Skip to main content

Interference-Free Workflow

This document provides guidance on how to handle interference-free product development for new products and for maintenance of existing products.

Definition of interference-free

Interference-free (IF) is a term used in Functional Safety development. It means product components, which

  • do not have a Safety Integrity Level (SIL), sometimes shows as non-SIL
  • are not suitable for processing safety-critical functions or signals
  • however they can be connected to or use in the safety system, i.e. have interfaces with safety-critical products or functions
  • are listed in the TUV Annex report on the product safety certificate as "interference-free", example see chapters 4.1 and 4.2 of 2PAA119911 System 800xA Safety Annex I of the Report on the Certificate Z10 029902 0014
note

: Different products could belong to different annexes, check with your safety engineer or product manager to find out which annex should be used to find out which components are classified as interference-free.

  • Safety requirement specification
  • Safety system architecture
  • Architecture or function description of the component
  • Safety manual describing the restrictions for user
  • Annexes of the TUV report on the safety certificate
  • Quality plan for release

Development pocess requirement for interference-free component/product

Decisions on interference-free

Description
WhoProduct Manager (Responsible) and Safety Engineer (Consulted)
Wheninterference-free should be defined at the latest G2. Ideally at G1 when system requirements are confirmed due to market requirements.
WhereDocument the decision on the quality plan, see help text in the 7PAA003088_en_TPF Quality Plan

SIL Development Process to Follow

  • For the development of hardware products, it is recommended that the safety engineer follow SIL 1 process from the safety handbook, because this facilitates the certification process
  • For interference-free software products, follow non-SIL process from the safety handbook
note

: Depending on the type and criticality of the interface to the safety system, the development activity could be required to follow higher SIL requirements, and the reasoning and conclusion should be documented in the requirement specification, quality plan, and function description. For example GFS810 of Select I/O is designed according to SIL 2.

Update the safety perspective chapter in the functional description

In the safety perspective chapter enter following information:

  • State the product/function is classified as interference-free
  • Describe the product/function interface to safety-critical and safety-relevant functions/products, for example, for hardware interference-free products, clearly state where the interference-free products are physically or wireless connected to SIL products and how they could potentially interfere with them.
  • Define the measures to assure interference-freeness, meaning although the function/product may malfunction, explain how such a failure will not threaten the predetermined functional safety objectives

Impact Analysis

  • Safety impact analysis is required for interference-free product development and subsequent product maintenance activities (e.g. bug fixing). Please use
    • 3BSE042623_Safety Impact Analysis Questions - Error Corrections for bug work item and
    • 3BSE052556_Safety Impact Analysis Questions - New Functionality for feature work item in Azure DevOps
  • When answering impact analysis question Q1: Is the reported problem Safety Critical?, please provide an argument as to why the defect or new functionality is not impacting the interference-freeness of the component. An answer like "No, because the error is located in an interference-free component xxx." is not sufficient. A good answer like: No, the module/function is interference free and the the interference freeness is not affected because …
  • The safety engineer needs to be involved in the impact analysis review of interference-free products. If no interference-free requirement or critical components are touched, RACI role for Safety engineer will be changed from ‘Consult’ to ‘Inform’.

Functional safety audit

  • interference-free product development including maintenance is within the scope of the annual FSM audit

Documents to be sent to the certification body

  • Gate/Milestone 2: quality plan, detailed test plan
  • G2-G5: impact analysis report, function description, analysis to interference-freeness
  • G5: updated and approved detailed test plan, the final conclusion of tests, release notes (if any)
note

: the certification body may ask for additional documents for review

How to perform an analysis of interference-freeness

According to Gate 5 checklist requirements. For safety and interference-free products to be released to the market, all required documents need to be accepted by the certification body and a signed certificate should be received from them.

To obtain feedback from the certification bodies as early as possible and to help them review the documents more effectively, we need to provide them with interference-free relevant information during the early stages of product development.

Here is a short guidance on what needs to be prepared by the development team. If you are not sure what failure modes the product/component might have, you can check the existing FMEA (Failure Mode Effect Analysis), HAZOP (Hazard and Operational Analysis), and criticality reports to find out more information. Please also contact the safety engineer for support. For examples of FMEA/HAZOP/Criticality reports see

  • 3BNP004305D0506 System FMEA Safety System 800xA
  • 3BSE072135 System FMEA Select I/O
  • 7PAA010941 HAZOP 3rd Party PROFIsafe - Report
  • 3BNP004305D0512 System & Software Criticality Analysis 800xA Control Safety

For new component/product development

Step 1 Check where the interference-free component/product is connected to SIL products and how it could potentially interfere with them. Go to step 2.

Step 2 Analyze the potential risks that can be caused by interference in the system FMEA/Hazop/Criticality reports. This potential interference must be avoided by design. Document the analysis in the system FMEA/Hazop/Criticality reports. Continue to step 3.

Step 3 Based on the analysis above,

  • describe the corresponding interference-free requirement in the requirement specification of this product
  • write the conclusion of this analysis in the function description safety perspective chapter
  • list the related critical components for interference-freeness in the circuit diagram if applicable.

Step 4 Provide the analysis and documents mentioned in previous steps to the certification body.

For product maintenance (redesign, rollup project or minor HW revision update)

Step 1 Check with the safety engineer for the latest product annex version to see if the product is listed as interference-free components, if true, go to step 2.

Step 2 Check if there is existing information in the FMEA/Hazop/Criticality reports or function description available. The interface should be clearly described, i.e. how the product is connected to SIL products and how they could potentially interfere with them.

  • If analysis and description are available and up to date, go to step 5.
  • If analysis or description is NOT available or not up to date, go to step 3.

Step 3 Analyze the potential risks that can be caused by interference. This potential interference must be avoided by design. Document this information and continue to step 4.

Step 4 Based on the analysis from step 3, write the conclusion of this analysis in the function description safety perspective chapter and list the related critical components for interference-freeness in the circuit diagram if applicable.

Step 5 Provide the analysis and documents mentioned in previous steps to the certification body.

References

Owner: Functional Safety Team