1.2 Confirm the degree of independence called for and the competence of the assessor. This includes external consultants. Paragraph No…………………………

1.3 Define the safety-related system. This may be a dedicated item of safety-related equipment (i.e., ESD) or control equipment which contains safety-related functions. Paragraph No…………………………

1.4 Define the various parts/modules of the system being studied and list the responsibilities for design and maintenance. For example, the PLC may be a proprietary item which has been applications-programmed by the supplier/user—in which case information will be needed from the supplier/user to complete the assessment. Paragraph No…………………………

1.5 Describe the customer, and deliverables anticipated, for the assessment. For example “XYZ to receive draft and final reports.” Paragraph No…………………………

1.6 Provide a justification, for example, that the SIL calculation yields a target of less than SIL 1, where it is claimed that equipment is not safety-related. Paragraph No…………………………

1.7 Establish that the development (and safety) life cycle has been defined for the safety-related system. Paragraph No…………………………

1.8 Establish that the Quality Plan (or other document) defines all the necessary activities for realizing the requirements of IEC 61508 and that all the necessary design, validation, etc. documents are defined.

2.2 Establish the risk criteria for the failure mode in question. Paragraph No…………………………

2.3 Taking account of the maximum tolerable risk, calculate the SIL(s) for the safety-related system for the failure mode(s) in question. Indicate whether the SIL has been calculated from a risk target, for example, Table 2.2 of Chapter 2 of this book, or derived from LOPA or risk matrix approaches. In the event of using risk graph methods, indicate the source and method of calibration of the method. Paragraph No…………………………

2.4 Check that the appropriate SIL table has been applied (High or Low demand). Paragraph No…………………………

2.5 Review the target SIL(s) against the number of levels of protection and decide whether a lower SIL target, with more levels of protection, is a more realistic design option. Paragraph No…………………………

2.6 Ensure that the design documentation, for example, requirements specification, adequately identifies the use of the safety-related system for protection of the failure mode(s) defined. Paragraph No…………………………

3.2 Remember to address CCF in the above model(s). Refer to the literature for an appropriate model, for example, BETAPLUS. Paragraph No…………………………

3.3 Remember to quantify human error (where possible) in the above model(s). Paragraph No…………………………

3.4 Remember to address both auto and manual diagnostic intervals and coverage in the above model(s). Paragraph No…………………………

3.5 Select appropriate failure rate data for the model(s) and justify the use of sources. Paragraph No…………………………

3.6 Quantify the model(s) and identify the relative contributions to failure of the modules/components within the SRS (safety-related system). Paragraph No…………………………

3.7 Have any the SFF claims been justified or argued? Paragraph No…………………………

4.2 Review each paragraph of Chapters 3 and 4 of this book HAVING REGARD TO EACH FAILURE MODE being addressed. Remember that the qualitative feature applies to the safety-related system for a SPECIFIC failure mode. Thus, a design review involving features pertaining only to “spurious shutdown” would not be relevant where “failure to shutdown” is the issue. Paragraph No…………………………

4.3 Document which items can be reviewed within the organization and which items require inputs from suppliers/subcontractors. Paragraph No…………………………

4.4 Obtain responses from suppliers/subcontractors and follow up as necessary to obtain adequate VISIBILITY. Paragraph No…………………………

4.5 Document the findings for each item above, and provide a full justification for items not satisfied but deemed to be admissible, for example, non-use of Static Analysis at SIL 3 for a simple PLC. Paragraph No…………………………

4.6 Has the use of software downloaded from a remote location, and any associated problems, been addressed? Paragraph No……………………..

Report No…………………….

5.2 If possible include recommendations in the report as, for example:

Paragraph No…………………………

5.3 Address the ALARP calculation where the assessed risk is greater than the broadly acceptable risk. Paragraph No…………………………

5.4 Review the draft report with the client and make amendments as a result of errors, changes to assumptions, proposed design changes, etc.

Meeting (date) …………………………

6.2 In respect of the items identified above requiring the assessment to interrogate subcontractor/suppliers, ensure that each item is presented as formal evidence (document or test) and is not merely hearsay; for example “a code review was carried out.” Paragraph No…………………………

7.2 Consider the competence requirements of designers, maintainers, operators, and installers. Paragraph No…………………………

7.3 Establish the competence of those carrying out this assessment. Paragraph No…………………………