Alarm Rationalization is “Going Green (field)”

Viewed 923 times

With the growing adoption of the ISA-18.2 standard on alarm management, industry leaders are increasingly implementing alarm management best practices (such as alarm rationalization) during the upfront design, before they start up control systems for new, “Greenfield” installation. There are numerous benefits. You think alarm overload and nuisance alarms are problem in a running (optimized) plant…Imagine what it is like in a plant that doesn’t yet have significant operational experience!

While the benefits are numerous, so are the challenges, especially compared to alarm rationalization on an existing (brownfield) system, where the hardest part is determining whether you are going to start “from where you are” (bottoms up) or start from scratch (tops down). Alarm rationalization is done before the configuration…

Continue Reading >>

Alarm Management • (0) Comments • Permalink

Certification Accreditation

Viewed 1183 times

I am often asked “who says exida can certify a product?”  The best answer is of course “the marketplace.”  End user owner/operators ask for an exida certificate because they understand why technical competency is so important when evaluating design quality.  Then instrumentation manufacturers get an exida certificate because exida analysts help them create a safer, more reliable product.  That is the free market at work.  But certification is something people depend on therefore there is an accreditation program for product certifiers. 

Most countries have an “Accreditation Body (AB)” that audits the “Certification Body (CB)” per a particular set of standards and “scheme owner” requirements.  The fundamental standard for a product certification program has been IEC Guide 65/EN45051. A new…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

IEC 61508 Compliant Module Testing: Part 4

Viewed 1109 times

Click here to read Part 1
Click here to read Part 2
Click here to read Part 3

Part 3 covered the design of tests, resulting in one or more Module Test Plans.  To execute a test plan, one would start with the test plan and a test results template (which could be a copy of the test plan as indicated previously), document the general test information specific to the test execution (version numbers, dates, name of the tester, etc.), set the test up according to plan, run the test according to plan, and record the test…

Continue Reading >>

Software • (0) Comments • Permalink

Industrial Control System Cyber Security – Legislation and Standards

Viewed 1083 times

There is a lot of concern around cyber security in Industrial Control Systems.  With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically.  There are increased calls for legislation and new methods for dealing with these threats.  The history of how we have dealt with similar risk issues around process safety tells us that there are two ways to address the issues with very different results.  On the one hand, there is a prescriptive approach where you define the remediation that should be required.  This approach might work in very well-defined systems where there is very little change in technology.

The other approach is to define functional requirements and set performance standards that…

Continue Reading >>

Control System Security • (0) Comments • Permalink

IEC 61508 Compliant Module Testing: Part 3

Viewed 742 times

Click here to read Part 1
Click here to read Part 2

The Test Plan

Assessment requires evidence that module tests are designed properly, run properly, and have been successfully run. Documented test results are also required.  In order to meet these requirements it is generally a good idea to document a test plan for each module.  Information that applies to all module tests can be documented in a common place and referenced from the test plans (e.g., hardware set up, etc.).  Including blank test result fields in the test plan is a good idea if you plan to copy the test plan file…

Continue Reading >>

Software • (0) Comments • Permalink

IEC 61508 Compliant Module Testing: Part 2

Viewed 846 times

Click here to read Part 1

Last week you learned about what exactly a module is, and examples of different types of modules. Now we will move on to interfaces, the need for module testing, and code coverage requirements.

An interface, such as the 3D printer’s communication interface, or the format of the 3D data it can render, serves several purposes. It provides the contract between two entities: a provider and a consumer. In software, these two entities are generally a calling function and a called function. As long as both entities comply with the interface specification, the cooperative effort between them works correctly. Modules have internal and external interfaces. An…

Continue Reading >>

Software • (0) Comments • Permalink

Pen Testing a Live Control System – Are You Mad?

Viewed 1130 times

A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems.  Often times they request these services as one of the first steps in their plans to improve ICS security. 

Pen testing, as the name implies, is intrusive testing whereby the tester behaves like an attacker and attempts to penetrate the system.  This often means the tester will deliberately send probe packets or malformed packets on the network.  Pen testing is common practice in IT security as a means to testing the effectiveness of the security controls (e.g. firewall, intrusion detection, etc.) that have…

Continue Reading >>

Control System Security • (0) Comments • Permalink

IEC 61508 Compliant Module Testing: Part I

Viewed 1123 times

3D printers are cool!  I watched a TED talk this past year about them.  I know they have been around for over 30 years, but I still think they’re cool.  As I watched, I thought of the wheel for my dishwasher’s roll-out rack, which had recently fallen off and melted on the heating element.  In theory, if I had a personal 3D printer, and the printable data were available on the internet, I could print a replacement wheel within minutes of discovering the broken part.

