John Yozallinas's photo
John Yozallinas, CFSE

Train Wrecks Waiting to Happen?

Thursday, October 08, 2015 | Industrial Control System (ICS) Cybersecurity | Feed

Hacking public transportation systems is always depicted on TV and movies.  And they make it seem so easy… it only takes seconds for these fictional experts.  Is it a reality?

Well, the Amtrak train derailment that occurred earlier this year in Philadelphia got me thinking about “hacking” as a possible cause of the accident.  This is only my conjecture at this point, as there has been no indication that it was related to terrorism and all the facts of this unfortunate tragedy are still being collected and determined.  But some data reported from the train’s “black box” and engine cabin camera have been released. 

John Yozallinas's photo
John Yozallinas, CFSE

Say What?

Thursday, October 01, 2015 | Certification | Feed

The “see something, say something” mantra is being used as a countermeasure for terrorism and crime, but it can also be effective to improve functional safety in development teams and plant sites.  It could be useful in general process improvement as well.

This can be especially evident during training sessions and reviews when someone says: “our process says to do it this way, but this is what we really do …”  So you have to wonder why the process says to do things in a manner that no one applies, or to which no one gives credence.  It is at this point you should ask “why should I do things that way, according…


Loren Stewart's photo
Loren Stewart, CFSP

How can I improve my SIL?

Friday, September 25, 2015 | Functional Safety | Feed

Click here to read the first entry in this blog series (What is SIL compliance?)
Click here to read the second entry in this blog series (How is SIL Used?)

As we now know, a Safety Integrity Level (SIL) can only be given to a product that meets complete compliance.  So to improve your SIL, you must improve one of the three compliance requirements: 

  1. Improve SIL Capability
  2. Improve Architectural Constraints
  3. Improve PFDavg

Improve SIL Capability

  • Improve effectiveness of internal quality management

Improve Architectural Constraints

  • 1oo2
  • 2oo3
  • Change your Hardware Fault Tolerance

Improve PFDavg

Loren Stewart's photo
Loren Stewart, CFSP

How is SIL Used?

Tuesday, September 22, 2015 | Certification | Feed

Click here to read the first entry in this blog series 

Once the Safety Integrety Level (SIL) of a product is found, it will be used FOUR ways:

  1. To establish risk reduction requirements
  2. Probabilistic limits for hardware random failure
  3. Architectural constraints 
  4. To establish systematic capability

To establish risk reduction requirements

Each safety function has a requirement to reduce risk.

Example of Risk Reduction:

PHA Determines that a specific hazard can occur every 10 years causing a major release of toxic fumes into the atmosphere. Determine the RRF for the hazard to occur once in 500 years.

RRF = 500/10 = 50 


Loren Stewart's photo
Loren Stewart, CFSP

What is SIL compliance?

Friday, September 18, 2015 | Functional Safety | Feed

The Safety Integrety Level (SIL) of a product is determined by three things:

  1. The Systematic Capability Rating
  2. The  Architectural Constraints for the element
  3. The PFDavg Calculation for the product

The Systematic Capability Rating

Systematic Capability is established by having your quality management system audited per IEC 61508. If the QMS meets the requirements of IEC 61508, a SIL Capability rating is issued. The rating achieved depends on the effectiveness of your QMS. The certificate is for the systematic capability of a product.

The Architectural Constraints for the element

Architectural constraints are established by following Route 1H or Route 2H.  Route 1H involves calculating the Safe Failure Fraction for the element.  A valve…


John Yozallinas's photo
John Yozallinas, CFSE

Return to the “Just Do It” Approach

Tuesday, September 15, 2015 | Software | Feed

*The “Just Do It” approach was previously referenced in the blog entry Seat-of-your-Pants Software?

If used early in the development lifecycle, a “just do it” approach could help marketing determine the look-and-feel of an application program with a complex user interface.  Early software prototyping on a PC is pretty fast today.  With limited information, a software engineer could put something together and can give quick input to those drafting the product requirements.  These requirements could even be refined using subsequent prototyping sessions.  This technique is a big part of the Agile development model.  However, it should be recognized that these prototypes can’t usually stand on their own; they need support…


John Yozallinas's photo
John Yozallinas, CFSE

What’s Your Biggest Fear?

Friday, September 11, 2015 | Certification | Feed

Plane crash?


Ebola outbreak?

Shark attack?

There are probably lots more things to add to that list.  What could we do to prevent them?  Not too much for some… a little more for others.  But would those mitigations be practical?  What tolerable risk can we accept for these fears and still enjoy life?  If I never again swam in the ocean to avoid a shark attack, my life would still be pretty good.  But if I had to curtail my traveling to avoid a plane crash, I don’t think I’d be as happy.   Life is decided by choices we make… to travel, to live where we want, to swim or surf. 



