Recent Changes to the IEC 61511 Standard for Functional Safety for the Process Industry

Published by Graham Foss on
Compliance management, Configuration Change Management, Disaster Recovery Solutions

The Asset Guardian Solution

Important changes have recently been made to the IEC 61511: the International standard for Functional Safety for the Process Industry. Presented here is a summary of what IEC 61511 is, the changes that have been made and how Asset Guardian provides a solution in relation to complying to the standard. The focus is on Part 1 of the standard.

What is IEC 61511?

IEC 61511 is a technical standard that is applied to Safety Instrumented Systems (SIS). It sets forth a number of best practices to ensure the safety of Industrial Processes and covers the management, specification, design, verification and validation of these systems.

It was first published in 1998 by the International Electrotechnical Commission (IEC), forming part of the generic Functional Safety standard IEC 61508. The latest iteration is ‘Edition 2.1 2017-08’.

The standard requires and defines the use of a Functional Safety Management System (FSMS).

It is the national standard of Great Britain and the European Union.

What’s changed since IEC 61511-1:2004?

  • The increase in the connectivity of computerised industry across the world would have been hard to predict in 2004 and as a consequence Digital (cyber) security is now considered in the standard. Digital Security assessments must now be carried out in order to prevent unauthorised access and external cyber security threats such as malware, ransomware and denial of service attacks.
  • There is also now a greater focus on the competence of personnel, with requirements to record more details such as training and competency records.
  • Safety requirement specifications (SRS) requirements now include I/O lists and process measurement ranges. In addition, Safety Manuals are to be written in conjunction with the development of the SRS.
  • Functional Safety Audits (FSA) are now to be carried out throughout the entire SIS lifecycle, not just at the start of the process. Other additions include Process Safety Time (PST), SIF bypass requirements, failure rate definitions, random failure definitions and demand rate definitions.

How Asset Guardian helps compliance with IEC61511 part 1

The new edition on the standard specifically states that SIS software, hardware and procedures must be subject to configuration management and are maintained under revision control. This is the primary function of Asset Guardian.

  1. Software, Hardware and Documents are recorded in Asset Guardian and given a unique identifier and all aspects of configuration management may be planned, managed and reported on. Modified software, maintained under revision control, is not made available until authorisation is given by someone in the correct responsible role. All aspects of change management, workflows and authorisation may be tailored to the specific needs of an organisation.
  2. Asset Guardian Software, Hardware and Documents are always logged in against version numbers and a full Revision History is available showing the active version and all previous versions. In addition, documentation may also be attached to specific items of software or hardware as Supporting Documentation. Collections of records may be organised into ‘Assets’ so that they may be restricted, modified or closed as required.

Other key features of Asset Guardian that meet requirements in the new edition:

  • To meet the new requirements on Digital Security, Asset Guardian provides sections for cyber security management where the planning and co-ordination of cyber security activities may be carried out. Asset Guardian may also be used as part of the organisations disaster recovery plan. Software backups required for disaster recovery may be stored in Asset Guardian under full revision control.
  • The standard requires that modifications to the SIS are carried out by suitably qualified and trained personnel. Asset Guardian offers the facility to limit user access to software and hardware records, assign roles and responsibilities in regards to such things as authorisation, approvals and close out of modification request workflows. Competency Records may also be attached to users in Asset Guardian. Asset Guardian can also send automatic notifications to responsible and affected personnel for that system, giving full details of the change or modification made.
  • Policy and strategy documents that were already required as part of the standard may be modified as part of an organisation’s adherence to the new edition. Asset Guardian can be used to store, control and communicate documentation and information within the organisation.
  • The same applies to any documents that result from the audit of the Functional Safety Management System (FSMS) itself. In fact Asset Guardian can be used as part of any audit process to schedule, record and document all associated tasks.
  • Modifications to the documentation and improvements to the processes required by the standard may be tracked in the Change Requests section of Asset Guardian. Observations made during the audit process may also be recorded as Change Requests. Nonconformities raised during the audit process may be recorded as Faults.
  • The Asset Guardian Change Request section also allows the initiation, documentation, review, approval and implementation of changes to the safety instrumented system (SIS). Further details of reviews can also be logged in the Design Reviews section and linked to the Change Request. These features may be used as part of the organisations Management of Change procedures that affect the requirements of the SIS, for instance re-design of the Basic Process Control System (BPCS).
  • The requirements for testing (e.g. verification, validation, factory acceptance tests) have been further defined and expanded in the latest edition of the standard. Test Results may be scanned and logged into the Documents section. Failures from testing may be logged and tracked in Asset Guardian as Fault Logs. This allows the reason for failure to be entered and analysed using Root Cause Analysis and the corrective actions documented. Tests carried out as part of the implementation of change may be attached to the relevant Change Request.

If you would like any more information on Asset Guardian, please fill out the contact form below and a member of our team will be in contact soon.

Written by Graham Foss. As one of AGSL’s team of Technical Consultants, Graham Foss is responsible for implementing the company’s product development and technology strategy. Before joining AGSL in 2016, Graham was employed for 12 years as a lead software engineer at Aker Solutions Subsea Ltd, where he worked on projects in the North Sea, North Atlantic and Norway. Graham holds a degree in Computing from Edinburgh’s Napier University in Edinburgh, where he graduated with distinction. A Chartered Engineer, he is a member of the Institution ofEngineering and Technology (IET).