IC 9487 - Programmable Electronic Mining Systems: Best Practice Recommendations (In Nine Parts) - Part 8: 6.0 Safety File Guidance

This report (Safety File Guidance 6.0) is the eighth in a nine-part series of recommendations and guidance addressing the functional safety of processor-controlled mining equipment. It is part of a risk-based system safety process encompassing hardware, software, humans, and the operating environment for the equipment’s life cycle. Figure 1 shows a safety framework containing these recommendations. The reports in this series address the various life cycle stages of inception, design, approval and certification, commissioning, operation, maintenance, and decommissioning. These recommendations were developed as a joint project between the National Institute for Occupational Safety and Health and the Mine Safety and Health Administration. They are intended for use by mining companies, original equipment manufacturers, and aftermarket suppliers to these mining companies. Users of these reports are expected to consider the set in total during the design cycle. • 1.0 Safety Introduction (Part 1).—This is an introductory report for the general mining industry. It provides basic system/software safety concepts, discusses the need for mining to address the functional safety of programmable electronics (PE), and includes the benefits of implementing a system/software safety program. • 2.1 System Safety (Part 2) and 2.2 Software Safety (Part 3).—These reports draw heavily from International Electrotechnical Commission (IEC) standard IEC 61508 [IEC 1998a,b,c,d,e,f,g]and other standards. The scope is “surface and underground safety-related mining systems employing embedded, networked, and nonnetworked programmable electronics.” System safety seeks to design safety into all phases of the entire system. Software is a subsystem; thus, software safety is a part of the system’s safety. • 3.0 Safety File (Part 4).—This report contains the documentation that demonstrates the level of safety built into the system and identifies limitations for the system’s use and operation. In essence, it is a “proof of safety” that the system and its operation meet the appropriate level of safety for the intended application. It starts from the beginning of the design, is maintained during the full life cycle of the system, and provides administrative support for the safety program of the full system. • 4.0 Safety Assessment (Part 5).—The independent assessment of the safety file is addressed. It establishes consistent methods to determine the completeness and suitability of safety evidence and justifications. This assessment could be conducted by an independent third party. • Safety Framework Guidance.—It is intended to supplement the safety framework reports with guidance providing users with additional information. The purpose is to assist users in applying the concepts presented. In other words, the safety framework is what needs to be done and the guidance is how it can be done. The guidance information reinforces the concepts, describes various methodologies that can be used, and gives examples and references. It also gives information on the benefits and drawbacks of various methodologies. The guidance reports are not intended to promote a single methodology or to be an exhaustive treatment of the subject material. They provide information and references so that the user can more intelligently choose and implement the appropriate methodologies given the user’s application and capabilities. The guidance reports comprise parts 6 through 9 of the series and are listed below: [5.1System Safety Guidance (Part 6).—This guidance supplements 2.1 System Safety. < 5.2 Software Safety Guidance (Part 7).—This guidance supplements 2.2 Software Safety. < 6.0 Safety File Guidance (Part 8).—This guidance supplements 3.0 Safety File. < 7.0 Independent Functional Safety Assessment Guidance (Part 9).—This guidance supplements 4.0 Independent Functional Safety Assessment.] [ ]