competence criteria for sr s p

7/28/2019 Competence Criteria for SR S P

1/83

CompetenCeCriteria forSafety - related

SyStem praCtitionerS

Guice vie b the IET icbti with the HSE BCS


2/83

CompETEnCE CrITErIa or SaETy - rElaTEd SySTEm praCTITIonErS

Guice vie b the IET i cbti with the HSE BCS

th isu egg tchg

The Istituti Egieeig Techg ws

e 31 mch 006 thugh the ege

the Istituti Eectic Egiees (IEE) the

Istituti Icte Egiees (IIE).

as egieeig techg bece icesig

iteiscii, gb icusive, the Istituti

Egieeig Techg eects tht

gessi weces ivveet ,

cuicti betwee, sects sciece,

egieeig techg.

The Istituti Egieeig Techg is t

ft gisti, egistee s chit i the UK.

e iti ese visit www.theiet.g

The Istituti Egieeig Techg 006


3/83

COMPETENCE CRITERIA FOR SAFETY- RELATED SYSTEM

PRACTITIONERS

These criteria have been produced to help organisations assess and record the competence ofstaff working developing and maintaining electrical, electronic and/or programmable electronic(E/E/PE) safety-related systems for functional safety. They can be used as part of a competence

management system to help meet the requirements ofManaging competence for safety-relatedsystems.

This document is intended to be read and navigated online.

The competence criteria are structured according to a competence model. You will need tounderstand this model when using the competence criteria, in order to apply the criteria to staff inyour organisation and, in particular, to tailor the criteria for your own activities and staff roles. Afew considerations for the tailoring process are briefly stated.

An example assessment method supports the competence criteria.

The actual competence criteria are structured into 12 functions.

NAVIGATION:

Introduction

Competence model

Using the competence criteria

Performing an assessment

Competence criteria

Index of functions, tasks and attributes

Cross-reference of functions to IEC 61508 lifecycle phases

History of this document and Acknowledgements

Licence Agreement

The IET does not assume liability to anyone for any loss or damage arising from any error oromission in this document, whether such error or omission is the result of negligence or anyother cause. Any and all such liability is disclaimed.

2007 The Institution of Engineering and Technology

3


4/83

INTRODUCTION

Competence for safety-related systems

Competence in activities associated with safety-related systems requires qualifications,experience and other qualities appropriate to individuals responsibilities, such as training,knowledge of hazards and failures, understanding of working practices, communication skills and

an appreciation of personal limitations.Four types of competence are identified:

TECHNICAL SKILLS; for example, hazard analysis, report writing

BEHAVIOURAL SKILLS; for example, personal integrity, interpersonalskills, problem solving, attention to detail

UNDERPINNING KNOWLEDGE; for example, a person performing ahazard identification must have knowledge of the particular application tobe able to identify the likely hazards that exist

UNDERPINNING UNDERSTANDING; for example, it is unlikely thatsomebody could establish risk tolerability levels for a particular problemwithout an understanding of the principles of safety and risk

Professionals with responsibility for design and/or supervision also need a detailed workingknowledge of relevant statutory provisions and codes of practice, an awareness of legislationand practices that affect their work, knowledge of working practices in similar establishments andawareness of current developments in their field.

The competence criteria

The competence criteria in this document are structured into 12 example roles for anorganisation covering the specification, development, procurement, and in-service maintenanceof E/E/PE safety-related systems. Criteria for operators of safety-related systems are notincluded.

The criteria are described in a generic manner so that they may be used in a range of industriesand technology areas. They should be tailored to suit specific organisation and industryconstraints.

The scope of the criteria is limited to roles arising from activities and responsibilities associatedwith achieving functional safety of E/E/PE safety-related systems, excluding competence ofoperators and more general operational health and safety. This approach has been adopted to:

allow complementing with existing schemes, such as Investors in People, CapabilityMaturity Model, BCS Industry Structure Model, that already cover competencies in otherareas

focus on the key aspects of functional safety.

The activities and responsibilities covered by the criteria are included within the scope of theinternational safety standard IEC 61508 (see www.iec.ch/functionalsafety for further details). A

4
http://www.iec.ch/functionalsafetyhttp://www.iec.ch/functionalsafety


5/83

table describes the relationship between the example roles and the safety requirements of IEC61508.

In some cases, such as for the example role safety hazard and risk analysis, the safety-relatedactivities are easy to distinguish. In other cases, these activities are separated out from a widerset of closely linked activities. For example, the role of safe system architectural design onlyincludes activities associated with architectural design that would not normally be carried out fora system that is not safety-related.

These safety-related activities do not stand alone, in that additional engineering competence inthe appropriate domain and technology is assumed. The competence required for safety-relatedactivities, as defined by the competence criteria in this document, is additional to such basiccompetence.

Likewise, assessment against these criteria may be supplemented and complemented by otherassessment approaches and professional development.

COMPETENCE MODEL

The competence model sets out the relationships between various concepts used whenmanaging competence, in particular the relationships between tasks, attributes, functions, roles,competence criteria, levels of competence and competence profiles.

The competence criteria are based on the following competence model.

Function, Tasks & Attributes (figure 1a). An individual (1), working either alone or in a team,performs a function (e.g. system architecture design). Each function (2) is broken down into aset oftasks (e.g. architecture specification), each of which require particular technical skills and

knowledge (3). All the tasks in a function also require behavioural skills and underpinningknowledge and understanding (4), which are expressed as a set ofattributes (e.g. up to datetechnical awareness). Each task or attribute has a set ofcompetence criteria allocated to it (5),which state the competencies required to fulfil the task or attribute (e.g. knows the standardsapplicable to the architecture).

1

Function

Technical skills and

knowledge necessary

for a functi on are definedin a set oftasks.

Persons working together

either individually or in

teams carry out a defined

function.

A fu nct ion can be

broken down in to a setof tasks and attributes

Every task and attribute

has competence criteria

specified for 3 levels.

Functions/Tasks and At tributes

3

5

2

4

Att ribute #1

Att ribute #2

At tri bute #3

Task #1

Task#2

Task #3

Behavioural skills and

knowledge necessary for

a function are defined in

a set ofattributes.

11

Function


knowledge necessary



knowledge necessary


Persons working together

either individually or in

teams carry out a defined

function.

A fu nct ion can be

broken down in to a setof tasks and attributes







Functions/Tasks and At tributes

33

55

22

44

Att ribute #1

Att ribute #2

At tri bute #3

Att ribute #1

Att ribute #2

At tri bute #3

Task #1

Task#2

Task #3

Task #1

Task#2

Task #3

Behavioural skills and

knowledge necessary for

a function are defined in

a set ofattributes.

Figure 1a

5


6/83

Twelve functions are defined in this document:

Each function is broken down into tasks and attributes and each of these has its own set of

competence criteria.

Each competence criterion can be satisfied at one of the following three competence levels:

SUPERVISED PRACTITIONER

The work of a supervised practitioner must be supervised by a practitioneror an expert. A supervised practitioner has sufficient knowledge andunderstanding of good practice, within the organisation or within the relevantindustry sector, to be able to work on the tasks associated with the overall

function without placing an excessive burden on the practitioner or expertwho is responsible for checking their work.

Potential supervised practitioners may not have previous experienceworking on safety-related projects. Their competence is likely to have beendeveloped through targeted training and work on non-safety-relatedprojects. It may therefore be necessary for an assessor to considerevidence of technical skills derived from a non-safety-related projectenvironment.

PRACTITIONER

A practitioner has sufficient knowledge and understanding of good practice,and sufficient demonstrated experience, to be able to work on tasks withoutthe need for detailed supervision. A practitioner will maintain theirknowledge and be aware of the current developments in the context inwhich they work.

EXPERT

An expert will have a sufficient understanding of why things are done in

certain ways, and sufficient demonstrated managerial skills, to be able toundertake overall responsibility for the performance of a task or function.An expert will be familiar with the ways in which systems, and previoussafety management systems, have failed in the past.

