Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 10 of 103

2.2.1.3 Safety Requirements

The functional requirements shall be analysed to determine their safety relevance.
Where necessary, additional requirements shall be established to ensure that the plant
will fail-safe in the case of failures within the plant, the safety-related system, external
equipment and communications or the safety-related system’s environment.

For each safety-related function the required safety requirements class and safety-
related timing requirements shall be defined. The client should supply this information.
Where this information is not supplied it shall be established and agreed with the client
as part of this phase. It is highly recommended that the client approve the resulting
safety requirements. An example checklist for the review of the safety requirements is
given in para. 4.1.3.

2.2.1.4 Systems Engineering

This stage realises the safety-related system design. It is recommended that the
engineering comprise two stages, the first defining the overall system architecture, and
the second detailing the engineering of the architectural blocks.

The overall system architecture shall identify the individual systems. The architecture
for these systems and for their sub-systems shall include any diverse or other
technology elements.

The architectural definition shall include the required safety requirements class for
each architectural element and identify the safety functions allocated to that element.
Additional safety functions resulting from the selected system architecture shall be
defined at this stage. The detailed engineering shall refine the architectural elements
and culminate in detailed information for system build. The detailed design shall be in
a form that is readable, readily understood and allows for simple inspection/review.

Tools used within the system engineering process are to be carefully selected, with
due consideration of the potential of introduction of error and the required safety
requirements class. Where there remains the possibility of error, procedural methods
of detecting such errors shall be included within the process.

2.2.1.4.1 Safety Requirements Allocations

The overall system architecture shall define the individual system. The architecture for
these systems, and for their sub-systems, shall include any diverse or other technology
elements. The architectural definition shall also define the required safety
requirements class for each architectural element and identify the safety functions
allocated to that element. Additional safety functions resulting from the selected
system architecture will be defined at this stage.

The detailed engineering shall refine the architectural elements and culminate in
detailed information for system build. The detailed design shall be in a form that is
readable, readily understood and allows for simple inspection/review.

Tools used within the system engineering process are to be carefully selected, with
due consideration of the potential for the possibility of introduction of error and the
required safety requirements class. Where there remains the possibility of error,
procedural methods of detecting such errors shall be included within the process.