6 Management of functional safety
6.1 Objectives
6.1.1The first objective of the requirements of this clause is to specify the responsibilities in the management of functional safety of those who have responsibility for an E/E/PE safety-related system, or for one or more phases of the overall E/E/PE system and software safety lifecycles.

6.1.2 The second objective of the requirements of this clause is to specify the activities to be carried out by those with responsibilities in the management of functional safety.

NOTE The organizational measures dealt with in this clause provide for the effective implementation of the technical requirements and are solely aimed at the achievement and maintenance of functional safety of the E/E/PE safety-related systems. The technical requirements necessary for maintaining functional safety will be specified as part of the information provided by the supplier of the E/E/PE safety-related system and its elements and components.

6.2 Requirements
6.2.1An organisation with responsibility for an E/E/PE safety-related system, or for one or more phases of the overall, E/E/PE system or software safety lifecycle, shall appoint one or more persons to take overall responsibility for:
– the system and for its lifecycle phases;
– coordinating the safety-related activities carried out in those phases;
– the interfaces between those phases and other phases carried out by other organisations;
– carrying out the requirements of 6.2.2 to 6.2.11and 6.2.13;
– coordinating functional safety assessments (see 6.2.12 b) and Clause 8) – particularly where those carrying out the functional safety assessment differ between phases –including communication, planning, and integrating the documentation, judgements and recommendations;
– ensuring that functional safety is achieved and demonstrated in accordance with the objectives and requirements of this standard.

NOTE Responsibility for safety-related activities, or for safety lifecycle phases, may be delegated to other persons, particularly those with relevant expertise, and different persons could be responsible for different activities and requirements. However, the responsibility for coordination, and for overall functional safety, should reside in one or a small number of persons with sufficient management authority.

6.2.2 The policy and strategy for achieving functional safety shall be specified, together with the means for evaluating their achievement, and the means by which they are communicated within the organization.

6.2.3 All persons, departments and organizations responsible for carrying out activities in the applicable overall, E/E/PE system or software safety lifecycle phases (including persons responsible for verification and functional safety assessment and, where relevant, licensing authorities or safety regulatory bodies) shall be identified, and their responsibilities shall be fully and clearly communicated to them.

6.2.4 Procedures shall be developed for defining what information is to be communicated, between relevant parties, and how that communication will take place.

NOTE See Clause 5 for documentation requirements.

6.2.5 Procedures shall be developed for ensuring prompt follow-up and satisfactory resolution of recommendations relating to E/E/PE safety-related systems, including those arising from:
a) hazard and risk analysis (see 7.4);
b) functional safety assessment (see Clause 8);
c) verification activities (see 7.18);
d) validation activities (see 7.8 and 7.14);
e) configuration management (see 6.2.10, 7.16, IEC 61508-2 and IEC 61508-3);
f) incident reporting and analysis (see 6.2.6).

6.2.6 Procedures shall be developed for ensuring that all detected hazardous events are analysed, and that recommendations are made to minimise the probability of a repeat occurrence.

6.2.7 Requirements for periodic functional safety audits shall be specified, including:
a) the frequency of the functional safety audits;
b) the level of independence of those carrying out the audits;
c) the necessary documentation and follow-up activities.
6.2.8 Procedures shall be developed for:
a) initiating modifications to the E/E/PE safety-related systems (see 7.16.2.2);
b) obtaining approval and authority for modifications.

6.2.9 Procedures shall be developed for maintaining accurate information on hazards and hazardous events, safety functions and E/E/PE safety-related systems.

6.2.10 Procedures shall be developed for configuration management of the E/E/PE safety-related systems during the overall, E/E/PE system and software safety lifecycle phases, including in particular:

a) the point, in respect of specific phases, at which formal configuration control is to be implemented;

b) the procedures to be used for uniquely identifying all constituent parts of an item (hardware and software);

c) the procedures for preventing unauthorized items from entering service.

6.2.11Training and information for the emergency services shall be provided where
appropriate.

6.2.12 Those individuals who have responsibility for one or more phases of the overall, E/E/PE system or software safety lifecycles shall, in respect of those phases for which they have responsibility and in accordance with the procedures defined in 6.2.1to 6.2.11, specify all management and technical activities that are necessary to ensure the achievement, demonstration and maintenance of functional safety of the E/E/PE safety-related systems, including:
a) the selected measures and techniques used to meet the requirements of a specified clause or subclause (see IEC 61508-2, IEC 61508-3 and IEC 61508-6);
b) the functional safety assessment activities, and the way in which the achievement of functional safety will be demonstrated to those carrying out the functional safety
assessment (see Clause 8);

NOTE Appropriate procedures for functional safety assessment should be used to define
– the selection of an appropriate organisation, person or persons, at the appropriate level of independence;
– the drawing up, and making changes to, terms of reference for functional safety assessments;
– the change of those carrying out the functional safety assessment at any point during the lifecycle of a system;
– the resolution of disputes involving those carrying out functional safety assessments.
c) the procedures for analysing operations and maintenance performance, in particular for
– recognising systematic faults that could jeopardise functional safety, including
procedures used during routine maintenance that detect recurring faults;
– assessing whether the demand rates and failure rates during operation and
maintenance are in accordance with assumptions made during the design of the
system.

6.2.13 Procedures shall be developed to ensure that all persons with responsibilities defined in accordance with 6.2.1and 6.2.3 (i.e. including all persons involved in any overall, E/E/PE system or software lifecycle activity, including activities for verification, management of functional safety and functional safety assessment), shall have the appropriate competence (i.e. training, technical knowledge, experience and qualifications) relevant to the specific duties that they have to perform. Such procedures shall include requirements for the refreshing,
updating and continued assessment of competence.

6.2.14 The appropriateness of competence shall be considered in relation to the particular application, taking into account all relevant factors including:
a) the responsibilities of the person;
b) the level of supervision required;
c) the potential consequences in the event of failure of the E/E/PE safety-related systems – the greater the consequences, the more rigorous shall be the specification of competence;
d) the safety integrity levels of the E/E/PE safety-related systems – the higher the safety integrity levels, the more rigorous shall be the specification of competence;
e) the novelty of the design, design procedures or application – the newer or more untried these are, the more rigorous shall be the specification of competence;
f) previous experience and its relevance to the specific duties to be performed and the technology being employed – the greater the required competence, the closer the fit shall be between the competences developed from previous experience and those required for the specific activities to be undertaken;
g) the type of competence appropriate to the circumstances (for example qualifications, experience, relevant training and subsequent practice, and leadership and decision-making abilities);
h) engineering knowledge appropriate to the application area and to the technology;
i) safety engineering knowledge appropriate to the technology;
j) knowledge of the legal and safety regulatory framework;
k) relevance of qualifications to specific activities to be performed.

NOTE Reference [8] in the Bibliography contains an example method for managing competence for E/E/PE safety-related systems.

6.2.15 The competence of all persons with responsibilities defined in accordance with 6.2.1and 6.2.3 shall be documented.

6.2.16 The activities specified as a result of 6.2.2 to 6.2.15 shall be implemented and
monitored.

6.2.17 Suppliers providing products or services to an organization having overall responsibility for one or more phases of the overall, E/E/PE system or software safety lifecycles (see 6.2.1), shall deliver products or services as specified by that organization and shall have an appropriate quality management system.

6.2.18 Activities relating to the management of functional safety shall be applied at the relevant phases of the overall, E/E/PE system and software safety lifecycles (see 7.1.1.5).