Functional safety

Phase 1 — Hazard & Risk Assessment | IEC 61511 Verification Checklist

Phase 1 — Hazard & Risk Assessment (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
1 8.2 Confirm process hazards are identified and documented.
2 8.2.1 Verify recognized methodology used (e.g., HAZOP, What-If, Checklist).
3 8.2.2 Check inclusion of start-up, shutdown, and abnormal conditions.
4 8.2.3 Ensure initiating events and consequences are quantified/qualified.
5 8.2.4 Review risk matrix alignment with corporate tolerability (ALARP) criteria.
6 8.2.5 Verify protective layers identified and effectiveness justified (IPLs).
7 8.2.6 Confirm frequency/severity data sources are credible and traceable.
8 8.2.7 Ensure team competence evidence (CVs/training/experience) is recorded.
9 8.2.8 Confirm all study assumptions are explicitly documented.
10 8.2.9 Validate that the study was independently facilitated or reviewed.
11 8.2.10 Ensure environmental, asset, and personnel impacts considered.
12 8.2.11 Verify recommendations/actions are tracked to closure with owners/dates.
13 8.2.12 Confirm interface with corporate/site risk register is maintained.
14 8.2.13 Validate data consistency across all HAZOP nodes/sections.
15 8.2.14 Check safeguards match latest P&IDs, cause-&-effect and narratives.
16 8.2.15 Verify assumptions/initiators are carried forward for LOPA/SIL studies.
17 8.2.16 Confirm extreme operating/abnormal scenarios were reviewed (e.g., utilities loss).
18 8.2.17 Validate correct consequence categories and definitions were applied.
19 8.2.18 Verify lessons learned / incident data were considered in the study.
20 8.2.19 Ensure the final H&RA/HAZOP report is approved and signed by stakeholders.
21 8.2.20 Cross-check tag references against the latest approved P&IDs and lists.
22 8.2.21 Confirm recommendations transferred to the project action tracker (with due dates).
23 8.2.22 Verify study minutes, worksheets, and attendance records are archived.
24 8.2.23 Check the formal link from HAZOP to subsequent SIL/LOPA activities is established.
25 8.2.24 Confirm re-validation / re-study frequency is defined and scheduled.

Note: Clause numbers follow IEC 61511 Part 1, Clause 8.2 (Hazard and Risk Assessment) and common sub-items used in practice.

Phase 2 — Allocation of Safety Functions to Protection Layers | IEC 61511 Verification Checklist

Phase 2 — Allocation of Safety Functions to Protection Layers (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
1 9.2 Verify all independent protection layers (IPLs) identified and credited correctly.
2 9.3 Check functional and physical independence between IPLs (including SIS vs BPCS).
3 9.4 Validate PFD/PFH calculations and risk reduction factors for each IPL/SIF.
4 9.5 Confirm that target SIL for each SIF is properly derived from risk gap/LOPA results.
5 9.6 Ensure overall risk is within company tolerability criteria (ALARP demonstration).
6 9.7 Verify assumptions used in LOPA are documented, justified, and traceable to sources.
7 9.8 Confirm enabling conditions, conditional modifiers, and dependencies are accounted for.
8 9.9 Review LOPA worksheet completeness and accuracy (initiators, IPL credits, consequences).
9 9.10 Ensure process demand rates and frequencies are realistic and referenced to data/experience.
10 9.11 Validate credit assigned to alarms and operator response (time to respond vs process safety time).
11 9.12 Confirm BPCS protection claims are justified and do not violate independence requirements.
12 9.13 Check physical separation, segregation, and common cause protection between IPLs/SIFs.
13 9.14 Verify SIFs with similar causes are rationalized (no double counting of protection credits).
14 9.15 Confirm external events and site-wide hazards considered in allocation (utilities, power loss).
15 9.16 Verify interaction between high-integrity pressure protection (HIPS) and relief (PSV) is addressed.
16 9.17 Ensure documentation traceability from HAZOP/LOPA to SIF list and SRS (unique IDs maintained).
17 9.18 Confirm multidisciplinary review by process, safety, and I&C specialists completed.
18 9.19 Check correctness of units, frequencies, and calculation methods (peer review performed).
19 9.20 Validate SIL determination against corporate templates/tools and IEC methods.
20 9.21 Ensure final LOPA/Allocation report is approved, signed, and baselined in document control.
21 9.22 Verify all allocation assumptions/requirements are transferred into the SRS for each SIF.
22 9.23 Check interface with mechanical relief design; avoid conflicting protection philosophies.
23 9.24 Confirm LOPA/Allocation action items are logged with owners and due dates, tracked to close.
24 9.25 Validate re-assessment interval defined (e.g., at major changes or set periodicity).
25 9.26 Ensure version control on worksheets/models; archive superseded versions with rationale.

