SIST EN 17955:2024

SLOVENSKI STANDARD
01-oktober-2024
Industrijski ventili - Funkcionalna varnost varnostnih ventilov in pogonov
Industrial valves - Functional safety of safety-related valves and actuators
Industrieamaturen - Funktionale Sicherheit sicherheitsbezogener Industriearmaturen und
Antriebe
Robinetterie industrielle - Sécurité fonctionnelle des appareils de robinetterie et
actionneurs liés à la sécurité
Ta slovenski standard je istoveten z: EN 17955:2024
ICS:
23.060.01 Ventili na splošno Valves in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 17955
EUROPEAN STANDARD
NORME EUROPÉENNE
August 2024
EUROPÄISCHE NORM
ICS 23.060.01
English Version
Industrial valves - Functional safety of safety-related
automated valves
Robinetterie industrielle - Sécurité fonctionnelle des Industriearmaturen - Funktionale Sicherheit
appareils de robinetterie automatisés assurant une sicherheitsbezogener automatisierter
fonction de sécurité Industriearmaturen
This European Standard was approved by CEN on 7 July 2024.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 17955:2024 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms, definitions and abbreviations . 7
4 Relationship and conformity with EN 61508-1, −2, −4, −6 and −7. 12
5 Basic requirements for development and production . 14
5.1 Evaluation of systematic capability . 14
5.2 Documentation management . 14
5.3 Functional safety management . 14
5.4 Safety lifecycle requirements for development and production of safety-related automated
industrial valves . 14
5.4.1 Objectives and requirements . 14
5.4.2 Mechanical requirements specification . 19
5.4.3 Mechanical validation planning . 20
5.4.4 Mechanical design and development. 21
5.4.5 Mechanical system integration . 23
5.4.6 Mechanical system installation, commissioning, operation and maintenance procedures
............................................................................................................................................................................. 24
5.4.7 Mechanical system safety validation . 26
5.4.8 Production . 26
5.4.9 Modification of compliant items . 27
5.5 Verification . 28
5.5.1 Objective . 28
5.5.2 Requirements . 28
5.6 Functional safety assessment . 30
5.6.1 Objective . 30
5.6.2 Requirements . 30
6 Classification of the compliant item . 30
6.1 Demand mode and utilization rate . 30
6.2 Type of final element/compliant item . 33
7 Field failure data . 33
7.1 Field failure data analysis procedure . 33
7.2 Use of field failure data for pre-existing compliant items . 34
8 Qualification testing . 34
8.1 General. 34
8.2 Test planning/test conditions . 34
8.3 Pre-conditioning of test samples . 35
8.4 Cycle testing and B values . 35
10D
8.5 Environmental testing . 35
9 Determination of failure rates . 35
10 Operational testing, maintenance and time restrictions . 36
10.1 Online diagnostic tests . 36
10.2 Proof test. 36
10.3 Proof test coverage (PTC) . 36
10.4 Maintenance . 37
10.5 Useful lifetime . 37
10.6 Storage time . 37
11 Safety manual in addition to an installation, operation, and maintenance manual . 37
Annex A (normative) Techniques and measures to avoid and control systematic failures . 39
Annex B (normative) List of failure rates for common compliant items . 46
Annex C (normative) FME(D)A to identify and evaluate the effects of different failure modes . 49
C.1 FME(D)A . 49
C.2 Input information to carry out an FME(D)A. 49
C.3 FME(D)A procedure . 49
C.4 FMEDA example . 52
C.5 List of functional units and their failure rates with a low utilization rate (LUR) . 54
C.6 List of functional units and their failure rates with a high utilization rate (HUR) . 56
Annex D (informative) Safety manual . 58
Annex E (informative) Examples for the evaluation of the mechanical design . 60
E.1 General . 60
E.2 Examples . 60
E.2.1 Bolting connections . 60
E.2.2 Force-locked connections . 61
E.2.3 Form-locked connections (structural component strength) . 62
E.2.4 Springs . 62
E.2.5 Bearings . 62
E.2.6 Gears and force transmission linkages . 63
Annex F (informative) Estimation of random failure rates with Bayesian integration between
“basic” failure rates and field feedback . 64
F.1 General . 64
F.2 Procedure . 64
F.3 Formula . 65
F.3.1 General . 65
F.3.2 Estimation of the verisimilitude factor V . 66
Bibliography . 68

European foreword
This document (EN 17955:2024) has been prepared by Technical Committee CEN/TC 69 “Industrial
valves”, the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by February 2024, and conflicting national standards shall
be withdrawn at the latest by February 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
Mechanical compliant items such as valves or actuators are integral parts of many automated safety-
related systems. It is therefore necessary to assess the suitability of mechanical compliant items within
the safety functions as well as those of electrical compliant items. This document defines aspects for
implementing safety-related functions with mechanical compliant items. It describes procedures and
methods with which all relevant compliant items can be evaluated in order to integrate them into a safety-
related system. It can also be applied to the mechanical portion of a compliant item if it consists only
partially of mechanical components.
In the case of mechanical compliant items, separation between random and systematic failures is not
always possible. A method for determining random failure rates is described. Failures of unknown origin
are to be included in a random failure rate if no systematic cause of the failure could be identified and
resolved. Hence, the random failure rate is understood as a worst-case estimation which includes failures
of unknown origin. This method can be used in cases where no clear identification of failure mechanisms
(e.g. fatigue, wear or ageing) is possible. Any other identified systematic failures can be prevented by
systematic measures according to the principle “first qualify – then quantify”. Systematic fault avoidance
measures are for example functional safety management, design calculation, fabrication surveillance,
testing or user instructions.
This document is intended for manufacturers of final elements or their compliant items to enable a
consistent approach to evaluate the functional safety of their compliant items. The compliant items are
considered individually according to the specifications of this document. The final combination is
evaluated according to the principles defined in EN 61508 and derived application standards such as
EN 61511.
NOTE “Safety-related system” is used as equivalent to “safety instrumented system (SIS)” in this document.

1 Scope
This document defines the requirements for how mechanical compliant items in a final element can be
evaluated according to the principles of EN 61508 to integrate them into a safety-related system. It
provides a method to determine all relevant factors, associated with the product, and thereby meet the
specific needs of users of the product.
The basic prerequisite for the application of this document is that the intended use is known. This
document describes a system to minimize systematic faults to achieve the targeted Safety Integrity Level
(SIL).
This document is applied to single compliant items (e.g. valve, actuator or mechanical portions of solenoid
valves) or to assemblies of several of these compliant items and interconnecting compliant items and
components (e.g. gears, adaptors, brackets, etc.). Electrical, electronic or programmable electronic
components are assessed according to EN 61508.
This document does not apply to:
— manually operated valves;
— items in safety systems or risk-reducing devices that are not assessed and operated according to the
principles of functional safety (e.g. automatic safety valves like pressure relief valves).
The methods described can also be used for other mechanical compliant items in a final element of the
safety-related system if the applicability is confirmed by appropriate expert knowledge (e.g. dampers,
brakes, clutches).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN IEC 60812, Failure modes and effects analysis (FMEA and FMECA)
EN 61508-1:2010, Functional safety of electrical/electronic/programmable electronic safety-related
systems — Part 1: General requirements (IEC 61508-1:2010)
EN 61508-2:2010, Functional safety of electrical/electronic/programmable electronic safety-related
systems — Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
(IEC 61508-2:2010)
EN 61508-4:2010, Functional safety of electrical/electronic/programmable electronic safety-related
systems — Part 4: Definitions and abbreviations (IEC 61508-4:2010)
EN 61508-6:2010, Functional safety of electrical/electronic/programmable electronic safety-related
systems — Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
EN 61508-7:2010, Functional safety of electrical/electronic/programmable electronic safety-related
systems — Part 7: Overview of techniques and measures
3 Terms, definitions and abbreviations
For the purposes of this document, the terms and definitions given in EN 61508-4, below and the
abbreviations given in Table 1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
Table 1 — Abbreviations
Abbreviation Full expression Reference
BPCS Basic process control system
CAE Computer aided engineering
CFD Computational fluid dynamics
DC Diagnostic coverage EN 61508-4:2010, 3.8.6
E/E/PE Electrical/electronic/programmable
electronic
EUC Equipment under control EN 61508-4:2010, 3.2.1
FAT Factory acceptance test
FEA Finite element analysis
FIT Failure in time
FME(D)A Failure mode and effect (and
diagnostic) analysis
FSM Functional safety management
FST Full stroke test
FTA Fault tree analysis
HFT Hardware fault tolerance EN 61508-2:2010, 7.4.4
HUR High utilization rate
IOM Installation, operating and
maintenance manual
LUR Low utilization rate
MRT Mean repair time EN 61508-4:2010, 3.6.22
PFD Average probability of dangerous EN 61508-4:2010, 3.6.17
avg
failure on Demand
PFH Average frequency of dangerous EN 61508-4:2010, 3.6.19
-1
failure [h ]
PST Partial stroke test
PTC Proof test coverage
PVST Partial valve stroke test
Abbreviation Full expression Reference
RPN Risk priority number Annex C
S Safety factor
SC Systematic capability EN 61511-1:2017, 3.2.80
SFF Safe failure fraction EN 61508-4:2010, 3.6.15
SIF Safety instrumented function EN 61511-1:2017, 3.2.66
“Safety-related function” is used
as equivalent to “safety
instrumented function” in this
document.
SIL Safety integrity level EN 61508-4:2010, 3.5.8
SIS Safety instrumented system EN 61511-1:2017, 3.2.67
“Safety-related system” is used as
equivalent to “safety
instrumented system” in this
document.
SOD Severity occurrence detection Annex C

3.1
component
smallest piece of a compliant item
Note 1 to entry: These components typically do not have a related safety function and cannot be assigned a
standalone safety statement.
Note 2 to entry: Typical mechanical components are e.g. a rod, a bearing, a seal, or a screw.
3.2
functional unit
combination of components that performs or is responsible for a function of a compliant item
Note 1 to entry: Typical functional units are e.g. pressurized body, non-pressurized housing, packing, seat/trim,
spring set or gearing system.
3.3
compliant item
item for which a compliance claim is being made with respect to hardware safety integrity, systematic
capability, and supported with functional safety assessment
Note 1 to entry: EN 61511-1 and −2 is using the term device in an equivalent way.
Note 2 to entry: A typical mechanical compliant item can be an actuator, a positioner, a solenoid valve, a valve, a
gearbox or a complete final element containing e.g. an actuator and a valve.
Note 3 to entry: A compliant item comprises components. Different compliant items can be assembled together with
components to form a final element or safety-related system.
Note 4 to entry: A method for combining several compliant items is described in EN 61508-1, −2, −4, −6 and −7,
EN 61511-1 and −2.
3.4
final element
(final) subsystem in a SIS that contains the compliant items which physically perform the safety function
Note 1 to entry: A typical final element is shown in Figure 1.

Figure 1 — Boundary definition – valves (EN ISO 14224:2016, A.2.5.4 modified)
Note 2 to entry: Final elements, in the context of this document, generally consist of industrial valves with actuators
and other compliant items for operating the valve, such as solenoid valves, gearboxes or positioners.
Note 3 to entry: The boundary between the different compliant items of a final element is part of the corresponding
product standards.
3.5
manufacturer
person or company who designs and/or manufactures compliant items or an assembly of compliant items
and markets that compliant item or assembly under his own name or trademark or uses it for his own
use
Note 1 to entry: A manufacturer of a compliant item can also be a manufacturer of a final element.
3.6
system integrator
person or company, who combines compliant items as a complete safety-related system to achieve the
function and safety requirements
Note 1 to entry: The system integrator is responsible for (overall) planning, for engineering and possibly for
installation and commissioning of complete safety-related systems, working in accordance with EN 61508-1, −2, −4,
−6 and −7 or derived standards. The system integrator can also be the end user or a third party contracted by the
end user. The system integrator has to demonstrate by procedures and by documentation that the safety-related
systems achieve the required SIL capabilities.
3.7
final element integrator
integrator of the compliant items and components, responsible for the design, assembly and validation
of the final element subsystem
Note 1 to entry: The final element integrator can also be a manufacturer of one or more compliant items included
in the final element subsystem.
3.8
end user
organization that has overall responsibility for a process facility and its installed safety-related system(s)
during all safety lifecycle phases
Note 1 to entry: This includes – but is not limited to – the responsibility for the planning, installation,
commissioning, operation, maintenance, and de-commissioning of the safety-related system(s). The end user can
outsource certain lifecycle phases or activities to sub-contractors.
3.9
utilization rate
total movements of the mechanical compliant item per year
Note 1 to entry: This includes but is not limited to movements due to demand of the safety function plus movements
due to testing (automatic online diagnostic tests or manual tests) plus operations requested by the EUC control
system.
Note 2 to entry: EN 61508-2 defines different modes of operation, which only consider the number of demands of
the safety function per year. However, for mechanical compliant items the primary fault mechanism largely depends
on the overall number of movements of the compliant item (including testing, demands by the EUC control system,
etc.), rather than depending on the number of movements due to a demand on the safety function only. Therefore,
this document defines a utilization rate in addition to the mode of operation to correctly consider different fault
mechanisms like ageing, wear and fatigue.
Note 3 to entry: The utilization rate of different compliant items in a safety-related function or a final element can
differ, e.g. if some but not all compliant items are tested by a full stroke test or if some of the compliant items are
used for basic process control as well.
Note 4 to entry: A partial stroke is considered as a movement and is therefore considered in the utilization rate.
Note 5 to entry: Since ageing effects depend more on the number of movements than on the distance of travel, the
number of movements is decisive rather than the percentage of the stroke travelled or the absolute length of the
stroke.
3.10
low utilization rate
LUR
utilization rate of the compliant item that is low enough to assume that wear has no or only a minor
influence on the failure rate of the compliant item
3.11
high utilization rate
HUR
utilization rate of the compliant item that is high enough to assume that wear is the dominant fault
mechanism leading to compliant item failure
3.12
partial stroke test
PST
test method that checks if e.g. a valve can be operated through a portion of its total stroke range
Note 1 to entry: This short stroke of operation verifies that certain failure modes of the compliant item are not
present and that the compliant item is functional with respect to these fault mechanisms.
Note 2 to entry: In this document the term “partial stroke test” is used but it is recognized that for automated valves
“partial valve stroke test (PVST)” is used as an equivalent term.
Note 3 to entry: As a general rule a partial stroke test can detect faults due to certain failure modes but is not capable
to test all failure modes of the compliant item. For example, a partial stroke test of a valve with safety position CLOSE
can be capable of determining if a valve is seized in position but it usually cannot test if the valve is able to travel all
the way to its safety position or if it can tightly seal in the closed position. Therefore, it is assessed e.g. by means of
an FMEA which failure modes can, respectively cannot, be detected by a partial stroke test in the particular
application.
Note 4 to entry: A PST is most often used to test mechanical, pneumatic, or hydraulic compliant items. The test can
also include electrical or electromechanical components e.g. a relay that is used to operate the actuator of a tested
valve.
Note 5 to entry: The limited stroke of the test is intended to be short enough to introduce no (or a minimum of)
interference with the operating flow of the equipment under control (EUC). An assessment if the influence on the
basic process is acceptable is advised.
Note 6 to entry: A PST is usually performed on the complete final element, thus all relevant compliant items are
tested simultaneously.
3.13
full stroke test
FST
test method that checks if e.g. a valve can be operated through its complete stroke range
Note 1 to entry: This stroke verifies that certain failure modes of the compliant item are not present and that the
compliant item is functional with respect to these fault mechanisms.
Note 2 to entry: As a general rule a full stroke test can detect more faults of the compliant item than a partial stroke
test but not all. For example, a full stroke test of a valve with safety position “close” can test that a valve is not seized
in position and that it can travel all the way to its safety position but – without additional measures – cannot test if
the valve tightly seals in the closed position. Therefore, it is assessed, e.g. by means of an FMEA, which failure modes
can, respectively cannot, be detected by a full stroke test in the particular application.
Note 3 to entry: Like a PST, the FST is usually performed on the complete final element, thus all relevant compliant
items are tested simultaneously.
3.14
ageing
degradation process of a component or assembly of components that depends on the elapsed time
Note 1 to entry: This contrasts with degradation processes that depend on the number of movements performed
(“wear”). For faults due to fatigue, it has to be assessed if the root cause is due to ageing or wear as defined in this
document.
3.15
wear
degradation process of a component or assembly of components that depends on the number and
intensity of movements that the component is exposed to
Note 1 to entry: This contrasts with degradation processes that depend on the elapsed time (“ageing”). For faults
due to fatigue, it has to be assessed if the root cause is due to ageing or wear as defined in this document.
3.16
fatigue
degradation process of a component that depends on the number and intensity of deformations that the
component is exposed to
3.17
FIT
abbreviation for “failure in time”
−9
Note 1 to entry: 1 FIT = 10 /h.
3.18
well-tried component
component for a safety-related application which has been either
a) widely used in the past with successful results in similar applications, or
b) made and verified using principles which demonstrate its suitability and reliability for safety-related
applications
4 Relationship and conformity with EN 61508-1, −2, −4, −6 and −7
The intention of this document is not to replace any applicable requirements of the EN 61508 series. The
relationship between this document and EN 61508-1, −2, −4, −6 and −7 is shown in Table 2 (by cross-
referencing just the main clauses). Conformity requirements for the mechanical portion of SIS final
elements are indicated in the corresponding notes.
