Functional Safety Management
A Look at the Audit Process
The functional safety lifecycle management audit is a mechanism used to help reduce systematic problems from appearing in the design of a product. In the case of the manufacturing process, the quality control measures that go into the process dictate the quality of the product coming out. Many of these measures may be procedural in nature, and tied to documentation related to the product specification or functional safety standard to which the product aspires. The functional safety lifecycle management audit looks at those elements of the manufacturer's process that may impact the quality of the safety of the product being produced.
Functional safety management concerns both the development of new products and the maintenance of safety processes for released products to make sure that any changes in the product or failures in the field are considered carefully and correctly, and, when indicated, prompt modifications in accordance with the functional safety requirements.
"The main reason we do this audit for our customers is that they manufacture safety-related functional safety systems," says Thomas Maier, principal engineer, functional safety, at Underwriters Laboratories (UL). "They need to be compliant with industry standards in order to compete."
How it Works
First in consideration are the requirements of the standard itself. (The principal functional safety standard, IEC 61508, and its derivative standards define the requirements being audited for compliance.*) The standard has clear requirements about functional safety management that include those relating to:
"When UL conducts a functional safety audit, we make sure that all requirements are covered so the customer is in compliance with the standard," says Maier. "The overall goal is to have the audit as part of the safety case to make sure that functional safety is maintained throughout the complete lifecycle of the certified product."
UL begins by working with the requirements stated in the standard and comparing them with the product and process documentation, the quality management system, and the documentation in place in the manufacturer's organization. They also look "beyond paper" to identify and query appropriate individuals to gauge their understanding of functional safety requirements, to gain confidence not only in the accuracy and validity of documents and presentations, but also in the use of functional safety principles by the organization and lived with as part of its culture.
"The audit is an integral part of functional safety certification," says Anura Fernando, research engineer, predictive modeling and risk analysis, at UL. "If you consider the drivers for functional safety certification, you'll see that they are largely the same for functional safety management audits. But there is a slightly different flavor to functional safety management audits. It is possible to do only functional safety management audits for a company (i.e., perform them without the goal of certification)."
Such audits are typically relevant for organizations, or parts of organizations, that use and operate safety-critical systems (such as refinery plants, offshore oil/gas platforms). IEC 61508 and the derivate standards have functional safety management requirements for both development, operation and maintenance of safety-critical equipment, covering its entire life-cycle in fact.
But functional safety management audits may also have internal quality initiatives as drivers. "The vast majority of the certification projects that I have been involved in have resulted in process improvements for the manufacturers as a result of the audit," says Fernando. "Going through the requirements in the standards helps identify gaps in the manufacturing process. This leads naturally to process improvement as a result of compliance."
One of the useful tools in the audit is application of the V-model-based approach to product development. The V-model approach is common good practice in the development of complex systems. On the left side of the V is the development path; on the right side is the verification path. For every step of development, corresponding verification or validation must take place.
"The V-model is concerned with product development; as such, it is an integral part of overall functional safety management," says Maier. "Functional safety has requirements for-and impacts on-the complete lifecycle of the product or system, not only on the development of the system, but also to functional safety management as it applies to other parts of the system lifecycle: processes and phases before system development, and processes and phases after system development. In fact, the V-model is a very good tool to fulfill the functional safety management requirements as they apply to the development of the product."
Other Audit Considerations
While the length of a functional safety management audit depends on a product's and organization's complexity, typically UL completes the on-site portion of the audit in one to three days. Part of the reason UL conducts the on-site audit is to reduce the impact of the audit on a company's resources, only calling on personnel when they are specifically needed to address a portion of the audit and minimizing interference with daily operations. To further this goal, UL conducts a gap analysis prior to conducting the actual audit, which helps prepare the customer for the audit, increases first-pass success rates, and minimizes the number of non-conformities.
"Customers are often surprised by the functional safety management audit," says Maier. "Some come to it thinking it is a pain; but, after the process, added value is quickly perceived in terms of operational efficiencies and the marketing value of the UL Functional Safety Listed or Recognized Mark."
Functional safety management is an integral component of the UL Functional Safety Mark, and UL requires that it do an audit triennially. "This matches the revision cycle of the IEC, and also acknowledges how organizations change. These are dynamic times. People leave companies or change positions. So it's not only reasonable to have regular, repeat audits-it's in the interest of the organization," he concludes.
For more information on functional safety management audits, please contact:
Or go to the web: www.ul.com/functionalsafety
* Note: customers must specify a published standard and safety rating (e.g., a Safety Integrity Level [SIL - IEC or EN], a Performance Level [PL - ISO], or class [UL]) to Underwriters Laboratories for testing and evaluation of functional safety. Customers should have an understanding of their target market or specific usage and therefore have an expectation of the target SIL, PL, or class they want their product to meet.