Tales from the Certification Wars - Who certifies the certification agency?

I have often heard the question “Who says they can issue a certification?”  This is often accompanied by “Why can’t I certify my own product?”  “Who knows our design better than we do?” Good questions.

The IEC 61508 standard does not require certified products for Functional Safety.  However, competency is required and “independent assessment” is required for higher SIL levels.  So what is happening in the market?

Some companies self-certify their products. I have seen certificates usually signed by their quality manager declaring “Suitable for SIL X,” or such language.  I recently asked about the procedure used. This particular manufacturer spoke with a few dozen of their customers and asked if the product was working well.  One had been designing…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Counterfeit Certificate!

I am told that plagiarism is a compliment. Since exida is the leading company for IEC 61508 certifications I suppose it was bound to happen. Well it did. exida got an email from our sales representative in China. He asked why this certificate was not listed on the exida Safety Automation Equipment List. An electronic copy of the certificate was sent to me. It was easy to spot that the certificate was forged. Looking closely I see they did a good job. The fonts and spacing were pretty good. But I recognized that this particular certificate was from another customer, Virgo. Virgo has gone through the effort of having their engineering process and manufacturing process audited and inspected. They demonstrated…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Certified to SIL 4 - Cycle Test Failure Data is Dangerous

I got a copy of the IEC 61508 certificate for a solenoid valve today from an engineer who thought something was wrong.  Although the certificate was from a well known certification company, the certificate gave a “Dangerous Failure Rate” of 1.7 FITS (1.7 * 10-9 failures per hour).  This is less than the value for simple electrical resistor!  Indeed something seems quite wrong. 

The report for the certificate explained how a “Cycle Test” was used to determine the random failure rate.  A number of solenoid were put on test and cycled until 12,000,000 total successful cycles were completed. It was then assumed that the “probability of failure of the safety function on demand” was less than 1/12,000,000. Assuming a…

Continue Reading >>

Failure Data • (1) Comments • Permalink

Stepping stones to SIL 3

Imagine.  Marketing has just approached the engineering department and says your new safety product must have SIL 3 Capable certification instead of SIL 2 to be successful.  You are in the engineering group developing this new product.  Now what?

Let’s assume that the “change request” makes sense and has been approved for the product.  This is an important first step, as changes in requirements and scope creep can wreak havoc on a project.  It’s also important to demonstrate that your modification processes meets the 61508 requirements.  Remember, you don’t want to operate outside the safety lifecycle!

Some of the main differences between SIL ratings involve:

• Hardware Fault Tolerance (HFT)
• Safe Failure Fraction (SFF)
• the techniques…

Continue Reading >>

Functional Safety Certification • (2) Comments • Permalink

Functional Safety and Taxes: Are you an expert?

Today, April 15th, is tax-day in the US.  Ok, the Internal Revenue Service (IRS) has given us a few extra days this year (the tax filing deadline is not until April 18th).

There are a lot of similarities between how you do your taxes and how you handle your functional safety.  As for filing taxes, some choose to:

• Hire an accountant (3rd party)
• Buy a software program to guide them through the process
• Manually complete the required tax forms

When it comes to functional safety, I see the same approach. There are end-users (owners/operators) that:

• Hire a 3rd party to assist
• Buy a software program
• Use an…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

Lifecycle Analysis: It’s Worth the Effort

Performing a risk analysis as part of an IEC61508/61511/ISA 84.01 safety lifecycle process can be quite challenging. How can you be sure you get what you need within budget and how can your team provide the best value for money? When these services are brought in from outside, it can be difficult to see high quality and the value of that quality in advance. But it is almost always easy to see the cost. Also the buying decision is often based on the project requirements rather than the overall life of the plant requirements. As a result, this situation can easily lead to a lower quality risk analysis. This problem is what classical economics calls “the market for lemons,” and…

Continue Reading >>

Risk Communication • (1) Comments • Permalink

What is So Important About Derating?

Some designs push their operating specifications right up to the limit of the components in the system or device.  (let’s not talk about the designs that try to spec a limit that is beyond the capability of one or more components… phooey on them!)  And if you make a product that is not used in a critical application or in environmental extremes, this may not be a big deal.  But in the safety world, we’re better than that!  Not only should you keep the operating specs below the limits of the components, you should keep the specs at a comfortable margin below those limits.  IEC 61508-2 suggests (but does not mandate) a two-thirds derating factor be applied to components of…

Continue Reading >>

Functional Safety Certification • (2) Comments • Permalink

Buy Certified Equipment, Meet the Standard, Right? WRONG!

While correcting a CFSP exam, I read a question which went something like this:

If you purchase all IEC 61508 certified equipment for a low demand safety instrumented function, then to meet the requirements of IEC 61511:

A. No other design verification is needed

B. You must optimize capital costs

C. You must verify the design by calculating PFDavg, checking Architecture Constraints, and checking SIL capability

D. You must compare pricing of alternative vendors

The correct answer: C

While your company procedures may suggest items B and D, IEC 61511 does not.  The intent of the question is to ensure that everyone understands that design verification must be done even for certified equipment.  There seems to be a common…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

When is a Variable Frequency Drive a SIS?

It used to be that a pump would operate at a single speed dictated by a motor, thus fixing the pump curve. As the discharge flow decreased due to a restriction downstream, the pump outlet pressure would increase reaching its deadhead pressure. If the downstream piping and vessels were designed to withstand this deadhead pressure, an inherently safer design would be achieved.

Today, flow is increasingly controlled via variable frequency drives (VFD). Let’s consider two cases:

    • Motor matched closely to the load
    • Oversized motor relative to the load

In both cases, there is the potential for the VFD controller to fail dangerously, resulting in maximum speed of the pump. In the first…

Continue Reading >>

Safety Instrumented System • (2) Comments • Permalink

Keep Risk Personal

We are fortunate that Risk Analysts have developed a logical framework of quantitative and semi-quantitative analysis techniques that allow us to assess and optimally mediate risk. And we all know that this is part of the Safety Lifecycle, a series of engineering steps/procedures that represent best safety practices. These are documented in IEC 61511 for the process industries. We also know that our methods are fallible and accidents may occur.  In many ways this is what the measure of “tolerable risk” is all about.  But I think it wise to consider the personal side of risk whenever making a decision about safety.

In the typical high consequence / low frequency accident scenario, it is well known that a person…

Continue Reading >>

Risk Communication • (0) Comments • Permalink