Table 2 — Relationship between EN 61508 and this document
EN 61508 parts and Clause(s) from See
Normative requirement from EN 61508
clauses this document Notes
Documentation Part 1: Clause 5 5.2 a
Management of functional safety Part 1: Clause 6 5.3 a
E/E/PE system realization lifecycle (Phase 10), Part 2: Clause 7 5.4 a
incorporating:
10.1 Design requirements specification Part 2: 7.2 5.4.2 a
10.2 Validation planning Part 2: 7.3 5.4.3 a
10.3 Design and development Part 2: 7.4 5.4.4 a
10.4 Integration Part 2: 7.5 5.4.5 a
10.5 Installation, commissioning, operations Part 2: 7.6 5.4.6 b
and maintenance procedures
10.6 Validation Part 2: 7.7 5.4.7, Clause 7, a
Clause 8
System modification Part 2: 7.8 5.4.9 a
System verification Part 2: 7.9 5.5 a
Functional safety assessment Part 2: 8 (Part 1: 8) 5.6 a
Avoidance of systematic faults Part 2: 7.4.6 5.1, 5.4.2.3, a c
5.4.4.4, 5.4.5.2,
5.4.6.2, 5.4.7.2,
Annex A
Control of systematic faults Part 2: 7.4.7 5.1, 5.4.4.5, a c
Annex A
Diagnostic coverage Part 2: Annex C 10.1 d
Safety manual for compliant items Part 2: Annex D Clause 11, a b
Annex D
a
For this topic EN 61508-2 is generally applicable; additional comments or specific conformity requirements
that apply to mechanical portions of a SIS final element are provided in this document.
b
Manufacturers of mechanical components of a SIS final element are required to supply relevant information
(e.g. in the safety manual) to enable others to comply fully with the clauses of EN 61508-1, −2, −4, −6 and −7.
c
There may be other references in EN 61508-1, −2, −4, −6 and −7 for this topic that are applicable to E/E/PE
technologies; additional comments or specific conformity requirements that apply to mechanical portions of
a SIS final element are provided in this document.
d
For this topic EN 61508-1, −2, −4, −6 and −7 are generally applicable; no additional requirements are provided
in this document.
5 Basic requirements for development and production
5.1 Evaluation of systematic capability
The systematic capability according to EN 61508-2 can be met by applying one of the following
compliance routes:
— Route 1 : compliance with the requirements for the avoidance of systematic faults (see 5.4.4.4) and
S
the requirements for the control of systematic faults (see 5.4.4.5); or
— Route 2 : compliance with the requirements for evidence that the equipment is proven in use
S
(see EN 61508-2:2010, 7.4.10).
In the following, the procedure for Route 1 is described. For Route 2 see EN 61508-2.
S S
One aim of this document is to assess the systematic capability of the compliant item. The systematic
capability property of a compliant item is described in EN 61508-2 and has a discrete value of 1, 2, 3 or
4. The differences between SC 1, SC 2 and SC 3 are so marginal for the mechanical portion of safety-
related automated industrial valves that within this document no differentiation is necessary. SC 4 is not
covered by this document.
The requirements of this document, including the requirements of 5.2 to 5.6, and the relevant techniques
and measures in Annex A shall be applied to achieve a systematic capability of SC 3. Therefore, if one of
the requirements is not met, the compliant item shall be considered as not adequate for use in safety-
related systems.
NOTE If a compliant item that fits into the scope of this document is used with a SC 4, the requirements of this
document for SC 3 are to be fulfilled and all applicable additional requirements of EN 61508-2 for SC 4 are to be
fulfilled.
5.2 Documentation management
The requirements of EN 61508-1:2010, Clause 5 shall be observed.
5.3 Functional safety management
The requirements of EN 61508-1:2010, Clause 6 shall be observed.
5.4 Safety lifecycle requirements for development and production of safety-related
automated industrial valves
5.4.1 Objectives and requirements
5.4.1.1 General
This subclause sets out the objectives and requirements of the safety lifecycle phases for the development
of safety-related automated industrial valves. It shall also be applied to other compliant items of a final
element if they have a safety statement.
For all phases of the safety lifecycle, indicates:
— the objectives to be achieved;
— the scope of the phase;
— a reference to the subclause containing the requirements;
— the required inputs to the phase;
— the outputs required to comply with the subclause.
NOTE In the safety lifecycle according to EN 61508-2, the “manufacturing” and “assembly” lifecycle phases are
mentioned in the realization phase but not covered deeply. These phases, however, play a very important role in
achieving a reliable and safe compliant item. For this reason, this document also sets requirements for the lifecycle
phases “manufacturing” and “assembly” that specify the requirements of EN 61508.
