The Importance of Functional Safety Assessment and its Application
Page
8
of
12
Table 4 identifies the consequence values for the specified level of independence as:
v
Consequence A: minor injury (for example temporary loss of function);
v
Consequence B: serious permanent injury to one or more persons, death to one
person;
v
Consequence C: death to several people;
v
Consequence D: very many people killed.
Table 5 identifies the Minimum level of independence based on the Safety Integrity Level / Systematic
Capability.
Both these tables identify the following independency criteria:
v
X: the level of independence specified is the minimum for the specified consequence
(Table 4) or safety integrity level/systematic capability (Table 5).
v
Y: the level of independence specified is considered insufficient
v
Factors that will make X2 more appropriate than X1 are:
Ø
Lack of previous experience with a similar design;
Ø
Greater degree of complexity;
Ø
Greater degree of novelty of design;
Ø
Greater degree of novelty of technology.
IEC 61511 Ed2 part 1, identifies that the membership of the assessment team shall include at least
one senior competent person not involved in the project design team [i.e. independent] or not involved
in the operation & maintenance of the SIS.
Both these standards require documented evidence of how independence is established by differing
roles involved in each phase of the safety lifecycle.