Upload
armitage-communications
View
228
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Â
Citation preview
© ABB Inc.April 24, 2023 | Slide 1
WCS-114-1Changes to IEC61508 and its impact on implementation
ABB Automation & Power World: April 18-21, 2011
© ABB Inc. April 24, 2023 | Slide 2
WCS-114-1 Changes to IEC61508 and its impact on implementation
Speaker name: Stuart Nunns
Speaker title: Managing Consultant Functional Safety
Company name: ABB
Location: UK
Presentation Topics
Section 1 - New Development of IEC 61508 2nd Edition
Overview of key changes
Section 2 - How to manage functional safety
Safety Assured Solutions
© ABB Group April 24, 2023 | Slide 3
© ABB Inc.April 24, 2023 | Slide 4
Your safety is important to usPlease be aware of these emergency procedures
In the event of an emergency please dial ext. 55555from any house phone. Do not dial 9-1-1.
In the event of an alarm, please proceed carefully to thenearest exit. Emergency exits are clearly marked throughout the hotel and convention center.
Use the stairwells to evacuate the building and do notattempt to use the elevators.
Hotel associates will be located throughout the publicspace to assist in directing guests toward the closest exit.
Any guest requiring assistance during an evacuationshould dial “0” from any house phone and notify the operator of their location.
Do not re-enter the building until advised by hotelpersonnel or an “all clear” announcement is made.
© ABB Inc.April 24, 2023 | Slide 5
Your safety is important to usConvention Center exits in case of an emergency
Know your surroundings: Identify the meeting room your workshop is being held in Locate the nearest exit
Section 1 - Functional Safety StandardsIEC 61508 IEC 62061 :
Machinery Sector
IEC60601Medical Devices
IEC 61513 :Nuclear Sector
IEC 61511 :Process Sector
IEC 61800 Adjustable Speed
Electric Power DriveSystems
EN50128:Railways
EN50156:Furnaces
IEC61508
Ed 2 released
April 2010
IEC 61508 IntroductionParts of the Standard
Part 1:Part 1: General requirements Part 2:Part 2: Requirements for electrical, electronic,
programmable electronic systems Part 3:Part 3: Software requirements Part 4:Part 4: Definitions and abbreviations Part 5:Part 5: Examples of methods for the determination of
safety integrity levels Part 6:Part 6: Guidelines on the application of Parts 2 & 3 Part 7:Part 7: Overview of techniques and measures
Compliance must be proven for parts 1-4 only
’shall’ is a normative requirement
’Should’ is an informative requirement
Overview of changes
Safety Lifecycle * Security * Functional Safety
Assessment * Management of
Functional Safety * Design fundamentals * SIF hierarchies *
Pre-existing software * Communication * Safety manual * Tracebility * Software Tools * Asics/Multicore On-chip IC’s Techniques & Measures –
properties & rigour
*Topics covered during this presentation
Safety Lifecycle – Part 1
Safety Req. Spec Safety Req. Spec has now its own lifecyclephase
See Part 1 7.10.1. for Objectives and 7.10.2. for Requirements
Objective*: ”…is to define the system safety requirements,
regarding the safety functions requirements
and the integrity requirements, in order to achieve the required
functional safety.” Specifies what information the end
user is required to supply to the system integrator
© ABB Group April 24, 2023 | Slide 9
(*taken from IEC61508)
End user/EPC
System Integrator/designer
Security – Part 1
*The standard does not specify the requirements needed to meet a security policy that may be required
But it is recognized as being important: *Part 1, Section 7.4. (Hazard Analysis):
If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.