Corporate functional safetymanagement

Safety requirements specification

Project safety assurancemanagement

Safety validation

Safety-related system maintenanceand modification

Safety-related system architecturaldesign

Safety-related system or servicesprocurement

Safety-related system hardwarerealisation

Independent safety assessment Safety-related system softwarerealisation

Safety hazard and risk analysis Human factors safety engineering.

6


7/83

An expert will keep abreast of technologies, architectures, applicationsolutions, standards, and regulatory requirements, particularly in rapidlyevolving fields such as programmable safety-related systems. An expertwill have sufficient breadth of experience, knowledge and deepunderstanding to be able to work in novel situations.

An expert is able to deal with a multiplicity of problems under pressure

without jeopardising safety issues.

A function might be fulfilled by an individual, working alone, or by a team. When working in ateam, each individual contributes to the teams performance of the function by performing a rolewithin the team, carrying out part of the function. (If the entire function is fulfilled by an individualworking alone, then they do still perform a role, but it is equivalent to carrying out the wholefunction.)

Specification (figure 1b). A persons role is specified in terms of the different tasks that theymust be able to undertake and the attributes that they must have. For each of these, anappropriate competence level is specified (6). This gives a minimum competence profile for therole, with differing levels of expertise required for the different tasks and attributes (7).

The required competence is specified

for each task and attribute in terms ofthe three competence levels. This leads

to a a competence profile for all the

tasks/attributes comprising thefunction.

A person , working as an i ndividual , is cons idered competent to

carry out the func tion if t he competence criteria set for eachtask/ attribute are met. For team working, they must be

competent to carry out the tasks/attributes for their role in the

team.

Specification of competence

6

T1 T2 A2T3 A1 A3

Supervised Practitioner

Practitioner

Expert

Competence profile for a function

7

The required competence is specified

for each task and attribute in terms ofthe three competence levels. This leads

to a a competence profile for all the

tasks/attributes comprising thefunction.

A person , working as an i ndividual , is cons idered competent to

carry out the func tion if t he competence criteria set for eachtask/ attribute are met. For team working, they must be

competent to carry out the tasks/attributes for their role in the

team.

Specification of competence

6

T1 T2 A2T3 A1 A3


Practitioner

Expert

Competence profile for a function

7

Figure 1b

7


8/83

Assessment (figure 1c). To determine if an individual is competent to perform a role, theindividuals competence is assessed (8/10) and the resultant personal competence profile iscompared against the competence profiles specified for the role (9/11). (Note that theassessment would not normally be limited to the tasks and attributes of any specific role.)

An individual is deemed competent for the role if theirpersonal competence profile at least meets the competenceprofile specified for the role.

A team is deemed competent if each individual in theteam is deemed competent for their roles (12).

An individual is deemed not competent for the role if theirpersonal competence profile fails to meet the competenceprofile specified for the role.

Assessment

of person

9

For the Team to b e competent, all thos e inthe Team have to be competent for theirindividual roles in carrying out part

of the function.

If the results of the Assessment for theperson, for each task/attribute of t he

unction, meet the specified competence

profile, then the person is deemed to becompetent for role.

Team

working.

Individual

working.

If the results of the Assessment for theperson, for each task/attribute of their

role in the team meet the specifiedcompetence profile, then the person isdeemed to be competent for their r ole

in the team.

9

Role

Role

Assessment of competence

8

9

11

10

12

Assessment

of person

9

For the Team to b e competent, all thos e inthe Team have to be competent for theirindividual roles in carrying out part

of the function.

If the results of the Assessment for theperson, for each task/attribute of t he

unction, meet the specified competence

profile, then the person is deemed to becompetent for role.

Team

working.

Team

working.

Individual

working.

Individual

working.

If the results of the Assessment for theperson, for each task/attribute of their

role in the team meet the specifiedcompetence profile, then the person isdeemed to be competent for their r ole

in the team.

9

RoleRoleRole

RoleRole

Assessment of competence

88

99

1111

1010

1212

Figure 1c

In practice, the competence of staff will often be assessed so as to find out their competenceprofile independently of any assigned roles. Their competence profile will then be taken intoaccount when putting teams together. This is especially the case when recruiting new staff.

Context

By separating the core principles of competence criteria from their context, a limited set ofcommon competence criteria can be applied universally in many industry sectors, applications,technologies, and regulatory environments.

For example, the competence criteria for the task hardware test specification might containmany alternatives for all the different

types of hardware that may require test specification e.g. smart transmitter, PLC, bespokelogic,

8


9/83

facets of a test specification e.g. functionality, test coverage requirements, environmentalconditions,

application domains, with their particular operating environments and regulatoryrequirements e.g. offshore oil-rig, school-crossing traffic lights,

levels of responsibility that an individual might take e.g. a new and junior member of ateam, a senior staff member with full accountability,

levels of expertise required in different circumstances.

The immediate consequence of this approach would be that most organisations and evenprojects would have their own very specific competence criteria matched to their own context ata particular point in time. An assessment of competence in one context would be quiteunusable in another. For example, if an individual had been assessed as competent to designflight control systems, then no benefit could be derived from the assessment when consideringthem for designing the control system for aircraft landing-gear. The two roles are different, andcompetence in one domain does not imply competence in the other. However, somecompetence in one domain will transfer to the other.

The recommended alternative is to separate, in the definition of tasks and attributes, genericprinciples from the context of their application.

This approach requires that in an assessment of an individuals competence the assessor

interprets the competence criteria in the particular context of the individuals current work,and

captures that context (sector, application area, technology, etc.) for which the individualhas demonstrated that they have satisfied the competence criteria.

USING THE COMPETENCE CRITERIA

The competence criteria for tasks and attributes are grouped in this document into twelveexample functions. An introductory paragraph for each function summarises the responsibilitiesand tasks involved.

Each task and attribute associated with the function has its own table of competence criteria,with the layout shown in Figure 2. Every function is assumed to be defined by its constituenttasks. The attributes required for the function are much less closely associated with the functionin that they are likely to be found in several other functions as well. However, both tasks andattributes can be found in more than one function, and often their competence criteria may beworded slightly differently according to the function.

Title of the task or attribute

Description of the task or attributeSupervised Practitioner Practit ioner Expert

Competence criteria forsupervised practitionerlevel.

Competence criteria forpractitioner level.

Competence criteria forexpert level.

Competence criteria for both supervised practitionerlevel and practitioner level.

Explanation for non-relevance of level to task orattribute

Figure 2: Layout of Assessment Guidance Information

Each row of the table contains a set of competence criteria for the task or attribute. At least oneand no more than five sets of competence criteria are given for each specific task or attribute.Each of the three columns contains criteria supervised practitioner, practitioner or expert. To be

9


10/83

assessed as competent at a particular level, then the individual will have to satisfy all the criteriaindicated in the relevant column for that level.

Criteria are, in general, given for each of the three levels. However, if a criterion is equallyapplicable to more than one level, cells are merged across a row. Further, if a criterion is notapplicable to a level, the relevant box in the table is greyed out, and an explanation given.

Ideally, all competencies should be demonstrable by the provision of suitable documentary

evidence. The achievement of this ideal is far more difficult for the behavioural skills andunderstanding that underpin attributes than for technical skills and knowledge that relate to tasks.However, the importance of behavioural skills and understanding in being competent for afunction is judged to outweigh the difficulty in providing clear-cut assessment criteria.

It is important to appreciate that the competence criteria in this document constituteguidance and you should employ flexibility when applying them in your organisation.Also the assessor will have to make a judgement on whether the criteria have been met basedon the evidence available.

Since jobs in the organisation may not directly map onto the functions in this document, you

should tailor the competence criteria to match your own organisation. In the simplest case,this is achieved by moving tasks out of one function into another. For example, in yourorganisation perhaps safety validation does not include witnessing and executing tests againstsafety requirements, because your software and hardware designers have this responsibility.

This task would then be removed from the safety validation function and added, if appropriate, tosafety-related system hardware realisation and/or safety-related system software realisation.

Removing a task from a function will usually have no impact on the attributes necessary for thefunction. However, adding a task to a function could add to the attributes required, sinceattributes for the function from which the task came may have to be added to its new function.

PERFORMING AN ASSESSMENT

This section describes the process for performing a competence assessment for which thecompetence criteria in this document were written. You may of course vary this process but youshould consider the implications for the competence criteria if your process differs significantlyfrom this process for which the criteria were originally designed. The supporting proforma for thisprocess is provided at the end of this section in Figure 3.

It is envisaged that assessment meetings should take no more than half a day to perform andideally about 2 hours. Each task or attribute should take 10-15 minutes on average to assess.

A functions competence criteria are written in generic terms irrespective of industry sector,application, technology, etc. When performing an assessment, the use of these criteria must beconditioned by the context in which the function is performed. Context information is importantwhen reusing the assessment results for new applications, integrity levels, organisations andindustries.

In the example proforma, the context for the assessment is captured on the front page. Inaddition, the context of an individuals evidence is recorded during an assessment, where thisdiffers from the context of the present assessment.

Pre-assessment

The individual will need to collect evidence for them to be assessed against in advance ofthe assessment meeting. Before the assessment meeting, the individual is briefed on whatcriteria they will be assessed against, when the assessment will take place and the context forthe assessment. The competence criteria and any assessment procedures are given to the

10


11/83

individual. The more the individual prepares prior to the meeting (e.g. collecting appropriateevidence), the more efficient the assessment meeting will be.

The individual is also briefed on how the competency assessment may affect their current job,and how the scheme fits into the organisation, including any appraisal process.

Preliminaries

At the start of the assessment meeting, the assessor briefs the individual on theassessment, including

the purpose and context of the assessment

how the assessment will be conducted

introducing and explaining the purpose of anyone else involved with the assessment (forexample the assessor may sometimes rely on the technical opinion of another individualwho has been assessed as competent in the relevant function to expert level)

Context summary

The assessor summarises the required context for which the individual is beingassessed. Context information includes items such as industry sector, application andtechnology information, safety integrity level, applicable standards, etc.

An example of a completed context summary is contained in Figure 3.

FUNCTIONSAFETY-RELATED SYSTEM SOFTWARE

REALISATION

Reference

SSR

Context Summary

SIL 2/3 shutdown protection systems, up to 1000 I/O

Chemical/Petrochemical industry, onshore and offshore

Duplicated/triplicated PLC architectures using IEC 61131-3 languages especially

ladder logic.

Mature organisation with safety experience and familiarity with IEC 61511.

Figure 3: Example context summary

Assessing against the competence criteria

For each task or attribute, the individual presents evidence against which an assessmentcan be made. The assessor, referring to the competence criteria, makes a judgement of thelevel of competence the individual has attained including the context within which it was attained.It is recommended that each task or attribute takes no more than 15 minutes.

The competence criteria in this document are not intended to be used as strict objective pass/fail

criteria. They are, rather, indicative of how an individual might be able to demonstrate that theyhave the required competence; the individual may be able to demonstrate competence usingevidence that does not exactly match the competence criteria. The assessor must judge whetheran individual is competent at the appropriate level, based on the individuals demonstrated

11


12/83

experience and abilities, and this is necessarily a matter of subjective judgement. The assessorneeds to be capable of making such a judgement.

The most persuasive indication that a candidate is competent to perform a role is that they haveperformed that role to a satisfactory level in the recent past. Moreover, their performance shouldhave exhibited their possession of the relevant technical skills, understanding, knowledge and/orbehaviour. Where possible, the competence criteria are expressed in this way.

Short of having already done something similar to the task or attribute being assessed, theindividual may have worked in a related area. If they have not had relevant experience in theworkplace, they may have performed a task in an exercise in a training environment. They mayhave been taught the principles, or may have read relevant information.

The assessor must make a judgement as to whether an individual is competent at theappropriate level, even if the individual has not actually performed the role before. This mightbe on the basis of what they have done, what they have experienced, the efficacy of any trainingthey may have received, and other technical and behavioural abilities.

In the absence of records of previous experience, the assessor must seek other evidence of the

appropriate understanding, such as a demonstration that the individual would be able to perform a task correctly in a

hypothetical situation

the ability to answer questions relevant to the task or attribute based on past experience

evidence of having been trained for a particular task.

The nature of the available evidence is also important. Documentary records of work donedirectly by, or under the direction of, the individual are preferred. The assessor has to establishwhat has actually been carried out by the individual in contrast to what has been performed withor by, other members of the project team.

If documentary workplace records appropriate to the task or attribute are not available, otherforms of evidence that the assessor can allow at their discretion are

Assignment and/or project records Witness testimony

Workplace observation Oral

Competence test

On the assessment proforma for the task or attribute, the assessor

1. summarises the evidence provided, including (importantly) the context of that evidence

2. enters a type code for the evidence provided, one of

AP - Assignment and/or project records WT - Witness testimony

WO - Workplace observation OR - Oral

CT - Competence test DC documentary records

3. ticks the box indicating the level of competence achieved by the individual, in theassessors judgement, for the task or attribute

An example of a completed assessment proforma for a task or attribute is shown in Figure 4.

12


13/83

Task/Attribute: SSR2 Transposing from requirements into design

Summary of evidence provided, including context.Evidence

Type:DC+OR

Presented design specification for PLC application of sequence control in carplant.

Uses logic block and transition notations and can be traced to requirements.Able to identify design constraints relevant to sequence control, i.e. checking

safety conditions in every state and ensuring single entry/exits to sequences.Showed how design matched organisation procedures and identified testabilityaspects of design. Experienced PLC software designer but no specific expertisein shutdown system design.

Expert

Practitioner

Supervised Practitioner 9

Figure 4: An example assessment proforma for a task or attribute

The process is repeated until all tasks and attributes competencies have been assessed.

A decision will already have been made on which tasks and attributes are fundamental to thefunction under review. The following rules are recommended in determining the overall level ofcompetence of an individual for a particular function:

attainment of a particular level of competence in performing a function should not beawarded if more than 30% of the tasks and attributes have been achieved at only a lowerlevel

it is not recommended that the overall level of expert or practitioner is awarded to anindividual who does not achieve at least supervised practitioner level in every task andattribute

For those candidates whose experience has been gained within a different context from thatrequired by the assessment, the assessor should follow the appropriate organisation policy informing a judgement on the overall level achieved for the function, and the way in which thedifferences in context will be handled.

Assessment summary

After completing the assessment for all the tasks and attributes in a function, the assessor

completes the assessment summary by:

deriving a competence profile for the individual that collects together the levels achievedfor each task and attribute based on the assessment results

making a judgement on the level of competence achieved by the individual for thefunction as a whole, including ticking the relevant box

writing an unambiguous statement that either the individual is

competent for the function within the context stated and at the level indicatedwithoutreservation or

competent for the function within the context stated and at the level indicatedwithany conditions stated or

is not yet competent to perform the function at any level, together with thereasons why competence was not demonstrated.

13


14/83

Action plan

The Assessor agrees with the individual appropriate actions to maintain a level ofcompetence or achieve a higher level of competence for the function . These actions arerecorded on the summary page in the action plan box, which may refer to a more detailedpersonal development plan. The action plan may include requirements for the gaining ofexperience of an application domain or a technique, requirements for training, a requirement fora job review and requirements for the performance of a particular task under supervision.

An example of a completed assessment summary and action plan is shown in Figure 5.

Sign-off

The assessor makes a recommendation for when the individual should next be assessed.Both the individual and the assessor sign off the assessment proforma. Alternatively, theindividual may invoke an appeals procedure.

It is recommended that individual sign-off is performed outside the assessment meeting, oncethe candidate has had an opportunity to review their assessment and consider the assessment

summary, so that undue pressure is not put on the individual to agree with the Assessor.

In order to maintain impartiality and consistency, independent review and sign-off can beincorporated into each assessment.

