When it comes to IEC61511 and the selection of equipment for use within Safety Instrumented Systems (SIS) and Safety Instrumented Functions (SIF), there are only two methods that can be used to justify selection: IEC61508 Certified devices for the required SIL or Prior Use Justification. Just because the user may have been using this equipment before, isn’t sufficient justification. So, what’s the reason for this?
Analysis of major accident causes over the past two decades have shown that the major contributing factor was due to a systematic cause. Systematic failures are insidious and can only be eliminated by addressing the 3 Ps: Personnel; Procedures and Paperwork.
For personnel, this requires competency and training in the process and equipment. For procedures, these need to be in place, be correct and be adhered to, otherwise mistakes can be made. For paperwork, we need to be able to produce documented evidence that we are following our processes and procedures, as well as performing the proper inspections, testing and maintenance. Culture too plays a significant role here since avoiding systematic issues requires the right corporate culture in terms of the commitment to process and functional safety in the plant.
Therefore, when selecting SIF equipment, the use of certified devices by an accredited and competent agency, provides a guarantee that the systematic capabilities of the manufacturer, its design, manufacturing and test processes, have been properly assessed to ensure that sufficient steps have been taken to prevent systematic errors being introduced to the product. The product will then be given a Systematic SIL capability rating. If devices are selected that have not been certified, then we need to prove that there have been no systematic issues with the device and that there have been no dangerous failures of the device: Prior Use Justification.
In order to meet the Prior Use Justification criteria, the end user (or manufacturer) must be able to prove that the device has been used in a similar application and environment, in either a safety or non-safety related application, for a sufficient time period without any dangerous failures. This requires that the end user (or manufacturer) has an accurate field failure, data gathering system in place, that is accurate and properly maintained. This alone can be a challenge for most end users since how data is gathered and classified, isn’t consistent.
The other challenge being faced is that, not just the application and environment has to be sufficiently similar, but the versions must also be the same that the Prior Use is being claimed for. This includes both the hardware and (if applicable) the software versions. Here again, one of the challenges is that by the time sufficient data has been gathered, the original device may have changed and/or been replaced by a newer version. In which case, a FMEDA or FMEA will need to be undertaken to satisfy the systematic requirements. Without this it will not be possible to meet the Prior Use criteria and if end users don’t justify the equipment selection and an accident occurs, which can be traced back to the selection of the SIF equipment, then the end user will be liable.
If this blog has raised certain questions, concerns and/or interest, then please look out for the upcoming webinar on this topic.