Note: Clause numbers follow IEC 61511 Part 1, Clause 9 (Allocation of safety functions to protection layers) and typical sub-items used in practice.

Phase 3 — Safety Requirements Specification (SRS) | IEC 61511 Verification Checklist

Phase 3 — Safety Requirements Specification (SRS) (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
1 10 All SIFs captured from LOPA/Allocation with unique IDs and titles.
2 10 Functional requirements defined: process variable, trip setpoint, action, final element(s).
3 10 Safety integrity requirements stated: target SIL, PFDavg/PFH, risk reduction factor, architectural constraints.
4 10 Process Safety Time (PST) determined and referenced; response time budget allocated per SIF path.
5 10 Mode of operation identified (low demand / high demand / continuous) and justified for each SIF.
6 10 Proof test interval, proof test coverage, and test procedures specified at SIF and device level.
7 10 Diagnostic coverage, fault detection, and fault reaction (safe state) requirements defined.
8 10 Trip reset, restart, inhibit/override, and bypass philosophy defined with authorization levels and limits.
9 10 Interface requirements to BPCS, F&G, electrical, and packages documented (signals, protocols, isolation).
10 10 Environmental, EMC, electrical, and mechanical conditions defined (temperature, IP rating, vibration, area class).
11 10 Redundancy and voting logic (sensor/logic/final elements) specified; common-cause mitigation addressed.
12 10 Setpoint calculation, drift limits, and trip accuracy/tolerance requirements defined and justified.
13 10 Human–Machine Interface (HMI) and alarm/event requirements specified (messages, priorities, colors, timestamps).
14 10 Power supply philosophy (UPS, redundancy, brownout/blackout behavior) defined for each SIF path/device.
15 10 Maintenance access and test provisions (test ports, simulation points, PST enablers) defined in SRS.
16 10 SIF demand/action sequences aligned with Cause & Effect matrix and shutdown hierarchy levels.
17 10 Cybersecurity requirements captured (zones/conduits, user roles, remote access, logging, hardening baseline).
18 10 Device selection constraints (certification, SFF, λ values, failure modes) stated or referenced to data sources.
19 10 Bypass duration limits, KPIs, and monitoring rules defined (notifications, SOE, management approval workflow).
20 10 Failure modes and action on detected/undetected faults defined (degraded operation vs trip to safe state).
21 10 Proof test success criteria, recording, and restoration requirements described (post-test resets, bypass removal).
22 10 Documentation traceability matrix provided (HAZOP/LOPA → SRS → design → validation → O&M).
23 10 Assumptions, enabling conditions, and external dependencies listed and justified in the SRS text/tables.
24 10 SRS review and approval completed by Process, I&C, Operations, Safety, and Management (signatures/dates).
25 10 Version control and archiving established; baseline issued; change control linked to MOC for future updates.

Note: As requested, the IEC 61511 clause reference is kept the same (Clause 10 — Safety Requirements Specification) for all 25 checklist items.