Assessment summary

Experienced PLC programmer but with no current background in shutdown systemdesign. Competent to perform function at supervised practitioner level. Requiressome supervision to ensure that shutdown system design aspects and safetyrequirements are dealt with correctly

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Total1,2

Expert1

Practitioner6

Supervised

practitioner

3

Action Plan

In order to attain practitioner level the candidate requires:1. Experience of writing shutdown logic for at least one protection systemunder appropriate supervision2. Additional background/training in relevant safety standards and guidelines

Date for next assessment 01/08/2009

Figure 5: Example assessment summary and action plan

1

These totals only include the highest level attained, Thus competence at practitioner and supervised practitioner levels is notcounted if expert level has been attained for that task or attribute, and likewise competence at supervised practitioner level is notcounted if practitioner level is also attained.

2Note that the last four sets of boxes are crossed out as being inapplicable to the function being considered there being only

11 tasks and attributes associated with this function.14


15/83

Self assessment

To streamline competence management within an organisation it is recommended that aspectsof self assessment are incorporated into the assessment process.

In addition to the process described above, the individual to be assessed can perform a selfassessment prior to the assessment meeting. This is still against the competence criteria foreach task and attribute, recording the results on an assessment proforma.

For each task and attribute, the individual

reviews their evidence

summarises the evidence on the assessment proforma, referencing further informationwhere appropriate and including (importantly) the context in which the evidence isapplicable

enters the type code for the evidence provided

ticks the box indicating the level of competence that they judge they have achieved.

In the assessment meeting, the assessor reviews the self-assessment with the individual,modifying the information if necessary and completing the summary page.

Team competence

This example process has addressed only those aspects associated with the assessment ofindividuals. It does not discuss building teams. However, the competence of teams isfundamental to achieving overall system safety, and some tasks and attributes and their criteriahave been defined with team working in mind.

15


16/83

FUNCTION Reference

Context Summary

Assessment Summary

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Total

Expert

Practitioner

Supervised

Practitioner

Action Plan

Date for next assessment

ASSESSORPrint name Signature Date

CANDIDATEPrint name Signature Date

VERIFIERPrint name Signature Date

Figure 6: Assessment proforma (Page 1)

16


17/83

Competency Statement:


Type:

Expert

Practitioner


Competency Statement:


Type:

Expert

Practitioner


Evidence Assignment

Project

Competence

Skills/Tests

Documentary

records

Oral Workplace

Observation

Witness

Testimony

Code AP CT DC OR WO WT

Figure 8: Example assessment proforma (Page 2)

17


18/83

COMPETENCE CRITERIA

Competence criteria are provided for the following example functions:

o Corporate functional safety management

o Project safety assurance management

o Safety-related system maintenance and modification

o Safety-related system or services procurement

o Independent safety assessment

o Safety hazard and risk analysis

o Safety requirements specification

o Safety validation

o Safety-related system architectural design

o Safety-related system hardware realisation

o Safety-related system software realisation

o Human factors safety engineering

18


19/83

Function Corporate functional safety management

Summary

Corporate functional safety management involves responsibilities for ensuring that a safetyculture exists within an organisation, appropriate to the organisations internal and regulatoryenvironment.

In discharging this responsibility the key tasks for this function are:

defining and instigating a corporate approach to functional safety, including a safetymanagement system, relating to the development or use of safety-related systems withinthe organisation

promulgating the corporate approach to functional safety in both a proactive and reactivemanner

monitoring compliance with the corporate approach to functional safety, and applyingcorrective action where necessary

In support of these tasks, additional management tasks are likely to be required such as:

advising senior management of the resource required (both people and equipment)necessary to operate the safety management system

budgetary responsibility for a corporate safety function, possibly including the supervisionof staff

Tasks Attributes

Realisation of a safetymanagement strategy Effective communication

Allocation of responsibilities Eliciting information

Promoting awareness Organisation systems

Providing safety advice Functional safety practices

Monitoring compliance Principles of functional safetyassurance

Handling safety incidents Professional standing and personalintegrity

Regulatory and legal compliance

Managing resource allocation

Assuring staff competence

19


20/83

Tasks

CFM1 Realisation of a safety management strategy

Identifies a corporate-wide approach to functional safety management and documents the approach in a safetymanagement system, that both meets the requirements of functional safety and is appropriate to the organisationsenvironment.Supervised practitioner Practitioner Expert

Can identify relevantdocumentation relating to theorganisations methods andprocedures and can describetheir key features.

Has documented parts of asafety management systemand can illustrate, usingcorporate safetymanagement procedures andaudit reports, how existingorganisation methods andprocedures have beenincorporated into the safetymanagement system.

Has developed at least one Corporate safetymanagement system and has been involved in thedevelopment/ review of others. Can identifyorganisation methods and procedures, which havehad to be updated to meet new standards infunctional safety assurance, and show how theupdated methods and procedures fit within theorganisations safety management system.

CFM2 Allocation of responsibilities

Identifies roles and organisational relationships required to implement the corporate safety management system,and allocates or arranges staff responsibilities for the performance of these roles.Supervised practitioner Practitioner Expert

Can identify relevantdocumentation relating to theallocation of responsibilities,and understands the way inwhich appropriate allocationand organisation contributesto the effective and robustoperation of the safetymanagement system.

Has participated in thedefinition of specific rolesand their relationships withother roles so as to ensurethe effective and robustoperation of a safetymanagement system.

Has allocated responsibilities for safetymanagement system roles, monitored the efficacyof the allocation with respect to effective androbust operation of the system, and improvedallocation accordingly.

CFM3 Promoting awarenessEnsures that all staff who can affect the achievement of functional safety are aware of their obligations by:identifying target audience, implementing an appropriate dissemination programme, measuring achievement andapplying corrective action as necessary.Supervised practitioner Practitioner Expert

Can illustrate, throughtraining programme coursenotes, follow-upquestionnaires, audit reportsetc., how awareness ofsafety information has been

promoted within anorganisation.

Can illustrate, throughtraining programme coursenotes, follow-upquestionnaires, audit reportsetc., how awareness of asafety management system

has been promoted within anorganisation, how the extentof that awareness has beenchecked and how correctiveactions have been taken toincrease awareness.

Can identify key areas of a safety managementsystem where difficulty has been encountered inpromoting awareness of the underlying issues andcan illustrate specific actions that have been takento overcome them. Can explain how differentpromotional strategies achieve awareness of

safety issues within an organisation.

20


21/83

CFM4 Providing safety adviceProvides an effective one-stop shop for advice to staff on functional safety within an organisation (e.g. help desk), such that aconsistent approach to functional safety is achieved and conflicts on interpretation are resolved.Supervised practitioner Practitioner Expert

Not yet experienced enough to providesafety advice to others.

Can illustrate, through procedures, memos, e-mails etc. and a process of work-place observation (e.g. sit-in on consultations), how effective advice on mattersrelating to functional safety has been provided to safety-related projects.Can explain the different methods that have been used and considered forproviding advice to safety-related project teams and identify the advantages anddisadvantages of each method in relation to the particular requirements of theorganisation.

CFM5 Monitoring compliance

Achieves adherence with the safety management system, by performing audits against a schedule and instigating improvementsto the safety management system when identified as necessary.Supervised practitioner Practitioner Expert

Can explain the mechanisms (e.g.audits) that have been put in placeacross the organisation to monitorcompliance of these projects with thesafety management system.

Can explain the advantages anddisadvantages of different mechanismsfor monitoring compliance with a safetymanagement system, backing up theexplanation with documentary evidenceof the performance of such monitoring.

Can show how monitoring has beenachieved within an organisation, and howthe results of the monitoring process arefed back into the safety managementsystem

Can cite examples (real or hypothetical)where a lack of adequate monitoring hasor could lead to a potentially unsafesituation and can explain how monitoringwithin the organisation has beenimproved to counter such examples. Can

explain the advantages anddisadvantages of different mechanismsfor monitoring compliance with a safetymanagement system. Has beenresponsible for monitoring within anorganisation, and can describe the wayin which the results of the monitoringprocess are fed back into the safetymanagement system

CFM6 Handling safety incidents

Ensures that all incidents that could impact on functional safety are identified, investigated and necessary actionstaken (including updating the safety management system and dissemination to all relevant staff), such that theimmediate incident is resolved and its likelihood of re-occurrence is minimised.Supervised practitioner Practitioner Expert

Given an incident, (real orhypothetical) can explainpotential measures to reducethe likelihood of recurrence interms of dissemination andupdating the safetymanagement system.

