Application Functional Safety IEC 61511

Size: px

Start display at page:

Download "Application Functional Safety IEC 61511"

Theodore Conley
9 years ago
Views:

1 Application Functional Safety IEC 61511

2 Introduction Functional safety must be an integral part of the project execution if we shall succeed to make safe application program We can t test and audit safety into a project Safety must be built in never bolted on! If we shall succeeded with this in a lager scale we must have competent people and procedure in place Introduction

into a project Safety must be built in never bolted on!

3 Introduction Which safety lifecycle phases in IEC is applicable for an application program development? Typical verification activities? How can a safety project organization look like? How to ensure that the competency in the project is sufficient? What is the difference between FS Audit and FSA?

How can a safety project organization look like?

4 IEC Safety Lifecycle Phases Activities Responsibilities End user / operator Analysis phase 1-2 Identify hazards, specify requirements Design & Installation Commissio ning Phase 3-5 Configure to requirements Engineering / Equipment Supplier Operation phase 6-8 Operate, maintain & modify End user / operator Phase 9-11, responsible - ALL

Commissio ning Phase 3-5 Configure to requirements Engineering / Equipment Supplier

5 Safety Life Cycle The Application Program development must comply to the following phases in the safety lifecycle: Phase 4 Design and engineering Phase 9 Verification Phase 10 FSM, FS Audit and FSA Phase 11 Planning The Design and engineering phase 4 is divided into the following sub phases 4.1 Design basis 4.2 Basic design 4.3 Detailed design 4.4 Fabrication 4.5 Test & Validation Safety Life Cycle

Phase 11 Planning The Design and engineering phase 4 is divided into the following sub phases 4.

7 Workflow Project Management Workflow

8 11 - Planning Plan all safety activities Required input and out from each phase High level of safety activities in application program development Scope with regards to the safety life cycle Verification activities Test and validation Test strategy Job description 11 - Planning

development Scope with regards to the safety life cycle Verification

9 11 - Planning Who is responsible for what RACI Matrix Project organization Needed competency Safety requirerments tracking Test specifications Configuration Management Validation and Assessment planning 11 - Planning

requirerments tracking Test specifications

10 10 FSM and 11 Planning Safety Assessor 10 FSM and 11 Planning

11 10 FSM Why is competency important? The application program developer is responsible for the safety of the delivered application program This responsibility can't be limited by contract or transferred to contractual partners As a result of this, the application developer must secure their own competency to take care of their responsibility Every project need to possess necessary competence 10 FSM

program This responsibility can't be limited by contract or transferred to contractual partners As

12 10 FSM How do we secure necessary competency in each project? Competency Assessment What is competency Assessment? What is the required competency What is the possessed competency Necessary measures to close the gap 10 FSM

13 10 FSM Who need to be competency assessed? A competency assessment is required for any member of the project s team undertaking any of the following activities: Functional safety management (including the project manager) Hardware and software design Hardware build Software coding Quality control activities (including testing and hardware inspection) 10 FSM

of the following activities: Functional safety management (including the project manager)

14 9 - Verification Verification activities Document review Basic design review Detailed design review Code review Testing For more consistency during verification is checklists used 9 - Verification

15 4.1 Design basis Application program integrators is responsible to check the received input documentations Is the needed input received? Is it enough input to create a safe application program? Analyze the Safety Requirements method used for consistent verification is check lists 4.1 Design basis

Is it enough input to create a safe application program?

16 4.2 - Basic design Write Function description Function design specification Safety Analysis Report How to fulfill the safety requirements Any deviation from the safety requirements is highlighted here Any assumption where safety requirements is missing is highlighted here Any new typical solutions is designed during basic design Basic design

requirements is highlighted here Any assumption where safety requirements is missing is

17 4.3 - Detailed design Detailed design System design Choose topology HW design SIL achievement PFD calculation SW design - Programming manual Detailed design specification Detailed design

18 4.4 Fabrication Fabrication phase System setup and configuration HW build Application programming Final documentation 4.4 Fabrication

19 4.5 Test and Validation Internal Acceptance Test HW inspection HW module test SW module test Control logic and functional test Integration test Factory Acceptance Test Safety validation 4.5 Test and Validation

logic and functional test Integration test Factory

20 10 FSM Functional Safety Audit and Functional Safety Assessment What is the difference FS Audit: Has the project established and followed relevant procedures? FS Assessment: Is the project delivery safe? This is done by judgment of the project activities and deliverables The assessment can also judge the requirements, will these requirements make a safe product 10 FSM

FS Assessment: Is the project delivery safe?

21 10 FSM FS Audit is mandatory activity Can be performed by a quality manager Has the project established: A FSM organization? Necessary procedures and documentations 10 FSM

22 10 FSM Functional Safety Assessment is a mandatory activity Must be lead by a independent senior person The assessment team need technical knowledge Scope to judge that the deliverables form the project is safe The assessment team can also put question to the requirements in the project 10 FSM

23 Conclusion Developing safety application program is much more than just writing the application program Management is an important part of a safety project Safety must be an integral part of the project In large scale this can only be achieved through high degree of competency When necessary ABB can guide suppliers and customer in what is required to make safe application programs Conclusion

24 More time left? What is LVL? Conclusion

25 LVL - Limited Varability Language Defined in IEC Type of programming language IEC programming languages like Function Block Diagram Ladder Diagram Sequential Functional Chart Common for them Graphical programming interface Conclusion

26 What does use of LVL men in practice LVL application program much simpler than C++ program Do not have to use all the methods and techniques in IEC Which methods and techniques to use when developing a LVL application program is not well defined in IEC Conclusion

IEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.: