FSD107: System verification plan, validation test specifications and results

Header

Title	FSD107: System verification plan, validation test specifications and results
Current version	V1
Products	Safety Simplifier
Requirements	61508-1 clause 7.18, 61508-2 clause 7.9
Purpose	Define the concept, overall scope, and market requirements for the Safety Simplifier
Input	FSD114 Safety requirements specification, FSD120 Design requirements specification
Output	FSD107: System verification plan, validation test specifications and results

Table of contents

Introduction

The purpose of this document is to specify the safety lifecycle plans, verification plans, and verification reports for each phase of the E/E/PE system safety lifecycle (figure 2 of EN 61508-2).

All verification activities are documented for each phase, and all tests have clear pass/fail criteria. Tools and equipment to be used during the verification are stated in the verification document. If verification fails, it shall be stated if the failure is linked to:

• the E/E/PE system safety lifecycle requirements, or

• design requirements, or

• requirements in Management of functional safety.

ID	Title	Status
MOTIVATION_107_001	EN 61508-2:2010, clause 7.9.2.1	PASS
MOTIVATION_107_002	EN 61508-2:2010, clause 7.9.2.2	PASS
MOTIVATION_107_003	EN 61508-2:2010, clause 7.9.2.3	PASS
MOTIVATION_107_004	EN 61508-2:2010, clause 7.9.2.4	PASS
MOTIVATION_107_005	EN 61508-2:2010, clause 7.9.2.5	PASS
MOTIVATION_107_006	EN 61508-2:2010, clause 7.9.2.6	PASS
MOTIVATION_107_007	EN 61508-2:2010, clause 7.9.2.7	PASS
MOTIVATION_107_008	EN 61508-2:2010, clause 7.9.2.8	PASS
MOTIVATION_107_009	EN 61508-2:2010, clause 7.9.2.9	PASS
MOTIVATION_107_010	EN 61508-2:2010, clause 7.9.2.10	PASS
TEST_107_001	Phase 9	PASS
TEST_107_100	Phase 10.1 sreqs	PASS
TEST_107_101	Phase 10.1 mreqs	PASS
TEST_107_102	Phase 10.1 dreqs	PASS
TEST_107_103	Phase 10.1 design requirements	PASS
TEST_107_200	Phase 10.2 test coverage	PASS
TEST_107_300	Phase 10.3 verification	PASS
TEST_107_301	Phase 10.3 techniques and measures	PASS
TEST_107_302	Phase 10.3 software safety lifecycle	PASS
TEST_107_400	Phase 10.4 system integration	PASS
TEST_107_401	Phase 10.4 integration tests	PASS
TEST_107_500	Phase 10.5 safety manual requirements	PASS
TEST_107_600	Phase 10.6 integration tests	PASS

Motivations

Motivation: EN 61508-2:2010, clause 7.9.2.1 MOTIVATION_107_001

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_1

Verification planning has been performed concurrently with the development of each phase. Documentation for verification activities is specified. See FSD107: System verification plan, validation test specifications and results.

Motivation: EN 61508-2:2010, clause 7.9.2.2 MOTIVATION_107_002

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_2

Pass/fail criteria and procedures for verifying each phase are specified in FSD107: System verification plan, validation test specifications and results.

Motivation: EN 61508-2:2010, clause 7.9.2.3 MOTIVATION_107_003

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_3

Each verification activity specifies the necessary activities to ensure correctness and consistency. see verification activities for each phase further below in this document.

Motivation: EN 61508-2:2010, clause 7.9.2.4 MOTIVATION_107_004

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_4

a) - d) Specified for each verification activity in FSD107: System verification plan, validation test specifications and results.

Motivation: EN 61508-2:2010, clause 7.9.2.5 MOTIVATION_107_005

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_5

The pass criteria for each verification activity for each phase ensure that the functional and safety integrity requirements are met. see verification activities for each phase further below in this document.

Motivation: EN 61508-2:2010, clause 7.9.2.6 MOTIVATION_107_006

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_6

See test results in FSD107: System verification plan, validation test specifications and results for each phase.

Motivation: EN 61508-2:2010, clause 7.9.2.7 MOTIVATION_107_007

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_7

See Phase 10.1 sreqs (TEST_107_100), Phase 10.1 mreqs (TEST_107_101), Phase 10.1 dreqs (TEST_107_102), and Phase 10.1 design requirements (TEST_107_103).

