CBratt-Application-program.pdf

7/28/2019 CBratt-Application-program.pdf

1/27


2/27


3/27

Application Program Development

Which safety lifecycle phases in IEC 61511 is applicable foran application program development?

Typical verification activities?

How can a safety project organization look like?

How to ensure that the competency in the project issufficient?

What is the difference between FS Audit and FSA?

Introduction


4/27


IEC 61511 Safety Lifecycle

End user /

operator

End user /

operator

Engineering

/

Equipment

Supplier

Identify hazards,

specifyrequirements

Operate,

maintain &

modify

Configure to

requirements

Analysis

phase 1-2

Operation

phase 6 - 8

Phases Activ ities Responsibilities

Design &

Installation

Commissio

ning

Phase 3-5

Phase 9-11 , responsible - ALL


5/27


Safety Life Cycle

The Application Program development must comply to thefollowing phases in the safety lifecycle:

Phase 4 Design and engineering Phase 9 Verification

Phase 10 FSM, FS Audit and FSA

Phase 11 Planning

The Design and engineering phase 4 is divided into thefollowing sub phases

4.1 Design basis

4.2 Basic design

4.3 Detailed design

4.4 Fabrication

4.5 Test & Validation

Safety Life Cycle


6/27


7/27

Workflow

Project

ManagementWorkflow


8/27


Plan all safety activities

Required input and out from each phase

High level of safety activities in application programdevelopment

Scope with regards to the safety life cycle

Verification activities

Test and validation

Test strategy

J ob description

11 - Planning

11 - Planning


9/27


Who is responsible for what

RACI Matrix

Project organization

Needed competency

Safety requirerments tracking

Test specifications

Configuration Management

Validation and Assessment planning

11 - Planning

11 - Planning


10/27


10 FSM and 11

Planning

Safety

Assessor

10 FSM and 11 Planning


11/27


10 FSM

Why is competency important?

The application program developer is responsible for thesafety of the delivered application program

This responsibility can't be limited by contract ortransferred to contractual partners

As a result of this, the application developer must secure

their own competency to take care of their responsibility

Every project need to possess necessary competence

10 FSM


12/27


10 FSM

How do we secure necessary competency in each project?

Competency Assessment

What is competency Assessment?

What is the required competency

What is the possessed competency

Necessary measures to close the gap

10 FSM


13/27


10 FSM

Who need to be competency assessed?

A competency assessment is required for any member of

the projects team undertaking any of the followingactivities:

Functional safety management (including the projectmanager)

Hardware and software design

Hardware build

Software coding

Quality control activities (including testing and hardware

inspection)

10 FSM


14/27


9 - Verification

Verification activities

Document review

Basic design review

Detailed design review

Code review

Testing

For more consistency during verification is checklists used

9 - Verification


15/27


4.1 Design basis

Application program integrators is responsible to check thereceived input documentations

Is the needed input received?

Is it enough input to create a safe applicationprogram?

Analyze the Safety Requirements

method used for consistent verification is check lists

4.1 Design basis


16/27


4.2 -Basic

design

Write Function description

Function design specification

Safety Analysis Report

How to fulfill the safety requirements

Any deviation from the safety requirements is highlightedhere

Any assumption where safety requirements is missing ishighlighted here

Any new typical solutions is designed during basic design

4.2 - Basic design


17/27


4.3 - Detailed

design

Detailed design

System design

Choose topology

HW design

SIL achievement

PFD calculation

SW design - Programming manual

Detailed design specification

4.3 - Detailed design


18/27


4.4 Fabrication

Fabrication phase

System setup and configuration

HW build

Application programming

Final documentation

4.4 Fabrication


19/27


4.5 Test and

Validation

Internal Acceptance Test

HW inspection

HW module test

SW module test

Control logic and functional test

Integration test

Factory Acceptance Test

Safety validation

4.5 Test and Validation


20/27


10 FSM

Functional SafetyAudit and Functional SafetyAssessment

What is the difference

FS Audit:

Has the project established and followed relevantprocedures?

FS Assessment: Is the project delivery safe?

This is done by judgment of the project activities anddeliverables

The assessment can also judge the requirements, will theserequirements make a safe product

10 FSM


21/27


10 FSM

FS Audit is mandatory activity

Can be performed by a quality manager

Has the project established:

A FSM organization?

Necessary procedures and documentations

10 FSM


22/27


10 FSM

Functional Safety Assessment is a mandatory activity

Must be lead by a independent senior person

The assessment team need technical knowledge

Scope to judge that the deliverables form the project is safe

The assessment team can also put question to therequirements in the project

10 FSM


23/27


Developing safety application program is much more thanjust writing the application program

Management is an important part of a safety project

Safety must be an integral part of the project

In large scale this can only be achieved through highdegree of competency

When necessary ABB can guide suppliers and customer inwhat is required to make safe application programs

Conclusion

Conclusion


24/27


More time left?

What is LVL?

Conclusion


25/27


LVL - Limited Varability Language

Defined in IEC 61511

Type of programming language

IEC 61131 programming languages like

Function Block Diagram

Ladder Diagram

Sequential Functional Chart

Common for them

Graphical programming interface

Conclusion


26/27


What does use of LVL men in practice

LVL application program much simpler than C++program

Do not have to use all the methods and techniques inIEC 61508-3

Which methods and techniques to use whendeveloping a LVL application program is not welldefined in IEC 61511

Conclusion


27/27

CBratt-Application-program.pdf

Documents

Transcript of CBratt-Application-program.pdf