Look Beyond the Certification!

What you don't ask about products claiming to meet specified SIL requirements could hurt you.


T he good news is the emergence and subsequent publicity surrounding the safety standards ANSI/ISA S84.01 issued in 1996 and IEC 61508 issued in 2000 has greatly raised user awareness of the need to address safety system requirements head-on.

The bad news is there is a lot of misunderstanding associated with the terminology, requirements, and certifications associated with these standards and the products used to meet their compliance.

IEC 61508, 'Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems,' is an international standard. ANSI/ISA S84.01-1996, 'Application of Safety Instrumented Systems for the Process Industries,' is currently used in the U.S. but may soon be superceded by IEC 61511, an emerging international standard more specific to the process industry.

'Safe failure fraction' explained

S afe failure fraction (SFf) is a relatively new term resulting from the IEC's 61508 and 61511 committees' work to quantify fault tolerance and establish the minimum level of redundancy required in a safety instrumented function.

Per IEC, 'Safe failure fraction is the ratio of the (total safe failure rate of a subsystem plus the dangerous detected failure rate of the subsystem) to the total failure rate of the subsystem.' (In IEC terms, subsystem refers to individual devices.)

There are four types of random hardware failures:

  • Safe undetected (SUd);

  • Safe detected (Sd);

  • Dangerous detected (Dd); and

  • Dangerous undetected (DUd).

Determining the SFf requires dividing the sum of the first three by the sum of all four. The assumption is the operator is expected to take action based on the dangerous detected faults, therefore even if a device has a large fraction of dangerous failures, if enough can be detected and safe action taken, then the device is still considered a safe device.

The formula for determining the safe failure fraction is:

SUd + Sd + Dd
SUd + Sd + Dd + DUd

An important commonality among these standards is the concept of establishing safety integrity levels (SILs) to indicate increasing levels of safety performance. S84.01 defines SIL 1 through SIL 3, while IEC 61511 defines SIL 1 through SIL 4.

The purpose of SILs is to establish acceptable probability of failure on demand (PFD) values. The higher the SIL number the greater the impact of a failure and therefore the lower the acceptable PFD rate. For example, a SIL 4 system, the highest level, often protects against catastrophic impact, and thus the entire safety system must be designed, installed, tested, and maintained to achieve a very low probability of failure on demand (between 1 in 10,000 and 1 in 100,000). ( See 'Understanding Safety Integrity Levels' and 'Applying Hazardous Risk to Safety Integrity Levels' )

The safety standards clearly state that a SIL is allocated to a safety instrumented function and not to the individual products or devices making up the safety instrumented function. That means, products such as safety PLCs (programmable logic controllers), sensors, accessories, and valves cannot be certified to meet a given SIL value.

Certification isn't enough
Many manufacturers are emphasizing their products are certified to a certain SIL by one of the third party approval agencies. What manufacturers should be saying is, 'Certified as fit to use in a SIL # safety application.' But just knowing a device is certified as fit for use in a SIL 3 safety application, for example, is not enough. Besides training and experience in the design, installation, testing, and maintenance of a safety application, users require information on how products were tested and certified before they can determine how best to apply those products to achieve the required risk reduction (SIL).

It's really no different than what we've come to expect in our everyday lives. For example, new automobiles are equipped with safety air bags, but specific instructions (conditions/restrictions/guidelines) are provided to ensure small children are not harmed by safety air bag deployments. The same sort of information is required in applying safety-related products in the workplace.

Two key organizations currently certifying safety system products for use in meeting IEC and ANSI/ISA safety standards are Factory Mutual Research (Norwood, Mass.) and TÜV Rheinland (Cologne, Germany). Following a successful product test by either organization, a certification is issued along with a report explaining how the product was tested and what conditions must be fulfilled for the product to meet the certification. In other words, the product has been certified fit for use in a specified SIL safety application so long as certain conditions are met. Obtaining a copy of the certification is usually no problem, but the certificate can not stand on its own. A fundamental part of the certification is the approval report. Without the report, users are simply guessing at how products contribute in meeting the required risk reduction (SIL) level.

Key information in a Certification's Approvals report includes:

  • A clear description of the certified product;

  • Applicable conditions (restrictions) for use of the product;

  • Evaluation results of the manufacturer's safety life-cycle and quality management systems;

  • Average probability to fail (PFD) on demand;

  • Testing intervals needed to achieve the average PFD conditions;

  • Diagnostic coverage and safe failure fraction (See 'Safe failure fraction explained' sidebar);

  • Results of operating software compliance as defined in IEC 61508, Part 3;

  • Common cause factors based on the IEC 61508 recommended technique;

  • Diagnostics cycle time for the product (necessary to determine if the product is suitable for a specific safety application);

  • Results of the fault insertion tests to verify diagnostics and performance of the sub-system(s); and

  • Review and comments related to environmental testing and compliance to other relevant national and international standards.

As matters stand, it is up to the user to request the full approval report for a particular product and if the response you get back is, 'The approval report contains proprietary information and thus isn't available to customers,' or some similar lame excuse, find another supplier! Only a full reading, understanding, and use of the information contained in the Approval report can ensure the safety system you are designing, installing, testing, and maintaining meets the required risk reduction (SIL) of the safety instrumented function.

Comments? E-mail dharrold@cahners.com

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me