Michael Medoff's photo
Michael Medoff , CFSE, CISA

The Road to More Secure Products

Thursday, April 21, 2016 | Industrial Control System (ICS) Cybersecurity | Feed

The Road to Secure

As the incidence of cybersecurity threats in industry continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices available to end users such as creating demilitarized zones between the business network and the industrial network, banning the use of portable devices on the industrial network, ensuring that security patches are installed regularly, etc.  While these solutions all make a lot of sense, I recommend an attack at the problem core.  Patching, for example, is very important, but it is also very expensive and carries some extra risks in an industrial automation system such as impacting the performance of…


Todd Stauffer's photo
Todd Stauffer

New Version of ISA-18.2 Alarm Management Standard Is Released (2016)

Tuesday, April 19, 2016 | Alarm Management | Feed

The new and updated version of the ISA-18.2 standard (ANSI/ISA-18.2-2016, Management of Alarm Systems for the Process Industries) has now been officially released. This supersedes the original edition (2009). The new version incorporates feedback from 6+ years in the "field" and includes some updates based on the IEC 62682 international standard.

Selected highlights include:

  1. Updated definition of an alarm:

Alarm: audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a timely response.

Note that the word “timely” was added making it consistent with the IEC 62682 international Standard.

       2. Required / Recommended Content for…


Iwan van Beurden's photo
Iwan van Beurden, CFSE

PRODUCT SPOTLIGHT: Safety Equipment Reliability Handbook, 4th edition

Monday, April 18, 2016 | Functional Safety | Feed

Each month at exida, we strive to spotlight one of our products that makes the job easier for today's industry professional.  In this blog, I wanted to talk about our latest edtion of the SERH (Safety Equipment Realiability Handbook)

Safety Equipment Reliability HandbookThe Safety Equipment Reliability Handbook (SERH) book set is a hard copy of exida’s SERH database that contains a vast amount of equipment item reliability data.

The SERH provides a collection of failure rate data that is applicable for use in Safety Instrumented System (SIS) conceptual design verification in the process industry. It remains the ultimate reference source for any safety engineer involved in Conceptual…


Dr. William Goble's photo
Dr. William Goble, CFSE

Site Safety Index™ (SSI) – A Simple Model for Site Variations in Safety

Monday, April 11, 2016 | Certification | Feed

In several of our technical papers over the years, we have noticed that failure rates for the manufacturer, model number are different at different sites, even when the processes were quite similar.  When I have mentioned this to end users and manufacturers, often the response is “Yes, I have noticed.  Why does this happen?”  exida finally has enough field failure data to create a simple model for this based on concepts from IEC 61508.  We call our model the Site Safety Index™ (SSI).

A wide range of factors seem to contribute to the SSI.  After gathering lots of expert opinion on these factors, it became clear that they had everything to…


John Yozallinas's photo
John Yozallinas, CFSE

Is Your Team Ready for the Big Game?

Tuesday, March 29, 2016 | Functional Safety | Feed

How does a team get to play in the NCAA tournament?  They don’t just buy plane tickets and arrive at the arena ready to play whoever else shows up.  In fact, there is a rather rigorous process to determine who gets to play and what seed they are, which then determines who plays who.  But before all of that, the team coaches and school officials decide who will be on their team.  They conduct training camps and drills and practices.  And they compete with other schools to recruit players.  Then they determine the best players that will start, and the backup players who reinforce them. (Kinda sounds like competency evaluation, or project feasibility…


Todd Stauffer's photo
Todd Stauffer

PRODUCT SPOTLIGHT: SILAlarm V2.10 - Alarm Flood Suppression

Tuesday, March 15, 2016 | Software | Feed

The ISA-18.2 and IEC 62682 alarm management standards provide recommended targets for average alarm rate and for alarm floods - a condition during which the alarm rate is greater than the operator can effectively manage (e.g., more than 10 alarm per 10 mins) Ref ISA-18.2. During alarm floods the chance of an operator missing an alarm or making a mistake is increased. The following table taken from IEC 61511 shows how the reliability of humans is impacted by stress.


Todd Stauffer's photo
Todd Stauffer

Claiming alarms as an independent protection layer (IPL)

Tuesday, March 01, 2016 | Alarm Management | Feed

An interesting question arose recently when creating an FSM plan:

Does the ISA-18.2 standard on alarm management address the claiming of the operator’s response to alarms as a layer of protection?

Not specifically, however the ISA-18.2 standard does require that alarms are rationalized, and that alarm system performance is measured and judged against recommended metrics. Both activities in the alarm management lifecycle directly impact the dependability of the operator’s response to alarm as an IPL. Remember, an IPL must be:

• Specific
• Auditable
• Independent
• Dependable

An unrationalized system is likely to have too many alarms, incorrect priorities, and alarms without an operator response. A…


Ted Stewart's photo
Ted Stewart, CFSP

Site Safety Index IMPACT on Failure Rates and PFDavg

Friday, February 19, 2016 | Certification | Feed

Performing site audits for numerous customers can be very telling.  All sites have their own unique layout, procedures, documentation, and people.  Did you know that failure rates differ from site to site?  Are you surprised?  According to our recent webinar results, the majority of people aren’t, and in fact they expect it.  If this is the case, then why isn’t anyone taking into account these factors?

