74 Rockwell Automation Publication ICSTT-RM406J-EN-P - February 2021
Chapter 6 Troubleshooting and Rectifying Channel/Field Faults
Preserving Functional
Safety
Design changes will inevitably occur during the system life-cycle; to make sure
that the system safety is preserved, such changes must be carefully managed.
Procedures defining the measures for updating the plant or system must be
specified and documented. These procedures are the responsibility of the end
user, but the system integrator must supply sufficient guidance so that the
procedures keep the required level of functional safety during and after the
changes.
Product Level Module and Firmware Updates
Special consideration must be given to procedures for product level module
and firmware updates.
Updates to the system must include the modification adaptation for
application changes and firmware changes.
The procedures must include the need to do an impact analysis of any such
changes, and the measures to change the system and its application as an
outcome of the adaptation requirements.
The other requirements specified here must be applied, as well as the
requirements specified for the following items:
•Scope definition
• Hazard and risk analysis
• System Functional and Safety Requirements
• System engineering
• Application programming
• System production
• System integration
• Installation and commissioning
The definition of these procedures must include the examination and
authorization process to be adopted for system changes.
Modification Records and Change Management
Modification records shall be created to give traceability of each requested or
required change. The change management procedure must consider the
impact of each such change before authorizing the change. The
implementation of the change must repeat the safety lifecycle phases which
are altered by the change. The test of the resultant changes must include non-
regression testing as well as test of the change itself. All test results must be
recorded.
Decommissioning The procedure for decommissioning the system must be specified. This
procedure must include the requirements for the safe decommissioning of the
system and, where applicable, the safe removal or return of materials.
To Next Page
Loading...
Need help?
General
