Functional Safety 2014

4

th

– 5

th

November 2014

Copyright © 2014 by Cenbee Bullock PFS Consulting Ltd

Page 11 of 14

The systematic capability for Application software should be designed, developed and verified against

the software safety lifecycle; i.e. the V-model in IEC61508-3 (see Fig 6). The requirements are different

according to the flexibility and complexity of the written language.

Fig. 6 Illustration of V-Model for Programmable Electronic System

Application Software consists of three different language types:

i.

Fixed programmable language (FPL) – no alteration is available in this programmable language;

changes are restricted to parameters of set point and alarm only; the software for the majority

of off-the-shelf smart transmitters is written in this type of language. The software is normally

verified and certified by the manufacturer’s engaged party; there is no mandatory

requirement to comply with the V-model.

ii.

Limited Variability Language (LVL) – this programmable language normally consists of pre-

defined application library functions that have been verified by a third party certifying body

or a subject qualified specialist. Limited changes may be available to specific functions only,

provided the supplier’s safety manual is followed (any additional functions should be verified

against IEC61508-3 to demonstrate the systematic capability). Software such as ladder logic

and function blocks are written in this language.

iii.

Full Variability Language (FVL) – this programmable language is more complex and provides

for a wide range of functionality and application. The software is normally written in C, C++,

and Pascal etc. The software should be verified using certified (utility) software tools and

checked by an independent assessor. All documentation including coding, developing and

testing must be traceable.