Paper 2: Why embrace the concept of the Safety Requirements Specification?
Institute of Measurement and Control – Functional Safety 2016
3
Automation design.
Overlapping the process design the overall automation system is
developed. In order for each element of the automation solution to be procured, each
must have an individual specification to capture all requirements. For the SIS, each
element including field equipment and control room equipment will have its own
specification. The logic solver being described by its physical requirements,
connectivity, capacity and configuration normally based on cause and effect diagrams.
From now we are dealing with devices rather than SIFs and a SIS. Individual
specifications are unlikely to be questioned.
System integration and test.
Each manufacturer follows the requested specification.
For more complex elements such as the logic solver the specification is often
developed with the automation designer in order to clarify specific elements of the
configuration. Decisions are made outside of the multi‐disciplined team who specified
the solution. Systems are tested with varying levels of component integration and
normally against the latest revision of design documentation.
Site integration
. The bringing together of all elements of the automation system on‐
site including installation, commissioning and testing is often chaotic with many
different disciplines working in parallel. Due to the nature of this activity a detailed
plan is difficult to prepare and can be even more difficult to stick to give the
constantly changing situation and resources.
Operate and maintain.
As operating experiences gained procedures carried out by
individuals often evolve and are not necessarily reflected back into the
documentation. Maintenance and proof testing practices vary considerably in their
degree of rigour and the recording of activities and results.
Modify and enhance.
Over time numerous changes will be made. These may either be
minor changes with no assumed impact or major enhancements. In each case the
original design intent may not be clear to those assessing the risk of the change as
knowledge of the original design becomes more distant and people move on.
Individuals may have wider responsibilities and may call on third parties expecting
them to have the knowledge required.
During all the above phases it is possible that commercial goals may come into
conflict with the number one priority of safety. Individuals and functions work
under time pressure and productivity is measured in various ways. Between
each phase and within each phase are interfaces between individuals and
disciplines. Each interface is also a source of error. Like the Chinese whisper,
errors can be compounded giving a believable but erroneous result. Our
industry is full of talented engineers and technicians but often their reaction to
the concept of personal or collective failure ranges from denial to fingers
pointed elsewhere. A well written SRS encourages the contributors and
consumers to have a wider understanding of exactly why each part of an SIS is
designed as it is. Knowledge outside the boundaries of an individual’s discipline
will lessen the potential for unnoticed error at interfaces.
The Safety Lifecycle. Controlling systematic error
In most industrialised Countries, the IEC 61511 standard is recognised as
defining good engineering practice for the implementation of Safety
Instrumented Systems. IEC 61511 sets out a number of key concepts, one of