Controlled change to SIS hardware, software, or operating conditions per IEC 61511 Cl.17
Phase 7 governs every change to the SIS — sensor replacement, logic-solver migration, software update, voting change, setpoint adjustment, or operating-mode change. Per IEC 61511 Cl.17, modifications must trigger H&RA re-assessment, SRS update, design verification, and re-validation as appropriate.
Phase 7 prevents the silent SIL degradation that drives most field SIS failures. Uncontrolled modifications collapse SIL claims and produce the 'commissioned for SIL-2 but actually operating at SIL-1' pattern.
Phase 7 re-enters earlier lifecycle phases based on modification impact. It also integrates with site MOC (OSHA PSM (l)) and PSSR (PSM (i)) to ensure the modified SIS is re-validated before live operation.
A focused 6-step methodology calibrated to deliver modification as a working capability — not a documented compliance artefact.
Catalogue change — component, logic, setpoint, voting, operating mode; align with site MOC procedure.
Per Cl.17.2 — assess H&RA / SRS / design / validation impact; identify lifecycle re-entry point.
Re-execute affected phases — H&RA revalidation if hazard set changes; SRS update; design verification; FAT/SAT/validation.
Per IEC 62443 — verify modification doesn't introduce new attack vectors or zone violations.
End-to-end function verification before live operation; document evidence per Cl.17.4.
OSHA PSM (i) pre-startup safety review confirming modification readiness; site leadership signoff before HHC re-introduction.
Decision-gated workflow showing the actual sequence of activities — from initiation through steady-state operation — with key decision points highlighted.
We can scope this element implementation against your facility, regulatory context, and existing management-system maturity — and integrate it with the other Functional Safety Lifecycle Implementation elements you already operate.