While correcting a CFSP exam, I read a question which went something like this:

If you purchase all IEC 61508 certified equipment for a low demand safety instrumented function, then to meet the requirements of IEC 61511:

A. No other design verification is needed

B. You must optimize capital costs

C. You must verify the design by calculating PFDavg, checking Architecture Constraints, and checking SIL capability

D. You must compare pricing of alternative vendors

The correct answer: C

While your company procedures may suggest items B and D, IEC 61511 does not.  The intent of the question is to ensure that everyone understands that design verification must be done even for certified equipment.  There seems to be a common misconception among some that the purchase of certified equipment is all that is needed to meet the standard.  I can imagine this myth is being spread by a salesperson trying to sell equipment.  The benefits of IEC 61508 certified products are strong, but avoiding design verification is certainly NOT a benefit.

Choosing equipment that is right for the application is also important.  Sensors must be able to measure the process variable accurately.  Materials must be compatible with process materials.  While the IEC 61508 certification is a measure of high design quality, comparing manufacturer’s specifications to a certain application is not part of the certification process. 

How did this exam candidate answer, you ask?

A.  Even with this question wrong, the person still passed the exam.

Is this acceptable?  Can someone who does not understand an important fundamental concept receive a competency certification?  I am thinking that the CFSE Board should identify certain questions as “safety critical.”  I think the rules should be changed so that the candidate must answer all safety critical questions correct, regardless of total score.  Perhaps this may be too extreme, but I will suggest beefing up the already difficult program.

