Dr. William Goble's photo
Dr. William Goble, CFSE

A Year in Review: Functional Safety and Cybersecurity in 2015

Tuesday, January 26, 2016 | Functional SafetyIndustrial Control System (ICS) Cybersecurity | Feed


Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015 were:

  • Progress was made on a new version of IEC 61511
  • The CFSE program was updated and enhanced
  • Good progress was made on several of the IEC 62443 automation cybersecurity standards
  • exida completed ANSI accreditation per the new ISO/IEC 17065 standard for product certification programs
  • A new OREDA field failure data analysis was published

At exida we were…

READ BLOG POST >>

Steve Gandy's photo
Steve Gandy, CFSP

Safety Requirements Specifications (SRS):  The Good and the Bad

Thursday, January 21, 2016 | Functional Safety | Feed


SRS

The IEC 61511 Standard requires the user to create a Safety Requirements Specification (SRS) for a Safety Instrumented System (SIS) that incorporates all the analysis done during the Risk Assessment, HAZOP/PHA and LOPA reviews.  The SRS falls into two types: an initial conceptual SRS, often referred to as the Process Safety SRS; a detailed Design SRS which contains all the detailed design information. 

As in any requirements specification, how well and how concisely information is conveyed to the designer is essential to ensure that there is no ambiguity and potential for misinterpretation of the requirements.  This is especially true for safety-related process applications using SIS, where it is critical to convey the requirements…

READ BLOG POST >>

Ted Stewart's photo
Ted Stewart, CFSP

WHY are Failures Occurring at a Different Rate from Our Other Site?

Thursday, January 14, 2016 | Certification | Feed


Site audits have shown many differences in how things are done from site to site. This impacts many variables in a safety instrumented system!

A key metric for process industry designs is called average Probability of Failure on Demand (PFDavg).  After several studies of many field failure and proof test reports, several variables* have been identified as key to a realistic PFDavg calculation.

The key variables in a PFDavg calculation are impacted by site operational practices and performing a SSU audit has many benefits.

Chris O'Brien's photo
Chris O'Brien, CFSE

Best Practices in Achieving Functional Safety in Turbine Applications - Part 3

Thursday, January 07, 2016 | Certification | Feed


The adoption of the functional safety standards continues to gain momentum in turbine applications. Both industrial and power turbine sites are now requiring compliance to IEC 61511. This blog will review both technical requirements and market trends related to functional safety system design. Market trends will cover which standards are required by region, turbine, size, and industry.

In Part 1, we discussed the application of IEC 61511 to Turbine Applications and how we demonstrate compliance. In Part 2, we took a high-level look at the safety lifecycle, take a look at the IEC 61511 lifecycle, and discuss hazard matrixes, risk graphs, and LOPAs.

In this blog, we will look at implications of IEC 61511 and effective implementation. 

Implications of IEC 61511

Because of IEC…

READ BLOG POST >>

Loren Stewart's photo
Loren Stewart, CFSP

SILSafe Data Website

Tuesday, December 22, 2015 | Functional Safety | Feed


 

exida has launched the web site www.silsafedata.com. SILSafe Data is a web site listing a number of product categories used in process control and the expected range of failure rates for process industry applications. The use of realistic and application appropriate failure rate data has a significant impact on the validity of SIL verification calculations. Unfortunately there is often conflicting or incomplete information readily available to perform the tasks needed for safe designs. The impact of poor information can lead to dangerous under-designed systems, expensive overdesigns or even the need to re-design the safety integrated system. 

Determining if data is suitable for use is a critical first step. The SILSafeData.com…

READ BLOG POST >>

John Yozallinas's photo
John Yozallinas, CFSE

Are We Done Yet?

Wednesday, December 09, 2015 | Functional Safety | Feed


We all know when we’re finished with the product development cycle; it’s printed in a little box on the project schedule Gantt chart.  The end of July… right there on the schedule, and it’s been there since the project inception.  So what happens when you reach 31-July and your product still isn’t ready?  Do you start changing the calendar to read 32-July, 33-July, and so on?  That might work if you only need a few more days of wringing out the functional testing, or finish the user manual.  But if you reach the 254th day of July, you’ve got a big problem.

In my project experience, there is always an end date.  Some…

READ BLOG POST >>

John Yozallinas's photo
John Yozallinas, CFSE

Is your Car Smarter than a Fifth Grader?

Tuesday, November 17, 2015 | Functional Safety | Feed


While channel surfing the TV this weekend, I happened to stop on an old show called “My Mother The Car.”  (Ok, I’m dating myself, but it was filmed in color, as opposed to some other favorite old shows still in black-and-white).  The fictional car, a 1928 Porter built for the TV series, was the reincarnation of the owner’s deceased mother.  The car was always available for advice and helped the owner with various problems that could be solved within a 22-minute sitcom.    With all of its life experiences, I’m sure that car was smarter than a Fifth Grader. 

This show got me thinking about how cars have changed over the years.  New cars…

READ BLOG POST >>

Chris O'Brien's photo
Chris O'Brien, CFSE

Best Practices in Achieving Functional Safety in Turbine Applications - Part 2

Tuesday, November 03, 2015 | Functional Safety | Feed


The adoption of the functional safety standards continues to gain momentum in turbine applications. Both industrial and power turbine sites are now requiring compliance to IEC 61511. This blog will review both technical requirements and market trends related to functional safety system design. Market trends will cover which standards are required by region, turbine, size, and industry.

