IEC61508正在進行第三版的修訂討論,功能安全專家代表中國深度參與IEC61508第三版修訂的工作,現將目前在國際上得到的修訂意見用連載的形式給出,歡迎大家持續關注。
在現有的IEC61508中對于人員的獨立性要求相對較為宏觀,只是在功能安全評估(assessment)上面提出了獨立的人員、獨立的部門和獨立的組織概念。但實際上從安全系統整個VV過程中,開展測試、驗證、審計等的技術和管理都應該有獨立性要求。因此建議在新版標準中對這部分要求進行強化。(實際上在軌道交通應用的功能安全標準中對于驗證和確認的獨立性已經有較為細化的要求)
首先建議對相關術語進行新增或修改,包括:
增加一個術語如下,增加這個術語的意圖很明顯,希望將可能涉及到技術或管理獨立性的活動用功能安全保障來綜合表達。
functional safety assurance
the collection of confirmation measures for safety lifecycle activities that includes:
· verification [3.8.1]
· validation [3.8.2]
· functional safety assessment [3.8.3]
· functional safety audit [3.8.4]
NOTE This collection of activities share common methods for execution and need for technical and management independence.
同時對于原來的三個獨立性相關術語進行了修改如下。
3.8.11
independent person technical independence (Level 1)
those responsible for functional safety assurance of a specific phase of the Overall, E/E/PE system, or Software safety lifecycle that do not have direct responsibility for those specific lifecycle phase activities (e.g. for development activities of specification, design or implementation).
3.8.12
independent department technical & management independence (Level 2)
department those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance.
3.8.13
independent organisation technical & organisational management independence (Level 3)
organisation those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same organisational management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance (Level 2) AND in the event of a disagreement, a formal procedure for conflict resolution is in place.
NOTE Depending upon the company organization and expertise within the company, the requirement for independence may have to be met by using an external organization. Conversely, companies that have internal competence, that are independent of and separate (by ways of management and other resources) from those responsible for the main development or other safety lifecycle activities, may be able to use their own resources to meet the requirements for any level of independence up to and including I3.
同時增加了一個新的關于功能安全審計的章節:
8 Functional safety audit
NOTE Refer to the ISO 19011 or ISO 17021 standards for general guidelines for auditing of management systems.
8.1 Objective
The objective of the requirements of this clause is to specify the activities necessary to investigate and arrive at a judgement on whether the procedures specific to the functional safety requirements have been complied with and whether they are implemented effectively and are suitable for achieving their associated functional safety requirements.
8.2 Requirements
8.2.1?One or more persons shall be appointed to carry out one or more functional safety audits in order to arrive at a judgement on the adequacy of:
–Focus A: the application and execution of functional safety policies and procedures to their respective functional safety lifecycle activities;
–Focus B: the suitability (i.e. fitness for purpose) of the defined policies and procedures to achieve the specified functional safety objectives of their related clauses from this standard
8.2.2?Those carrying out a functional safety audit shall have access to all persons involved in any overall, E/E/PE system or software safety lifecycle activity and all relevant information.
NOTE?It is recognised that access to those persons who were previously involved in a safety lifecycle phase may not be achievable and in such a case reliance has necessarily to be placed on those persons currently having relevant responsibilities and on the documented evidence from those safety lifecycle phases.
8.2.3?A functional safety audit shall be applied to all phases throughout the overall, E/E/PE system and software safety lifecycles, including documentation, verification and management of functional safety.
8.2.4?The minimum level of independence of those carrying out a functional safety audit shall be as specified in Annex B.
NOTE Reference IEC 61508-7, Annex B, B.1.5 for further Functional Safety Assurance independence guidance.
8.2.5?The frequency and focus (i.e. Focus A and/or B) of audits shall be specified throughout the overall, E/E/PE system and software safety lifecycles.
NOTE 1 Functional safety audits primarily focused on judging the application and execution (Focus A) will typically occur more frequently to ensure consistent application of the functional safety policies and procedures and may be integrated with other audits (e.g. ISO9001).
NOTE 2 Functional safety audits, particularly of the Focus B type, may often be executed in conjunction with the same individuals responsible for the Assessment activity for any specific stage of the overall, E/E/PE system and software safety lifecycles.
NOTE 3 The scope of an audit will always include a combination of Focus A and B, but the focus may be weighted toward one or the other aspect.
9.2.6 The competence of auditors shall be suitable for the focus (i.e. Focus A or B) of the audit being conducted.
NOTE For Focus A functional safety audits, the primary competency is typically weighted toward auditing process to confirm application and execution with minimal functional safety standard knowledge, while for Focus B audits, the primary competency is weighted toward knowledge of functional safety and of the standard in addition to the auditing process.
9.2.7?Requirements for both functional safety audit (clause 9) and assessment (clause 8) activities shall be addressed if executed jointly by the same individual for practical purposes.