Motivation: EN 61508-2:2010, clause 7.9.2.8 MOTIVATION_107_008

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_8

a) - c) See 4 Phase 10.3: E/E/PES design and development

Motivation: EN 61508-2:2010, clause 7.9.2.9 MOTIVATION_107_009

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_9

See 5 Phase 10.4: E/E/PES integration

Motivation: EN 61508-2:2010, clause 7.9.2.10 MOTIVATION_107_010

status: PASS tags: fsd107 Source: EN_61508_2_7_9_2_10

See FSD107: System verification plan, validation test specifications and results, and other test results in FSD124: GUI and Compiler function requirements, module tests and integration tests, FSD150: Validation tests of modes, power supply, and configuration, and FSD300: Software Module Tests.

Phase 9: System safety requirements specification

TEST: Phase 9 TEST_107_001

status: PASS tags: fsd107 Derived: RESULT_107_001 Nested: RESULT_107_001

The system safety requirements specification shall be verified by inspection and review of the document. RESULT: Phase 9 RESULT_107_001 status: PASS date: 2018-10-03 verifyer: WF Source: TEST_107_001 Parent: TEST_107_001 William has reviewed FSD114 and compared against the input documents FSD010 and FSD011. The document is complete and fulfills the requirements of EN 61508-1 clause 7.10. Note: the phases before phase 9 are not performed for this product, and thus the inputs to this phase don’t map to those defined in 61508.

2 Phase 10.1: E/E/PES design requirements specification

2.1 Phase objective

Specify the design requirements for each E/E/PE safety-related system, in terms of the subsystems and elements.

2.1.1 Input

• FSD010: Concept, overall scope definition, and market requirements

• FSD011: Hazard and risk analysis

• FSD114: 61508-1 E/E/PE system safety requirements specification

2.1.2 Output

• FSD120: System design requirements specification

• FSD123: Function block development procedure

• FSD124: GUI and Compiler function requirements, module tests and integration tests

• FSD304: System architecture description

2.2 Verification plan

TEST: Phase 10.1 sreqs TEST_107_100

status: PASS tags: fsd107 Derived: RESULT_107_100 Nested: RESULT_107_100

The E/E/PE system design requirements (FSD120: System design requirements specification) shall fulfill the E/E/PE system safety requirements specification (input FSD114). Verify that each SREQ is covered by one or more E/E/PE system design requirement. RESULT: Phase 10.1 sreqs RESULT_107_100 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_100 Parent: TEST_107_100 By following the references from SREQs it is noted that each SREQ in FSD114 is covered by one or more DREQs.

TEST: Phase 10.1 mreqs TEST_107_101

status: PASS tags: fsd107 Derived: RESULT_107_101 Nested: RESULT_107_101

The E/E/PE system design requirements (output) shall match the market requirements for the product (input). Verify that there are no contradictions between the E/E/PE system design requirements and the market requirements, and that all the market requirements are covered by the E/E/PE system design requirements. RESULT: Phase 10.1 mreqs RESULT_107_101 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_101 Parent: TEST_107_101 The DREQs do not contradict any market requirements.

TEST: Phase 10.1 dreqs TEST_107_102

status: PASS tags: fsd107 Derived: RESULT_107_102 Nested: RESULT_107_102

The E/E/PE system design requirements (output) shall not contain any contradictions. Compare all DREQs against all other DREQs and verify that there are no contradictions. RESULT: Phase 10.1 dreqs RESULT_107_102 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_102 Parent: TEST_107_102 No contradictions among the DREQs were found.

TEST: Phase 10.1 design requirements TEST_107_103

status: PASS tags: fsd107 Derived: RESULT_107_103 Source: MOTIVATION_120_004 Nested: RESULT_107_103

Verify that FSD120: System design requirements specification fulfill the requirements of points a-c in EN-61508-2 clause 7.2.2.2: ... (EN_61508_2_7_2_2_2). RESULT: Phase 10.1 design requirements RESULT_107_103 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_103 Parent: TEST_107_103 The E/E/PE system design requirements specification (FSD120) fulfills the requirements of points a-c in EN-61508-2 clause 7.2.2.2: ... (EN_61508_2_7_2_2_2). Every requirement has a parent SREQ and at least one derived (more detailed) requirement, or test specification covering the requirement.

