InstMC FS2016 (Rev 3.0)

Page

4

of

10

Nicol Instrument Engineering Limited

in the review. It also requires the FSA team to consider the conclusions and recommendations of any

previous assessments.

An FSA on a modification shall consider the impact analysis carried out on the proposed modification

to confirm that the modification work performed is in compliance with the standard.

Added is periodic FSAs to be carried out during the operations and maintenance phase to ensure that

the maintenance and operation tasks are being carried out per the assumptions made during design,

and that the requirements for the safety management and verification is being met.

Functional safety audit and revision

There is a new requirement to review the documents and records to determine there is a functional

safety management system (FSMS), it is up to date, and is being followed. With any assessed gaps

having corrective recommendations for improvements.

There is a requirement for a safety audit on any procedure identified as necessary for safety life-cycle

activities.

This edition provides clarification that ‘like for like’ is ‘an exact duplicate of an element or an approved

substitution that does not require modification to the SIS as installed’.

SIS configuration management

SIS

This edition requires the SIS software, hardware and procedures used to develop and execute the

application program to be subjected to configuration management and are maintained under revision

controls. Note that SIS software includes application program (e.g., logic solver(s)), embedded

software (e.g., sensors, logic solvers, final elements), or utility software (tools).

Clause 6: Safety life-cycle requirements

Added is a requirement to re-exam, altering as required and re-verifying, earlier and subsequent

changes when a change is required to an earlier lifecycle phase.

It also adds sub-clauses on “application programming SIS safety life-cycle requirements”, and moves

previous edition Figure 11 (now Figure 8) and Table 7 (now Table 3) into this clause, and also includes

methods, techniques and tools applied for each life-cycle. Both figures and tables have been updated

to reflect the changes of emphasis for application program rather than software.

Clause 7: Verification

This edition clarifies that verification planning shall be carried out throughout the SIS safety life-cycle

and now includes the application program. These include requirements for addressing the; adequacy

of the outputs against the requirements, correctness of the data, completeness of the SIS

implementation, the traceability of the requirements, readability and audit-ability of the

documentation, and testability of the design.

It also adds requirements for when the verification includes testing. This includes the strategy for

integration of application program, hardware and field devices. With test scope that describes the test

set-up and the type of tests to be performed (includes hardware, application programming, and

programming devices), the environment including tools, hardware, all software required, criteria (e.g.,

pass/fail criteria) that the test will be evaluated.

There is also a new requirement to verify for non-interference with the safety functions when non-

safety functions are integrated with safety functions.