Loren Stewart's photo
Loren Stewart, CFSP

Introducing the New Safety Equipment Reliability Handbook (SERH): 4th Edition

Tuesday, September 08, 2015 | Functional Safety | Feed

New Safety Equipment Reliability Handbook (SERH): 4th Edition

exida is pleased to announce the latest release of their failure data book Safety Equipment Reliability Handbook (SERH): 4th Edition. The book set is a hard copy of exida’s SERH database that contains a vast amount of equipment item reliability data. The set comes in three different volumes:

  • 01 Sensors
  • 02 Logic Solvers & Interface Modules
  • 03 Final Elements

The SERH provides a collection of failure rate data that is applicable for use in Safety Instrumented System (SIS) conceptual design verification in the process industry. The Safety Equipment Reliability Handbook remains the ultimate reference source for any safety engineer involved in Conceptual Design and…


Dr. William Goble's photo
Dr. William Goble, CFSE

To Spreadsheet…or NOT to Spreadsheet

Thursday, September 03, 2015 | Software | Feed

I remember the first time I ever saw a spreadsheet program. It was called “VisiCalc" and ran on a Commodore PET computer. My first thought was, “What is that good for?” Then I tried it and was totally hooked. I conclude that the creation of the spreadsheet has changed engineering forever. I can now do amazing types of analyses. It was so exciting that I started using a spreadsheet for almost everything. I was addicted. I would strongly argue that it was less expensive and better for my company to pay me to do spreadsheets than buy expensive ($1000+) engineering tools. Then I hit the wall. Enhancements were needed. Macros stopped working with…


Loren Stewart's photo
Loren Stewart, CFSP

What is Systematic vs. Random Capability?

Tuesday, September 01, 2015 | Certification | Feed

There seems to be a bunch of confusion surrounding systematic capability and random capability.  I will try to clear up the confusion by explaining what is all considered and what the IEC standard says about both. 

Systematic Capability

  • Development process/quality system requirements depend on certification SIL level, higher SIL level means more stringent requirement
    • For software architecture design, Fault Detection not required for SIL 1, Recommended for SIL 2, Highly Recommended for SIL 3
  • Systematic capability indicates level of development process/quality system considered
  • If product systematic capability is SIL 3, the development process considered meets IEC 61508 SIL 3 requirements, therefore product can be used in SIL…


Denise Chastain Knight's photo
Denise Chastain Knight, P.E., CFSE

The Architectural Constraint Blind Side

Thursday, August 27, 2015 | Certification | Feed

I did my homework, purchased certified devices, and specified physical redundancy. I expected an uneventful SIL Verification but the assessor is telling me that I have functions failing Architectural Constraints in the sensor and final element groups. How can that be? 

Low demand mode Safety Instrumented Function (SIF) design is verified against three criteria:

  • Probability of Failure on Demand
  • Architectural Constraints
  • Systematic Capability

Probability of Failure on Demand (PFDavg) is a statistical evaluation based on random failure data representing the likelihood that a SIF will fail to perform properly when there is a process demand. Systematic Capability is an evaluation of the potential that SIF will fail…


Steve Gandy's photo
Steve Gandy, CFSP

Failure Rate Data: Are You Being Outsold?

Tuesday, August 25, 2015 | Functional Safety | Feed

When speaking with several manufacturers’ sales teams recently, it became very evident that some of these sales people, selling into the Industrial Safety and Controls markets, had little or no knowledge of how their products’ failure rate data compared to their competitors and/or another industry benchmark (such as DOW or OREDA).  Indeed, most of them had never seen their safety manual, let alone know of its existence.  Some of the companies I spoke with were experiencing a problem competing with their competitors who were using lower, more favorable failure rates.  However, these failure rates being offered by the competitors for similar devices were outside process industry realistic ranges and dangerously optimistic.  For…


Eric Persson's photo
Eric Persson, CISSP, CACE

How Cybersecurity is like a Goldfish

Thursday, August 20, 2015 | Industrial Control System (ICS) Cybersecurity | Feed

Oh look! Squirrel!

I am not much of a blogger. I should be but I’m not. This is strange, because I always have plenty to say.

This subject just gets me going so I am writing about it. I welcome feedback and opinions.

I have been in cybersecurity in one form or another for over 30 years, whether it be as the target of the attacks as an IT Manager, or a consultant trying to educate and help client companies with products and services, I have seen the same trend over and over again.

When a company has a realized or suspected a cyber-event, they go into proactive response mode, begin investigating and…


John Yozallinas's photo
John Yozallinas, CFSE

Certification and the Environmental Test

Tuesday, August 18, 2015 | Certification | Feed

Functional Safety Assessments (FSA) focus on the relevant functional safety standards that are to be applied to a product in the appropriate industry.  These are standards such as IEC 61511 in the process automation industry, or ISO 26262 in the automotive industry.  And IEC 61508 is like an umbrella safety standard over all of them.  But what about other specification and standards that a product has to meet?  Most of these non-safety specific criteria come from the markets and industries served by the product.  If you make a product that has to work in a harsh environment, you need to design and test for that environment.  Your users want to know that the…


Ted Stewart's photo
Ted Stewart, CFSP

The True Meaning Behind Those Fancy Letters on a Signature

Thursday, August 13, 2015 | Certification | Feed

Let me ask you a few questions: Does adding letters after a person’s name make them more important? What did that person go through to achieve those letters? If someone has XYZ after their name and another person also has XYZ after their name, are they equal? Did one of them have more hurdles to jump over than the other?

These are all interesting questions that aren’t asked very often.  Many people see these letters, but do they understand their true meaning?

In the functional safety world there are MANY types of personnel functional safety experts certified by many different organizations that have their own set of “Letters.”  Are they all created equaled?…