CASS TOES FOR THE FUNCTIONAL SAFETY ASSESSMENT PROCESS (IEC 61508-1: 2010)

For general guidance on using CASS conformity assessment documents, refer to: ‘Guidance for assessors on using the CASS TOEs’ available from

In the table below, E/E/PES is used as an abbreviation for Electrical/Electronic/Programmable-Electronic safety-related System

The procedures for conducting an independent FSA should comply with the general requirements from IEC 61508-1 clause 8 embodied in this template. This template is therefore used to ensure the assessment team/organisation is correctly set up so it can use the CASS methodology to perform a formal independent FSA.

TOE Ref. / Target of Evaluation (TOE) / Purpose of TOE / Referring IEC 61508 Clauses / Assessor Comments
1 / Appointment of assessor(s) / To ensure that assessors are:
a)informed of the FSA requirements
b)authorised to take responsibility for making the necessary judgement about the functional safety achieved by the E/E/PES and/or compliance of the elements/subsystems
c)accountable for their work / 1/8.2.1
2 / Access to all relevant persons, information and equipment / To ensure that assessors are provided with:
a)all information necessary to conduct the evaluations
b)access to those involved in the lifecycle activities within the scope of assessment
c)access to all relevant equipment, tools and processes / 1/8.2.2
3 / Application to all lifecycle phases and associated activities / To ensure the scope and boundaries of the assessment have been identified and hence the appropriate CASS templates have been selected considering the:
  • overall, E/E/PES and software lifecycles
  • documentation
  • verification
  • FSM
/ 1/8.2.3
4 / Judgment of achieving functional safety based on conformity requirements / To ensure the assessors are using the TOEs from the appropriate CASS templates effectively (with any additional prompts as necessary) to:
a)explore, evaluate and record objective evidence of conformity with the requirements of IEC 61508 or related standard
b)arrive at a judgment of functional safety achieved for the identified scope of the assessment / 1/8.2.4
5 / Claims of compliance made by all suppliers and other relevant parties / To ensure the assessors:
a)are able to identify all supplied equipment or services on which functional safety of an E/E/PES relies
b)make the necessary enquiries and where necessary evaluations to substantiate the suppliers’ claims of compliance
c)are using CASS FSM TOE 17 effectively to ensure suppliers are evaluated in respect of any functional safety aspects of their scope of supply / 1/8.2.5
6 / Scheduling of the assessment / To ensure the FSA is appropriately staged in a coherent manner (e.g., after each lifecycle phase) and documented such that the full scope of the E/E/PES safety functions can be finally assessed prior to the determined hazards being present / 1/8.2.6
7 / Evidence that periodic audits have been performed / To ensure that the assessment includes evidence that functional safety audit(s) have been carried out (either full or partial) relevant to its scope using CASS FSM TOE 15 / 1/8.2.7
8 / Coordination of actions from previous and for future assessments / To ensure that there is coherence between multiple assessments (either where assessments are staged or they are targeting different aspects, e.g., hardware and software) and that no issues are left unresolved / 1/8.2.8
9 / Planning and resourcing / To ensure that all information necessary to facilitate an effective assessment has been considered in the assessment plan / 1/8.2.9
10 / Approval of the assessment plan / To ensure that the assessment plan has been approved by those with overall responsibility for FSM / 1/8.2.10
11 / Full documentation of the evaluations, recommendations and outcomes / To ensure that the evaluations are fully documented in an open and auditable manner with all outcomes, conclusions and recommendations clearly stated / 1/8.2.11
12 / Release of the assessment outputs to all those who need the information / To ensure that those who need the information established by the assessment are informed / 1/8.2.12
13 / Availability of verified safety manuals for compliant items / To ensure that all the information pertaining to the use of a ‘compliant item’ in a safety system is made available, including its precise identification (h/w and s/w), conditions assumed during evaluation, any restrictions in use, and the tools, references and justifications used to arrive at its systematic capability / 1/8.2.13
14 / Competence of the assessor(s) / To ensure that assessors are competent to undertake the scope of assessments assigned to them / 1/8.2.14
1/6.2.13 – 15
15 / Independence of the assessor(s) / To ensure that assessors are able to make their evaluations and the necessary judgment of functional safety achieved:
  • without being influenced by prior involvement with the specific scope of assessment
  • without offering specific remedies for short-falls identified in the assessment
Note, some sector standards have different requirements for independence than those in 1/8.2.15 and 1/8.2.16 / 1/8.2.15, 1/8.2.16

15 CASS TOES FOR THE FUNCTIONAL SAFETY ASSESSMENT PROCESS FROM IEC 61508-1_2010 v1.docPage 1 of 4 © The CASS Scheme Limited 2017