A risk assessment process, carried out according to accepted principles of risk assessment, is essential to define if functional safety is necessary. A risk assessment defines what actions of a product will be safety relevant and what actions will not be safety relevant. In addition, the risk assessment will define how safety critical the ability to perform particular actions might be. From the risk assessment, the product will be defined as having a list of safety functions and the safety consequence of failure will be estimated. This list of safety functions and the criticality of each is the fundamental engineering input to a functional safety assessment. The goal of the entire functional safety assessment is to ensure that each function defined as safety relevant carries out the intended function with a reliability level that is appropriate to the criticality of the function should it fail to perform.
The Safety Integrity Level (SIL) of a Safety Function defines the required reliability level for a safety function in the product. SIL is defined in four classes, from SIL 1 (the lowest required reliability level for a safety function) to SIL 4 (the highest required reliability level for a safety function). For safety functions with a relatively low criticality, SIL 1 may be appropriate. Safety functions with a high degree of criticality may require a SIL 3 or SIL 4 designation.
While lower level SIL targets allow a company to “self assess”, this should only be done when the company has internally a certified expert for functional safety. Higher level SIL targets require a third party assessor.
A functional safety assessment normally is broken down into several checkpoint assessments. The checkpoints may be repeated iteratively if the requirements for that checkpoint are not met. At each checkpoint, the life cycle documents up to that checkpoint are assessed – failure to have the required life cycle activity output documents means the checkpoint must be repeated. The normal set of checkpoints in an assessment will look something like this.
- Review of safety requirements specification, audit of safety design management system
- Review of hardware, software requirements specification, verification and validation testing plan
- Review of hardware design, software design
- Witness testing of hardware and software verification testing
- Witness testing of validation testing and results
- Review of user documentation and instructions
- Review of complete technical file and all life cycle documents