2. Product/Project Scope and Life-cycle Details for this Product/Project
Functional Description: The boundary of the safety-related system (e.g., Input and output signals relating to the safety functions)
Overall life cycle, e.g., design, control of subcontract software, test, installation, and commissioning.
Software life cycle (See Chapter 4) including tools and compilers and their version numbers.
3. Hazard Analysis and Risk Assessment
Description of the hazard or hazardous failure mode (so-called “dangerous” failure or failures) (e.g., failure to move valve, loss of heating, overpressure, etc.).
Description of the so-called “safe” failure or failures (e.g., spurious valve movement, spurious release, etc.).
Target maximum tolerable failures rates (or PFDs).
Allocation of targets to subsystems (e.g., spurious valve movement, spurious release, loss of heating, overpressure, etc.).
SIL targets (e.g., SIL 1 for functions A, B, and C and SIL 2 for functions D and E).
Mode of operation (i.e., High or Low Demand)
4. Items/Deliverables to be Called for and Described in Outline
Document Hierarchy
For example, Requirements Specification, Hardware Specifications and Drawings, Software Specification, Code listings, Review plan and results, Test plan and results, Validation Plan and report, relevant standards such as for coding or for hardware design.
Example document list.
Document
Number
Date and sign off
Quality and Safety Plan
Functional spec
Software architecture spec
Hardware architecture spec
Parts list (for each hardware module)
Functional Safety Assessment Report to include random hardware failures and safe failure fraction
Technis/ESC report No….
Design Review Report, FMEA
Design Review Report, software specification
Design Review Report, hardware design
Design Review Report, test results (all tests including emc, ATEX, functionality, misuse)
Design Review Report
Composite Test Report
Validation Report
User manual/safety manual
Commissioning manual
Operation manual
Maintenance manual
List of Hardware Modules
Including the configuration of hardware (e.g., voted channels and redundant items). Details of their interconnection and human interfaces.
List of Software Items
Media, listings.
User Manual
Safety manual.
Hardware and/or software manual.
To describe limitations of the SIL claims. Examples are:
• Proof test interval
• Mean repair time (revealed failures)
• Routine maintenance plan
• Environment
• Age for replacement of either component parts or whole item
Review Plan
For example, Design reviews of functional spec and of code listings and test results and validation report.
Typical reviews might address:
• Fault tree modeling results
• The software specification (including architecture) to specifically target the safety related functions (loops) as identified in the fault tree models
• The hardware design (to address all/any hardware recommendations made in the assessment study)
• The test results vis a vis the safety integrity functions
Test Plan
For example, List of module tests, functional test, acceptance tests, environmental tests.
Validation Plan/Report
Could be in the form of a matrix of rows containing the numbered requirements from the functional or safety specification and columns for each of the reviews, tests, assessments etc.
5. Procurement
Evidence of suitability of procured instruments or designs will be obtained by means of either:
• Reputable certification or
• A safe failure fraction and failure/rate/PFD argument endorsed by the safety assessor.