Has been involved in the follow-up actions after an incident. Has developedappropriate procedures for the investigation and the implementation ofrecommendations arising from investigations. Can explain how an incident isresolved and how the likelihood of re-occurrence is minimised.

CFM7 Regulatory and legal compliance

Ensures that all relevant safety regulations and legal requirements and organisation-specific safety standards aresatisfied by the organisation by determining the requirements, encapsulating the requirements into the safetymanagement system and managing the interface with the regulator including successful conflict resolution.Supervised practitioner Practitioner Expert

Is aware of the requirementsof the relevant functionalsafety standards appropriateto the industry sector.Can describe and explain thekey principles underlying therelevant regulatory regimeand associated legal issues.

Can illustrate, throughcorporate safety managementprocedures, how safetyregulatory requirements andassociated legal issues havebeen reflected in theorganisations safetymanagement system.

Can illustrate, through memos, reports and safetymanagement procedures, how the requirements ofthe regulatory authorities are continually reviewed,and where appropriate incorporated, within theorganisations safety management system.

21


22/83

CFM8 Managing resource allocation

Advises and facilitates (and manages if appropriate) the deployment of the allocation of sufficient resource ofrelevant competence, such that the needs of the safety management system can be met.Supervised practitioner Practitioner Expert

Is familiar with an acceptedestimating method andassociated techniques and isable to present supporting

documentation to show howthe method has been appliedin practice.

Can illustrate, through e.g.estimating sheets, how advicehas been provided to safety-related projects with regard to

the necessary resourcerequirements for carrying outthe project.

Can cite examples (real or hypothetical) whereresource issues have or could lead to an unsafesituation on a project. Can explain how theorganisations procedures have been developed to

ensure adequate resources.

Can provide rule of thumbestimates for typical safety-related projects carried out bythe organisation.

Can provide rule of thumb estimates for complex or innovative projects carried outby the organisation.

CFM9 Assuring staff competence

Ensures that all staff involved with safety-related work are competent to execute their assigned tasks. For example,instigating a formal training programme, work place supervised experience, etc.Supervised practitioner Practitioner Expert

Can describe the methodscurrently used within theorganisation to assess andjustify the competence ofsafety-related project teammembers.

Can illustrate, via theorganisations procedures,project safety plans, safetyjustifications, how acompetence justificationsystem is implemented withinthe organisation for safety-related projects.

Can illustrate through examples (real orhypothetical) how insufficient attention to thecompetence of individuals employed on safety-related projects could lead to an unsafe situation.Can illustrate, via the organisations procedures,how actions have been taken to ensure competentindividuals are assigned to projects

At tr ibutes

CFM10 Effective communication

Communicates effectively, both orally in writing and electronically at all levels in an organisation, with people ofvarying skill and groups of varying size, such that the objectives for the communication are achieved.Supervised practitioner Practitioner Expert

Understands the principles ofgood presentation.Communicates well withpeers.

Has made successful formalpresentations.Communicates well in a teamand in one-to-one situations atmost levels within anorganisation.

Is acknowledged as proficient in communicatinginformation orally in all situations. Has establishedeffective liaison with the organisationsmanagement such that safety issues are raised atthe highest level. Has effective relationships withrelevant external organisations, such as regulatorybodies.

Understands the principles ofclear report writing.Has written at least one reportwhich can demonstrate basicliteracy skills and the ability topresent written information inan organised, logical andunambiguous manner.

Has consistently producedwritten work of a quality whichis well organised, accurate(both technically andgrammatically), complete,logical, concise, unambiguousand to the point.

Has consistently produced written work of a qualitywhich is well organised, accurate (both technicallyand grammatically), complete, logical, concise,unambiguous and to the point. Is aware of thewider implications and purpose ofcommunications.

CFM11 Eliciting informationProactively elicits all necessary information from relevant personnel at whatever level (e.g. stakeholders, peers, etc.)such that the tasks associated with the role can be properly scoped and undertaken.Supervised practitioner Practitioner Expert

Collects the relevant facts

about safety issues/tasks frompeers

Collects and understands the

relevant information frompersonnel at all levels. Canidentify more important issuesfrom a wider range of points.

Has established a mechanism for the collection of

information across the whole organisation onsafety issues and safety activities.

22


23/83

CFM12 Organisation systemsHas a knowledge and understanding of existing systems in the organisation (e.g. quality management systems)sufficient to ensure that the development and maintenance of the safety management system is cost effective andappropriate to the organisation.Supervised practitioner Practitioner Expert

As well as the safetymanagement system, isaware of the organisationsquality management system,financial and projectmanagement systems andcan explain how they operate.

Can explain how the safetymanagement system fits in,and relies on the qualitymanagement system and thefinancial/project managementsystems.

Can explain how the safety management systemfits in with other systems in the organisation toproduce an efficient solution. Can describe waysin which the safety management system could berealigned and the impacts of the change.

CFM13 Functional safety pract icesHas a knowledge and understanding of functional safety practices, including application and technology appropriateto the organisation and the industry sector, necessary for the successful execution of the role.Supervised practitioner Practitioner Expert

Has worked on non safety-related applications within the

relevant context, but has yetto work on a safety-relatedapplication within the relevantcontext.

Has worked on a safety-related project relating to the

context within which theorganisation operates and hasgained a knowledge of howsafety is addressed within theorganisation.

Has worked on many safety-related projects,some of which relate to the identified context

within which the organisation operates.Understands how safety is addressed at a projectlevel as well as the organisational level.

Can describe relevanttechnologies and theirapplication, but notnecessarily in relation tosafety related work.

Can describe relevanttechnologies and how theymight be used for safety-related work in the domain ofinterest.

Can provide evidence of having applied safety-related technologies to a wide range of projects.

CFM14 Principles of functional safety assurance

Has a knowledge and understanding of the principles of functional safety assurance (including: hazards, risks,tolerability, ALARP, safety requirements, safety realisation, etc.) and can relate them to a typical safety lifecyclemodel.Supervised practitioner Practitioner Expert

Understands the principles offunctional safety assurance.Has read, and has aknowledge of, the safetyassurance standardsappropriate to the industrysector.

Can explain how safetyassurance has been achievedwith reference to examplesfrom actual projectinvolvement.Can cite relevant safetyassurance standards, explaintheir fundamental concepts,

and illustrate any differences.

Known outside the organisation as an authority onthe principles of safety assurance, and canprovide evidence to support this claim.Can cite relevant safety assurance standards,explain their fundamental concepts, illustrate anydifferences, and explain how they relate to thesafety management system.

CFM15 Professional standing and personal integrity

Has the professional standing to provide credible judgements that are generally acknowledged as authoritative,coupled with sufficient strength of character not to compromise sincerely held beliefs when under pressure.Supervised practitioner Practitioner Expert

Typically a degree orequivalent in a relevantdiscipline.

Typically a CharteredEngineer with a degree in arelevant discipline. Has hadpractical safety engineeringexperience within the relevantindustry sector.

Typically a Chartered Engineer who isacknowledged as an authority in the field of safety-related systems. Likely to have presented paperson safety issues.

Aware of the importance ofpersonal integrity whenpressed to compromise ajudgement.

Has defended a judgementwhen under external pressureto compromise position.

Has a reputation for integrity that indicatescandidate will never allow a judgement on safety-related issues to be compromised by outsideinterference.

23


24/83

Function Project safety assurance management

Summary

Project safety assurance management involves responsibilities for ensuring that an appropriatelevel of safety assurance is applied during the various lifecycle phases of a project and that the

required evidence is collected and presented together with a reasoned argument to justify thesafety of the system.

