InstMC FS2016 (Rev 3.0)
Page
4
of
10
Nicol Instrument Engineering Limited
in the review. It also requires the FSA team to consider the conclusions and recommendations of any
previous assessments.
An FSA on a modification shall consider the impact analysis carried out on the proposed modification
to confirm that the modification work performed is in compliance with the standard.
Added is periodic FSAs to be carried out during the operations and maintenance phase to ensure that
the maintenance and operation tasks are being carried out per the assumptions made during design,
and that the requirements for the safety management and verification is being met.
Functional safety audit and revision
There is a new requirement to review the documents and records to determine there is a functional
safety management system (FSMS), it is up to date, and is being followed. With any assessed gaps
having corrective recommendations for improvements.
There is a requirement for a safety audit on any procedure identified as necessary for safety life-cycle
activities.
This edition provides clarification that ‘like for like’ is ‘an exact duplicate of an element or an approved
substitution that does not require modification to the SIS as installed’.
SIS configuration management
SIS
This edition requires the SIS software, hardware and procedures used to develop and execute the
application program to be subjected to configuration management and are maintained under revision
controls. Note that SIS software includes application program (e.g., logic solver(s)), embedded
software (e.g., sensors, logic solvers, final elements), or utility software (tools).
Clause 6: Safety life-cycle requirements
Added is a requirement to re-exam, altering as required and re-verifying, earlier and subsequent
changes when a change is required to an earlier lifecycle phase.
It also adds sub-clauses on “application programming SIS safety life-cycle requirements”, and moves
previous edition Figure 11 (now Figure 8) and Table 7 (now Table 3) into this clause, and also includes
methods, techniques and tools applied for each life-cycle. Both figures and tables have been updated
to reflect the changes of emphasis for application program rather than software.
Clause 7: Verification
This edition clarifies that verification planning shall be carried out throughout the SIS safety life-cycle
and now includes the application program. These include requirements for addressing the; adequacy
of the outputs against the requirements, correctness of the data, completeness of the SIS
implementation, the traceability of the requirements, readability and audit-ability of the
documentation, and testability of the design.
It also adds requirements for when the verification includes testing. This includes the strategy for
integration of application program, hardware and field devices. With test scope that describes the test
set-up and the type of tests to be performed (includes hardware, application programming, and
programming devices), the environment including tools, hardware, all software required, criteria (e.g.,
pass/fail criteria) that the test will be evaluated.
There is also a new requirement to verify for non-interference with the safety functions when non-
safety functions are integrated with safety functions.