Paper 2: Why embrace the concept of the Safety Requirements Specification?
Institute of Measurement and Control – Functional Safety 2016
7
One point must be accepted. Whilst some SRS content might be referenced to
other documentation, the SRS itself is an additional document. Making any
attempt to consolidate the SRS into a list of existing design documents and
specifications entirely misses the point. The standard requests that the SIS
requirements should be expressed and structured in such a way that they are:
- clear, precise, verifiable, maintainable and feasible; and
- written to aid comprehension by those who are likely to utilize the
information at any phase of the life cycle
The paradigm shift
There are two changes which together could lead to a new approach and new
appreciation of the benefits that an SRS can deliver. First is
ownership
. If the
design and integration of an SIS can be completed without an SRS, then it is
unlikely it will get the required focus or deliver the benefits required. As the duty
holder is the major beneficiary of the document, then it is logical that the duty
holder take ownership in stating expectations, controlling content and
managing the evolution of the SRS from the earliest stages of the project. Let’s
not forget, it is an expectation of Functional Safety Planning. Second is
identity
. If you walk round the average process unit, it is virtually impossible to
determine which devices are safety-related and which are not. Good
engineering practice requires us to impose strict controls on our safety assets
and ensure they are secure against any unauthorised intervention. This is
referred to as Configuration Management in IEC61511. With an increasing
emphasis placed on the threats possible due to poor cyber security, the SRS is
an opportunity not only to specify the functional safety requirement but also
how other objectives like system security, access control, configuration
management and control of specific reference documents. The SRS is unique
to SIS and can contain the requirements which will lead it to being identifiable,
manageable and secure.
Define SIS expectations
The SRS is an exercise in consolidation of information contained in many
documents as well as in the heads of those responsible for designing and
specifying what will become the SIS. The analysis phase of a new project or a
replacement system is a complex combination of process design and hazard
and risk assessment in parallel with the definition of the entire automation
solution. IEC 61511 expects the entire life cycle to have a functional safety
plan. Planning for the SRS will help you consider how to get the most out of this
activity. Defining roles and responsibilities is necessary to ensure that the
activity is completed as you wish with the right people involved. The SRS
requires an owner but also team input as a single individual cannot have all of
the skills and knowledge to produce a complete concise and usable SRS. In
our experience finding an individual with overall responsibility for the SRS from
within the project can result in a document biased by the needs of their day-to-
day responsibilities. In addition, this lack of independence may result in key
questions not being asked as people rarely question their previous decisions,
assumptions or opinions. The option of an independent person with broad
experience is worth considering. The actual content and format of your SRS is
flexible but to meet the objectives stated above it should focus on safety-related