In discharging these responsibilities, the key tasks for the function are:

defining the scope and objectives of the project from a safety viewpoint

developing and maintaining a project safety assurance plan

managing compliance with the project safety assurance plan including the provision ofsafety assurance evidence

Tasks Attributes

Defining the scope of the project Effective working relationships

Developing and maintaining aproject safety assurance plan

Effective communication

Managing compliance with theproject safety assurance plan

Methodical approach

Monitoring the engineeringdevelopment

Safety regulations and standards

Managing the provision of safetyassurance evidence

Organisation systems

Decision making

Influencing and negotiating

Team management

24


25/83

TasksPSM1 Defining the scope of the project

Seeks out and evaluates information in order to define the scope, objectives, context and safety-significance of asafety-related project.Supervised practitioner Practitioner Expert

Can identify the maincategories of information

required to define the scope,context and safetysignificance of a safety-related project and describehow this information isobtained and evaluated.

Can illustrate, through design documents, working notes, minutes of meetings etc.,how information has been collected to define the scope, context and safety

significance of safety-related projects carried out within the organisation or relevantindustry sector.

PSM2 Developing and maintaining a project safety assurance plan

Produces and maintains a project safety assurance plan including: the selection of an appropriate safety lifecycle model and reflecting the selected safety lifecycle model in the

activities defined within the project safety assurance plan the selection of appropriate safety assurance measures and techniques to be employed definition of the project organisational structure, particularly with regard to the need for independence and the

apportionment of responsibilities for safety at different organisational levels within the project and along the

supply chain.Supervised practitioner Practitioner Expert

Can illustrate, throughexamples of candidates ownwork, how plans have beendeveloped and thencontinually updated to reflectthe current status of a project.

Has contributed to project safety assurance plans for projects carried out within theorganisation or industry sector.

Can identify the safetylifecycle model normally usedfor safety-related projects andexplain why this particularsafety lifecycle model isappropriate to theorganisation.

Can describe the advantagesand disadvantages ofdifferent safety lifecyclemodels and how these relateto different developmentlifecycle models.

Can cite examples from his/her own experiencewhere the normal safety lifecycle models used forprojects carried out within the organisation werenot appropriate, and can illustrate how the safetylifecycle was modified or a different safety lifecyclemodel was selected.

Can describe the range ofsafety techniques andmeasures normally employedwithin the organisation orindustry sector for safety-related projects.Given a typical projectscenario, can select anappropriate set of safetytechniques and measures.

Can illustrate, via projectsafety assurance plans, howappropriate selections oftechniques and measureshave been made for safety-related projects carried out bythe organisation.Can justify the use of theselected techniques andmeasures by referencing

relevant standards and thecapabilities of theorganisation.

Can illustrate, by example, project situations inwhich the safety techniques and measures werenot appropriate to the specific safety requirementsof the project. Can illustrate, via review proceduresand review records, how actions have been takento ensure that the appropriateness of techniquesand measures is adequately considered.

Can describe theorganisational structure of atypical safety-related projectcarried out within theorganisation and howresponsibilities for functionalsafety assurance areallocated.

Can illustrate, e.g. via thecontents of a project safetyassurance plan, how safety-related projects have beenorganised, howresponsibilities have beenallocated and described, andhow the requirements forindependence have beenaddressed.

Can illustrate, through examples (real orhypothetical), how project organisations have failedto operate effectively from a safety viewpoint andexplain how the projects were (or should havebeen) re-organised.Can identify how the need for independence wouldbe achieved for the development or operation ofsafety-related systems of different safety integritylevels.

25


26/83

Can identify the key resourcerequirements that need to beaddressed for the successfulundertaking of a safety-related project.Given a typical projectscenario, can correctlyestimate the order of thenecessary resource

requirements.

Can illustrate, via project safety assurance plans, memos, how resourcerequirements were derived, reviewed and updated in line with the progress ofsafety-related projects carried out within the organisation or industry sector. Canexplain previous situations when resource requirements have been incorrectlyestimated.

PSM3 Managing compliance with the project safety assurance plan

Manages compliance with the project safety assurance plan through the appropriate use of monitoring mechanisms(e.g. project audits, reviews, walkthroughs).Supervised practitioner Practitioner Expert

Has monitored compliance with safety plans and participated in audits and safety reviews.

Can explain the mechanismsthat were put in place forspecific projects to monitorcompliance with plans,

backing up the explanationwith documentary evidence(e.g. audit reports).

Can explain the advantages and disadvantages of different mechanisms formonitoring compliance with a project safety assurance plan, backing up theexplanation with documentary evidence from previous projects.Can identifymechanisms to counter monitoring inadequacies.

PSM4 Monitoring the engineering development

Monitors the engineering development to ensure consistency with a design philosophy which contributes to safetyassurance.Supervised practitioner Practitioner Expert

Has not had the opportunity tomonitor engineeringdevelopments

Can show how monitoring ofengineering development isachieved within anorganisation.Can describe ways in whichdivergence from designphilosophy can occur and howsafety can therefore bejeopardised.

Has been responsible for monitoring engineeringdevelopment within an organisation.Can illustrate, by examples, project situations inwhich safety has been jeopardised by divergenceor potential divergence from a design philosophy.

PSM5 Managing the provision of safety assurance evidence

Collects evidence that safety engineering tasks have been adequately executed and constructs a reasonedargument based on that evidence (possibly for inclusion in a safety case).Supervised practitioner Practitioner Expert

Can illustrate how sufficient information was collected from avariety of sources to be able to construct a safety argument. Can explain how mechanisms were put in place tocollect the evidence to support the case for asafety-related system.

Not yet written a safetyargument.

Has written a safetyargument.

Can illustrate how safety arguments areconstructed and presented to justify the requiredsafety integrity of a typical safety-related systemdeveloped within the organisation.

Can explain the underlying objectives of a safety case withregard to the current regulatory regime and can describe thecontents of a typical safety case.

Can make reasoned arguments for the inclusion /omission of information with regard to the safetyargument for a particular, novel, system. Given aparticular safety argument, the candidate canidentify flaws or deficiencies in the argument andcan pinpoint areas where safety evidence is weak.

26


27/83

At tr ibutes

PSM6 Effective working relationships

Develops and maintains effective working relationships with other members of the project including: safety engineers, designers and managers within the supplier's organisation personnel within suppliers to the organisation of safety-related systems or services personnel within the purchaser's organisation and other organisations, e.g. operators and maintainers,

independent safety assessors and regulatory authorities.

Supervised practitioner Practitioner ExpertHas worked as an effectivemember of a project team co-ordinating own activities withthose of peers and reportingto a supervisor

Has worked as an effectivemember of a safety-relatedproject team co-ordinating theactivities of a group ofindividuals and reporting to aproject manager within his/herown organisation.

Has worked as an effective leader of a safety-related project team co-ordinating the activities ofmore than one organisation and reporting directlyto the project stakeholders.

PSM7 Effective communicationCommunicates effectively both orally and in writing, at all levels in and outside the organisation, with people ofvarying skills and understanding and with groups of varying size.

Supervised practitioner Practitioner ExpertUnderstands the principles ofgood presentation.Communicates well withpeers.

Has made successful formalpresentations.Communicates well in a teamand in one-to-one situations atmost levels.

Is acknowledged as proficient in communicatinginformation orally in all situations. Is able tocommunicate a safety vision and describe thesafety argument for a safety-related system.

Understands the importanceof keeping reports factual andavoiding verbose language.Has written at least one reportwhich can demonstrate basicliteracy skills and the ability topresent written information inan organised, logical andunambiguous manner.

Produces written work of aquality which is wellorganised, accurate (bothtechnically andgrammatically), complete,logical, concise, unambiguousand to the point.

Produces written work of a quality which is wellorganised, accurate (both technically andgrammatically), complete, logical, concise,unambiguous and to the point. Is aware of thewider implications and purpose ofcommunications.

