An important topic we touched on in an earlier post was process safety competency. The post, Developing Safety Competency, noted the importance of people involved in the safety lifecycle who must be competent in the areas of this lifecycle in which they interact.
Training plays a large role in developing this competency. For suppliers of process safety-related systems and components, IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems) is the global standard addressing the safety lifecycle of the products.
Last Friday, Dr. Bill Goble of exida conducted a web seminar, IEC 61508 (2010): What’s New and How Does it Affect Me on some of the major changes in this important standard. Emerson’s Kim Conner, a member of the process safety systems team, had a chance to review the recording and had shared these observations:
- As Dr. Goble mentioned throughout the presentation, the 2010 version of IEC 61508 standard provides more clarification of terms, rather than changes to the standard. Many of these terms have been commonly used, but were not specifically defined in the standard. While most of the standard updates are directed toward suppliers, a few of the clarifications made in the revision stood out to me as being beneficial to end-users as well.
- To end debate as to whether or not IEC 61508 can be used to certify products, the 2010 release defines an ‘element’ as, “part of a subsystem comprising a single component or any group of components that performs one or more safety functions. [IEC 62061, definition 3.2.6, modified]” Typical elements include a sensor, a logic solver or a final element. The standard now specifically recognizes elements as being able to be compliant, and specifically states that the products must have a safety manual in order to comply.
- Another clarification around product certification is in the terminology used. Many certification bodies and suppliers (including Emerson) have stated that a product is ‘SIL X-certified’ (e.g., the DeltaV SIS process safety system is certified for use in a SIL 3 application). This means that the product had been developed following processes according to a particular SIL, and certification bodies have confirmed the development process. However, IEC 61508-2000 did not explicitly state that there was such thing as a compliant product and, there has been some debate as to whether or not a product can be ‘SIL X-certified’. The 2010 revision has a new term, ‘systematic capability’ or ‘SIL capability’ that applies to products. So products can clearly be referred to as having ‘systematic capability X’, which means, “the product element meets the requirements…which is achieved by following a SIL X compliant development process.” This topic was touched upon in an earlier post, Five Common Misconceptions about Functional Safety.
There is a change to the definition of failure modes for single channel architectures. In the 2000 version, Fail Safe was anything that was not Fail Danger. In the 2010 revision, the Fail Danger definition remains the same. Fail Safe is now, “a failure that causes a false trip,” which Dr. Goble states was a common interpretation of Fail Safe anyway. A new term of No Effect is defined as, “a failure that does not cause a false trip or prevents the safety function.”
Finally, cyber security is now addressed in IEC 61508-2010, although at a very high level. Basically, it says that security analysis should be part of the hazard and risk analysis and vulnerabilities should be addressed. Dr. Goble refers to requirements published by the ISA Security Compliance Institute to get more guidance on providing cyber security analysis.
- These are only four items within the eight areas that Dr. Goble covers in his presentation of the IEC 61508 revision.
For process manufacturers, Ed Marszal of Kenexis shared his thoughts in YouTube videos on Partial Stroke Testing Effectiveness: Part 1 and Part 2. These videos describe how the Failure Modes, Effects, and Diagnostics Analysis (FMEDA) technique can be used to determine the diagnostic coverage that can be provided by performance of a partial stroke test.
Both of these efforts help to advance the knowledge required to build competency in process safety.
In a post following last year’s Emerson Exchange, Importance of the Process Safety Management Lifecycle, we highlighted Mike Boudreaux’s 6-part, narrated, safety lifecycle management presentation set. If you want to better understand the IEC 61511 safety lifecycle, these presentations are a great place to begin:
- Part 1 – Introduction
- Part 2 – Functional Safety Basics
- Part 3 – Safety Lifecycle Management
- Part 4 – Analysis Phase
- Part 5 – Implementation Phase
- Part 6 – Operation Phase
The safety category (RSS feed) of this blog is currently 92 posts strong (including this post), and filled with the guidance of safety professionals across the Emerson Process Management organization. It’s also a great resource for you and your team in your safety competency building and refreshing efforts.