Many products have options and features that are valuable to users.  But not all these features should be permitted while the product is performing a safety function.  For example, HART communications should not be permitted to write data to a transmitter while it’s performing the safety function.  If you are a vendor of safety related products, your users need to know what they can and cannot do with your product in safety applications.  Users want and need one place to find this special information.  A safety manual is a key requirement of IEC 61508 for any safety related system or product.  Parts 2 and 3 of the standard even have annexes dedicated to safety manual requirements. 

A safety manual should include the following:

  • Description of the supported safety functions and their interfaces
  • Special instructions or constraints for configuring the product for safety applications and controls for configuration management
  • Identification of supported product versions, as needed
  • Random HW failure modes and failure rates, both detected and undetected
  • Worst case fault response time and diagnostic test interval, including behavior of detected faults
  • Proof test guidance and other safety-specific maintenance and/or repair issues
  • HW fault tolerance (HFT) and whether the product is Type A or Type B
  • Systematic Capability, and instructions or constraints relating to the application of the product to avoid such systematic failures

Additionally for software elements, these should also be included:

  • Any minimum competence needed for integrating software elements of the SIS
  • Any constraints passed on to the SIS integrator (for requirements that can only be known and met at SIS integration)
  • Installation and upgrade constraints, and release notes
  • Compatibility and anomaly information
  • Security protection measures to implement against known threats and vulnerabilities

A safety manual can be an independent document or a separate section that is part of an overall product user manual.  But all safety issues should be collected and put in one place so users don’t have to scour the entire user manual to find the safety-specific instructions for use.  The key is that all relevant information about the product use in a functional safety application must be available to the user.  There are times when some of the information is available in several places.  There is no need to duplicate information (and it’s probably best if not cited in too many places), but a reference to the location of the information should be given.


Tagged as:     SIS     Safety Instrumented System     John Yozallinas     IEC 61508     HW fault tolerance     HFT  

Other Blog Posts By John Yozallinas