In Part 1, we discussed the application of IEC 61511 to Turbine Applications and how we demonstrate compliance.  In this blog we'll take a high-level look at the safety lifecycle, take a look at the IEC 61511 lifecycle, and discuss hazard matrixes, risk graphs, and LOPAs.

Functional Safety Lifecycle

Now we'll take a high-level look at the safety…

READ BLOG POST >>

Chris O'Brien's photo
Chris O'Brien, CFSE

Best Practices in Achieving Functional Safety in Turbine Applications - Part 1

Tuesday, October 20, 2015 | Certification | Feed


The adoption of the functional safety standards continues to gain momentum in turbine applications. Both industrial and power turbine sites are now requiring compliance to IEC 61511. This blog will review both technical requirements and market trends related to functional safety system design. Market trends will cover which standards are required by region, turbine, size, and industry.

Application of IEC 61511 to Turbine Applications

There has been some discussion as to whether turbines should be treated under machinery or process safety standards. For hazards such as crushing or burning, machinery safeguarding standards should be applied. For hazards such as explosion or overspeed, process safety standards (IEC 61511) should be applied. 

Forces Influencing SIL Adoption

READ BLOG POST >>

John Yozallinas's photo
John Yozallinas, CFSE

Train Wrecks Waiting to Happen?

Thursday, October 08, 2015 | Industrial Control System (ICS) Cybersecurity | Feed


Hacking public transportation systems is always depicted on TV and movies.  And they make it seem so easy… it only takes seconds for these fictional experts.  Is it a reality?

Well, the Amtrak train derailment that occurred earlier this year in Philadelphia got me thinking about “hacking” as a possible cause of the accident.  This is only my conjecture at this point, as there has been no indication that it was related to terrorism and all the facts of this unfortunate tragedy are still being collected and determined.  But some data reported from the train’s “black box” and engine cabin camera have been released. 

John Yozallinas's photo
John Yozallinas, CFSE

Say What?

Thursday, October 01, 2015 | Certification | Feed


The “see something, say something” mantra is being used as a countermeasure for terrorism and crime, but it can also be effective to improve functional safety in development teams and plant sites.  It could be useful in general process improvement as well.

This can be especially evident during training sessions and reviews when someone says: “our process says to do it this way, but this is what we really do …”  So you have to wonder why the process says to do things in a manner that no one applies, or to which no one gives credence.  It is at this point you should ask “why should I do things that way, according…

READ BLOG POST >>

Loren Stewart's photo
Loren Stewart, CFSP

How can I improve my SIL?

Friday, September 25, 2015 | Functional Safety | Feed


Click here to read the first entry in this blog series (What is SIL compliance?)
Click here to read the second entry in this blog series (How is SIL Used?)

As we now know, a Safety Integrity Level (SIL) can only be given to a product that meets complete compliance.  So to improve your SIL, you must improve one of the three compliance requirements: 

  1. Improve SIL Capability
  2. Improve Architectural Constraints
  3. Improve PFDavg

Improve SIL Capability

  • Improve effectiveness of internal quality management

Improve Architectural Constraints

  • 1oo2
  • 2oo3
  • Change your Hardware Fault Tolerance

Improve PFDavg

Loren Stewart's photo
Loren Stewart, CFSP

How is SIL Used?

Tuesday, September 22, 2015 | Certification | Feed


Click here to read the first entry in this blog series 

Once the Safety Integrety Level (SIL) of a product is found, it will be used FOUR ways:

  1. To establish risk reduction requirements
  2. Probabilistic limits for hardware random failure
  3. Architectural constraints 
  4. To establish systematic capability

To establish risk reduction requirements

Each safety function has a requirement to reduce risk.

Example of Risk Reduction:

PHA Determines that a specific hazard can occur every 10 years causing a major release of toxic fumes into the atmosphere. Determine the RRF for the hazard to occur once in 500 years.

RRF = 500/10 = 50 

READ BLOG POST >>

Loren Stewart's photo
Loren Stewart, CFSP

What is SIL compliance?

Friday, September 18, 2015 | Functional Safety | Feed


The Safety Integrety Level (SIL) of a product is determined by three things:

  1. The Systematic Capability Rating
  2. The  Architectural Constraints for the element
  3. The PFDavg Calculation for the product

The Systematic Capability Rating

Systematic Capability is established by having your quality management system audited per IEC 61508. If the QMS meets the requirements of IEC 61508, a SIL Capability rating is issued. The rating achieved depends on the effectiveness of your QMS. The certificate is for the systematic capability of a product.

The Architectural Constraints for the element

Architectural constraints are established by following Route 1H or Route 2H.  Route 1H involves calculating the Safe Failure Fraction for the element.  A valve…

READ BLOG POST >>

John Yozallinas's photo
John Yozallinas, CFSE

Return to the “Just Do It” Approach

Tuesday, September 15, 2015 | Software | Feed


*The “Just Do It” approach was previously referenced in the blog entry Seat-of-your-Pants Software?

If used early in the development lifecycle, a “just do it” approach could help marketing determine the look-and-feel of an application program with a complex user interface.  Early software prototyping on a PC is pretty fast today.  With limited information, a software engineer could put something together and can give quick input to those drafting the product requirements.  These requirements could even be refined using subsequent prototyping sessions.  This technique is a big part of the Agile development model.  However, it should be recognized that these prototypes can’t usually stand on their own; they need support…

READ BLOG POST >>