Phase 4 — Design & Engineering of SIS | IEC 61511 Verification Checklist

Phase 4 — Design & Engineering of SIS (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
1 11.2 Verify SIS hardware/software design meets SRS and target SIL requirements.
2 11.3 Confirm system architecture (sensors, logic solver, final elements) matches SRS (redundancy/voting).
3 11.4 Use appropriately certified/assessed components (IEC 61508/third-party) or justify proven-in-use evidence.
4 11.5 Validate reliability data (λ, SFF) and architectural constraints; calculate PFDavg/PFH as per SRS intervals.
5 11.6 Logic solver selection justified (capacity, scan time, diagnostics, safety certifications, cybersecurity features).
6 11.7 Verify segregation/independence between SIS and BPCS/F&G (power, networking, I/O, cabinets, software).
7 11.8 Confirm wiring philosophy: dedicated safety I/O, line monitoring, shielding, earthing, and EMC compliance.
8 11.9 Redundancy & voting logic implemented as designed (1oo2, 2oo3, etc.) with common-cause mitigation documented.
9 11.10 Application program documented (SIF logic diagrams, narratives, variables, ranges, scaling, comments, versioning).
10 11.11 Diagnostics/watchdogs and fault handling configured to drive safe state within Process Safety Time (PST).
11 11.12 Fault-tolerant design validated (power redundancy, network redundancy, hot-standby where required).
12 11.13 Provide signal simulation/test provisions and safe test methods for SIFs (no loss of protection during tests).
13 11.14 Cybersecurity-by-design applied (access control, hardening baseline, secure comms, logging, remote access rules).
14 11.15 Environmental protection validated (temperature, humidity, IP/NEMA, corrosive atmosphere, vibration/shock).
15 11.16 Hardware selection compliant with SRS and manufacturer limitations; proven device lists adhered to.
16 11.17 Instrument datasheets/specs match SRS (ranges, accuracy, response time, fail-safe direction, certification).
17 11.18 Cause & Effect matrix and shutdown hierarchy traceable to SIF logic; interlocks comprehensively covered.
18 11.19 Interposing relays/isolators/barriers selected and approved; failure modes and SIL impact assessed.
19 11.20 Application software lifecycle controlled (requirements → design → code → test); version/config management applied.
20 11.21 Panel/cabinet design drawings validated (layout, heat load, segregation, terminals, labeling, space for spares).
21 11.22 Earthing, bonding, and shielding practices documented and consistent with EMC/safety requirements.
22 11.23 3rd-party/package interfaces defined and tested (signals list, protocols, fail-over, interlocks, SAT/FAT scope).
23 11.24 Spare capacity and scalability confirmed (I/O, CPU, network, cabinet space) per project/operations needs.
24 11.25 Formal design reviews held; actions tracked to closure; approvals recorded in document control system.
25 11.26 As-built design documentation alignment plan defined (redlines → updates → baselining for validation/commissioning).

Note: Clause numbers reference IEC 61511-1, Clause 11 (Design & Engineering) with typical sub-items used in practice.

Phase 5 — Installation, Commissioning & Validation | IEC 61511 Verification Checklist

Phase 5 — Installation, Commissioning & Validation (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
1 12.2 Verify installation executed per approved drawings, SRS, and vendor instructions (location, orientation, impulse lines).
2 12.3 Confirm cable continuity, insulation resistance, and earthing tests are completed & recorded (as-found/as-left).
3 12.4 Validate loop checks for each SIF path (sensor → logic solver → final element) against Cause & Effect matrix.
4 12.5 Check calibration certificates traceable to national/international standards; ranges & LRV/URV per SRS.
5 12.6 Confirm tag numbers, labelling, direction-of-fail, and fail-safe positions are correct on devices and panels.
6 12.7 Verify safety barriers/isolators and instrument air quality installed & configured per design and area classification.
7 12.8 Confirm logic solver loaded with approved application; checksum/version recorded; baseline stored in DC system.
8 12.9 Validate interlocks and trips tested per approved procedures (simulation/energized tests) without compromising safety.
9 12.10 Check all bypass/override/inhibit switches are secure, logged, timed, alarmed, and authorized as per SRS/management rules.
10 12.11 Ensure initial proof tests executed as defined (coverage, steps, acceptance criteria) and restoration to normal documented.
11 12.12 Verify trip sequences and shutdown levels match approved Cause & Effect and shutdown hierarchy (no omissions).
12 12.13 Confirm de-energize/energize-to-trip philosophies implemented as designed; fail-safe confirmed on loss of power/signal.
13 12.14 Check alarm verification in BPCS/DCS: priorities, colors, annunciation, SOE timestamps, and operator guidance text.
14 12.15 Validate operator HMI messages, permissives, inhibits, reset, and restart logic align with the SRS and user procedures.
15 12.16 Verify deviations/non-conformances captured with corrective actions, owners, and closure dates in the commissioning log.
16 12.17 Confirm punch list created, prioritized, and closed before validation sign-off (or justified waivers approved).
17 12.18 Ensure red-line markups captured on P&IDs, I/O, logic, hook-ups, and panel drawings for as-built updates.
18 12.19 Verify test reports and certificates (site acceptance, leak tests, stroking, PST checks) are signed & filed.
19 12.20 Confirm certification dossiers (Ex, material, calibration, factory certs) are complete, indexed, and archived.
20 12.21 Validate final safety validation witnessed by Client/Operations; acceptance criteria met; punch list cleared or waived.
21 12.22 Confirm sequence logic simulation (where applicable) demonstrates PST compliance and correct safe-state behavior.
22 12.23 Check reset/restart sequences tested, including interlocks, permissives, and restoration of bypasses/inhibits.
23 12.24 Validate issue of a comprehensive validation summary report with non-conformances and close-out evidence.
24 12.25 Ensure commissioning completion certificates signed (e.g., MCC, subsystem handover, system acceptance forms).
25 12.26 Verify turnover/hand-over dossier completeness (as-builts, SRS baseline, test packs, spares, O&M manuals).