This is how the Site Safety Index (SSI) started.

Over the last 30 years exida has accumulated over 200 billion operating hours of REAL failure data.  From this data, exida was able to create the SSI.  A number of field failure…


Dr. William Goble's photo
Dr. William Goble, CFSE

A Year in Review: Functional Safety and Cybersecurity in 2015

Tuesday, January 26, 2016 | Certification | Feed

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015 were:

  • Progress was made on a new version of IEC 61511
  • The CFSE program was updated and enhanced
  • Good progress was made on several of the IEC 62443 automation cybersecurity standards
  • exida completed ANSI accreditation per the new ISO/IEC 17065 standard for product certification programs
  • A new OREDA field failure data analysis was published

At exida we were…


Steve Gandy's photo
Steve Gandy, CFSP

Safety Requirements Specifications (SRS):  The Good and the Bad

Thursday, January 21, 2016 | Functional Safety | Feed


The IEC 61511 Standard requires the user to create a Safety Requirements Specification (SRS) for a Safety Instrumented System (SIS) that incorporates all the analysis done during the Risk Assessment, HAZOP/PHA and LOPA reviews.  The SRS falls into two types: an initial conceptual SRS, often referred to as the Process Safety SRS; a detailed Design SRS which contains all the detailed design information. 

As in any requirements specification, how well and how concisely information is conveyed to the designer is essential to ensure that there is no ambiguity and potential for misinterpretation of the requirements.  This is especially true for safety-related process applications using SIS, where it is critical to convey the requirements…


Ted Stewart's photo
Ted Stewart, CFSP

WHY are Failures Occurring at a Different Rate from Our Other Site?

Thursday, January 14, 2016 | Certification | Feed

Site audits have shown many differences in how things are done from site to site. This impacts many variables in a safety instrumented system!

A key metric for process industry designs is called average Probability of Failure on Demand (PFDavg).  After several studies of many field failure and proof test reports, several variables* have been identified as key to a realistic PFDavg calculation.

The key variables in a PFDavg calculation are impacted by site operational practices and performing a SSU audit has many benefits.

Chris O'Brien's photo
Chris O'Brien, CFSE

Best Practices in Achieving Functional Safety in Turbine Applications - Part 3

Thursday, January 07, 2016 | Certification | Feed

The adoption of the functional safety standards continues to gain momentum in turbine applications. Both industrial and power turbine sites are now requiring compliance to IEC 61511. This blog will review both technical requirements and market trends related to functional safety system design. Market trends will cover which standards are required by region, turbine, size, and industry.

In Part 1, we discussed the application of IEC 61511 to Turbine Applications and how we demonstrate compliance. In Part 2, we took a high-level look at the safety lifecycle, take a look at the IEC 61511 lifecycle, and discuss hazard matrixes, risk graphs, and LOPAs.

In this blog, we will look at implications of IEC 61511 and effective implementation. 

Implications of IEC 61511

Because of IEC…


Loren Stewart's photo
Loren Stewart, CFSP

SILSafe Data Website

Tuesday, December 22, 2015 | Functional Safety | Feed


exida has launched the web site www.silsafedata.com. SILSafe Data is a web site listing a number of product categories used in process control and the expected range of failure rates for process industry applications. The use of realistic and application appropriate failure rate data has a significant impact on the validity of SIL verification calculations. Unfortunately there is often conflicting or incomplete information readily available to perform the tasks needed for safe designs. The impact of poor information can lead to dangerous under-designed systems, expensive overdesigns or even the need to re-design the safety integrated system. 

Determining if data is suitable for use is a critical first step. The SILSafeData.com…


John Yozallinas's photo
John Yozallinas, CFSE

Are We Done Yet?

Wednesday, December 09, 2015 | Functional Safety | Feed

We all know when we’re finished with the product development cycle; it’s printed in a little box on the project schedule Gantt chart.  The end of July… right there on the schedule, and it’s been there since the project inception.  So what happens when you reach 31-July and your product still isn’t ready?  Do you start changing the calendar to read 32-July, 33-July, and so on?  That might work if you only need a few more days of wringing out the functional testing, or finish the user manual.  But if you reach the 254th day of July, you’ve got a big problem.

In my project experience, there is always an end date.  Some…


John Yozallinas's photo
John Yozallinas, CFSE

Is your Car Smarter than a Fifth Grader?

Tuesday, November 17, 2015 | Functional Safety | Feed

While channel surfing the TV this weekend, I happened to stop on an old show called “My Mother The Car.”  (Ok, I’m dating myself, but it was filmed in color, as opposed to some other favorite old shows still in black-and-white).  The fictional car, a 1928 Porter built for the TV series, was the reincarnation of the owner’s deceased mother.  The car was always available for advice and helped the owner with various problems that could be solved within a 22-minute sitcom.    With all of its life experiences, I’m sure that car was smarter than a Fifth Grader. 

This show got me thinking about how cars have changed over the years.  New cars…


Human Performance Probability of Failure (IEC 61511/ISA-84)
Trained, no stress 1.0% to .01%
Under stress 50% to 100%