Our previous blog on IEC 61511-1 discussed the significant updates incorporated in Ed. 2 (issued in 2016). IEC TR 61511-4:2020 is a formal rationale provided by IEC technical committee 65 explaining the changes.

The main driver for 61511 Ed. 2 revision was to reinforce the necessity of Functional Safety Management based on a Safety Life Cycle approach. Parallel, a number of potential misinterpretations from Ed. 1 were clarified. IEC TR 61511-4 provides a detailed explanation of the differences between Ed. 1 and Ed. 2 and the reasons behind the changes.

As stated in the introduction of the new report:

“IEC TR 61511-4 describes the underlying rationale of the primary clauses in IEC 61511-1, clarifies some common application misconceptions, provides a listing of the main differences between the first and second editions of IEC 61511-1, and gives a brief explanation of the typical process sector approaches to the application of each primary clause.”

Below is our summary of a typical section from the new standard  related to ‘Verification’ (text in bold is the clause number/title in IEC TR 61511-4.) The picture emphasises the importance of verification activities during the safety life cycle.

7. Verification (IEC 61511-1 Ed. 2 Clause 7)

7.1 Why is this clause important?

Verification throughout all phases of the SLC reduces systematic errors. Verification activities need to be planned, including testing requirements.

7.2 Common misconceptions

There are misunderstandings regarding the difference between verification and validation. In practice, verification is often only carried during FAT or PSSR (Pre-Startup Safety Review), whereas it should be implemented throughout the SLC.

7.3 What was changed from Ed. 1 to Ed. 2 and why?

Requirements added/modified:

  • Verification planning shall cover the entire SLC (clause 7.2.1)
  • Verification involving testing described in detail (clause 7.2.2)
  • Non-interference between integrated safety and non-safety functions to be verified (clause 7.2.3)
  • Modification during testing should be subject to impact analysis and re-verified (clause 7.2.5)

7.4 Summary on how

A plant-specific test and review plan (Safety Plan) should be generated that covers each activity of the SLC (including development of application program). The Safety Plan must define how to perform each test / review activity, as well as required acceptance criteria.

Set-up of a FSMS, Gap-Analysis

IEC TR 61511-4 is easy-to-read and well structured. It gives a logical explanation of the changes between 61511 Ed. 1 and Ed. 2, as well as practical examples on how to implement a FSMS to meet the requirements.

PSC covers the whole Safety Life Cycle, from the initial hazard and risk assessment through detailed design, implementation, commissioning and operation up to decommissioning. PSC can manage initial FSM system set-up or provide support on specific compliance issues, including Verification & Validation activities. PSC safety experts are IChemE and CFSE certified.

A copy of our Presentation on setting-up a Functional Safety Management System is available here.