Note: Clause numbers reference IEC 61511-1, Clause 12 (Installation, Commissioning & Validation) with typical sub-items used in practice.

Phase 6 — Operation & Maintenance | IEC 61511 Verification Checklist

Phase 6 — Operation & Maintenance (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
116Verify O&M manual approved and available for all SIS systems and subsystems.
216Confirm operators and maintenance staff trained and competent on SIS operation and bypass rules.
316Ensure operating procedures incorporate SIF initiation, reset, bypass, and override instructions.
416Verify preventive maintenance and proof test schedules established per SRS intervals.
516Check bypass authorization, time limits, and management approval in place per company standards.
616Ensure alarm management compliant with corporate philosophy (priority, acknowledgment, limits).
716Verify proof tests executed as planned; coverage recorded; any failures investigated & closed.
816Confirm calibration and functional test results stored in asset management or maintenance system.
916Verify spares inventory defined; critical SIS components have lead-time tracking and replacement strategy.
1016Check corrective maintenance procedures exist for SIS devices, including failure reporting and investigation.
1116Confirm maintenance records traceable to device ID, date, technician, and test instrument used.
1216Ensure demand rate vs design rate monitored to verify risk assumptions remain valid.
1316Validate SIS diagnostics monitored; failures and degraded modes alarmed to operations and maintenance.
1416Ensure bypass logs and overrides reviewed daily/weekly by instrument & safety engineers.
1516Verify maintenance backlog and overdue proof tests monitored; justifications recorded if delayed.
1616Confirm personnel competence and authorization matrix maintained for SIS maintenance activities.
1716Ensure cybersecurity controls maintained (password rotation, backup integrity, remote access management).
1816Validate management of change applied for any configuration, logic, or component modification during O&M.
1916Confirm event data analysis performed (near misses, false trips, demand failures) and lessons captured.
2016Verify SIS documentation (SRS, C&E, logic diagrams) updated after any operational changes.
2116Ensure partial stroke testing of shutdown valves performed at defined intervals and results recorded.
2216Check spurious trip events analyzed for root cause and action plans implemented to reduce recurrence.
2316Validate audit of SIS maintenance activities conducted periodically by independent function or QA.
2416Confirm review of proof test effectiveness, coverage, and findings after each campaign or turnaround.
2516Ensure periodic O&M performance review meeting held to evaluate SIS reliability and compliance trends.

Note: Clause references follow IEC 61511-1 Clause 16 (Operation and Maintenance) with representative checklist items for typical SIS life-cycle verification.

