Case Study

Certifying Profire Energy’s Logic Solver to SIL 2

How exida helped Profire achieve SIL certification for their PF3100 logic solver through extensive training and upgrading of existing processes.

Profire (PFIE), a US-based maker of automated burner and chemical management solutions for the oil and gas industry, produces the PF3100 Burner Control System, a “versatile intuitive solution that presents a vastly superior and economic option to traditional PLC based burner management”.  The entire system consists of an enclosure and one or more cards, each performing a specific function.  With features like multi-burner support, multi-pilot support, forced draft & fuel/air ratio control and advanced power distribution, the system can accommodate a vast field of needs and future applications.

In 2017, Profire had known for some time that SIL certification would be needed for the PF3100.  The task seemed difficult, but as they researched certifying bodies, they noticed that, unlike other certification bodies, exida offered a strong training program.  As the global leader in functional safety certification, exida offers customized onsite, open enrollment, and online training courses, books, free webinars, blogs and more. Profire found exida’s emphasis on educational support, their expertise in functional safety, and their strong reputation to be important components to their decision.  

While Profire has experience with certification to various other technical standards, they did not have experience with IEC 61508 certification.  They discovered that exidaa ssessors have product/system development background in addition to a deep understanding of the standard.  Since this would be their initial experience with the IEC 61508 Functional Safety standard, they decided that these attributes were critical and engaged exida’s help for both training and certification.

Figure 1- Profire's PF3100 Product Team

Curtis Dublanko, the Principal Design Engineer for the PF3100 development project, dove in by taking one of exida’s web-based Functional Safety courses.  When the team was ready, exida met with them on-site to present 1½ days of team Functional Safety training then to examine their existing development processes and procedures.  Through those sessions, the Profire team developed a deeper understanding of the requirements and came away with a clear list of action items to close gaps between their procedures and the IEC 61508 process requirements. 

exida provided an invaluable service to the Profire product development team regarding training and upgrading existing processes. Interactions with the exida team were meaningful, educational, and productive.”

While Profire’s existing process met most of the IEC 61508 process requirements, two gaps needed to be addressed:  failure analysis applied to the software design and software test coverage metrics to ensure complete testing of all statements.  

exida helped close the failure analysis gap by first training the team in a technique called SW HAZOP, then facilitating the use of the technique until the development team was comfortable with it. The team was able to use SW HAZOP to finish the analysis on their own, using an exida software tool.  Mr. Dublanko found value in this process, pointing out, “The time we spent in SW HAZOP analysis was well worth it.  It helped us to identify design level issues that we needed to address. We may not have otherwise identified some of them.”  When the SW HAZOP process was completed, the results documented all design elements, interfaces and their interactions.  It identified as many potential failure modes of the design as possible and the existing and needed mitigations to improve the design to meet software design requirements.

Software test coverage requirements of IEC 61508 help to identify those scenarios that might cause a little head scratching to understand why a section of code was not executed during testing.  Curtis said, “We had not been checking our test coverages prior to assessment.  The software code test coverage requirements of IEC 61508 did help to identify edge cases and compound conditions that might have otherwise been missed in testing without this systematic measure.  Measuring test coverage gives us confidence that all the statements in the firmware have been executed during testing.”  

Once their procedures were upgraded, exida’s Evaluating Assessor created a safety case file. A safety case is a file that references a product’s development procedures and other project/product work products and documents the arguments for their compliance with the relevant IEC 61508 requirements.  Profire’s procedures were reviewed and the safety case for the PF3100 was updated to reference the evidence and compliance arguments for the relevant process requirements. 

Mr. Dublanko stated, “exida provided an invaluable service to the Profire product development team regarding training and upgrading existing processes. Interactions with the exida team were meaningful, educational, and productive.”

When the schematics were completed, an exida analyst, expert in hardware safety architectures and design, completed a Failure Modes, Effects and Diagnostics Analysis (FMEDA), analyzing every component’s failure profile to determine the predicted failure rates of the product based on the design.  The FMEDA quantitatively confirmed that the design was suited to Profire’s SIL 2 target safety integrity level.

As Profire looks to expand their SIL products, “…the process and procedures that have been audited and approved by exida, will be carried forward and will aid in future product development.  This achievement will expedite the approval processes required for future product development.”