What is Functional Safety Management?

Functional Safety Management (FSM) comprises the people and the activities they perform to ensure that functional safety objectives are met throughout the lifecycle of safety instrumented systems. It includes everyone involved (e.g. project staff, operating staff, consultants, suppliers) who should be following procedure for their particular activity and should be competent to do so.

Certification of Functional Safety Engineers is not mentioned in the standard, but certification can be a statement of a person’s competency. However, having only a “Certified” Functional Safety Engineer does not on its own demonstrate having satisfactory functional safety management. To have FSM you need a competent designer, a competent Hazard & Risk Assessor, a competent builder of the system, a competent installer, a competent commissioning engineer and a competent maintainer of the system, and so on. FSM is about everybody involved being competent and following appropriate procedures.

What is the difference from PSM?

Functional Safety Management (FSM) and Process Safety Management (PSM) differences are small to the extent that there is often little point in having two different systems. This diagram demonstrates what is covered by each system and what they have in common.  A single management system can deliver both FSM and PSM.

The safety instrumented systems (all of them) are just as much part of a safety case as any other part. Other layers of protection in some cases leave a gap between the achieved likelihood of an undesirable event and the tolerable likelihood of that event. The SIL rating of the safety instrumented system is what closes the gap and makes the risk tolerable. If any of the layers of protection are changed, a gap can be left and therefore the SIL rating needing to be changed. Consequently, safety management is not just for the SIL rated loop, but has to be for all the other valid layers of protection in order to manage the safety instrumented system - they are all linked.

Therefore, FSM and PSM are inextricably linked.  The management of one needs to consider the management of the other.

Is FSM required and to whom does it apply?

Yes, it is normative (i.e. mandatory and not mere guidance) when following IEC61511 or IEC61508.

IEC61511 Part 1 Clause 5 and IEC61508 Part 1 Clause 6 both give the same FSM requirements. In each of these standards, Part 1 is normative (i.e. mandatory).

Everyone involved from suppliers to consultants must have FSM, not just the ‘end user’. For example, when a consultant does a SIL assessment they are making a “SIL claim” when they show that a SIL certified system is needed to close the gap.

How do I get started with FSM?

The Conformity Assessment of Safety-related Systems (CASS) scheme publishes a form, available here, for making a Functional Safety Management Declaration. The CASS form is one way to demonstrate the status of the company's FSM. The scheme is not proprietary and it does not preclude any company then using it as the basis for a third party certification. 

This form shows what is needed to demonstrate FSM. Part 1 defines who is in charge of safety management and the sites covered by the declaration, Part 2 is what scope of work the management system applies to and Part 3 concerns your procedures.

Once filled, the form should be lodged with a notified body. This means that the declaration will be available even if the party that lodged it goes out of business, allowing others in the future to know that work on a given safety instrumented system was conducted by parties with FSM.