Phase 7 — Modification | IEC 61511 Verification Checklist

Phase 7 — Modification (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
117Verify that a formal Management of Change (MOC) process exists and is applied for all SIS modifications.
217Confirm all modifications assessed for impact on safety integrity and functional performance before implementation.
317Ensure updated SRS reflects modification details, logic, hardware, and documentation revisions.
417Check revised SIL verification performed to confirm modified SIF continues to meet target SIL.
517Verify all modified logic and configuration changes tested (offline or simulated) prior to implementation in service.
617Confirm configuration and logic backups taken before and after modification; checksums verified.
717Ensure updated documentation (P&ID, logic, wiring, datasheets) issued under controlled document system.
817Verify affected personnel trained and notified of the modification before return to service.
917Confirm re-validation or partial functional testing performed on the modified SIF.
1017Check revised logic/software approved by authorized engineering and safety representatives.
1117Ensure bypasses or temporary jumpers used during modification are controlled, logged, and removed post-testing.
1217Confirm modification request, justification, and approvals documented in MOC form and linked to records.
1317Verify rollback/restore plan available in case of modification failure during implementation.
1417Ensure hazard review (HAZOP/LOPA) re-performed when modification impacts process conditions or protection layers.
1517Check cybersecurity risk assessment updated for the modification and any new components added.
1617Verify version control maintained across software, logic, and documents; obsolete revisions archived.
1717
Phase 8 — Decommissioning | IEC 61511 Verification Checklist

Phase 8 — Decommissioning (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
117Verify a formal decommissioning plan exists covering scope, responsibilities, permits, and schedule.
217Confirm decommissioning hazard review performed (process, electrical, mechanical, environmental risks).
317Ensure isolation procedures for SIS signals and final elements defined (LOTO, blinds, double block & bleed).
417Verify trip disablement and bypass authorizations obtained per company policy before work begins.
517Confirm power removal/energized-to-trip behavior assessed and documented to avoid unsafe states.
617Ensure all devices to be retired are tagged “Out of Service” and reflected in control system graphics/lists.
717Verify purge, vent, drain, depressurization, and gas freeing activities planned and executed safely.
817Validate removal of signals from logic solver (force removal, I/O de-allocation, interlock rationalization).
917Confirm as-built P&IDs, C&E, logic, and I/O lists updated to reflect decommissioned equipment/tags.
1017Verify full backups taken (projects, logic, historian, configurations) before physical removals commence.
1117Ensure disposal/recycling complies with environmental regulations and manufacturer guidance (e-waste, oils).
1217Confirm asset register, instrument index, and maintenance system updated to “retired/decommissioned.”
1317Verify MOC reference links decommissioning package to original SIFs and safety justification records.
1417Ensure remaining protection layers and adjacent systems are not adversely affected (no latent hazards).
1517Confirm applicable permits-to-work, confined space, hot work, and electrical isolation permits in force.
1617Verify shutdown/de-energization sequence approved to avoid spurious trips or production upsets.
1717Ensure client/operations witnessing of isolations and removals where required by site standards.
1817Confirm decommissioning execution report issued daily/weekly with progress, risks, and mitigations.
1917Validate archiving of records (permits, isolation certificates, test sheets, photos, redlines, backups).
2017Verify residual risk assessment (post-removal) completed and communicated to stakeholders.
2117Ensure area signage, barricading, and housekeeping maintained throughout decommissioning works.
2217Confirm lessons learned captured and fed back to functional safety management processes.
2317Verify handover to demolition/contractors includes hazards, isolations, and interface boundaries.
2417Ensure cyber access removed (accounts disabled, network ports closed, media sanitized) for retired assets.
2517Confirm decommissioning closure certificate issued and lifecycle file updated to reflect end-of-life status.

Note: Decommissioning is treated within the IEC 61511 lifecycle framework; use this checklist with site standards and governance for end-of-life activities.