*NOTE 3: For guidance on security risks analysis, see IEC 62443 series
*Part 1, Section 7.5. (Overall Safety Requirements): If security threats have been identified, then a vulnerability
analysis should be undertaken in order to specify security requirements
© ABB Group April 24, 2023 | Slide 10
(*taken from IEC61508)
Functional Safety Assessment – Part 1 8.2.14.: Those carrying out a functional safety assessment
shall be competent for the activities to be undertaken, according to the requirements
Part 1 provides a new approach to classify competence
© ABB Group April 24, 2023 | Slide 11
(*taken from IEC61508)
Management of Functional Safety Part 1
Significant restructuring Shalls against all sub-clauses Organisations shall appoint one or more persons with
responsibility for one or more phases….. All persons, depts or orgs shall be identified, responsibilities
clearly defined and communicated Activities related to management of functional safety shall be
applied at the relevant phases All persons undertaking specific activities shall have the
appropriate competence The competence shall be documented
Competency now normative
© ABB Group April 24, 2023 | Slide 12
Design fundamentals– Part 2: 7.4.2.2
Design of safety-related system shall meet:
Hardware safety integrity Architectural constraints 1
H and 2H
Quantification of random hardware failures
On-chip ICs
Systematic capability Avoidance & control of systematic faults 1S or
Proven in use 2S or
Pre-existing software 3S
System behaviour on detection of fault
Data communications
© ABB Group April 24, 2023 | Slide 13
√
√
√
√√
Hardware safety integrity – Part 2
Route 1H
Architectural constraints HFT & SFF
Route 2H
Based on: Component reliability data –feedback from end users and Increased confidence levels and HFT for specified safety integrity levels
© ABB Group April 24, 2023 | Slide 14
Systematic Capability – Part 2
Systematic capability Systematic capability – is the concept being developed for systematic safety integrity compliance for elements and sub-systems
Replaces the term: “effectiveness against systematic failure” Measure on a scale 1-4 that the systematic safety integrity of an
element fulfills the given safety function considering the instructions stated in the safety manual
Three routes are proposed: Compliance with techniques and measures tables 1S
Proven in use concepts 2S
For software that does not satisfy the first two routes 3S
© ABB Group April 24, 2023 | Slide 15
(*taken from IEC61508)
Simplified Example: Hierarchies
Logic SolverLogic SolverSensorsSensors ActuatorsActuators
elements
Sub-system
Sub-system
system
entity of the top-level architectural design of a safety-related system where a dangerous failure of the subsystem results in dangerous failure of a safety function
part of a subsystem comprising a single component or any group of components that performs one or more element safety functions
implements the required safety functions necessary to achieve or maintain a safe state for the EUC;
Requirements for Integration of pre-existing Software (7.4.2.2) - Part 2 & 7.4.2.12 - 13 Part 3
pre-existing software software element which already exists and is not developed
specifically for the current project or safety-related system
For 3S
Creation of a precise software safety requirement specification The properties of software system capability shall be fulfilled Creation of a safety manual Validation and documentation of the compatibility (HW & SW) Software shall have been validated and verified (tests, code
reviews etc.) Non used functions of the software shall not have influence on the
safety system Credible failure mechanisms have been identified and
countermeasures developed
© ABB Group April 24, 2023 | Slide 17
Data Communication - Part 2
New section 7.4.11. on additional reqs. for data communication
Two possible approaches* The entire communication channel shall be designed,
implemented and validated according to the IEC 61508 series and IEC 61784-3 or IEC 62280 series
This is a so-called ‘white channel’ (see Figure 7 a)
© ABB Group April 24, 2023 | Slide 18
(*taken from IEC61508)
Data Communication - Part 2
Parts of the communication channel are not designed or validated according to the IEC 61508 series
This is a so-called ‘black channel’ (see Figure 7 b) But, measures necessary to ensure the failure performance
of the communication process shall be implemented e.g. PROFIsafe on PROFINET
© ABB Group April 24, 2023 | Slide 19
(*taken from IEC61508)
Safety Manual - Part 2 – New Annex D
New requirements*: 7.4.9. Requirements for E/E/PE system implementation:
7.4.9.6: Suppliers shall provide a safety manual for items for which they claim IEC 61508 compliance
7.4.9.7: Suppliers shall document a justification for all the information that is provided in each safety manual
© ABB Group April 24, 2023 | Slide 20
(*taken from IEC61508)
Safety Manual – Part 3 – New Annex D What shall it contain?
Required competence of the user (minimal skills) Trustworthiness of the element (certificates etc.) Installation instructions The reason for release of the element Compatibility to previous elements or other systems Configuration of the element (version number, modification) Modification control (how to update the element?) Requirements that were not realized Description of the default configuration Description of specific user profiles
© ABB Group April 24, 2023 | Slide 21
Traceability - Part 3
More significance on traceability Extract from the standard:
Forward traceability between the system safety requirements and the software safety requirements
Backward traceability between the safety requirements and the perceived safety needs
Forward traceability between the software safety requirements specification and software architecture
Forward traceability between the software design specification and the module and integration test specifications
etc. 34 hits on traceability requirements in Part 3 alone !
