GB/T 41295.1-2022_English: PDF (GB/T41295.1-2022)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GB/T 41295.1-2022 | English | 170 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Application guide of functional safety - Part 1: Hazard identification and requirements analysis
| Valid |
GB/T 41295.1-2022
|
Standard ID | GB/T 41295.1-2022 (GB/T41295.1-2022) | Description (Translated English) | Application guide of functional safety - Part 1: Hazard identification and requirements analysis | Sector / Industry | National Standard (Recommended) | Classification of Chinese Standard | N10 | Classification of International Standard | 25.040 | Word Count Estimation | 11,156 | Date of Issue | 2022-03-09 | Date of Implementation | 2022-10-01 | Drafting Organization | China National Petroleum Corporation Safety and Environmental Protection Technology Research Institute Co., Ltd., Machinery Industry Instrumentation Comprehensive Technology and Economic Research Institute, Guoneng Zhishen Control Technology Co., Ltd., China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), PetroChina University (Beijing) | Administrative Organization | National Technical Committee for Standardization of Industrial Process Measurement and Control (SAC/TC 124) | Proposing organization | China Machinery Industry Federation | Issuing agency(ies) | State Administration for Market Regulation, National Standardization Administration |
GB/T 41295.1-2022
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
CCS N 10
Application guide of functional safety - Part 1: Hazard
identification and requirements analysis
ISSUED ON: MARCH 09, 2022
IMPLEMENTED ON: OCTOBER 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions... 5
4 Abbreviations ... 7
5 General ... 7
5.1 Stages of the life cycle where hazard identification and requirements analysis are
located ... 7
5.2 Basic considerations for hazard identification and requirements analysis ... 7
5.3 Process considerations for hazard identification and requirements analysis ... 8
5.4 Change considerations for hazard identification and requirements analysis ... 8
5.5 Documentation considerations for hazard identification and requirements analysis ... 9
6 Risk identification ... 9
6.1 General process for hazard identification ... 9
6.2 Impact analysis of natural environment in the process of hazard identification ... 10
6.3 Impact analysis of laws and regulations in the process of hazard identification ... 10
6.4 Impact analysis of technological process in the process of hazard identification ... 11
6.5 Risks of controlled equipment ... 11
6.6 Risks of safety systems ... 11
6.7 Risk record ... 12
7 Requirements analysis ... 12
References ... 16
Application guide of functional safety - Part 1: Hazard
identification and requirements analysis
1 Scope
This document provides guidance on hazard identification and requirements analysis in
the application guide of functional safety systems.
This document applies to the concept stage of functional safety system development.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this
document and are indispensable for its application. For dated references, only the
version corresponding to that date is applicable to this document; for undated references,
the latest version (including all amendments) is applicable to this document.
GB/T 20438.1-2017, Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 1: General requirements
GB/T 20438.2-2017, Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 2: Requirements for
electrical/electronic/programmable electronic safety-related systems
GB/T 20438.3-2017, Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 3: Software requirements
GB/T 20438.4-2017, Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 4: Definitions and abbreviations
3 Terms and definitions
Terms and definitions determined by GB/T 20438.4-2017, and the following ones are
applicable to this document.
3.1
hazard identification
The occurrence risk of potential hazards in the controlled equipment, process, operating
environment and functional safety system itself, which is identified by methods such as
theoretical derivation and experience summarization to mark the acceptable degree of
risk.
3.2
requirements analysis
The process of formulating the safety requirements of the functional safety system
according to the conclusion of hazard identification (3.1), and decomposing the safety
requirements into components according to the structure of the functional safety system.
3.3
system related personnel
Personnel who may have a direct relationship with the system during the entire life
cycle of the functional safety system.
Note: Including system definition, requirements, design, implementation, testing,
operation, maintenance, business and other personnel.
3.4
operation scenario
When the functional safety system is running, the set of relevant natural environment,
technological process, controlled equipment and functional safety systems. This
scenario is figurative and can be observed and studied through physical simulation.
3.5
safety requirements
In order to reduce the risk to a tolerable level, the functional safety integrity level
requirements that the functional safety system needs to meet.
Note: Safety requirements are called safety demands in GB/T 20438, and both have the
same meaning.
3.6
functional safety system
A system that performs safety-related functions, has functional safety-related
characteristics, and satisfies a specific Safety Integrity Level (SIL).
Note: The system here is a generalized concept that includes different levels, such as
safety components, safety equipment or safety control systems. In an actual
● system developers;
● maintenance and repair personnel;
● business personnel, etc.
-- When formulating safety requirements, it is necessary to take into account the
basic control functions of the system.
-- Safety requirements do not create new hazards and require iterative analysis.
5.3 Process considerations for hazard identification and requirements analysis
During hazard identification and requirements analysis, the following implementation
processes need to be followed:
-- Select the operation scenarios required and the controlled scope required by the
functional safety system;
-- Collect data on hazardous events that have occurred in similar scenarios, including
the identified hazardous event and the sequence of events that led to the hazardous
event;
-- Consult system related personnel for opinions on hazardous events and
requirements for the system;
-- Record the hazard identification results, and formulate safety measures one by one
for unacceptable hazards;
-- Analyze the effectiveness of safety measures, summarize and compile safety
requirements;
-- Consult system related personnel for their opinions on the rationality of safety
requirements;
-- The safety requirements shall be the basis for the development of the functional
safety systems after approval;
-- According to the architectural design of the system, allocate the realization method
of safety requirements to each subsystem or component.