Phase 9 — Verification | IEC 61511 Verification Checklist

Phase 9 — Verification (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
118Verification plan established defining scope, method, acceptance criteria, responsibilities, and records.
218Independence of verifier appropriate to lifecycle phase and project risk (not author of item being verified).
318Input documents identified and controlled (HAZOP/LOPA, SRS, design, test procedures, as-builts).
418Verification checklists/templates used for each lifecycle activity with evidence of completion and sign-off.
518Traceability demonstrated (HAZOP/LOPA → SRS → design → logic → validation → O&M) via matrix or tool.
618Verification outcomes recorded as pass/fail with objective evidence (screenshots, cal sheets, reports, IDs).
718Non-conformances/deviations logged with severity, owner, due date, and interim risk controls if needed.
818Closure evidence for all verification actions captured and cross-referenced to the original findings.
918Configuration baselines (documents, software, logic) frozen at key gates; checksum/version recorded.
1018Verification sampling/coverage appropriate (100% for critical items; representative sampling where justified).
1118Tools and test equipment used in verification calibrated and within validity; certificates attached/referenced.
1218Competence of verifiers evidenced (CVs, training, authorization); independence matrix maintained.
1318Verification spans every lifecycle phase (H&RA, Allocation, SRS, Design, Installation, Validation, O&M, Mod, Decom).
1418Interface verification conducted across disciplines (Process, I&C, Mechanical, Electrical, F&G, Packages).
1518Document control verified (correct issue, signatures, effective dates, superseded copies removed/archived).
1618Change management link ensured: re-verification performed after any MOC affecting SIS/SIF or assumptions.
1718Verification confirms alignment of C&E, SRS, logic, and field implementation (no logic–drawing mismatches).
1818Verification report issued per phase with summary, detailed findings, and management approval/sign-off.
1918Consistency checks performed between deliverables (P&IDs, I/O list, wiring, logic, narratives, HMI/alarm lists).
2018Verification of quantitative analyses (PFDavg/PFH, SFF, architectures) confirms correct inputs and methods.
2118Cybersecurity-related verification executed (accounts, roles, hardening, backups, remote access controls).
2218SOE/time-stamping, alarm priorities, and operator messages verified as per SRS/HMI standards.
2318Records retention and accessibility assured (indexes, links, evidence IDs) for audit and FSA readiness.
2418Management review held for verification outcomes at each gate; decisions/minutes archived with actions.
2518Lessons learned from verification captured and fed back to the Safety Lifecycle/Quality plans for improvement.

Note: All items reference IEC 61511-1 Clause 18 — Verification. Adjust wording to match your project’s corporate procedures and templates.

Phase 10 — Functional Safety Assessment (FSA) | IEC 61511 Verification Checklist

Phase 10 — Functional Safety Assessment (FSA) (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
15.2.6FSA plan exists defining assessment objectives, scope, independence level, and lifecycle phases to be assessed.
25.2.6Assessor independence appropriate to phase (e.g., FSA 1–5) and complexity; conflicts of interest resolved.
35.2.6Assessment criteria aligned with IEC 61511 and corporate FSM procedures; acceptance thresholds defined.
45.2.6Input evidence identified (HAZOP/LOPA, SRS, SIL calc, design, validation, O&M, audits, incidents, MOC records).
55.2.6Assessment confirms Safety Lifecycle has been followed and documented at each completed phase (1–9 & 11).
65.2.6Traceability matrix reviewed for completeness from hazards → SIFs → SRS → design → validation → O&M.
75.2.6SIL determination and SIL verification methods, data sources, and assumptions validated by the assessor(s).
85.2.6Assessment of independence between protection layers and SIS vs BPCS/F&G corroborated with evidence.
95.2.6Review of competence management (training, authorization, roles) for those performing lifecycle tasks is complete.
105.2.6FSM plan and procedures assessed for adequacy, implementation, and continuous improvement mechanisms.
115.2.6Assessment confirms correct application of verification/validation activities and closure of related actions.
125.2.6Sampling strategy for evidence review is justified; critical items reviewed 100% or risk-based as appropriate.
135.2.6Cybersecurity provisions impacting functional safety (accounts, backups, hardening) are assessed and recorded.
145.2.6Operations & maintenance practices (proof testing, bypass control, incident learning) evaluated for compliance.
155.2.6MOC process effectiveness and its link to re-assessment/re-verification confirmed by evidence samples.
165.2.6Assessor reviews as-built vs design documentation consistency (P&IDs, logic, C&E, I/O, wiring, datasheets).
175.2.6Evidence of management reviews and gate approvals verified; deviations & waivers justified and authorized.
185.2.6Assessment includes interviews/walkdowns with engineering, operations, and maintenance to corroborate records.
195.2.6FSA findings are categorized by severity and risk; recommendations are specific, time-bound, and actionable.
205.2.6Owner(s) assigned to each recommendation; target dates and interim risk controls documented where needed.
215.2.6Formal FSA report issued with scope, methodology, evidence reviewed, conclusions, and compliance statement.
225.2.6Report approved by the independent assessor(s) and acknowledged by management and lifecycle stakeholders.
235.2.6Closure of previous FSA actions verified; open items carried forward with rationale and risk acceptance.
245.2.6Records and evidence indexed for auditability; lifecycle file updated for future assessments and audits.
255.2.6Lessons learned captured from FSA and fed into FSM, competency plans, and corporate standards updates.