I then started to think about what it takes to make that actually work.  The data describing the wheel has to be available.  The data has to be sent to the…

Continue Reading >>

Software • (0) Comments • Permalink

How to Decode an exida IEC 61508 Certificate: Part 2

Viewed 1067 times

Click here to read Part 1

Now that you know the step-by-step process of product certification, now let’s take a look at the actual information on the certificate. 

In the left panel (gray background) you will find an exida certification logo.  The logo contains information on the standard used for certification as well as the SIL Capabiliy.  The left panel also includes the FMEDA and assessment reports.  You want to reference these report numbers when requesting them from the manufacturer.  You can find the assessment report on the exida website however you’ll have to request the FMEDA report from the manufacturer.  I’ll get into why you need to request the FMEDA report…

Continue Reading >>

Functional Safety Certification • (1) Comments • Permalink

How to Decode an exida IEC 61508 Certificate: Part 1

Viewed 1359 times

So you downloaded a product certificate from the exida website and you are trying to understand the information documented in the certificate.  Also, you likely want to know what stands behind the certificate and what was involved in the certification of the product.
 
I’m not going to spend time talking about exida; you can find that on the website!

Let’s first discuss the step-by-step process of product certification.  I’ll give you the “reader’s digest” version of the certification procedure: 

Step 1:  Kickoff Meeting
The exida project engineer will conduct a project kickoff meeting to review the steps that will be taken to achieve certification.  This is typically done via a net meeting or…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Component De-rating Without the Overhead

Viewed 1095 times

If you were going to build a bridge, you would want to make sure that it did not fall down if there were too many cars on the bridge.  One way that this is accomplished is to overdesign.  If the bridge is expected to hold at most 20,000 pounds, it should be designed to hold 40,000 pounds.  That way the bridge will still hold strong if the estimated capacity is exceeded.  The same concepts apply to electrical components, and in fact for safety systems, IEC 61508 requires that this overdesign be done.  This practice of limiting electrical, thermal, and mechanical stresses on electrical parts to levels below their specified rating is called de-rating.  If a product is expected to reliably…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

People and Risk: The Common Enemy

Viewed 1082 times

In today’s modern society there is an increasing demand for “safer” products/systems, which have to meet increasingly demanding standards.  The management of “risk” is a major factor in ensuring that a product/system can meet its design objectives, as well as satisfying the required standards and, even more importantly, meeting the need in a cost-effective manner.

As human beings living in a civilized, modern society, we take risks every day; in driving to work, crossing the road, and even within the home.  You may be surprised to learn that most accidents happen in the home.  There are many reasons why this should be: we spend most of our time at home; we feel safer, therefore, we take less care and attention. …

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Super-Duper Logic Solver Data; So what?

Viewed 1513 times

I am working on a SIL verification project and just had to share some observations.

For this project, the customer decided to choose a logic solver for which no data is listed in the exida Safety Equipment Reliability Handbook (SERH). One could ask:

• Why?

  Well the simple answer is that we have contacted this particular manufacturer multiple times and we have been met with silence. Apparently there is no interest from the manufacturer to have their product listed in the database. Do they think that an exida analysis of the data would identify potential issues?

• What now?

  The SERH database fortunately contains “generic” components for all equipment categories. One can select these…

  Continue Reading >>

  Failure Data • (0) Comments • Permalink

Are You Going for Gold in Safety?

Viewed 760 times

Olympic athletes don’t wake up one day and decide to compete in the Olympics.  They don’t arrive at the games by chance or coincidence.  Their journey starts long before the games begin. They are often influenced and inspired by watching others or by their own interests.  They may begin by playing the game to see how good they are.  And if their dream is to compete at the highest levels of their sport, they begin the arduous preparation by learning the rules, training with experts, and practicing.  Only then will they have a chance to win gold.

The path to functional safety certification with IEC 61508 is not so different from the athlete’s path to the Olympic games.  The journey…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Analysis and Realization: Done. Let’s Start Operation… What’s Next?

Viewed 1086 times

Congratulations! You’ve completed the Analysis and Realization phases of the Safety Lifecycle, and are about to begin the Operation phase, but what’s next? Well obviously you need to do proof testing, but is there anything else? You may be familiar with the figure below:

The functional safety standards require that you record any demands and failures that occur during normal operation, as well as the results of all your proof testing. Furthermore, you are expected to periodically compare your actual performance with your assumed performance. In other words, do demands occur as frequently as you expected? More frequent means that the risk is higher than you had estimated; less frequent means the actual…

Continue Reading >>

Software • (0) Comments • Permalink