5.4.1.2 Objectives
The first objective of the requirements of this subclause is to structure, in a systematic manner, the phases
in the safety lifecycle that shall be considered to achieve the required functional safety of the safety-
related automated industrial valves.
The second objective of the requirements of this subclause is to document all information relevant to
achieve the functional safety of the safety-related automated industrial valves throughout the safety
lifecycle.
The lifecycle corresponds to phase 10 of the overall safety lifecycle from EN 61508-1:2010, Figure 2 and
is based on the system safety lifecycle in EN 61508-2:2010, Figure 2.
5.4.1.3 Requirements
— The safety lifecycle of the automated industrial valves that shall be used in claiming conformance
with this document is that specified in Figure 2.
— If another safety lifecycle for the development of the automated industrial valves is used, it shall be
specified as part of the management of functional safety activities and all the objectives and
requirements of each subclause in this document shall be met.
— The procedures for management of functional safety according to EN 61508-1:2010, Clause 6 shall
run in parallel with safety lifecycle phases.
— Each phase of the safety lifecycle shall be divided into elementary activities, with the scope, inputs
and outputs specified for each phase (see Table 3).
— The outputs of each phase of the safety lifecycle shall be documented.
— The outputs for each safety lifecycle phase shall meet the objectives and requirements specified for
each phase (see Table 3).
Figure 2 — Safety lifecycle of the design of automated industrial valves
— In general, a final element integrator is responsible for ensuring that all phases of the lifecycle have
been followed, together with all the documentation associated with each phase (see Table 3).
Suppliers of compliant items shall also follow the lifecycle as applicable to their products and provide
evidence to the final element integrator. If compliant items or their configurations have special
requirements for the final element application, it is the responsibility of the final element integrator
to specify those requirements (e.g. analysis, testing, provision of information, etc.).

Table 3 — Overview – realization phase of the safety lifecycle
Require
Safety lifecycle phase or activity
ments
Objectives Inputs Outputs
Figure 2
Sub-
box Title
clause
number
10.1 Mechanical requirements To specify the requirements for the 5.4.2 For example, market Design requirements
specification final elements and/or compliant specification specification for the final
items, including the required safety element and/or its components
function(s), safety integrity, and all
design features required for the
intended application.
10.2 Mechanical validation To plan the validation of the safety of 5.4.3 Safety requirements for safety- Plan for the safety validation of
planning the safety-related automated related automated industrial the safety-related automated
industrial valves valves industrial valves.
10.3 Mechanical design and To design the safety-related 5.4.4 Safety requirements for safety- Design of the safety-related
development automated industrial valves to meet related automated industrial automated industrial valves in
the requirements for safety functions valves conformance with the safety-
and safety integrity related automated industrial
valves requirements;
Plan for the safety-related
automated industrial valves
integration test.
10.4 Mechanical system To integrate and test the final element 5.4.5 Final element integration test Fully functioning final element
integration in conformance with its design
Results of final element
integration tests
10.5 Mechanical system To develop procedures to ensure that 5.4.6 Safety requirements for safety- Operation and maintenance
installation, the functional safety of the safety- related automated industrial procedures for safety-related
commissioning, related automated industrial valves is valves automated industrial valves
operation and maintained during installation,
Safety-related automated
maintenance procedures commissioning, operation and
industrial valves design
maintenance
Require
Safety lifecycle phase or activity
ments
Objectives Inputs Outputs
Figure 2
Sub-
box Title
clause
number
10.6 Mechanical system safety To validate that the safety-related 5.4.7 Safety requirements for safety- Fully safety validated safety-
validation automated industrial valves meet, in related automated industrial related automated industrial
all respects, the requirements for valves valves
safety in terms of the required safety
Plan for the safety validation of Results of safety-related
functions and the required safety
the safety-related automated automated industrial valves
integrity
industrial valves validation
10.7 Production To develop and maintain a production 5.4.8 Specification of requirements Implementation of a production
process for safety-related automated related to production process for safety-related
industrial valves automated industrial valves
10.8 Modification of To ensure that the required safety 5.4.9 Change request Results of safety-related
compliant item integrity is maintained after automated industrial valves
corrections, enhancements or modification
adaptations to the safety-related
automated industrial valves
5.4.2 Mechanical requirements specification
5.4.2.1 Objective
The objective of the requirements of this subclause is to specify the requirements for the safety-related
automated industrial valves, in terms of the required function and the required safety integrity, in order
to achieve the
...