Functional Safety concept: IEC 61508 / IEC 61511: Introduction and general principle
Significant functional safety parameters
The IEC 61508 standard describes management of Functional Safety as the essential basis for the development of safety-relevant electronics. In an illustrative way this first workshop-day demonstrates the aspects to be considered when introducing a Functional Safety Management system and the tasks faced by the responsible people at the project level. It gives a general overview of the required processes in addition to the established quality assurance system, complementary processes in development and extension of supporting processes. Its aim is to sensitize responsible persons of the development- and test- and quality-departments and also the managers and its implication for the company, its products and processes. The lecture gives general introduction of the safety process, documentation requirements and specifies the management and technical activities during the overall safety lifecycle phases that are necessary for the achievement of the required functional safety of safety related components.
The IEC 61511 series is process industry specific within the framework of the IEC 61508 series. The IEC 61511 series addresses the application of SISs for the process industries. The IEC 61511 series also addresses a process Hazard and Risk Assessment (H&RA) to be carried out to enable the specification for SISs to be derived. Other safety systems' contributions are only considered with respect to the performance requirements for the SIS.
The SIS includes all devices necessary to carry out each SIF from sensor(s) to final element(s).
IEC 61508 specifies 4 levels of safety performance for a safety function. These are called safety integrity levels. Safety integrity level 1 (SIL1) is the lowest level of safety integrity and safety integrity level 4 (SIL4) is the highest level. The standard details the requirements necessary to achieve each safety integrity level. These requirements are more rigorous at higher levels of safety integrity in order to achieve the required lower likelihood of dangerous failure.
Functional safety management: Safety life cycle, SIL allocation, Specification of safety requirements, SIL Analysis calculation for safety loop & Final test for the participants
The IEC 61508 and the IEC 61511 define concepts of risk and the relationship of risk to safety integrity. Several methods are analyzed depending upon the application sector and the specific circumstances under consideration. The methods can be quantitative and qualitative approaches. The following methods will be presented in order to illustrate the underlying principles: ALARP, Risk Graph, Layer of Protection Analysis (LOPA), Hazardous event severity matrix.
The IEC 61511 establishes the requirement specification phase in order to define the SIS safety requirements. The SIS design and engineering phase has to consider the specification in order to proceed with the requirements for system behavior on detection of fault, the hardware fault tolerance (HFT), the selection of the device and the quantification of random failure.
The safety loop (SIS) will be evaluated with the assigned SIL. The SIL has been performed throughout an accurate examination of the complete and correct compliance with both probabilistic requirements and architectural constrains.
The Reliability Block Diagram technique will be used to perform the calculations.
The application of the SIL Calculation will follow the steps:
• identification of the sensor/sensors belonging to the identified loop
• identification of the logic (logic solver and input/output field interfaces) belonging to the identified loop
• identification of the final elements (valve, actuator, contactor) belonging to the identified loop
- identification of the loop architecture
- identification of the reliability value according to the selected sources
- determination of the PFD related to the SIF
- comparison of the evaluated PFD against the allocated target for what concern the probabilistic requirements
- identification of the type for each item of the loop, as defined by IEC EN 61508 which considers two system/sub-system categories: type A and type B
- evaluation of the HFT for each item of the loop, as defined by IEC EN 61508
- evaluation of the SFF for each item of the loop, as defined by IEC EN 61508
- comparison of the evaluated HFT and SFF against the allocated target for what concern the architectural requirements
- in case the SIL evaluation according to both probabilistic and architectural analysis leads to the same or to a better SIL.
After attending the workshops the participants take part in a one-hour qualification test. After successful completion of the test (>60 points of 100) TÜV NORD will hand out the competence certificate. The qualification is valid for 5 years and can be extended another five years after attending a follow-up workshop and successfully passing a repeated test or through the submission of project references. The examination-questions are asked in English language.