EFC 10-12-002 R001 V1R1 IEC 61508Assessment, March 24, 2011
Page 15 of 20
Personnel training records are kept in accordance with IEC 61508 requirements as documented in
[R2], [R3] and [D22]. Fisher Controls International, LLC hired
Consulting to provide analysis,
training and supplemental functional safety expertise. Fisher Controls International, LLC hired
Certification to be the independent assessor per IEC 61508.
5.1.2 Safety Requirements Specification and Architecture Design
As defined in [D1] and [D7], a safety requirements specification (SRS) is done for all products that
must meet IEC 61508 requirements. The requirements specification contains a scope and safety
requirements section. For the DVC6000 SIS Digital Valve Controller, the SRS [D21] and [D26],
have been reviewed by
Consulting. During the assessment,
Certification reviewed the
content of the specification for completeness per the requirements of IEC 61508.
Requirements are tracked throughout the development process by the creation of derived
requirements, which map the requirements to the design, and by mapping requirements to
appropriate validation tests in the validation test plan [D23].
Requirements from IEC 61508-2, Table B.1 that have been met by Fisher Controls International,
LLC include project management, documentation, separation of safety requirements from non-
safety requirements, structured specification, inspection of the specification, semi-formal methods
and checklists. [R21] documents more details on how each of these requirements have been met.
This meets the requirements of SIL 3.
5.1.3 Hardware Design
Hardware design, including both electrical and mechanical design, is done according to [D1] and
[D12]. The hardware design process includes component selection, detailed drawings and
schematics, 3D Solid Models, safety case documents for agency justification, a failure modes and
effect analysis (FMEA), a failure modes, effects and diagnostic analysis (FMEDA), a concept
design review, the creating of prototypes, and hardware verification tests.
Requirements from IEC 61508-2, Table B.2 that have been met by Fisher Controls International,
LLC include observance of guidelines and standards, project management, documentation,
structured design, modularization, use of well-tried components, checklists, semi-formal methods,
computer aided design tools, simulation, and inspection of the specification. This meets the
requirements of SIL 3.
Validation Testing is done via a set of documented tests (see [D1] and [D23]). The validation tests
are traceable to the Safety Requirements Specification [D21] and [D26] in the validation test plan
[D23]. In addition to standard Test Specification Documents, third party testing may be included as
part of agency approvals. As the Fisher Controls DVC6000 SIS Digital Valve Controller - DETT
consists of simple electrical devices with a straightforward safety function, integration testing has
been limited to verifying that all diagnostics take the appropriate action when they find a problem
(See [D1] for more details on this testing).
Procedures are in place for corrective actions to be taken when tests fail as documented in [R2],
[R3] and [D10].