Many people working in safety instrumented system (SIS) project development, execution, operation and maintenance treat a functional safety audit (FS Audit) and a functional safety assessment (FSA) as one and the same. So, based on this assumption, they simply ensure that such an activity is undertaken and perhaps signify the need to perform this evaluation at some point when it appears as a milestone on the project schedule. Moreover, often they call upon someone working on the project, who may or may not have had some previous experience in quality auditing, to deliver this audit/assessment. However, this is not a reasonable approach because the concepts for the audit and assessment markedly differ.
An FS Audit provides a systematic and independent examination of the particular safety lifecycle phase activities under review. It determines whether the “procedures” specific to the functional safety requirements comply with the planned arrangements, are implemented effectively, and are suitable to achieve the specified objectives.
Industry good practice is encapsulated in the IEC 61511 standard . Its clause 18.104.22.168.1 notes: “The purpose of the audit is to review information documents and records to determine whether the functional safety management system (FSMS) is in place, up to date, and being followed. Where gaps are identified, recommendations for improvements are made.”
This review of the FSMS process essentially focuses on the procedures that shall be defined and executed at the time of the project schedule/associated execution activities and, as a result, the following management activities should be in place:
• FS Audit strategy;
• FS Audit program; and
• FS Audit plan, reporting process and follow-up mechanism.
So, in essence, the process and expectations of an FS Audit resemble those of a normal project quality management system (QMS) ISO 9001 audit regarding a “systematic review” of the execution strategy being applied. [For details on the latest edition of ISO 9001, see “Embrace ISO 9001:2015.”]
This usually means the QMS department (with support from the project safety team) performs the FS Audit. People in that department have the relevant audit skills to verify that procedures, forms and templates that constitute the contents and requirements of the FSMS are being correctly implemented. Functional safety competency is not a primary skill-set requirement for them.
An FS Audit is undertaken to ensure compliance with procedures. Auditors do not assess the adequacy of the work they are auditing and do not make specific judgments about functional safety and integrity.
In contrast, an FSA is an independent in-depth investigation into the previous and current lifecycle phase activities based on evidence, aimed at evaluating whether functional safety has been achieved. FSAs rely heavily on assessor judgements and competency. One of the inputs to the FSA process is the FS Audit processes and findings.
As with the FS Audit, there are requirements to formalize a procedure for how this activity shall be defined, executed and planned into the project schedule. However, that’s where the similarity in approach and delivery ends. For an FSA, the focus is on “judgement” about the functional safety and safety integrity achieved by the safety-related project activities under assessment. Its goal is to ensure that functional safety has been achieved within the specific scope of supply for the organization(s) under assessment and in the context of the safety lifecycle.
The safety-related-systems project team implementing one or more phases of the functional safety lifecycle should plan FSA activities, but independent resources with the necessary competencies and SIS application skill set should execute the activities. Note that the FSA team undertaking the assessment must include at least one “senior competent person.” Often, two assessors form the assessment team to ensure the necessary depth and rigor for subject matter coverage.
The two key international safety standards — IEC 61508  and IEC 61511 — cite requirements on how and when to execute one or more FSAs. For IEC 61508, this is Part 1 clause 8, and for IEC 61511 Part 1 clause 5.2.6.
Performing FSAs requires staff with a high level of competency and more often than not relies heavily on subjectivity, particularly when applied to earlier phases of the safety lifecycle.
The FSA activity is a mandatory (“shall”) requirement for claiming compliance to either of the safety standards; justifying such a claim requires documented evidence of an adequate FSA.
Besides helping to satisfy the standards, an FSA usually provides tangible benefits in terms of functional safety assurance and avoidance of costs and resource issues regarding potential rework at later lifecycle phases.
Planning Your FSA Requirements
Two points in the standards bear stressing: FSA requirements apply to all phases throughout the overall safety lifecycle; and the organization performing the FSA (and by implication its assessors) must meet a defined level of independence.