© ABB Group April 24, 2023 | Slide 22
Software off-line support toolsQuick side-trip - Part 4
*Divided in 3 classes T1
generates no outputs which can directly or indirectly contribute to the executable code of the safety related system
e.g. texteditor
T2
supports the test or verification of the design or executable code errors in the tool can fail to reveal defects but cannot directly create errors
in the executable software e.g. static analysis-tool
T3
generates outputs which can directly or indirectly contribute to the executable code of the safety related system
e.g. Automatic code generator
© ABB Group April 24, 2023 | Slide 23
(*taken from IEC61508)
Software off-line support toolsQuick side-trip - Part 4
*Off-line support tools of classes T2 and T3
Configuration management shall ensure that information on the tools is recorded:
Tool identification and version Configuration baseline identification Usage of the tool for each configuration baseline item
including the tool parameters, options and scripts selected
© ABB Group April 24, 2023 | Slide 24
(*taken from IEC61508)
Other topics Code reviews mandatory
Modifications at any phase linked to earlier phases – impact assessment required
100% structural testing
© ABB Group April 24, 2023 | Slide 25
© ABB Group April 24, 2023 | Slide 26
Section 2 - How to manage Functional Safety Some considerations (1)
Technology driven Methodology, procedures and systems Compliance with standards / good practice Compliance with the overall safety lifecycle
Product safety Fit for purpose Performance guarantees
Competency assurance People - knowledge, experience, training and qualifications
© ABB Group April 24, 2023 | Slide 27
Functional Safety Management Some considerations (2)
Role of an instrumented safety system as part of your basis of safety
Compliance to good practice standards i.e, IEC 61511 Use of certified:-
Safety products E.g. 800xAHi, SafeGuard, PlantGuard Field Instruments Final elements
Engineers Organisations
Mapping the complete safety lifecycle
© ABB Group April 24, 2023 | Slide 28
End Users - What to look for?Safety Assured Solutions
Product SIL 3 (third-party) certified capable products safety track record Significant global installed base R&D investment programme
People Competency management systems in place Certified experts and engineers (industry benchmark) Hazard & risk practitioners
Organisation & Systems Assured SIL 3 (third-party) certified capable solutions thru global
execution capability Development of an appropriate basis of safety (ALARP)
© ABB Group April 24, 2023 | Slide 29
Safety Lifecycle Model – Risk Management Process Safety Management
Systems Behavioural Safety & Culture Process Hazard Review Lifecycle Hazard Studies
(including HAZOP 1-6) Pressure Relief Mechanical Integrity SIL Determination Hazardous Area Risk
Assessment and Classification
© ABB Group April 24, 2023 | Slide 30
Safety Lifecycle Model – Design & Engineering – (1) SIS Delivery Application specific solution
SIL Achievement Specification Detailed design Realisation (Total Solution) Certified Engineers Certified FS management systems
Commissioning Validation
© ABB Group April 24, 2023 | Slide 31
Safety Lifecycle Model – Design & Engineering – (2) Safety Execution Capability
Global footprint Third-party certified for delivering
application specific solutions:- Comprehensive systems, methodology
documentation Competency assured Certified safety platforms
SIL 3 capable
© ABB Group April 24, 2023 | Slide 32
Safety Lifecycle Model – Operations and Maintenance
Full Service
Reliability and Operations Improvement Modifications , upgrades 24/7 Service Level Agreements Certified service organisations Performance assurance Testing and repairs Operating and Maintenance Procedures
© ABB Group April 24, 2023 | Slide 33
Safety Lifecycle Model – Operations and Maintenance
Consulting
Organisational Culture / Change Human Reliability Assessment Safety Critical Procedure Assessment Staffing Levels and Workload Assessment Pre Start-up Safety Review Legacy Systems Review Control Room Performance Assessment Alarm Management Health Check Safe Systems of Work Management of Change Incident Investigation Support
Conclusion – 61508 Ed 2 More routes to demonstrate compliance Downwards compatibility was followed Reaction to user requests to get more practical examples Some updates to consider new technologies
Updates include: Systematic capability Management of Functional Safety Functional safety assessemnt Safety manual Communication Security Asics/Multicore
© ABB Group April 24, 2023 | Slide 34
© ABB Inc.April 24, 2023 | Slide 35
RemindersAutomation & Power World 2011
Please be sure to complete the workshop evaluation
Professional Development Hours (PDHs) andContinuing Education Credits (CEUs):
You will receive a link via e-mail to printcertificates for all the workshops you have attended during Automation & Power World 2011.
BE SURE YOU HAVE YOUR BADGE SCANNEDfor each workshop you attend. If you do not haveyour badge scanned you will not be able to obtainPDHs or CEUs.
© ABB Group April 24, 2023 | Slide 36