IEC 61508 Functional Safety Assessment Emerson Process ... - Exida

More documents

Recommendations

Info

Management summary This report summarizes the results of the functional safety assessment according to IEC 61508 carried out on the: ‣ 3144P Temperature Transmitter The functional safety assessment performed by exida consisted of the following activities: - exida assessed the modifications performed by Emerson by an on-site audit and creation of a detailed safety case against the requirements of IEC 61508. - exida performed a detailed Failure Modes, Effects, and Diagnostic Analysis (FMEDA) of the devices to document the hardware architecture and failure behavior. This included detailed Markov models of the fault tolerant architectures done in order to show accurate average probability of failure on demand. The functional safety assessment was performed to the requirements of IEC 61508, SIL 2 for hardware and SIL 3 for the design process. This product was previously certified to IEC 61508, SIL 2 for hardware and SIL 3 for software by TUV (Certificate-Register-No.: SAS2550/04). Based on this assessment, it can be concluded that the Emerson development process meets the requirements of IEC 61508 for SIL 3. As a result this latest assessment focused on reviewing the changes made to the product. The changes were assessed against section 7.8 of IEC 61508 part 2 (E/E/PES Modification) and section 7.8 of part 3 (Software Modification). A partial IEC 61508 Safety Case was prepared, focusing specifically on the modification process, and used as the primary audit tool. Modification process requirements and all associated documentation were reviewed. Also the user documentation (safety manual) was reviewed. The results of the Functional Safety Assessment can be summarized by the following statements: The 3144P was found to meet the requirements of SIL 2 for random integrity @ HFT=0, SIL 3 for random integrity @ HFT=1 and SIL 3 for systematic integrity. © exida Certification rosemount 11-02-57 r002 iec 61508 assessment.docx, 5/14/2012 Michael Medoff Page 2 of 21
Table of Contents Management summary .................................................................................................... 2 1 Purpose and Scope ................................................................................................... 5 2 Project management .................................................................................................. 6 2.1 exida Certification ....................................................................................................... 6 2.2 Roles of the parties involved .......................................................................................... 6 2.3 Standards / Literature used ............................................................................................ 6 2.4 Reference documents .................................................................................................... 6 2.4.1 Documentation provided by Emerson Process Management ............................. 6 2.4.2 Documentation generated by exida ................................................................... 11 3 Product Description .................................................................................................. 12 3.1 3144P Safety Certified Temperature Transmitter ........................................................ 12 4 IEC 61508 Functional Safety Assessment ............................................................... 13 4.1 Methodology ................................................................................................................ 13 4.2 Assessment level ......................................................................................................... 13 5 Results of the IEC 61508 Functional Safety Assessment ........................................ 14 5.1 Detailed Specification of the Modification or Change (Part 2, Section 7.8.2.1a) .......... 14 5.2 Impact Analysis (Part 2, Section 7.8.2.1b) ................................................................... 14 5.3 Approvals for changes (Part 2, Section 7.8.2.1c) ......................................................... 14 5.4 Progress of Changes (Part 2, Section 7.8.2.1d) .......................................................... 14 5.5 Test Cases Including Revalidation Data (Part 2, Section 7.8.2.1e) ............................. 14 5.6 E/E/PES configuration management history (Part 2, Section 7.8.2.1f) ........................ 14 5.7 Deviation from normal operations and conditions (Part 2, Section 7.8.2.1g) ............... 14 5.8 Necessary changes to system procedures (Part 2, Section 7.8.2.1h) ......................... 15 5.9 Necessary changes to documentation (Part 2, Section 7.8.2.1i) ................................. 15 5.10 Modifications shall be performed with at least the same level of expertise, automated tools (see 7.4.4.2 of IEC61508-3), and planning and management as the initial development of the E/E/PE safety-related systems (Part 2, Section 7.8.2.3) ........................................ 15 5.11 Evidence that Change was reverified (Part 2, Section 7.8.2.4) .................................... 15 5.12 For SIL 3, Entire System Must be validated (Table A.8) .............................................. 15 5.13 A modification shall be initiated only on the issue of an authorized software modification request under the procedures specified during safety planning (Part 3, Section 7.8.2.1)15 5.14 All modifications which have an impact on the functional safety of the E/E/PE safetyrelated system shall initiate a return to an appropriate phase of the software safety lifecycle. All subsequent phases shall then be carried out in accordance with the procedures specified for the specific phases in accordance with the requirements in this standard. Safety planning (see clause 6) should detail all subsequent activities (Part 3, Section 7.8.2.5) ............................................................................................................ 15 © exida Certification rosemount 11-02-57 r002 iec 61508 assessment.docx, 5/14/2012 Michael Medoff Page 3 of 21
Page 1: IEC 61508 Functional Safety Assessm
Page 5 and 6: 1 Purpose and Scope Generally three
Page 7 and 8: [D7] 3144P_Safety_ SIA1.xls Safety
Page 9 and 10: [D39] Various [D40] Diagnostics-Pt1
Page 11 and 12: 2.4.2 Documentation generated by ex
Page 13 and 14: 4 IEC 61508 Functional Safety Asses
Page 15 and 16: 5.8 Necessary changes to system pro
Page 17 and 18: 5.22 Details of all modifications s
Page 19 and 20: 5.00E-03 PFD AVG vs. Proof Test Int
Page 21: 7 Status of the document 7.1 Liabil

IEC 61508 Functional Safety Assessment Emerson Process ... - Exida

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?