IEC 61508 Functional Safety Assessment Emerson Process ... - Exida

More documents

Recommendations

Info

4 IEC 61508 Functional Safety Assessment The IEC 61508 Functional Safety Assessment was performed based on the information received from Fisher Controls International, LLC and is documented in [R2] and [R3]. 4.1 Methodology The full functional safety assessment includes an assessment of all fault avoidance and fault control measures during hardware and software development and demonstrates full compliance with IEC 61508 to the end-user. The assessment considers all requirements of IEC 61508. Any requirements that have been deemed not applicable have been marked as such in the full Safety Case report. As part of the IEC 61508 functional safety assessment the following aspects have been reviewed: • Development process, including: o Functional Safety Management, including training and competence recording, FSM planning, and configuration management o Specification process, techniques and documentation o Design process, techniques and documentation, including tools used o Validation activities, including development test procedures, test plans and reports, production test procedures and documentation o Verification activities and documentation o Modification process and documentation o Installation, operation, and maintenance requirements, including user documentation • Product design o Hardware architecture and failure behavior, documented in a FMEDA o Software architecture and failure behavior, documented in listed software analysis documents. The review of the development procedures is described in section 5.1. The review of the product design is described in section 5.2. 4.2 Assessment level The DVC6000 SIS, DETT Digital Valve Controller has been assessed per IEC 61508 to the following levels: Systematic Safety Integrity Level: The development procedures were assessed as suitable for use in applications with a maximum Safety Integrity Level of 3 (SIL 3) according to IEC 61508. • Random Safety Integrity Level: PFDAVG and Architectural Constraints must be verified for each final element application up to SIL 3. © exida Certification SA. EFC 07-07-41 R002 V1R2 IEC 61508Assessment.doc, March 13, 2008 Iwan van Beurden Page 12 of 19
5 Results of the IEC 61508 Functional Safety Assessment exida Certification assessed the development process used by Fisher Controls International, LLC during the product development against the objectives of IEC 61508 parts 1, 2, and 3, in [R2] and [R3]. The development process was fully compliant with IEC 61508. However, portions of the DVC6000 SIS Digital Valve Controller were developed prior to the establishment of this IEC 61508 SIL 3 compliant development process. Consequently for the evaluation of systematic fault avoidance measures, proven in use claims were considered in addition to existing design documentation and additional documented safety analysis which showed the design integrity. The Safety Case was created with project specific design documents. Future modifications to the DVC6000 SIS Digital Valve Controller must be made per the IEC 61508 SIL 3 compliant development process. 5.1 Lifecycle Activities and Fault Avoidance Measures Fisher Controls International, LLC has an IEC 61508 compliant development process as assessed during the IEC 61508 certification. This compliant development process is documented in [R2] and [R3]. Most of the DVC6000 SIS Digital Valve Controller functionality was developed before this IEC 61508 compliant development process was in place, consequently proven in use arguments were considered for some of the systematic fault avoidance measures. This functional safety assessment investigated the compliance with IEC 61508 of the processes, procedures and techniques as implemented for the digital valve controller development. The investigation was executed using subsets of the IEC 61508 requirements tailored to the SIL 3 work scope of the development team. The result of the assessment can be summarized by the following observations: The audited Fisher Controls International, LLC development process complies with the relevant managerial requirements of IEC 61508 SIL 3. 5.1.1 Functional Safety Management FSM Planning The functional safety management of any Fisher Controls International, LLC Safety Instrumented Systems Product development is governed by Engineering Standard ES 269 [D12]. For each development Fisher Controls International, LLC creates a Functional Safety Management Plan per the FSM Plan Template [D17] which defines all of the tasks that must be done to ensure functional safety as well as the person(s) responsible for each task. These processes and the procedures referenced herein fulfill the requirements of IEC 61508 with respect to functional safety management. Version Control All documents are under version control as documented in [D10], [R2] and [R3]. Design drawings and documents are also under version control. Fisher Controls International, LLC uses Visual Source Safe for its version control. Training, Competency recording © exida Certification SA. EFC 07-07-41 R002 V1R2 IEC 61508Assessment.doc, March 13, 2008 Iwan van Beurden Page 13 of 19
Page 1 and 2: IEC 61508 Functional Safety Assessm
Page 3 and 4: Table of Contents Management Summar
Page 5 and 6: 2 Project management 2.1 exida exid
Page 7 and 8: [D41] 28B9586 Rev H DVC6000 schemat
Page 9 and 10: Logic Solver DVC6000 IEC 61508 Type
Page 11: 3.1 Scope of Analysis The following
Page 15 and 16: Requirements from IEC 61508-2, Tabl
Page 17 and 18: For low demand SIL 3 applications t
Page 19: 7 Status of the document 7.1 Liabil

IEC 61508 Functional Safety Assessment Emerson Process ... - Exida

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?