PSM8 Methodical approach

Works in a methodical, clearly structured manner.Supervised practitioner Practitioner Expert

For specific tasks undertaken,can explain the methodfollowed in performing thetasks and indicates theresulting structure in the work.

For whole safety-relatedprojects, can explain how andwhy particular methods werechosen to perform thedifferent tasks required for the

project.

Can explain how the work performed on differentprojects undertaken within the organisation ismonitored and controlled to ensure a methodicalapproach.

PSM9 Safety regulations and standards

Addresses the requirements of the relevant safety regulations and standards in the management and performance ofsafety assurance management activities.Supervised practitioner Practitioner Expert

Can identify the safetyregulations and standardsrelevant to the domain withinwhich the organisationoperates and can describe

their key requirements.

Can illustrate, via projectsafety plans, audit reports,design documents, how therequirements of the relevantsafety regulations and

standards have beenincorporated in safety-relatedprojects carried out by theorganisation.

Can illustrate, via review checklists, and reviewrecords, how compliance with the relevant safetyregulations and standards is ensured.Can illustrate, via project safety plans,requirements specifications and design

specifications, the different approaches that havebeen adopted in order to comply with the relevantsafety regulations and standards and can describetheir advantages and disadvantages.

27


28/83

PSM10 Organisation systems

Reflects the organisations safety management system and associated methods and procedures in the project safetyassurance plan.Supervised practitioner Practitioner Expert

Can identify the relevantdocumentation relating to theorganisations safetymanagement system and candescribe the key features ofthe system.Can describe the keymethods and proceduresassociated with theorganisations safetymanagement system.

Can illustrate, through projectsafety plans, audit reports,design documents, how therequirements of theorganisations safetymanagement system and theassociated methods andprocedures have beenincorporated in the safety-related project activitiescarried out.

Can identify current or past inadequacies in thesafety management system and can describe theimportance of these with regard to typical safety-related projects carried out within the organisation.Can illustrate, via letters, memos etc. how anattempt has been made to improve theorganisations safety management system.

PSM11 Decision making

Uncovers the key facts associated with a situation and communicates a firm, rational decision based on an analysisof those key facts.

Supervised practitioner Practitioner ExpertGiven a set of information regarding a hypothetical situation,can identify the key facts and proposes a decision that relatesto the identified key facts.

Can cite examples from his/her own experiencewhere it has been necessary to make difficultdecisions relating to the safety assurance of asafety-related system and can illustrate, viamemos, letters, reports, witness testimonies, howthe key facts were uncovered and how decisionswere taken and communicated.

PSM12 Influencing and negotiating

Convincingly argues a point of view or position and obtains buy-in from personnel at all levels of the organisation andis able to compromise on detail, if necessary, whilst still achieving the key objectives of the safety assurance plan.Supervised practitioner Practitioner Expert

Understands the principles ofnegotiation and has taken partin practical training exercisesin influencing / negotiating.

Can cite examples fromhis/her own experience whereis has been necessary toexert influence to satisfactorilyresolve a situation relating tothe safety assurance of asafety-related system.

Can cite examples from his/her own experiencewhere it has been necessary to negotiate tosatisfactorily resolve a situation relating to thesafety assurance of a safety-related system andcan illustrate, via memos, letters, witnesstestimonies, how negotiations were brought to asatisfactory conclusion.

PSM13 Team management

Organises, supervises and checks the activities carried out by other safety engineering staff such that the overall

safety assurance role responsibilities are adequately discharged and the collective ability and resources of a team ofindividuals are effectively combined.Supervised practitioner Practitioner Expert

Has not had the opportunity toshow competence in leadinga safety team.

Can illustrate, through the presentation of supporting documentation, how the workcarried out by others is supported and checked to ensure that the key objectives ofproject safety assurance management are met.

28


29/83

Function Safety-related system maintenance and modi fication

Summary

Safety-related system maintenance and modification involves the responsibility for keeping withintolerable levels the likelihood of safety incidents during system use, and reducing them, includingduring degraded modes of operation such as system change, maintenance or the introduction of

new systems into service.

In discharging this responsibility, the key tasks for the functions are:

planning and implementing maintenance and modification functional safety requirements;managing compliance with planned arrangements including incident handling

handling change, either to existing systems, or the introduction of new systems or thedecommissioning of existing systems

influencing any new design together with the classification of legacy systems from anoperation, maintenance and modification perspective

advising and facilitating the allocation of appropriate resources

managing the provision and use of in-service safety information

Tasks Attributes

Planning for maintenance andmodification of safe operation

Report writing

Development of maintenance and

modification procedures

Effective oral communication

Handling change Regulatory and legal compliance

Monitoring compliance Methodical approach

Handling safety incidents Organisation systems

Managing in-service information Principles of functional safetyassurance

Resource allocation

Existing system classification

Influencing new systems

29


30/83

SRM1 Planning for maintenance and modification of safe operation

Originates and maintains a plan which encapsulates an agreed set of activities, including their interrelationship,scheduling and responsibilities, which if implemented correctly results in a system being maintained safely.Supervised practitioner Practitioner Expert

Can write sections of amaintenance and modificationplan.

Has written a maintenanceand modification plan and candemonstrate contributiontowards the formation of asafe maintenance andmodification strategy.Understands the importanceof clear responsibilities formaintenance and modificationtasks where they relate tosafety.

Has written maintenance and modification plansand can identify a range of different maintenancestrategies and their impact on safety.

SRM2 Development of maintenance and modification procedures

Identifies appropriate test and monitoring strategies and techniques and encapsulates these in procedures which, ifcomplied with, result in safe operation for both normal and degraded (maintenance, modification, failure, sabotage,etc.) modes of operation.

Supervised practitioner Practitioner ExpertHas written maintenance andmodification procedures.

Has written maintenance andmodification procedures whichhave a direct relationship tosafety. Can explain howmaintenance and modificationprocedures ensure safeoperation.

Has written a suite of maintenance andmodification procedures for several systems. Canexplain how maintenance and modificationprocedures ensure safe operation.

SRM3 Handling changeAnalyses the impact on safety of any change to a system; ensures that the implementation of any change does notresult in an unsafe situation, and provides a reversion strategy.

Supervised practitioner Practitioner ExpertUnderstands how to analysethe potential safety impact ofchanges to safety-relatedsystems. Can identify ways inwhich changes to a safety-related system would impacton safe maintenanceprocedures.

Can illustrate, throughanalysis reports, howproposed changes to safety-related systems are assessedfor their impact on safety andthe maintenance andmodification procedures.

Can illustrate, through examples (real orhypothetical) how the incorrect assessment of theimplications of proposed changes have led topotentially unsafe situations especially regardingmaintenance and modification activities. Canillustrate, through procedures, work instructions,training course notes etc., the actions that havebeen put in place to ensure that risks are correctlyassessed.

SRM4 Monitoring complianceEnsures adherence to the maintenance and modification requirements of safety-related systems by ensuring anaudit is performed against a schedule and that any improvements are instigated when identified as necessary.Supervised practitioner Practitioner Expert

Can explain the audit systemin place to assess themaintenance and modificationregime for a system.

Has contributed to thedevelopment of faultreporting, auditing and reviewsystemsCan explain how themonitoring system has beenused to effect changes in thesystem and in its maintenanceand modification regime.

Has had responsibility for monitoring a range ofmaintenance and modification activities on safety-related systems. Can show evidence of thedevelopment of the monitoring systems in placeand how they have led to changes in the systemand the maintenance and modification regime.Can explain the difference between ineffective andeffective maintenance and modification regimesand how the monitoring systems detect problems.

30


31/83

SRM5 Handling safety incidents

Ensures that all incidents during operation that could impact on functional safety are identified, investigated andnecessary actions taken, such that the immediate incident is resolved and the likelihood of re-occurrence isminimised.Supervised practitioner Practitioner Expert

Given a set of informationregarding a hypotheticalincident can identify keyactions, and propose adecision that clearly relates tothe identified key fact, canexplain how incident reportingand analysis systems workwithin the organisation.

