![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0248.jpg)
Functional Safety 2014
4
th
– 5
th
November 2014
Copyright © 2014 by Cenbee Bullock PFS Consulting Ltd
Page 12 of 14
For LVL and FVL, the design, development and verification of the software should follow the
recommended structures and procedures as stated in IEC61508 part 3 in order to demonstrate the
systematic capability of the system.
Fig 6 illustrates the steps and procedures for the design, development and verification of the software
with reference to IEC61508-3. All steps shown should be followed in order to demonstrate the
systematic capability of the software. The Safety Requirement Specification (SRS) for application
software should be written for the specific project requirement for the software and be designed and
developed accordingly. For example, when joining two certified library function blocks into one
specific function, the joining procedure should be written in the application software SRS for the
specific project. The testing methodology should be written in the Safety Manual.
The PE System supplier should provide a Safety Manual for the programmable software language with
full instructions for installation, testing and modification and also state the systematic capability. Any
modification or change to an LVL library function block should be confirmed and verified against
IEC61508-3. Any new function block should be written according to the instructions in the safety
manual.
For FVL, certified software tools (i.e. utility software) should be used for software verification. It
should be reviewed and approved by a suitably qualified independent assessor. All steps and
procedures for the design and development or any modification during verification and testing should
be recorded with systematic traceability.
A Programmable Electronic system has the highest potential for systematic failures compared to
Electro-Mechanical systems. They can be caused by widespread factors: environmental influences,
human errors, software bugs and data communication error etc. The V-model provides the most
effective techniques and measures to demonstrate the systematic capability. All PE system suppliers
are required to provide evidence of their compliance to these procedures.
The above procedures demonstrate the importance of using a systematic approach throughout the
safety lifecycle and good control documentation system is vital for the process.
Measures of Human Reliability
ISA TR84.00.02-2002 states that systematic failures caused by human error can take place in any phase:
design, installation, proof test and operation in by-pass mode. This can be represented
mathematically by:
Psys-human error = Pdesign error + Pinstallation + Pproof test error + Pbypassed
The US Process Improvement Institute (PII) produced a Standardised Plant Analysis Risk Model (SPAR-
H) based on work by the US Nuclear Regulatory Commission (NUREG). The model enabled analysis of
human reliability which found various reasons for possible human errors in a given task, including:
insufficient time, stress, fitness for duty, complexity of the design, experience, training, competence,
communication, procedures, work supervision, work environment and the number of personnel.