Mr. Stay, as head of consulting at HIMA, you talk to decision makers from the process industry practically on a daily basis. What is the level of knowledge and awareness about the updated standard?
It varies significantly. That’s partially due to the fact that IEC 61511 is a standard and not a law. Therefore, there are no direct legal obligations. However, that is no reason to be careless! I strongly recommend that every plant operator, system integrator, and service provider in the process industry familiarizes themselves with the new edition. It is more than a best practice to prevent damages. It provides strong legal certainty in the event of liability cases, such as when an accident harms people, industrial plants, or the environment.
Edition 2 describes many recommendations more precisely and more firmly than the previous edition. What do you see as the most important changes?
Every company that is in any way involved with functional safety should establish a procedure for skills management. Edition 2 demands qualified staff for the entire plant lifecycle – and these qualifications need to be regularly assessed and refreshed. Meeting this requirement with in-house personnel often presents a challenge in terms of resources. Plant engineers already have enough operational tasks to do.
Functional safety assessment is also a key topic. These assessments now need to be carried out periodically during the operation and maintenance phase, as well as any time a modification is made to a plant.
A completely new addition is the subject of cybersecurity. This can be viewed as a response to the increasing number of cyberattacks in the industry – the most well-known example being Stuxnet. Now, every plant operator is required to carry out a risk assessment and establish IT security measures to identify any security vulnerabilities. Conducting an IT risk analysis is essentially the responsibility of the plant operator – and not that of the safety system vendor or manufacturer.
One of the aims of updating the standard was to create greater clarity concerning the actual implementation of functional safety. How is this demonstrated?
Much of the rather vague wording is now expressed more comprehensively. For example, the requirements of verification testing are described in greater detail, covering the scope, environment, and evaluation criteria of the test. As part of this, you must ensure that there are no common-cause failures between safety functions and non-safety functions.
The requirements for bypassing safety instrumented systems are also described in greater depth. For example, all bypasses have to be authorized, signaled, and documented – and their duration must be minimized. In addition, compensating measures must be used to ensure safe plant operation.
That all sounds very complex. Do companies try to spare themselves the effort of rethinking their safety organization?
Well, they shouldn’t. With the right approach and certain degree of effort, you can achieve compliance and avoid high costs in the long term. It is important to engage a safety vendor and service provider that can provide evidence of its own functional safety management. That includes internal assessments, audits, and established procedures for carrying out the recommended activities through the safety lifecycle.
At HIMA, we provide standards-compliant safety solutions, but we can also simplify many of our customers’ processes, such as carrying out periodic assessments and verifying the performance of safety systems. That relieves a considerable burden, especially for small and medium-sized businesses that often lack the necessary personnel.