ron Bell. The seminar is an exchange of information and not a sales pitch for our consultancy services (except a small introduction to our awesome Functional Safety Software Tool – ProSET®). The next two dates are:
Warrington on 16th June 2016
London on 7th July 2016