There have been passionate debates in email and meetings about “Proven In Use” versus IEC 61508 certification. Most debates characterize these evaluation techniques as competing methods. In 2000 when IEC 61511 was being written there were few IEC 61508 certified products on the market. The alternative justification technique of “proven in use” was often the only option. Fortunately time brings knowledge and progress. More than decade later, there are hundreds of PLC products, process sensors, and final element products available with IEC 61508 certification (See www.sael-online.com). But a question still remains
Does a proven in use product need to be IEC 61508 certified?
Does an IEC 61508 certified product need to be proven in use?
Safety design is serious. Design mistakes could result in an accident. One must select equipment that will perform the needed function in the application environment for the life of the system. Sounds easy? Maybe not.
I think of two issues when selecting equipment -
- 1. Application environment compatibility
- 2. Safety Integrity.
Both must be fully evaluated.
The “proven in use” concept is especially valuable for establishing application compatibility. I have heard many tales of unexpected failures. “The diaphragm became brittle and failed in the pressure transmitter. The manufacturer never told me that hydrogen was incompatible with the diaphragm material!” Using a product in the application and analyzing all failures can provide valuable information. But is this enough to provide a solid basis for long term safety integrity? In reviewing the data collection systems of dozens of major petro-chemical companies worldwide I conclude that the information is quite valuable in evaluating environmental compatibility. Those problems usually show up in a dramatic way in a relatively short time period. But the information available in many data collection systems is not even close to that required to evaluate safety integrity
The IEC 61508 certification process looks deep inside a product’s design. Safety and reliability are studied by experts. Most products FAIL the audit. Those that eventually pass have safety integrity rated via the SIL Capability rating and FMEDA numbers.
Given the importance, it is hard to see any reason to not use both IEC 61508 certified equipment that has also been proven in use in your application. These techniques are not competing methods.