IEC61508正在進(jìn)行第三版的修訂討論，功能安全專家代表中國(guó)深度參與IEC61508第三版修訂的工作，現(xiàn)將目前在國(guó)際上得到的修訂意見用連載的形式給出，歡迎大家持續(xù)關(guān)注。

在現(xiàn)有的IEC61508中對(duì)于人員的獨(dú)立性要求相對(duì)較為宏觀，只是在功能安全評(píng)估（assessment）上面提出了獨(dú)立的人員、獨(dú)立的部門和獨(dú)立的組織概念。但實(shí)際上從安全系統(tǒng)整個(gè)VV過程中，開展測(cè)試、驗(yàn)證、審計(jì)等的技術(shù)和管理都應(yīng)該有獨(dú)立性要求。因此建議在新版標(biāo)準(zhǔn)中對(duì)這部分要求進(jìn)行強(qiáng)化。（實(shí)際上在軌道交通應(yīng)用的功能安全標(biāo)準(zhǔn)中對(duì)于驗(yàn)證和確認(rèn)的獨(dú)立性已經(jīng)有較為細(xì)化的要求）

首先建議對(duì)相關(guān)術(shù)語(yǔ)進(jìn)行新增或修改，包括：

增加一個(gè)術(shù)語(yǔ)如下，增加這個(gè)術(shù)語(yǔ)的意圖很明顯，希望將可能涉及到技術(shù)或管理獨(dú)立性的活動(dòng)用功能安全保障來綜合表達(dá)。

functional safety assurance

the collection of confirmation measures for safety lifecycle activities that includes:

· verification [3.8.1]

· validation [3.8.2]

· functional safety assessment [3.8.3]

· functional safety audit [3.8.4]

NOTE  This collection of activities share common methods for execution and need for technical and management independence.

同時(shí)對(duì)于原來的三個(gè)獨(dú)立性相關(guān)術(shù)語(yǔ)進(jìn)行了修改如下。

3.8.11

independent person technical independence (Level 1)

those responsible for functional safety assurance of a specific phase of the Overall, E/E/PE system, or Software safety lifecycle that do not have direct responsibility for those specific lifecycle phase activities (e.g. for development activities of specification, design or implementation).

3.8.12

independent department technical & management independence (Level 2)

department those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance.

3.8.13

independent organisation technical & organisational management independence (Level 3)

organisation those responsible for functional safety assurance of a specific phase of the overall E/E/PE system or software safety lifecycle are technically independent (Level 1) AND are not directly accountable to the same organisational management as those responsible for the activities that take place during the specific phase of the overall, E/E/PE system or software safety lifecycle that is subject to the functional safety assurance (Level 2) AND in the event of a disagreement,  a formal procedure for conflict resolution is in place.

NOTE    Depending upon the company organization and expertise within the company, the requirement for independence may have to be met by using an external organization. Conversely, companies that have internal competence, that are independent of and separate (by ways of management and other resources) from those responsible for the main development or other safety lifecycle activities, may be able to use their own resources to meet the requirements for any level of independence up to and including I3.

同時(shí)增加了一個(gè)新的關(guān)于功能安全審計(jì)的章節(jié)：

8 Functional safety audit

NOTE   Refer to the ISO 19011 or ISO 17021 standards for general guidelines for auditing of management systems.

8.1 Objective

The objective of the requirements of this clause is to specify the activities necessary to investigate and arrive at a judgement on whether the procedures specific to the functional safety requirements have been complied with and whether they are implemented effectively and are suitable for achieving their associated functional safety requirements.

8.2 Requirements

8.2.1?One or more persons shall be appointed to carry out one or more functional safety audits in order to arrive at a judgement on the adequacy of:

–Focus A: the application and execution of functional safety policies and procedures to their respective functional safety lifecycle activities;

–Focus B: the suitability (i.e. fitness for purpose) of the defined policies and procedures to achieve the specified functional safety objectives of their related clauses from this standard

8.2.2?Those carrying out a functional safety audit shall have access to all persons involved in any overall, E/E/PE system or software safety lifecycle activity and all relevant information.

NOTE?It is recognised that access to those persons who were previously involved in a safety lifecycle phase may not be achievable and in such a case reliance has necessarily to be placed on those persons currently having relevant responsibilities and on the documented evidence from those safety lifecycle phases.

8.2.3?A functional safety audit shall be applied to all phases throughout the overall, E/E/PE system and software safety lifecycles, including documentation, verification and management of functional safety.

8.2.4?The minimum level of independence of those carrying out a functional safety audit shall be as specified in Annex B.

NOTE   Reference IEC 61508-7, Annex B, B.1.5 for further Functional Safety Assurance independence guidance.

8.2.5?The frequency and focus (i.e. Focus A and/or B) of audits shall be specified throughout the overall, E/E/PE system and software safety lifecycles.

NOTE 1 Functional safety audits primarily focused on judging the application and execution (Focus A) will typically occur more frequently to ensure consistent application of the functional safety policies and procedures and may be integrated with other audits (e.g. ISO9001).

NOTE 2 Functional safety audits, particularly of the Focus B type, may often be executed in conjunction with the same individuals responsible for the Assessment activity for any specific stage of the overall, E/E/PE system and software safety lifecycles.

NOTE 3 The scope of an audit will always include a combination of Focus A and B, but the focus may be weighted toward one or the other aspect.

9.2.6   The competence of auditors shall be suitable for the focus (i.e. Focus A or B) of the audit being conducted.

NOTE  For Focus A functional safety audits, the primary competency is typically weighted toward auditing process to confirm application and execution with minimal functional safety standard knowledge, while for Focus B audits, the primary competency is weighted toward knowledge of functional safety and of the standard in addition to the auditing process.

9.2.7?Requirements for both functional safety audit (clause 9) and assessment (clause 8) activities shall be addressed if executed jointly by the same individual for practical purposes.