Note: Items reference IEC 61511-1 Clause 5.2.6 — Functional Safety Assessment. Select the FSA level (1–5) appropriate to your project stage and risk.

Phase 11 — Management of Functional Safety | IEC 61511 Verification Checklist

Phase 11 — Management of Functional Safety (IEC 61511)

Verification Checklist — 25 Items • InstruNexus
www.instrunexus.com

Verification Checklist

Tip: Click “Enable Inline Editing” to type directly into Outcome / Comments / Recommendation / By / Status cells, then print to PDF.
# IEC 61511 Clause Requirement Outcome Verification Comments Recommendation By Status
15.2.1Functional Safety Management (FSM) plan established covering all lifecycle phases, roles, and responsibilities.
25.2.1FSM plan reviewed and approved by management and made accessible to all stakeholders involved in SIS activities.
35.2.1Company policy defines overall objectives for achieving and maintaining functional safety within SIS lifecycle.
45.2.1Organizational chart defines lines of authority and communication between engineering, operations, and safety management.
55.2.2Competency management process in place; records maintained for training, qualification, and experience of personnel.
65.2.3Procedures exist for planning, implementing, and verifying all lifecycle activities with defined acceptance criteria.
75.2.4Documentation and configuration control procedures established; all deliverables uniquely identified and versioned.
85.2.5Management of change (MOC) procedure established and applied across design, operation, and maintenance phases.
95.2.6Functional Safety Assessments (FSAs) planned and executed at all mandatory stages (1–5) with independence criteria met.
105.2.7Verification activities defined for each phase; independent reviewers appointed where required by SIL/risk level.
115.2.8Audit program for FSM implemented; audits planned periodically to assess compliance and continual improvement.
125.2.9Procedures exist for control of suppliers, subcontractors, and third-party services related to SIS lifecycle tasks.
135.2.10Corrective and preventive actions process in place to manage findings from audits, FSAs, or verification reviews.
145.2.11FSM process covers identification, recording, and communication of deviations from the safety lifecycle.
155.2.12Functional Safety Plan (FSP) developed for projects; includes schedule of activities, verification, validation, and FSAs.
165.2.13Procedures in place for retention and traceability of records throughout SIS lifecycle and after decommissioning.
175.2.14FSM system ensures cybersecurity considerations integrated into the management process and training programs.
185.2.15Roles for SIS ownership, design authority, operations, and maintenance defined and communicated clearly.
195.2.16Management reviews functional safety performance periodically; outcomes documented and actioned.
205.2.17FSM ensures lessons learned from incidents, audits, and FSAs are reviewed and integrated into continuous improvement.
215.2.18Competency assessment process updated periodically to reflect new technologies and standards updates.
225.2.19FSM implementation audited independently at intervals appropriate to risk and company policy.
235.2.20FSM addresses management of subcontractor competence, QA, and conformance to IEC 61511 practices.
245.2.21FSM incorporates process for updating standards, company specifications, and functional safety guidelines.
255.2.22FSM file complete and auditable, demonstrating full compliance to IEC 61511 and corporate functional safety policies.

Note: This checklist aligns with IEC 61511-1 Clause 5 — Management of Functional Safety and provides verification points for FSM implementation and sustainability.

Leave a Reply

Your email address will not be published. Required fields are marked *