3 Phase 10.2: E/E/PES safety validation planning

3.1 Phase objective

Develop the validation plan for the E/E/PE system.

3.1.1 Input

• FSD114: 61508-1 E/E/PE system safety requirements specification

• FSD120: System design requirements specification

3.1.2 Output

Note

Documents containing validation test specifications can also contains the test results of those tests. Only the test specifications are output from this phase.

• E/E/PE system safety validation plan (FSD116)

• System validation test specifications:

  • FSD124: GUI and Compiler function requirements, module tests and integration tests

  • FSD150: Validation tests of modes, power supply, and configuration

  • FSD300: Software Module Tests

3.2 Verification plan

TEST: Phase 10.2 test coverage TEST_107_200

status: PASS tags: fsd107 Derived: RESULT_107_200 Nested: RESULT_107_200

The E/E/PE system validation plan (output) shall contain integration test specifications that cover all E/E/PE system safety and design requirements (input). Verify for each E/E/PE system design and safety requirement (input) that there are one or more integration test specifications that together validate that the requirement is fulfilled. RESULT: Phase 10.2 RESULT_107_200 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_200 Parent: TEST_107_200 All DREQs have derived tests that fulfill the requirement.

4 Phase 10.3: E/E/PES design and development

4.1 Phase objective

Design and develop the E/E/PE safety-related system to meet the E/E/PE system design requirements specification.

4.1.1 Input

• FSD120: System design requirements specification

• FSD124: GUI and Compiler function requirements, module tests and integration tests

4.1.2 Output

• FSD129: The design and the methods used during the devlopment

• FSD304: System architecture description

• Hardware

  • PCB018 (Safety Simplifier PLC)

  • PCB019 (Safety Simplifier display)

  • PCB022 (Safety Simplifier CAN card)

  • PCB023 (Radio module)

  • MEC1114ASM (Encapsulation)

• Software

  • SRC002-021 (Firmware CPU1)

  • SRC002-022 (Firmware CPU2)

  • SRC002-104 logic compiler (FSD331: L3 tools description)

  • Simplifier Manager (FSD330: L2 Tools Description, FSD124: GUI and Compiler function requirements, module tests and integration tests)

• Software safety lifecycle

  • FSD318 Software safety lifecycle requirements

  • FSD322 Software verification plan and results

  • FSD319 Software safety requirements specification

  • FSD321 Software design and development

  • FSD311-FSD314 Gitlogs

• Integration and module tests and results in FSD124: GUI and Compiler function requirements, module tests and integration tests.

4.2 Verification plan

TEST: Phase 10.3 verification TEST_107_300

status: PASS tags: fsd107 Derived: RESULT_107_300 Nested: RESULT_107_300

The design of the safety function(s) (output) shall fulfill the E/E/PE system safety function requirements. Verify that each E/E/PE system safety function requirement is fulfilled by the safety functions by comparing the completed software and hardware against the Safety design requirements specification (FSD120) and Software safety requirements specification (FSD319) RESULT: Phase 10.3 RESULT_107_300 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_300 Parent: TEST_107_300 Extensive reviews of the hardware have been performed formally (see FSD304, FSD212, FSD204, FSD203, FSD201, and FSD113. Reviews of these documents have been performed with reference to the safety and design requirements), and informally in meetings with RISE during development. Each requirement for software (FSD319) map to one or more module/integration tests that completely test the requirement. The software requirements have been developed in accordance with the design and safety requirements (FSD114 and FSD120).

TEST: Phase 10.3 techniques and measures TEST_107_301

status: PASS tags: fsd107 Derived: RESULT_107_301 Nested: RESULT_107_301

All recommended and highly recommended techniques and measures for SIL3 shall be applied for the development of the safety function(s). If not applied, a description of why not shall be provided. See FSD303: Techniques and measures. RESULT: Phase 10.3 RESULT_107_301 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_301 Parent: TEST_107_301 All tables of techniques and measures have been filled in, and the recommended and highly recommended techniques and measures have been applied for the development of the safety function(s). The techniques and measures which have not been applied have a description of why not.

