IEC61508正在进行第三版的修订讨论,功能安全专家代表中国深度参与IEC61508第三版修订的工作,现将目前在国际上得到的修订意见用连载的形式给出,欢迎大家持续关注。
在现有的IEC61508中对于人员的独立性要求相对较为宏观,只是在功能安全评估(assessment)上面提出了独立的人员、独立的部门和独立的组织概念。但实际上从安全系统整个VV过程中,开展测试、验证、审计等的技术和管理都应该有独立性要求。因此建议在新版标准中对这部分要求进行强化。(实际上在轨道交通应用的功能安全标准中对于验证和确认的独立性已经有较为细化的要求)
首先建议对相关术语进行新增或修改,包括:
增加一个术语如下,增加这个术语的意图很明显,希望将可能涉及到技术或管理独立性的活动用功能安全保障来综合表达。
functional safety assurance
the collection of confirmation measures for safety lifecycle activities that includes:
· verification [3.8.1]
· validation [3.8.2]
· functional safety assessment [3.8.3]
· functional safety audit [3.8.4]
NOTE This collection of activities share common methods for execution and need for technical and management independence.
同时对于原来的三个独立性相关术语进行了修改如下。
3.8.11
independent person technical independence (Level 1)
those responsible for functional safety assurance of a specific phase of the Overall, E/E/PE system, or Software safety lifecycle that do not have direct responsibility for those specific lifecycle phase activities (e.g. for development activities of specification, design or implementation).
3.8.12
independent department technical & management independence (Level 2)
department those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance.
3.8.13
independent organisation technical & organisational management independence (Level 3)
organisation those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same organisational management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance (Level 2) AND in the event of a disagreement, a formal procedure for conflict resolution is in place.
NOTE Depending upon the company organization and expertise within the company, the requirement for independence may have to be met by using an external organization. Conversely, companies that have internal competence, that are independent of and separate (by ways of management and other resources) from those responsible for the main development or other safety lifecycle activities, may be able to use their own resources to meet the requirements for any level of independence up to and including I3.
同时增加了一个新的关于功能安全审计的章节:
8 Functional safety audit
NOTE Refer to the ISO 19011 or ISO 17021 standards for general guidelines for auditing of management systems.
8.1 Objective
The objective of the requirements of this clause is to specify the activities necessary to investigate and arrive at a judgement on whether the procedures specific to the functional safety requirements have been complied with and whether they are implemented effectively and are suitable for achieving their associated functional safety requirements.
8.2 Requirements
8.2.1?One or more persons shall be appointed to carry out one or more functional safety audits in order to arrive at a judgement on the adequacy of:
–Focus A: the application and execution of functional safety policies and procedures to their respective functional safety lifecycle activities;
–Focus B: the suitability (i.e. fitness for purpose) of the defined policies and procedures to achieve the specified functional safety objectives of their related clauses from this standard
8.2.2?Those carrying out a functional safety audit shall have access to all persons involved in any overall, E/E/PE system or software safety lifecycle activity and all relevant information.
NOTE?It is recognised that access to those persons who were previously involved in a safety lifecycle phase may not be achievable and in such a case reliance has necessarily to be placed on those persons currently having relevant responsibilities and on the documented evidence from those safety lifecycle phases.
8.2.3?A functional safety audit shall be applied to all phases throughout the overall, E/E/PE system and software safety lifecycles, including documentation, verification and management of functional safety.
8.2.4?The minimum level of independence of those carrying out a functional safety audit shall be as specified in Annex B.
NOTE Reference IEC 61508-7, Annex B, B.1.5 for further Functional Safety Assurance independence guidance.
8.2.5?The frequency and focus (i.e. Focus A and/or B) of audits shall be specified throughout the overall, E/E/PE system and software safety lifecycles.
NOTE 1 Functional safety audits primarily focused on judging the application and execution (Focus A) will typically occur more frequently to ensure consistent application of the functional safety policies and procedures and may be integrated with other audits (e.g. ISO9001).
NOTE 2 Functional safety audits, particularly of the Focus B type, may often be executed in conjunction with the same individuals responsible for the Assessment activity for any specific stage of the overall, E/E/PE system and software safety lifecycles.
NOTE 3 The scope of an audit will always include a combination of Focus A and B, but the focus may be weighted toward one or the other aspect.
9.2.6 The competence of auditors shall be suitable for the focus (i.e. Focus A or B) of the audit being conducted.
NOTE For Focus A functional safety audits, the primary competency is typically weighted toward auditing process to confirm application and execution with minimal functional safety standard knowledge, while for Focus B audits, the primary competency is weighted toward knowledge of functional safety and of the standard in addition to the auditing process.
9.2.7?Requirements for both functional safety audit (clause 9) and assessment (clause 8) activities shall be addressed if executed jointly by the same individual for practical purposes.