5.4 Change considerations for hazard identification and requirements analysis
During hazard identification and requirements analysis, the following changes need to
be considered:
-- Changes are generally initiated by system developers;
-- Change impact analysis needs to be carried out, focusing on the difference
comparison between the operating scenarios before and after the change;
-- The change shall be sufficiently reasonable, and a reasonable change has the
following characteristics:
● All system related personnel do not strongly oppose this requirement change,
● This requirement change can be approved by the authorized signatory,
● There are specific reasons for the change; these reasons include: errors or
omissions in hazard identification, market competition reasons, the existing
technical conditions cannot meet this requirement, the requirement cannot be
verified at all, etc.;
-- Changes require notification to all personnel citing hazard identification records
and safety requirements.
5.5 Documentation considerations for hazard identification and requirements
analysis
During hazard identification and requirements analysis, the contents that need to be
documented include:
-- content and characteristics of the operation scenario;
-- characteristics of the hazard;
-- safety requirements;
-- relationship between hazards and requirements;
-- change impact analysis;
-- change approval records;
-- released approval records.
6 Risk identification
6.1 General process for hazard identification
Hazard identification starts from analyzing the natural environment and technological
process, and ends when obtaining risk records. The general process is shown in Figure
1.
-- regulations for environmental protection;
-- rating of damage.
6.4 Impact analysis of technological process in the process of hazard identification
The technological process is the direct cause of risk in the operation scenario, which is
an inevitable link in production and life. In order to identify the hazards, it is necessary
to analyze the following aspects:
-- Raw materials and products may leak toxic substances during transportation and
storage; flammable and explosive materials may be ignited and detonated;
accidental contact may lead to violent chemical reactions, like, metal sodium and
water, and spontaneous combustion caused by long-term large-scale stacking;
-- Temperature control, over-temperature protection, abnormal heat conduction for
high temperature process;
-- Pressure control, overpressure protection, pressure leakage for high pressure
process;
-- Speed control, overspeed protection, speed drop for high-speed process;
-- Static sparks in explosive atmospheres and electric sparks when the power is
turned on and off;
-- Accidental leakage of dust or flammable gas in the presence of open flames;
-- Acceleration, temperature, noise, oxygen concentration and air pressure that the
personnel in the equipment operating environment are subjected to.
6.5 Risks of controlled equipment
The risks of controlled equipment need to be identified from the following aspects:
-- impact of natural environment, laws and regulations and technological process on
the controlled equipment;
-- leakage, blockage, fracture caused by aging and corrosion;
-- collapse of surrounding facilities and impact of abnormal movements on
controlled equipment;
-- wrong on-site personnel manipulation, repair and maintenance.
6.6 Risks of safety systems
The risks of the functional safety system itself need to be identified from the following
aspects:
-- Safety requirements are requirements for functional safety systems, and safety
requirements that need to be completed by other devices do not need to be listed;
-- Safety requirements should consider information security and conduct
vulnerability analysis;
-- Safety requirements should consider physical protection, such as cabinets, etc.;
-- The safety integrity level is determined for each safety requirement corresponding
to risk reduction;
-- Safety requirements can be verified.
The system safety requirements specification can include the following specific content.
-- Comply with product standards and safety standards and comply with legal,
cultural and policy requirements.
-- The functional requirements of the product need to consider the distinction
between safety functions and non-safety functions; the safety requirements need
to be numbered; the requirements for operation, maintenance, startup, and restart
need to be described.
-- For safety integrity level requirements, the highest safety integrity level
requirements of all safety requirements shall be taken as the safety integrity level
requirements of the entire system.
-- Structural aspects include:
● Classification of systems: Systems that cannot clearly describe all failure modes
are defined as Class B systems;
● Redundant architecture is described in the form of MooN: N is the number of
channels in the system, and M is the minimum number of channels that can
make the system enter a safe state.
-- Operation modes include:
● Low-requirement mode: The safety function of bringing the controlled
equipment into the specified safe state is executed only when required; the
frequency of the requirement is not more than once a year;
● High-requirement mode: The safety function of bringing the controlled
equipment into the specified safety state is only executed when required; the
frequency of the requirement is greater than once a year;
● Continuous mode: The safety function keeps the controlled equipment in a safe
state as part of normal operation.
-- Diagnosis includes:
● Requirements for Diagnostic Coverage (DC) and Safe Failure Fraction (SFF),
determined according to the requirements of the Safety Integrity Level;
● The scope of diagnosis needs to consider power supply, input loop, output loop,
clock, communication channel, storage, and programmable components;
● Fault response time: For any fault that can be found by the system self-diagnosis,
the time interval from the occurrence of the fault to the completion of the
response processing by the system for the fault;
● Mean maintenance time: The average time from when the fault is found to when
the fault is eliminated;
● Self-diagnosis period: For any fault that can be found by the system self-
diagnosis, the longest time interval from the fault occurrence to the system
finding the fault;
● Inspection and testing interval: The interval for comprehensive inspection and
testing of the effectiveness of all safety functions of the functional safety
system; these inspections and testing are mainly manual inspections;
● Inspection and testing requirements, such as: preparation before inspection and
testing, inspection and testing items, inspection and testing passing standards,
tools or facilities required for inspection and testing;
● Fault warning requirements: warning mode, warning duration, warning
elimination conditions.
-- Application scenarios, it is necessary to specify the specific application fields and
working conditions of the functional safety system.
-- Environmental aspects: installation method, indoor/outdoor, temperature,
humidity, required space, air pressure/altitude, transportation and storage.
-- EMC, according to different application sites, refer to different national standards
or industry standards.
-- Interface aspects: input and output interfaces, communication interface, human-
machine operation interface, interfaces of safety-related components and non-
safety-related components.
-- Communication aspects: speed, number of nodes, transmission distance and anti-
interference ability.
-- Performance aspects: response time, capacity/point scale, expansion performance,
explosion-proof performance and protection performance.
......
|