Has set up or has been involved in the running of a reporting system, and can showhow the system is or was used to identify potential incidents. Can cite examplesfrom his/her own experience where it has been necessary to make difficult and fastdecisions during an incident involving a safety-related system. Can illustrate,through memos, letters, reports and witness testimonies, how the key facts wereuncovered, how decisions were taken and how the decisions were communicated.

SRM6 Managing in-service informationProactively collects, analyses and effectively uses data obtained during in-service operation such that increasedsafety assurance is obtained on existing systems and is available for new designs.Supervised practitioner Practitioner Expert

Can illustrate, through reports

and presentations, how dataanalysis techniques havebeen used in a practical worksituation.

Can illustrate, through incident reports, change documents and reliability growth

modelling, how data analysis techniques are used in the provision of evidence ofthe operational performance of a safety-related system and used to improve itssafety performance.

Understands howperformance informationrelating to the performance ofsafety-related systems iscollected within theorganisation.Knows the basic techniquesof data collection and the useof analysis equipment (e.g.

data analysers,oscilloscopes).

Can illustrate, through workingnotes, data recorder printouts,oscilloscope traces etc., howoperational performanceinformation has been collectedfrom a variety of sources andanalysed to arrive at aconclusion regardingoperational safety.

Can cite examples where insufficient or incorrectinformation has been obtained with regard to theoperational performance of a safety-relatedsystem. Can illustrate, using for examplechecklists, how such examples can be avoided.

SRM7 Resource allocation

Advises and facilitates (and manages if directed) the deployment of resources (competent staff, spares, tools, etc.),sufficient to ensure safety operation, maintenance and modification.Supervised practitioner Practitioner Expert

Can identify the key resourcerequirements that arenecessary for the successfulmaintenance and modification

of a safety-related system.Given a typical projectscenario, correctly estimatesthe necessary resourcerequirements.

Can illustrate, through projectsafety assurance plans andmemos, how resourcerequirements have been

derived, reviewed, updated inline with operationalexperience gained during theuse of a safety-related systemand updated to meet revisedneeds after modification

Can illustrate, through examples (real orhypothetical), how inadequate resources have ledto compromises on safety. Can illustrate, throughfor example, review procedures and checklists,

how actions are taken to ensure adequate, trainedresources and the actions required to accumulatechanged resource requirements after systemsmodification.

31


32/83

SRM8 Existing system classifi cation

Supervises the analysis of existing systems using a systematic, risk-based methodology, such that existing systemscan be classified for their safety significance.Supervised practitioner Practitioner Expert

Understands the way in whichsafety integrity levels areallocated to safety functions.Given a particular set ofsafety functions and animplementation scenario, canillustrate how a method canbe used to derive safetyintegrity levels for each safetyfunction.

Has allocated safety integritylevels to functions performedby safety-related systemsused within the organisation.

Can explain the pros and cons of differentmethods for allocating safety integrity levels andtheir effects on safety integrity level allocations.Can illustrate through procedures, workinstructions and training course notes, the actionsthat have been put in place to ensure the correctand appropriate use of methods for the safetyclassification of legacy systems.

SRM9 Influencing new systems

Influences the realisation of new safety-related systems such that the requirements to maintain a system safely areproperly addressed.Supervised practitioner Practitioner Expert

Can describe the main

operation and maintenanceand modification proceduresassociated with typical safety-related systems developed oroperated by the organisation.

Can describe the key

functional safety issuesassociated with the operationand maintenance andmodification of typical safety-related systems developed oroperated by the organisation.

Can illustrate by examples (real or hypothetical),

how failure to address maintenance andmodification requirements in the design of asafety-related system has led to a potentiallyunsafe situation. Can illustrate with reviewchecklists and review records how potentialsafety-related system designs are reviewed fortheir impact on maintenance and modification.

Understands the principles ofnegotiation and has takenpart in practical trainingexercises in influencing /negotiating.

Can cite examples from his/her own experience where it has been necessary toexert influence to resolve a situation relating to the maintenance and modification ofa safety-related system. Can illustrate through memos, letters and witnesstestimonies, how the necessary influence was brought to bear and how eachsituation was resolved.

At tr ibutes

SRM10 Report writ ing

Produces technical reports, procedures, etc., incorporating a logical document structure with the contentgrammatically correct using a non-verbose style.Supervised practitioner Practitioner Expert

Can show an example of atechnical report of whichhe/she is the principal author.

Contrasts reports which are clear and to the point with reports where key evidenceis hidden by poor writing or superfluous technical detail. Can show a range oftechnical reports which he/she has written on maintenance and modification issues.

SRM11 Effective oral communication

Effectively interfaces with staff at all levels in an organisation with people of varying skill and groups of varying size.Supervised practitioner Practitioner Expert

Understands the principles ofgood presentation.Communicates well withpeers.

Has made successful formalpresentations.Communicates well in a teamand one-to-one situations atmost levels.

Is acknowledged as proficient in communicatinginformation orally in all situations. Can liaiseeffectively with both maintenance and modificationstaff and senior management.

32


33/83

SRM12Regulatory and legal complianceHas a knowledge and understanding of all relevant regulatory and legal requirements, together with organisation-specific procedures.Supervised practitioner Practitioner Expert

Has read the relevantfunctional safety standardsappropriate to the industrysector.Can explain the key principlesunderlying the relevantregulatory regime andassociated legal issues.

Can illustrate through safetyplans and maintenance andmodification manuals, howsafety regulatoryrequirements and associatedlegal issues are addressed inthe performance of safety-related system maintenanceand modification activities.

Can illustrate through memos, reports,maintenance and modification manuals, how theoperational and maintenance and modificationrequirements of the relevant regulatory authoritiesare continually reviewed and, where appropriate,incorporated within the organisations safetymanagement system, especially with regard tomaintenance and modification activities.

SRM13 Methodical approach

Applies a methodical approach to assignments, incorporating analytical and systematic techniques appropriate to therole.Supervised practitioner Practitioner Expert

For specific tasks undertaken,can explain the method

followed in performing thetasks and indicates theresulting structure in the work,backing up the explanationwith documentary evidence.

For maintenance andmodification tasks, can

explain how and whyparticular methods werechosen to perform them.

Can explain how the work performed on differentprojects or maintenance and modification tasks

within the organisation is monitored and controlledto ensure a methodical approach.

SRM14Organisation systemsHas a knowledge and understanding of existing systems in the organisation (e.g. quality management systems) andfunctional safety practices, including application and technology appropriate to the organisation and industry sector,sufficient for the successful execution of the role.Supervised practitioner Practitioner Expert

Can identify the relevant

documentation relating to theorganisations safetymanagement system and candescribe the key features ofthis system.Can describe the keymethods and proceduresassociated with theorganisations safetymanagement system.

Can illustrate through

operation and maintenanceand modification manuals,fault reports and impactanalysis reports, how therequirements of theorganisations safetymanagement system and theassociated methods andprocedures are referred to inthe safety-related systemmaintenance and modificationactivities carried out by theorganisation and to which

he/she has been a maincontributor.

Can identify current or past inadequacies in the

safety management system, or associatedmethods and procedures, and can describe theimportance of these with regard to typical safety-related system maintenance and modificationactivities carried out within the organisation.Can illustrate through letters etc., how an attempthas been made to improve the organisationssafety management system and associatedmethods and procedures.

SRM15Principles of funct ional safety assuranceHas a knowledge and understanding of the principles of functional safety assurance (including; hazards, risks,tolerability, ALARP, safety requirements, safety realisation, etc.) and understands their relationship to themaintenance and modification of safety-related systems.Supervised practitioner Practitioner Expert

Understands the principles offunctional safety assurance.

Can explain how safetyassurance has beenachieved, in relation to safety-

related system maintenanceand modification activities,with reference to examplesfrom actual projectinvolvement.

Known as an authority outside the organisation onthe principles of safety assurance in relation tosafety-related system maintenance activities.

Provides illustrations, taken from his or her ownexperience, of safety principles applied in practice.

33

competence criteria for sr s p

Documents