How exida worked to certify National Instrument's award winning logic solvers.
IEC 61508 Certification
engineering process overview audit, design architecture review, Safety Case compiled
SIL 3 Certification
When National Instruments (NI)—the US-based producer of automation equipment and virtual instrumentation software—created a functional safety logic solver module, NI-9350, it needed to be certified to the IEC 61508 standard.
Before the NI team found exida to certify the NI-9350, they had a problematic experience with another certification body based in Germany; the team described them as “adversarial,” and no contract was produced. They re-opened their search for an internationally accredited certification body, which led them to exida.
The team was not familiar with exida, so they examined this new choice carefully in risk review meetings, where they concluded that they had no reason to be concerned. They commenced working with the exida team, including Managing Director Dr. William Goble, and discovered that exida wanted to guide them to success right from the start. “Their follow-through and execution were consistent,” said Matt Griffin, NI Product Manager.
The exida team began with an engineering process overview audit to find out how well the existing procedures matched IEC 61508 requirements. In the subsequent “safety concept” meeting, the structure of the NI-9350 design (the design architecture) was reviewed, and any concerns and project risk issues were thoroughly explained.
“NI used FPGA technology to implement a small logic solver without online software,” said Dr. William Goble. “This approach can provide fast response times.” However, the use of this new FPGA technology was a potential challenge for the NI team. Fortunately, exida has several experienced computer design engineers who have done FPGA projects and understand the potential functional safety issues. This allowed the exida assessors to get right to the critical design details and reference general solution techniques.
Once engineering process changes were made and the architectural design met the requirements, exida began compiling the Safety Case, a document that explains how the certification target meets all requirements of the referenced standards. (Completion of the Safety Case is somewhat iterative and is updated when new compliance evidence is completed.) After exida’s Evaluating Assessor approved the Safety Case, an independent Certifying Assessor successfully reviewed the project, and exida issued the SIL 3 certificate.
NI had a strong engineering design process, and they were willing to adopt a few additional steps specifically required by IEC 61508 SIL 3. “Exida was very open to NI’s design approach,” said Rudy Sengupta, NI Hardware Engineering Director. “They literally wrote the book on how to create functionally safe products, and they were open to new technologies and techniques, which gave us the flexibility to innovate while meeting key industry standards.”
When it was time to certify the next logic solver module, NI-9351, choosing exida again was the logical choice. On the second project, the same engineering process was used. This allowed the previous Safety Case to be re-used for all process requirements, which greatly simplified the project and reduced the cost.