CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
The following notes should be read first:
1. For general guidance on using CASS conformity assessment documents, refer to: ‘ Guidance for assessors on using the CASS TOEs’ available from www.61508.org/cass 2. This conformity assessment template is for the generic SIS safety lifecycle aspects from IEC 61511-1 clauses 6, 7 and 19. It should be used with the template ‘ CASS TOES for FSM Assessment from IEC 61511-1 2016 ’ for the generic functional safety management aspects from clause 5. 3. The TOEs in this template are applicable to all the safety lifecycle phases (clauses 8 to 18) that are in the scope of the FSA. 4. In addition to the two generic templates mentioned above, an assessment of the SIF(s), SRS and SIS should be performed against each relevant clause of the standard (i.e., clauses 8 to 18) as appropriate to the safety lifecycle phases in the scope of the FSA.
5. The following acronyms are used in this template:
CASS Conformity assessment of safety-related systems
FSA Functional safety assessment FSM Functional safety management H&RA Hazard and risk assessment O&M Operation and maintenance SIF Safety instrumented function SIL Safety integrity level SIS Safety instrumented system SRS Safety requirements specification TOE Target of evaluation
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 1 SIS safety lifecycle To ensure the approach to the phases and 6.2.1 definition activities of the SIS safety lifecycle are 6.2.2 structured and defined in a manner that corresponds to Figure 7 and Table 2 of 61511- 1 for the scope of the project and that it defines the inputs, outputs and verification to a sufficient level of detail to allow completion of each phase/activity.
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 2 SIS safety plan To confirm the SIS safety plan/planning 6.2.3 defines the activities, criteria, techniques, measures, procedures and responsible organisations/people to ensure: a) SIS safety requirements are achieved for all modes of the process b) proper installation and commissioning of the SIS c) safety integrity of the SIF after installation d) safety integrity during operation e) process hazards are addressed during SIS maintenance 3 Changes to previous To confirm that any required changes that 6.2.4 lifecycle phases affect a previous lifecycle phase are re- examined, altered as required and re-verified. This applies to changes identified anywhere from hazard and risk assessment to O&M, e.g., as a result of document review, design, test, implementation, etc. If the change is to a SIS already in the O&M phase, then the lifecycle phase ‘SIS modification’ applies and will require a detailed assessment against each requirement in clause 17.
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 4 SIS application program To ensure the SIS application program lifecycle 6.3.1 lifecycle is structured and defined in a manner that 6.3.3 corresponds to Figure 8 and Table 3 of 61511- 1 for the scope of the project and that it defines the inputs, outputs and verification to a sufficient level of detail to allow completion of each phase/activity. 5 Application To ensure the appropriate methods, 6.3.2 programming methods techniques and tools have been planned for development of the SIS application program to meet clause 12.6.2.
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 6 Verification planning To ensure verification is planned in a sufficient 7.2.1 (general) level of detail to describe: 7.2.3 a) the verification activities b) the procedures, measures and techniques to be used c) when verification will take place d) the persons, departments and organizations responsible, including levels of independence e) how to manage and implement actions, recommendations and non- conformances identified by verification f) identification of items to be verified g) identification of the information against which the verification is carried out h) the adequacy of the outputs against the requirements for that phase i) correctness of the data j) tools and supporting analysis k) the completeness of the SIS implementation and the traceability of the requirements l) the readability and audit-ability of the documentation m) the testability of the design n) the tests that demonstrate non-safety functionality does not interfere with safety-functions
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 7 Verification planning To ensure that when testing is specified, 7.2.2 (testing) verification planning covers: a) the strategy for integration of application program and hardware and field devices, including the integration of sub-systems that shall comply with other standards b) test set-up and type of test to be performed including the hardware, application programming, and programming of devices c) test cases and test data d) the test environment, tools, hardware, software and required configuration e) test criteria on which the results of the test will be evaluated f) procedures for corrective action on failure during test or non- conformances g) physical location(s) (e.g., factory or site) h) dependence on external functionality i) personnel j) management of change 8 Implementing the To confirm the verification activities have been 7.2.4 verification plan performed in accordance with the verification plan for each phase/activity specified in the SIS safety lifecycle planning.
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 9 Modifications and re- To ensure that any modifications resulting 7.2.5 verification from testing are subjected to impact analysis and any necessary re-verification performed. 10 Verification To ensure the verification results are made 7.2.6 documentation available and the objectives and criteria have been met (See also TOEs 11-13). 11 Information and To confirm that documentation produced as 19.2.1 documentation (general) part of SIS safety lifecycle activities/phases is 19.2.2 fit for purpose, available to those involved in 19.2.3 the SIS safety lifecycle and contains all 19.2.5 relevant descriptions of the SIS design, installation, operation, maintenance and testing. Each document should be accurate, understandable, accessible, maintainable (i.e. editable) and traceable to the SRS and H&RA. 12 Document identification To ensure each document is appropriately 19.2.4 and revision control designated for its type, is uniquely identifiable, 19.2.6 contains a revision index, is searchable and 19.2.7 stored so as to allow location of the latest 19.2.8 revision and is revised, reviewed, approved and under appropriate revision control.
CASS TOES FOR SIS SAFETY LIFECYCLE ASSESSMENT (IEC 61511-1: 2016)
TOE Target of Evaluation IEC 61511 Auditee’s
Purpose of TOE Assessor’s comments Ref. (TOE) references documents 13 Documentation scope To ensure the documentation covers: 19.2.9 and contents a) Results of the H&RA and the related assumptions b) Equipment that forms the SIS with related safety requirements c) Organisation responsible for maintaining functional safety d) Procedures necessary to achieve and maintain functional safety of the SIS e) Revisions from any modifications f) Relevant safety manual(s) g) Design, implementation, test and validation