TEST: Phase 10.3 software safety lifecycle TEST_107_302

status: PASS tags: fsd107 Derived: RESULT_107_302 Nested: RESULT_107_302

The software safety lifecycle phases specified in FSD318 shall be followed during the development of the software. Verify that the software safety lifecycle phases are followed during the software development by verifying that the correct documentation for each phase exists. RESULT: Phase 10.3 software safety lifecycle RESULT_107_302 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_302 Parent: TEST_107_302 The software safety lifecycle phases 1-4 specified in FSD318 have been followed during the development of the software according to the following documents: Phase 1: FSD319 Phase 2: FSD304 Phase 3: FSD304 Phase 4: - Coding: FSD311-FSD314 (logs), FSD310 - Module testing: FSD300

5 Phase 10.4: E/E/PES integration

5.1 Phase objective

Integrate and test the E/E/PE safety-related system.

5.1.1 Input

• Hardware (see output from the previous phase)

• Software (see output from the previous phase)

5.1.2 Output

• FSD124: GUI and Compiler function requirements, module tests and integration tests

• FSD150: Validation tests of modes, power supply, and configuration

TEST: Phase 10.4 system integration TEST_107_400

status: PASS tags: fsd107 Derived: RESULT_107_400 Nested: RESULT_107_400

The E/E/PE system integration shall be performed according to the E/E/PE system safety validation plan (FSD116). Verify that the integration is performed according to the E/E/PE system safety validation plan (FSD116). RESULT: Phase 10.4 RESULT_107_400 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_400 Parent: TEST_107_400 The software safety lifecycle phases 5-6 specified in FSD318 have been followed during the development of the software according to the following documents: Phase 5: FSD319 Phase 6: FSD304

TEST: Phase 10.4 integration tests TEST_107_401

status: PASS tags: fsd107 Derived: RESULT_107_401 Nested: RESULT_107_401

The integration tests in FSD124 and FSD150 shall be passed. Verify that the integration tests in FSD124 and FSD150 are all passed. Note that the only the integration tests of chapters 3 and 4 in FSD124, and the integration tests in FSD150 are applicable here. RESULT: Phase 10.4 integration tests RESULT_107_401 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_401 Parent: TEST_107_401 All integration tests in FSD124 and FSD150 are passed.

6 Phase 10.5: E/E/PES installation, commissioning, operation & maintenance procedures

6.1 Phase objective

Develop the installation, commissioning, operation and maintenance procedures that are necessary for correct use of the product.

6.1.1 Input

• FSD120 System design requirements specification

• Hardware

• Software

6.1.2 Output

• safety manual requirements

• User manual(s)

6.2 Verification plan

TEST: Phase 10.5 safety manual requirements TEST_107_500

status: PASS tags: fsd107 Derived: RESULT_107_500 Nested: RESULT_107_500

The safety manual requirements (output) shall cover all the requirements specified in FSD501 safety manual requirements. Verify that the manual(s) contain the necessary information about every procedure of installing, operating, maintaining, and commissioning the E/E/PE system. RESULT: Phase 10.5 safety manual requirements RESULT_107_500 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_500 Parent: TEST_107_500 See FSD501: Safety Manual Requirements.

7 Phase 10.6: E/E/PES safety validation

7.1 Phase objective

Validate the E/E/PE safety-related system meets, in all respects, the requirements for safety in terms of the required safety functions and safety integrity.

7.1.1 Input

• FSD114: 61508-1 E/E/PE system safety requirements specification

• FSD120: System design requirements specification

• FSD116: System Validation Planning

7.1.2 Output

• FSD127 List of DREQ pass and reference

• FSD128 List of DREQ pass and reference

• Integration and module test results

  • FSD124

  • FSD150

  • FSD300

7.2 Verification plan

7.2.1 Verification 1

TEST: Phase 10.6 integration tests TEST_107_600

status: PASS tags: fsd107 Derived: RESULT_107_600 Nested: RESULT_107_600

All integration tests shall be performed according to their specification and all integration tests shall be passed. Verify that the integration tests in FSD124 and FSD150 are performed as specified in their test specifications. Note that the only the integration tests of chapters 3 and 4 in FSD124, and the integration tests in FSD150 are applicable here. Due to the magnitude of tests that have been performed, a reasonable subset of the integration test results are selected and reviewed against their specification. RESULT: Phase 10.6 integration tests RESULT_107_600 status: PASS date: 2025-06-08 verifyer: WF Source: TEST_107_600 Parent: TEST_107_600 The selected tests in FSD124 and FSD150 are performed as specified in their test specifications. See FSD124 and FSD150 for test results.