F) Hazard and risk analysis
F1) Is IEC 61508 only concerned about ensuring safety by improving reliability?
F2) Does IEC 61508 cover the elimination of hazards at source?
F3) Does IEC 61508 require a quantitative risk analysis to be carried out in order to determine safety integrity levels?
No. It allows both quantitative and qualitative approaches (see annexes B, D, E, F and G of IEC 61508-5).
Note that risk analysis generally requires a wide range of expertise. It will usually be necessary for a team to work together and reach agreement.
F4) What factors should I take into account when planning to use a risk graph method for determining safety integrity levels?
Annex B of IEC 61508-5 provides guidance on the selection methods for determining safety integrity level requirements and Annex E of IEC 61508-5 describes in principle a risk graph method for determining safety integrity levels, using a generalised example. The example figures in annex E are not definitive and their use will not necessarily result in an adequate level of safety for any particular application.
It is essential that a risk graph is designed so that it takes into account the relevant influences on the risk (i.e. the risk parameters) associated with the target application. The process of validating that the use of a risk graph will lead to tolerable residual risks is sometimes referred to as calibration.
If a risk graph is used for applications where authoritative good practice in considering the safety of plant and operations has traditionally included quantitative risk assessment, it should be calibrated in quantitative terms. This will include describing all the risk parameters in numerical terms and basing the design of the risk graph on explicit, quantified tolerable residual risk targets. A properly calibrated risk graph will lead to quantified residual risks that are at, or below, the tolerable risk targets.
Otherwise, if a risk graph is used for applications where qualitative techniques for risk assessment are more appropriate, it will be necessary to demonstrate that it will lead to solutions that are consistent with authoritative good practice.
The restricted range of applications for which the risk graph applies should be clearly stated so that users of the risk graph are aware of its limitations.
F5) How do I take account of hazards that are introduced by the E/E/PE safety-related system?